From 3ba45d3d7ecf0c3683b304a97c05db7a41b04721 Mon Sep 17 00:00:00 2001 From: Nikola Jokic Date: Tue, 7 Jun 2022 16:47:05 +0200 Subject: [PATCH 1/5] user volume mount fix based on workspacePath --- packages/k8s/src/k8s/utils.ts | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/packages/k8s/src/k8s/utils.ts b/packages/k8s/src/k8s/utils.ts index b08bec5..bd4bdb9 100644 --- a/packages/k8s/src/k8s/utils.ts +++ b/packages/k8s/src/k8s/utils.ts @@ -43,15 +43,22 @@ export function containerVolumes( return mounts } + const workspacePath = process.env.GITHUB_WORKSPACE as string for (const userVolume of userMountVolumes) { - const sourceVolumePath = `${ - path.isAbsolute(userVolume.sourceVolumePath) - ? userVolume.sourceVolumePath - : path.join( - process.env.GITHUB_WORKSPACE as string, - userVolume.sourceVolumePath - ) - }` + let sourceVolumePath = '' + if (path.isAbsolute(userVolume.sourceVolumePath)) { + if (!userVolume.sourceVolumePath.startsWith(workspacePath)) { + throw new Error( + 'absolute path volume mounts outside of the work folder are not supported' + ) + } + sourceVolumePath = userVolume.sourceVolumePath + } else { + sourceVolumePath = path.join( + process.env.GITHUB_WORKSPACE as string, + userVolume.sourceVolumePath + ) + } mounts.push({ name: POD_VOLUME_NAME, From d0e094649e92856889f23b9a108502f441ea23ce Mon Sep 17 00:00:00 2001 From: Nikola Jokic Date: Tue, 7 Jun 2022 16:48:05 +0200 Subject: [PATCH 2/5] use variable for env GITHUB_WORKSPACE --- packages/k8s/src/k8s/utils.ts | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/packages/k8s/src/k8s/utils.ts b/packages/k8s/src/k8s/utils.ts index bd4bdb9..788895a 100644 --- a/packages/k8s/src/k8s/utils.ts +++ b/packages/k8s/src/k8s/utils.ts @@ -54,10 +54,7 @@ export function containerVolumes( } sourceVolumePath = userVolume.sourceVolumePath } else { - sourceVolumePath = path.join( - process.env.GITHUB_WORKSPACE as string, - userVolume.sourceVolumePath - ) + sourceVolumePath = path.join(workspacePath, userVolume.sourceVolumePath) } mounts.push({ From 152c4e1cc8a6e52e124650672c8489a39397a760 Mon Sep 17 00:00:00 2001 From: Thomas Boop <52323235+thboop@users.noreply.github.com> Date: Tue, 7 Jun 2022 16:38:02 -0400 Subject: [PATCH 3/5] Update packages/k8s/src/k8s/utils.ts --- packages/k8s/src/k8s/utils.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/k8s/src/k8s/utils.ts b/packages/k8s/src/k8s/utils.ts index 788895a..068889e 100644 --- a/packages/k8s/src/k8s/utils.ts +++ b/packages/k8s/src/k8s/utils.ts @@ -49,7 +49,7 @@ export function containerVolumes( if (path.isAbsolute(userVolume.sourceVolumePath)) { if (!userVolume.sourceVolumePath.startsWith(workspacePath)) { throw new Error( - 'absolute path volume mounts outside of the work folder are not supported' + 'Volume mounts outside of the work folder are not supported' ) } sourceVolumePath = userVolume.sourceVolumePath From 84a57de2e3c1cd32b74fb3ca493c14794268dba4 Mon Sep 17 00:00:00 2001 From: Nikola Jokic Date: Wed, 8 Jun 2022 11:23:05 +0200 Subject: [PATCH 4/5] added tests around user volume mounts for prepare job --- packages/k8s/src/k8s/utils.ts | 5 ++++- packages/k8s/tests/prepare-job-test.ts | 28 ++++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/packages/k8s/src/k8s/utils.ts b/packages/k8s/src/k8s/utils.ts index a0bf87f..3951c16 100644 --- a/packages/k8s/src/k8s/utils.ts +++ b/packages/k8s/src/k8s/utils.ts @@ -52,7 +52,10 @@ export function containerVolumes( 'Volume mounts outside of the work folder are not supported' ) } - sourceVolumePath = userVolume.sourceVolumePath.slice(workspacePath.length) + // sourcec volume path should be relative path + sourceVolumePath = userVolume.sourceVolumePath.slice( + workspacePath.length + 1 + ) } else { sourceVolumePath = userVolume.sourceVolumePath } diff --git a/packages/k8s/tests/prepare-job-test.ts b/packages/k8s/tests/prepare-job-test.ts index 25048d0..1992da1 100644 --- a/packages/k8s/tests/prepare-job-test.ts +++ b/packages/k8s/tests/prepare-job-test.ts @@ -40,4 +40,32 @@ describe('Prepare job', () => { const content = fs.readFileSync(prepareJobOutputFilePath) expect(() => JSON.parse(content.toString())).not.toThrow() }) + + it('should prepare job with absolute path for userVolumeMount', async () => { + prepareJobData.args.container.userMountVolumes.forEach(v => { + if (!path.isAbsolute(v.sourceVolumePath)) { + v.sourceVolumePath = path.join( + process.env.GITHUB_WORKSPACE as string, + v.sourceVolumePath + ) + } + }) + await expect( + prepareJob(prepareJobData.args, prepareJobOutputFilePath) + ).resolves.not.toThrow() + }) + + it('should throw an exception if the user volume mount is absolute path outside of GITHUB_WORKSPACE', async () => { + prepareJobData.args.container.userMountVolumes.forEach(v => { + if (!path.isAbsolute(v.sourceVolumePath)) { + v.sourceVolumePath = path.join( + '/path/outside/of/github-workspace', + v.sourceVolumePath + ) + } + }) + await expect( + prepareJob(prepareJobData.args, prepareJobOutputFilePath) + ).rejects.toThrow() + }) }) From f764d18c4ca61a5b15e981f5da6d3724f9d3480b Mon Sep 17 00:00:00 2001 From: Thomas Boop <52323235+thboop@users.noreply.github.com> Date: Wed, 8 Jun 2022 09:41:38 -0400 Subject: [PATCH 5/5] Update packages/k8s/src/k8s/utils.ts --- packages/k8s/src/k8s/utils.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/k8s/src/k8s/utils.ts b/packages/k8s/src/k8s/utils.ts index 3951c16..7fc235a 100644 --- a/packages/k8s/src/k8s/utils.ts +++ b/packages/k8s/src/k8s/utils.ts @@ -52,7 +52,7 @@ export function containerVolumes( 'Volume mounts outside of the work folder are not supported' ) } - // sourcec volume path should be relative path + // source volume path should be relative path sourceVolumePath = userVolume.sourceVolumePath.slice( workspacePath.length + 1 )