-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add script execution from docker-entrypoint.d folder #3666
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I don't think this is safe at all. Random execution of script to inject
packages you need it is the same as if you inject a random file on your app
artifact after the security scanning of your artifact.
Docker makes this easy by using FROM for creating custom images and we
recommend users to create their images with whatever package they need.
…On Sat, Aug 12, 2023, 3:41 a.m. Alexandru Marcencov < ***@***.***> wrote:
@marcencov <https://github.com/marcencov> requested review from
@runatlantis/maintainers on: #3666
<#3666> feat: add script
execution from docker-entrypoint.d folder as a code owner.
—
Reply to this email directly, view it on GitHub
<#3666 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAQ3ERGJWYW2TDV44JUIMD3XU5MUBANCNFSM6AAAAAA3N3N6YI>
.
You are receiving this because your review was requested.Message ID:
***@***.***>
|
@GenPage what do you think? It seems to be that some other docker images do have this capability |
@GenPage could you look to this PR? Thank you |
I will take a look over the holiday weekend |
GenPage
added
feature
New functionality/enhancement
installation
Is about installing Atlantis
waiting-on-review
Waiting for a review from a maintainer
docker
Pull requests that update Docker code
needs docs
labels
Aug 31, 2023
@GenPage how I can help you with this PR? |
@marcencov can you fix the conflict? we will aim to push this to 0.27 |
jamengual
previously approved these changes
Nov 15, 2023
jamengual
added
waiting-on-response
Waiting for a response from the user
and removed
waiting-on-review
Waiting for a review from a maintainer
labels
Nov 15, 2023
/cherry-pick release-0.26 |
jamengual
approved these changes
Nov 16, 2023
thanks for the contribution @marcencov |
ijames-gc
pushed a commit
to gocardless/atlantis
that referenced
this pull request
Feb 13, 2024
Co-authored-by: PePe Amengual <[email protected]>
ijames-gc
pushed a commit
to gocardless/atlantis
that referenced
this pull request
Feb 13, 2024
Co-authored-by: PePe Amengual <[email protected]>
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
docker
Pull requests that update Docker code
feature
New functionality/enhancement
installation
Is about installing Atlantis
needs docs
waiting-on-response
Waiting for a response from the user
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
what
To be able to execute some custom scripts at the entrypoint level, we can add this code that looks for files in
/docker-entrypoint.d/
folder and executes all*.sh
shell scripts. Also, we can place files inside if we need some orders in execution, for example,/docker-entrypoint.d/00-install-terragrunt.sh
and/docker-entrypoint.d/10-install-awscli.sh
.why
As we need to repack every time docker image with atlantis and add some tools - terragrunt and awscli for us, better have a way to use original atlantis image, and mount files inside
/docker-entrypoint.d
. This files will be executed once when docker container start.tests
references
As an example of how this realized in the official nginx docker container with
docker-entrypoint.d
folderhttps://github.com/nginxinc/docker-nginx/blob/3aac9b12463cf031037f7e21b3857f9a4bec3f28/entrypoint/docker-entrypoint.sh#L13