-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump mark to 9.11.1 #16
base: main
Are you sure you want to change the base?
Conversation
ENTRYPOINT ["/usr/bin/dumb-init", "--"] | ||
CMD ["python3", "/app/mark2confluence/main.py"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think there is needs of an init script since the python script doesn't need to run as daemon here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I agree about not changing the entrypoint
WORKDIR /app | ||
ENV PYTHONPATH /app | ||
ENV DOC_PREFIX /github/workspace/ | ||
ENV LOGURU_FORMAT "<lvl>{level:7} {message}</lvl>" | ||
USER 1001:1001 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a quite big security concern, it will require an explicit exception to run it on our clusters. (Kyverno will prevent it to run at all, afaik)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed. How come we have to perform this change now? Did it work before with the unprivileged user?
The doc seems to go in the direction of that change though: https://docs.github.com/en/actions/creating-actions/dockerfile-support-for-github-actions#user
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no not really. I had to add this to my action to get it to work which is awful
- name: chown files to UID 1001
shell: bash
run: sudo chown -R 1001:1001 *
Dockerfile
Outdated
|
||
FROM python:3-slim | ||
FROM chromedp/headless-shell:latest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like this comment got marked as outdated. I agree with mbovo on this. No need to use a different/larger container.
There's been no progress for 3 weeks on this. Should I open a new PR with just upgrading the version of mark? |
USER
instruction in yourDockerfile
, because you won’t be able to access theGITHUB_WORKSPACE
directory.chromedp/headless-shell:latest
image instead.