mirror of
https://github.com/bitcoin/bitcoin.git
synced 2026-03-16 16:32:47 +00:00
fab73e213d
The shell scripts are inherently unsafe, because they will install new software packages, modify global configuration settings, write to the root / or $HOME, and possibly modify the git repo. The only safe way to run them is through the CI system itself, that is the ci_exec python function. The ci_exec funtion ensures that the user has set up a sandbox externally and set DANGER_RUN_CI_ON_HOST=1 at their own risk, or that a sandbox was set up with the given container_id, in which case it is safe to set DANGER_RUN_CI_ON_HOST=1 for that sandbox. Also, it is safe to set DANGER_RUN_CI_ON_HOST=1 when building the sandbox image in ci/test_imagefile. Then, the two shell scripts can reject early if unsafe execution is detected.
25 lines
903 B
Plaintext
25 lines
903 B
Plaintext
# Copyright (c) The Bitcoin Core developers
|
|
# Distributed under the MIT software license, see the accompanying
|
|
# file COPYING or https://opensource.org/license/mit/.
|
|
|
|
# See ci/README.md for usage.
|
|
|
|
# We never want scratch, but default arg silences a Warning
|
|
ARG CI_IMAGE_NAME_TAG=scratch
|
|
FROM ${CI_IMAGE_NAME_TAG}
|
|
|
|
ARG FILE_ENV
|
|
ENV FILE_ENV=${FILE_ENV}
|
|
|
|
ARG BASE_ROOT_DIR
|
|
ENV BASE_ROOT_DIR=${BASE_ROOT_DIR}
|
|
|
|
# Make retry available in PATH, needed for CI_RETRY_EXE
|
|
COPY ./ci/retry/retry /usr/bin/retry
|
|
COPY ./ci/test/00_setup_env.sh ./${FILE_ENV} ./ci/test/01_base_install.sh ./ci/test/01_iwyu.patch /ci_container_base/ci/test/
|
|
|
|
# Bash is required, so install it when missing
|
|
RUN sh -c "bash -c 'true' || ( apk update && apk add --no-cache bash )"
|
|
|
|
RUN ["bash", "-c", "cd /ci_container_base/ && set -o errexit && source ./ci/test/00_setup_env.sh && DANGER_RUN_CI_ON_HOST=1 ./ci/test/01_base_install.sh"]
|