From a805d92a427d9b902ed7c3151ec4a75cdd82e783 Mon Sep 17 00:00:00 2001
From: timfeirg <kkcocogogo@gmail.com>
Date: Sat, 4 Feb 2017 18:11:02 +0800
Subject: [PATCH] remove source code if artifact download url is provided

https://trello.com/c/oiU2f5vh/598-corecli-debug-build-with-artifacts
---
 cluster/calcium/build_image.go | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/cluster/calcium/build_image.go b/cluster/calcium/build_image.go
index 878517ea4..41707e1c2 100644
--- a/cluster/calcium/build_image.go
+++ b/cluster/calcium/build_image.go
@@ -129,16 +129,10 @@ func (c *calcium) BuildImage(repository, version, uid, artifact string) (chan *t
 		return ch, err
 	}
 
-	// get artifact into cloneDir, only when artifact is not empty
-	if artifact != "" {
-		if err := c.source.Artifact(artifact, cloneDir); err != nil {
-			log.Errorf("Error when downloading artifact: %s", err.Error())
-		}
-	}
-
 	// ensure .git directory is removed
 	// we don't want any history files to be retrieved
 	if err := os.RemoveAll(filepath.Join(cloneDir, ".git")); err != nil {
+		log.Errorf("Error when removing .git dir")
 		return ch, err
 	}
 
@@ -153,6 +147,16 @@ func (c *calcium) BuildImage(repository, version, uid, artifact string) (chan *t
 		return ch, err
 	}
 
+	// if artifact download url is provided, remove all source code to
+	// improve security
+	if artifact != "" {
+		os.RemoveAll(cloneDir)
+		os.MkdirAll(cloneDir, os.ModeDir)
+		if err := c.source.Artifact(artifact, cloneDir); err != nil {
+			log.Errorf("Error when downloading artifact: %s", err.Error())
+		}
+	}
+
 	// create launcher scripts and dockerfile
 	rs := richSpecs{specs, "", strings.TrimRight(c.config.AppDir, "/"), uid}
 	if err := createLauncher(buildDir, rs); err != nil {