Skip to content

Update CI to use Docker #1329

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Update CI to use Docker #1329

wants to merge 3 commits into from

Conversation

rbanka1
Copy link
Contributor

@rbanka1 rbanka1 commented May 23, 2025

  • Updated reusable_basic.yml and reusable_fast.yml to use Docker images.
  • Added install_oneAPI.sh to support image setup.

@rbanka1 rbanka1 mentioned this pull request May 23, 2025
Open
@rbanka1 rbanka1 marked this pull request as ready for review May 23, 2025 20:32
@rbanka1 rbanka1 requested a review from a team as a code owner May 23, 2025 20:32
bratpiorka
bratpiorka reviewed May 26, 2025
View reviewed changes
bratpiorka
bratpiorka reviewed May 26, 2025
View reviewed changes
bratpiorka
bratpiorka reviewed May 26, 2025
View reviewed changes
@bratpiorka
Copy link
Contributor

@rbanka1 please rebase

@bratpiorka bratpiorka requested a review from KFilipek May 26, 2025 07:41
@rbanka1
Update CI to use Docker
19a6ead 
- Updated reusable_basic.yml and reusable_fast.yml to use Docker images.
- Added install_oneAPI.sh to support image setup.
KFilipek
KFilipek requested changes May 26, 2025
View reviewed changes
.github/workflows/reusable_basic.yml
wget https://github.com/Kitware/CMake/releases/download/v${{matrix.cmake_ver}}/cmake-${{matrix.cmake_ver}}-Linux-x86_64.sh
chmod +x cmake-${{matrix.cmake_ver}}-Linux-x86_64.sh
sudo ./cmake-${{matrix.cmake_ver}}-Linux-x86_64.sh --skip-license --prefix=/usr/local
echo ${USERPASS} | sudo -Sk ./cmake-${{matrix.cmake_ver}}-Linux-x86_64.sh --skip-license --prefix=/usr/local
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are you not using root under the container?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

to avoid security issue, @lukaszstolarczuk suggested me this solution

.github/workflows/reusable_basic.yml Outdated
runs-on: ubuntu-latest
container:
image: ghcr.io/bb-ur/umf-${{ matrix.os }}:latest
options: --privileged
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You mean: options: --user root

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no, test_user is default container user I set it on Dockerfile, it is non-root user to avoid security issue

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So give me an explanation why using root user is worse than --priviledged or why not to avoid both of them?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I changed the image options

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KFilipek KFilipek KFilipek requested changes

@bratpiorka bratpiorka bratpiorka left review comments

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rbanka1 @bratpiorka @KFilipek