feat: do not pass host environment variables into docker containers

fix
srevinsaju · Feb 28, 2024 · 8afb432 · 8afb432
1 parent 72bb147
commit 8afb432
Showing 1 changed file with 21 additions and 17 deletions.
diff --git a/internal/ci/stage_run.go b/internal/ci/stage_run.go
@@ -498,7 +498,7 @@ func (s *Stage) run(conductor *Conductor, evalCtx *hcl.EvalContext, options ...r
 
 	envStrings := s.processEnvironmentVariables(conductor, environment, cfg, tmpDir, paramsGo)
 
-	cmd, d := s.parseExecCommand(conductor, evalCtx, cfg, envStrings, stream)
+	cmd, d := s.parseExecCommand(conductor, evalCtx, cfg, stream)
 	diags.Extend(d)
 	if diags.HasErrors() {
 		return diags.Diagnostics()
@@ -507,6 +507,7 @@ func (s *Stage) run(conductor *Conductor, evalCtx *hcl.EvalContext, options ...r
 	logger.Tracef("script: %.30s... ", cmd.String())
 
 	if s.Container == nil {
+		cmd.Env = append(os.Environ(), envStrings...)
 		s.process = cmd
 		logger.Tracef("running command: %.30s...", cmd.String())
 		if !cfg.Behavior.DryRun {
@@ -520,6 +521,7 @@ func (s *Stage) run(conductor *Conductor, evalCtx *hcl.EvalContext, options ...r
 			fmt.Println(cmd.String())
 		}
 	} else {
+		cmd.Env = envStrings
 		d := s.executeDocker(conductor, evalCtx, cmd, cfg)
 		diags.Extend(d)
 	}
@@ -632,12 +634,9 @@ func (s *Stage) executeDocker(conductor *Conductor, evalCtx *hcl.EvalContext, cm
 
 	logger.Trace("creating container")
 	resp, err := cli.ContainerCreate(conductor.Context(), &dockerContainer.Config{
-		Image:      image,
-		Cmd:        cmd.Args,
-		WorkingDir: "/workspace",
-		Volumes: map[string]struct{}{
-			"/workspace": {},
-		},
+		Image:        image,
+		WorkingDir:   "/workspace",
+		Cmd:          cmd.Args,
 		Tty:          true,
 		AttachStdout: true,
 		AttachStderr: true,
@@ -767,7 +766,7 @@ func (s *Stage) parseEnvironmentVariables(conductor *Conductor, evalCtx *hcl.Eva
 	return environment, diags
 }
 
-func (s *Stage) parseExecCommand(conductor *Conductor, evalCtx *hcl.EvalContext, cfg *runnable.Config, envStrings []string, outputBuffer io.Writer) (*exec.Cmd, hcl.Diagnostics) {
+func (s *Stage) parseExecCommand(conductor *Conductor, evalCtx *hcl.EvalContext, cfg *runnable.Config, outputBuffer io.Writer) (*exec.Cmd, hcl.Diagnostics) {
 	var diags hcl.Diagnostics
 	logger := conductor.Logger().WithField("stage", s.Id)
 
@@ -833,7 +832,6 @@ func (s *Stage) parseExecCommand(conductor *Conductor, evalCtx *hcl.EvalContext,
 	cmd := exec.CommandContext(conductor.Context(), cmdHcl.command, cmdHcl.args...)
 	cmd.Stdout = io.MultiWriter(logger.Writer(), outputBuffer)
 	cmd.Stderr = io.MultiWriter(logger.Writer(), outputBuffer)
-	cmd.Env = append(os.Environ(), envStrings...)
 	cmd.Dir = dir
 	return cmd, diags
 }
@@ -971,23 +969,29 @@ func (s *Stage) hclEndpoint(conductor *Conductor, evalCtx *hcl.EvalContext) ([]s
 	conductor.Eval().Mutex().RUnlock()
 
 	var entrypoint []string
+
 	if d.HasErrors() {
 		diags = diags.Extend(d)
-	} else if entrypointRaw.IsNull() {
-		entrypoint = nil
-	} else if !entrypointRaw.CanIterateElements() {
+		return nil, diags
+	}
+
+	if entrypointRaw.IsNull() {
+		return nil, diags
+	}
+	if !entrypointRaw.CanIterateElements() {
 		diags = diags.Append(&hcl.Diagnostic{
 			Severity:    hcl.DiagError,
 			Summary:     "entrypoint must be a list of strings",
 			Detail:      fmt.Sprintf("the provided entrypoint, was not recognized as a valid string. received entrypoint='''%s'''", entrypointRaw),
 			Subject:     s.Container.Entrypoint.Range().Ptr(),
 			EvalContext: evalCtx,
 		})
-	} else {
-		v := entrypointRaw.AsValueSlice()
-		for _, e := range v {
-			entrypoint = append(entrypoint, e.AsString())
-		}
+		return nil, diags
+	}
+
+	v := entrypointRaw.AsValueSlice()
+	for _, e := range v {
+		entrypoint = append(entrypoint, e.AsString())
 	}
 	return entrypoint, diags
 }