Skip to content

Add volume for home directory to the build pod #1998

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 21, 2025
Merged

Add volume for home directory to the build pod #1998

merged 1 commit into from
Oct 21, 2025

Conversation

@hasanawad94
Copy link
Contributor

Each container gets its own isolated emptyDir volume mounted at "/shp-writeable-home", to remove writes to the container's rootfs. Should be isolated volumes since when step 1 runs as user A but step 2 as user B, there will permission issues if this directory is shared. For Git SSH, it would actually mean that we put a private key on disk which is then unnecessarily visible

Changes

  • Added logic creating and mounting a volume to be used as a home directory for the build containers.
  • Mounted a volume and set HOME env value for source,build, image-processing containers.

Submitter Checklist

  • Includes tests if functionality changed/was added
  • Includes docs if changes are user-facing
  • Set a kind label on this PR
  • Release notes block has been filled in, or marked NONE

See the contributor guide
for details on coding conventions, github and prow interactions, and the code review process.

Release Notes

Mounting a volume to be used as a home directory for `source`,`build`, `image-processing` containers.

@openshift-ci openshift-ci bot added the release-note Label for when a PR has specified a release note label Sep 10, 2025
@pull-request-size pull-request-size bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Sep 10, 2025
@hasanawad94 hasanawad94 marked this pull request as draft September 10, 2025 07:34
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Sep 10, 2025
@hasanawad94 hasanawad94 marked this pull request as ready for review September 10, 2025 09:19
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Sep 10, 2025
@hasanawad94
Copy link
Contributor Author

Part of #1969

@openshift-merge-robot openshift-merge-robot added needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Sep 16, 2025
@rxinui
Copy link

rxinui commented Sep 17, 2025

The changes looks clean and simple, it seems that it relies on previous changes (ie. AppendWriteableVolumes(taskSpec, &bundleStep))

Nothing to comment on, but would be better to have a second opinion.
/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Sep 17, 2025
adambkaplan
adambkaplan reviewed Sep 24, 2025
View reviewed changes
@openshift-ci openshift-ci bot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. and removed do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. labels Sep 24, 2025
adambkaplan
adambkaplan requested changes Sep 24, 2025
View reviewed changes
@openshift-ci openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Oct 4, 2025
@hasanawad94
Add volume for home directory to the build pod
cc35fe9 
Each container gets its own isolated emptyDir volume mounted at "/shp-writeable-home", to remove writes to the container's rootfs.
Should be isolated volumes since when step 1 runs as user A but step 2 as user B, there will permission issues if this directory is shared.
For Git SSH, it would actually mean that we put a private key on disk which is then unnecessarily visible

Signed-off-by: Hasan Awad <[email protected]>
@pull-request-size pull-request-size bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Oct 5, 2025
@hasanawad94
Copy link
Contributor Author

@adambkaplan @SaschaSchwarze0 is it ok if we merge this ? This is one pr away from us closing #1969

adambkaplan
adambkaplan approved these changes Oct 20, 2025
View reviewed changes
Copy link
Member

@adambkaplan adambkaplan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

Accepting as a feature to add to Shipwright

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 20, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: adambkaplan

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 20, 2025
rxinui
rxinui reviewed Oct 21, 2025
View reviewed changes
Copy link

@rxinui rxinui left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Oct 21, 2025
@openshift-merge-bot openshift-merge-bot bot merged commit d8447f9 into shipwright-io:main Oct 21, 2025
23 of 24 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rxinui rxinui rxinui left review comments

@adambkaplan adambkaplan adambkaplan approved these changes

@qu1queee qu1queee Awaiting requested review from qu1queee

@SaschaSchwarze0 SaschaSchwarze0 Awaiting requested review from SaschaSchwarze0

Assignees

@rxinui rxinui

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. release-note Label for when a PR has specified a release note size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

Shipwright Overview
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@hasanawad94 @rxinui @adambkaplan @openshift-merge-robot