feat!: allow docker image use for non-root users #122
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The Dockerfile has been updated to install the
phylum
package in aPython virtual environment, which is accessible by non-root users of the
image. These changes were inspired by the Python
black
project, whichdid basically the same thing: psf/black#3202
The
phylum-init
script was updated to provide a hidden optionfor installing the CLI in a globally accessible directory. That option
is meant to be used in very limited circumstances, namely the Dockerfile
for image creation.
The minimum supported CLI version is currently v3.8.0-rc2 and enough
time has passed that CLI versions prior to v2.2.0 are no longer expected
to exist in the wild. That is when the Phylum config and binary paths
changed, to adhere to the XDG Base Directory Spec. This change removes
support for use of these legacy CLI version paths.
Some refactoring was done to make it easier to update the minimum
supported CLI versions as they progress and make changes that require
different minimum versions for both new and existing installations.
BREAKING CHANGE: CLI installs prior to v2.2.0 are no longer supported.
Closes #118
Checklist
TestGHA
Have you created sufficient tests?Screenshots
Both
root
and non-root users have access to thephylum-ci
andphylum
binaries now:root
can continue to usephylum-ci
but non-root users must have an corresponding user account created in the container layer to work:Using this image in Azure Pipelines, where the user
vsts_azpcontainer
is created during Job provisioning and used...successfully this time to runphylum-ci
: