third-party/pre-commit
1
0
Fork 0
mirror of https://github.com/pre-commit/pre-commit.git synced 2026-02-19 17:14:43 +04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #3446 from matthewhughes934/fix-docker-rootless-permission-mounts
Some checks failed
languages / collector (push) Has been cancelled
Details
main / main-windows (push) Has been cancelled
Details
main / main-linux (push) Has been cancelled
Details
languages / vars (push) Has been cancelled
Details
languages / language (push) Has been cancelled
Details

Browse source 
Fix permission errors for mounts in rootless docker
This commit is contained in:
Anthony Sottile 2025-05-23 17:11:14 -04:00 committed by GitHub
commit 8a4af027a1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 73 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

26
pre_commit/languages/docker.py
View file

@ -1,5 +1,6 @@
from __future__ import annotations from __future__ import annotations
import functools
import hashlib import hashlib
import json import json
import os import os
@ -101,7 +102,32 @@ def install_environment(
os.mkdir(directory) os.mkdir(directory)
@functools.lru_cache(maxsize=1)
def _is_rootless() -> bool: # pragma: win32 no cover
retcode, out, _ = cmd_output_b(
'docker', 'system', 'info', '--format', '{{ json . }}',
)
if retcode != 0:
return False
info = json.loads(out)
try:
return (
# docker:
# https://docs.docker.com/reference/api/engine/version/v1.48/#tag/System/operation/SystemInfo
'name=rootless' in info.get('SecurityOptions', ()) or
# podman:
# https://docs.podman.io/en/latest/_static/api.html?version=v5.4#tag/system/operation/SystemInfoLibpod
info['host']['security']['rootless']
)
except KeyError:
return False
def get_docker_user() -> tuple[str, ...]: # pragma: win32 no cover def get_docker_user() -> tuple[str, ...]: # pragma: win32 no cover
if _is_rootless():
return ()
try: try:
return ('-u', f'{os.getuid()}:{os.getgid()}') return ('-u', f'{os.getuid()}:{os.getgid()}')
except AttributeError: except AttributeError:

47
tests/languages/docker_test.py
View file

@ -62,6 +62,42 @@ def test_docker_fallback_user():
assert docker.get_docker_user() == () assert docker.get_docker_user() == ()
@pytest.fixture(autouse=True)
def _avoid_cache():
with mock.patch.object(
docker,
'_is_rootless',
docker._is_rootless.__wrapped__,
):
yield
@pytest.mark.parametrize(
'info_ret',
(
(0, b'{"SecurityOptions": ["name=rootless","name=cgroupns"]}', b''),
(0, b'{"host": {"security": {"rootless": true}}}', b''),
),
)
def test_docker_user_rootless(info_ret):
with mock.patch.object(docker, 'cmd_output_b', return_value=info_ret):
assert docker.get_docker_user() == ()
@pytest.mark.parametrize(
'info_ret',
(
(0, b'{"SecurityOptions": ["name=cgroupns"]}', b''),
(0, b'{"host": {"security": {"rootless": false}}}', b''),
(0, b'{"respone_from_some_other_container_engine": true}', b''),
(1, b'', b''),
),
)
def test_docker_user_non_rootless(info_ret):
with mock.patch.object(docker, 'cmd_output_b', return_value=info_ret):
assert docker.get_docker_user() != ()
def test_in_docker_no_file(): def test_in_docker_no_file():
with mock.patch.object(builtins, 'open', side_effect=FileNotFoundError): with mock.patch.object(builtins, 'open', side_effect=FileNotFoundError):
assert docker._is_in_docker() is False assert docker._is_in_docker() is False
@ -195,3 +231,14 @@ CMD ["echo", "This is overwritten by the entry"']
ret = run_language(tmp_path, docker, 'echo hello hello world') ret = run_language(tmp_path, docker, 'echo hello hello world')
assert ret == (0, b'hello hello world\n') assert ret == (0, b'hello hello world\n')
@xfailif_windows # pragma: win32 no cover
def test_docker_hook_mount_permissions(tmp_path):
dockerfile = '''\
FROM ubuntu:22.04
'''
tmp_path.joinpath('Dockerfile').write_text(dockerfile)
retcode, _ = run_language(tmp_path, docker, 'touch', ('README.md',))
assert retcode == 0