CR-16573 -- rootless (#789)

yaroslav-codefresh · web-flow · commit 059fc5b64bf7 · 2023-02-10T11:13:37.000+02:00
* make rootless images

* bump version
diff --git a/Dockerfile b/Dockerfile
@@ -35,4 +35,15 @@ RUN yarn generate-completion
 RUN ln -s $(pwd)/lib/interface/cli/codefresh /usr/local/bin/codefresh
 
 RUN codefresh components update --location components
+
+# we keep /root as home directory because cli by default looks for $HOME/.cfconfig
+# and we do not want to break user automation if he used to bind his .cfconfig
+# to the /root/.cfconfig
+RUN adduser -D -h /root -s /bin/sh cfu \
+   && chown -R $(id -g cfu) /root /cf-cli \
+   && chgrp -R $(id -g cfu) /root /cf-cli \
+   && chmod -R g+rwX /root
+
+USER cfu
+
 ENTRYPOINT ["codefresh"]
diff --git a/Dockerfile-debian b/Dockerfile-debian
@@ -37,4 +37,14 @@ RUN ln -s $(pwd)/lib/interface/cli/codefresh /usr/local/bin/codefresh
 
 RUN codefresh components update --location components
 
+# we keep /root as home directory because cli by default looks for $HOME/.cfconfig
+# and we do not want to break user automation if he used to bind his .cfconfig
+# to the /root/.cfconfig
+RUN useradd -m -d /root -s /bin/sh cfu \
+   && chown -R $(id -g cfu) /root /cf-cli \
+   && chgrp -R $(id -g cfu) /root /cf-cli \
+   && chmod -R g+rwX /root
+
+USER cfu
+
 ENTRYPOINT ["codefresh"]
diff --git a/lib/interface/cli/commands/pipeline/run.local.js b/lib/interface/cli/commands/pipeline/run.local.js
@@ -67,6 +67,15 @@ class RunLocalCommand extends RunBaseCommand {
                     this.docker.modem.followProgress(stream, onFinished, onProgress);
                 }
             });
+        }).catch((err) => {
+            if (err && _.includes(err.message, 'connect EACCES /var/run/docker.sock')) {
+                const message = 'Could not access /var/run/docker.sock. Warning: If you are trying to run Codefresh CLI '
+                    + 'through the docker container please consider to add option `--user root` to the `docker run` command. '
+                    + 'Recently we updated our Codefresh CLI images to run with rootless user and in order to access '
+                    + '/var/run/docker.sock you need to have root permissions.';
+                return Promise.reject(new Error(message));
+            }
+            return Promise.reject(err);
         });
     }
     async runImpl(request) {
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "codefresh",
-  "version": "0.81.9",
+  "version": "0.82.0",
   "description": "Codefresh command line utility",
   "main": "index.js",
   "preferGlobal": true,

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "codefresh",`
`3`		`- "version": "0.81.9",`
	`3`	`+ "version": "0.82.0",`
`4`	`4`	`"description": "Codefresh command line utility",`
`5`	`5`	`"main": "index.js",`
`6`	`6`	`"preferGlobal": true,`