Fix umask=false for images without a shell entrypoint (#1298)

PigeonF · web-flow · commit 92774721e3d0 · 2024-07-22T16:27:23.000+02:00
* test: Add umask test with image without `sh` as entrypoint

* fix(umask): Explicitly set entrypoint to `sh`
diff --git a/src/job.ts b/src/job.ts
@@ -469,7 +469,7 @@ export class Job {
             let chownOpt = "0:0";
             let chmodOpt = "a+rw";
             if (expanded["FF_DISABLE_UMASK_FOR_DOCKER_EXECUTOR"] === "true") {
-                const {stdout} = await Utils.spawn(["docker", "run", "--rm", imageName, "sh", "-c", "echo \"$(id -u):$(id -g)\""]);
+                const {stdout} = await Utils.spawn(["docker", "run", "--rm", "--entrypoint", "sh", imageName, "-c", "echo \"$(id -u):$(id -g)\""]);
                 chownOpt = stdout;
                 if (chownOpt == "0:0") {
                     chmodOpt = "g-w";
diff --git a/tests/test-cases/umask/.gitlab-ci.yml b/tests/test-cases/umask/.gitlab-ci.yml
@@ -11,3 +11,11 @@ alpine-root:
   script:
     - stat -c "%a %n %u %g" one.txt
     - stat -c "%a %n %u %g" script.sh
+
+kaniko-root:
+  image:
+    name: gcr.io/kaniko-project/executor:v1.23.0-debug
+    entrypoint: [""]
+  script:
+    - stat -c "%a %n %u %g" one.txt
+    - stat -c "%a %n %u %g" script.sh
diff --git a/tests/test-cases/umask/integration.umask.test.ts b/tests/test-cases/umask/integration.umask.test.ts
@@ -69,3 +69,33 @@ test.concurrent("umask <alpine-root> --no-umask", async () => {
     ];
     expect(writeStreams.stdoutLines).toEqual(expect.arrayContaining(expectedStdOut));
 });
+
+test.concurrent("umask <kaniko-root> --umask", async () => {
+    const writeStreams = new WriteStreamsMock();
+    await handler({
+        cwd: "tests/test-cases/umask/",
+        umask: true,
+        job: ["kaniko-root"],
+    }, writeStreams);
+
+    const expectedStdOut = [
+        chalk`{blueBright kaniko-root} {greenBright >} 666 one.txt 0 0`,
+        chalk`{blueBright kaniko-root} {greenBright >} 777 script.sh 0 0`,
+    ];
+    expect(writeStreams.stdoutLines).toEqual(expect.arrayContaining(expectedStdOut));
+});
+
+test.concurrent("umask <kaniko-root> --no-umask", async () => {
+    const writeStreams = new WriteStreamsMock();
+    await handler({
+        cwd: "tests/test-cases/umask/",
+        umask: false,
+        job: ["kaniko-root"],
+    }, writeStreams);
+
+    const expectedStdOut = [
+        chalk`{blueBright kaniko-root} {greenBright >} 644 one.txt 0 0`,
+        chalk`{blueBright kaniko-root} {greenBright >} 755 script.sh 0 0`,
+    ];
+    expect(writeStreams.stdoutLines).toEqual(expect.arrayContaining(expectedStdOut));
+});
