drone-runners
diff --git a/‎.drone.yml‎
Lines changed: 17 additions & 0 deletions b/‎.drone.yml‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 17 additions & 1 deletion b/‎CHANGELOG.md‎
Lines changed: 17 additions & 1 deletion
diff --git a/‎command/command.go‎
Lines changed: 1 addition & 0 deletions b/‎command/command.go‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎command/compile.go‎
Lines changed: 25 additions & 0 deletions b/‎command/compile.go‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎command/copy.go‎
Lines changed: 74 additions & 0 deletions b/‎command/copy.go‎
Lines changed: 74 additions & 0 deletions
diff --git a/‎command/daemon/config.go‎
Lines changed: 10 additions & 0 deletions b/‎command/daemon/config.go‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎command/daemon/daemon.go‎
Lines changed: 9 additions & 0 deletions b/‎command/daemon/daemon.go‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎command/exec.go‎
Lines changed: 24 additions & 0 deletions b/‎command/exec.go‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎command/internal/flags.go‎
Lines changed: 1 addition & 0 deletions b/‎command/internal/flags.go‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎docker/Dockerfile.linux.amd64‎
Lines changed: 8 additions & 2 deletions b/‎docker/Dockerfile.linux.amd64‎
Lines changed: 8 additions & 2 deletions
@@ -78,6 +78,23 @@ steps:
     - refs/heads/master
     - refs/tags/*
 
+- name: publish_ppc64le
+  image: plugins/docker
+  pull: if-not-exists
+  settings:
+    repo: drone/drone-runner-docker
+    auto_tag: true
+    auto_tag_suffix: linux-ppc64le
+    dockerfile: docker/Dockerfile.linux.ppc64le
+    username:
+      from_secret: docker_username
+    password:
+      from_secret: docker_password
+  when:
+    ref:
+    - refs/heads/master
+    - refs/tags/*
+
 volumes:
 - name: go
   temp: {}
 
@@ -1,7 +1,23 @@
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## Unreleased
+## 1.6.3
+### Fixed
+- use path prefix when evaluating restricted volume mounts. See [#ea74fa2](https://github.com/drone-runners/drone-runner-docker/commit/ea74fa2ba442eacb0812ad5983c305a16b6763bc).
+
+## 1.6.2
+### Added
+- support for self-hosted tmate instances
+
+## 1.6.1
+### Changed
+- restrict temporary volumes used with docker plugins
+- restrict environment variables used with docker plugins
+
+## 1.6.0
+### Added
+- experimental support for remote debugging with tmate, disabled by default
+
 ### Fixed
 - exit code 78 not properly exiting early when pipeline has services (from runner-go)
 
 
@@ -25,6 +25,7 @@ func Command() {
 	app := kingpin.New("drone", "drone docker runner")
 	registerCompile(app)
 	registerExec(app)
+	registerCopy(app)
 	daemon.Register(app)
 
 	kingpin.Version(version)
 
@@ -37,6 +37,7 @@ type compileCommand struct {
 	Labels     map[string]string
 	Secrets    map[string]string
 	Resources  compiler.Resources
+	Tmate      compiler.Tmate
 	Clone      bool
 	Config     string
 }
@@ -101,6 +102,7 @@ func (c *compileCommand) run(*kingpin.ParseContext) error {
 		Environ:    provider.Static(c.Environ),
 		Labels:     c.Labels,
 		Resources:  c.Resources,
+		Tmate:      c.Tmate,
 		Privileged: append(c.Privileged, compiler.Privileged...),
 		Networks:   c.Networks,
 		Volumes:    c.Volumes,
@@ -125,6 +127,7 @@ func (c *compileCommand) run(*kingpin.ParseContext) error {
 		Repo:     c.Repo,
 		Stage:    c.Stage,
 		System:   c.System,
+		Secret:   secret.StaticVars(c.Secrets),
 	}
 	spec := comp.Compile(nocontext, args)
 
@@ -192,6 +195,28 @@ func registerCompile(app *kingpin.Application) {
 	cmd.Flag("docker-config", "path to the docker config file").
 		StringVar(&c.Config)
 
+	cmd.Flag("tmate-image", "tmate docker image").
+		Default("drone/drone-runner-docker:1").
+		StringVar(&c.Tmate.Image)
+
+	cmd.Flag("tmate-enabled", "tmate enabled").
+		BoolVar(&c.Tmate.Enabled)
+
+	cmd.Flag("tmate-server-host", "tmate server host").
+		StringVar(&c.Tmate.Server)
+
+	cmd.Flag("tmate-server-port", "tmate server port").
+		StringVar(&c.Tmate.Port)
+
+	cmd.Flag("tmate-server-rsa-fingerprint", "tmate server rsa fingerprint").
+		StringVar(&c.Tmate.RSA)
+
+	cmd.Flag("tmate-server-ed25519-fingerprint", "tmate server rsa fingerprint").
+		StringVar(&c.Tmate.ED25519)
+
+	cmd.Flag("tmate-authorized-keys", "tmate authorized keys").
+		StringVar(&c.Tmate.AuthorizedKeys)
+
 	// shared pipeline flags
 	c.Flags = internal.ParseFlags(cmd)
 }
@@ -0,0 +1,74 @@
+// Copyright 2019 Drone.IO Inc. All rights reserved.
+// Use of this source code is governed by the Polyform License
+// that can be found in the LICENSE file.
+
+package command
+
+import (
+	"io"
+	"os"
+
+	"gopkg.in/alecthomas/kingpin.v2"
+)
+
+type copyCommand struct {
+	source string
+	target string
+}
+
+func (c *copyCommand) run(*kingpin.ParseContext) error {
+	return Copy(c.source, c.target)
+}
+
+func Copy(src, dst string) error {
+	in, err := os.Open(src)
+	if err != nil {
+		return err
+	}
+	defer in.Close()
+
+	out, err := os.Create(dst)
+	if err != nil {
+		return err
+	}
+	defer out.Close()
+
+	_, err = io.Copy(out, in)
+	if err != nil {
+		return err
+	}
+
+	err = out.Sync()
+	if err != nil {
+		return err
+	}
+
+	info, err := os.Stat(src)
+	if err != nil {
+		return err
+	}
+
+	err = os.Chmod(dst, info.Mode())
+	if err != nil {
+		return err
+	}
+
+	return out.Close()
+}
+
+// Register registers the copy command.
+func registerCopy(app *kingpin.Application) {
+	c := new(copyCommand)
+
+	cmd := app.Command("copy", "entrypoint copy").
+		Hidden().
+		Action(c.run)
+
+	cmd.Flag("source", "source binary path").
+		Default("/bin/tmate").
+		StringVar(&c.source)
+
+	cmd.Flag("target", "target binary path").
+		Default("/usr/drone/bin/tmate").
+		StringVar(&c.target)
+}
@@ -106,6 +106,16 @@ type Config struct {
 		Config string `envconfig:"DRONE_DOCKER_CONFIG"`
 		Stream bool   `envconfig:"DRONE_DOCKER_STREAM_PULL" default:"true"`
 	}
+
+	Tmate struct {
+		Enabled        bool   `envconfig:"DRONE_TMATE_ENABLED" default:"false"`
+		Image          string `envconfig:"DRONE_TMATE_IMAGE"   default:"drone/drone-runner-docker:1"`
+		Server         string `envconfig:"DRONE_TMATE_HOST"`
+		Port           string `envconfig:"DRONE_TMATE_PORT"`
+		RSA            string `envconfig:"DRONE_TMATE_FINGERPRINT_RSA"`
+		ED25519        string `envconfig:"DRONE_TMATE_FINGERPRINT_ED25519"`
+		AuthorizedKeys string `envconfig:"DRONE_TMATE_AUTHORIZED_KEYS"`
+	}
 }
 
 // legacy environment variables. the key is the legacy
 
@@ -141,6 +141,15 @@ func (c *daemonCommand) run(*kingpin.ParseContext) error {
 				CPUSet:     config.Resources.CPUSet,
 				ShmSize:    config.Resources.ShmSize,
 			},
+			Tmate: compiler.Tmate{
+				Image:          config.Tmate.Image,
+				Enabled:        config.Tmate.Enabled,
+				Server:         config.Tmate.Server,
+				Port:           config.Tmate.Port,
+				RSA:            config.Tmate.RSA,
+				ED25519:        config.Tmate.ED25519,
+				AuthorizedKeys: config.Tmate.AuthorizedKeys,
+			},
 			Environ: provider.Combine(
 				provider.Static(config.Runner.Environ),
 				provider.External(
 
@@ -49,6 +49,7 @@ type execCommand struct {
 	Labels     map[string]string
 	Secrets    map[string]string
 	Resources  compiler.Resources
+	Tmate      compiler.Tmate
 	Clone      bool
 	Config     string
 	Pretty     bool
@@ -120,6 +121,7 @@ func (c *execCommand) run(*kingpin.ParseContext) error {
 		Environ:    provider.Static(c.Environ),
 		Labels:     c.Labels,
 		Resources:  c.Resources,
+		Tmate:      c.Tmate,
 		Privileged: append(c.Privileged, compiler.Privileged...),
 		Networks:   c.Networks,
 		Volumes:    c.Volumes,
@@ -327,6 +329,28 @@ func registerExec(app *kingpin.Application) {
 	cmd.Flag("docker-config", "path to the docker config file").
 		StringVar(&c.Config)
 
+	cmd.Flag("tmate-image", "tmate docker image").
+		Default("drone/drone-runner-docker:1").
+		StringVar(&c.Tmate.Image)
+
+	cmd.Flag("tmate-enabled", "tmate enabled").
+		BoolVar(&c.Tmate.Enabled)
+
+	cmd.Flag("tmate-server-host", "tmate server host").
+		StringVar(&c.Tmate.Server)
+
+	cmd.Flag("tmate-server-port", "tmate server port").
+		StringVar(&c.Tmate.Port)
+
+	cmd.Flag("tmate-server-rsa-fingerprint", "tmate server rsa fingerprint").
+		StringVar(&c.Tmate.RSA)
+
+	cmd.Flag("tmate-server-ed25519-fingerprint", "tmate server rsa fingerprint").
+		StringVar(&c.Tmate.ED25519)
+
+	cmd.Flag("tmate-authorized-keys", "tmate authorized keys").
+		StringVar(&c.Tmate.AuthorizedKeys)
+
 	cmd.Flag("debug", "enable debug logging").
 		BoolVar(&c.Debug)
 
 
@@ -59,6 +59,7 @@ func ParseFlags(cmd *kingpin.CmdClause) *Flags {
 	cmd.Flag("build-action", "build action").Default("").StringVar(&f.Build.Action)
 	cmd.Flag("build-cron", "build cron trigger").Default("").StringVar(&f.Build.Cron)
 	cmd.Flag("build-target", "build deploy target").Default("").StringVar(&f.Build.Deploy)
+	cmd.Flag("build-debug", "build debug").Default("false").BoolVar(&f.Build.Debug)
 	cmd.Flag("build-created", "build created").Default(now).Int64Var(&f.Build.Created)
 	cmd.Flag("build-updated", "build updated").Default(now).Int64Var(&f.Build.Updated)
 
 
@@ -1,14 +1,20 @@
-FROM alpine:3.6 as alpine
+FROM alpine:3 as alpine
 RUN apk add -U --no-cache ca-certificates
 
-FROM alpine:3.6
+RUN wget https://github.com/tmate-io/tmate/releases/download/2.4.0/tmate-2.4.0-static-linux-amd64.tar.xz
+RUN tar -xf tmate-2.4.0-static-linux-amd64.tar.xz
+RUN mv tmate-2.4.0-static-linux-amd64/tmate /bin/
+RUN chmod +x /bin/tmate
+
+FROM alpine:3
 EXPOSE 3000
 
 ENV GODEBUG netdns=go
 ENV DRONE_PLATFORM_OS linux
 ENV DRONE_PLATFORM_ARCH amd64
 
 COPY --from=alpine /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=alpine /bin/tmate /bin/
 
 LABEL com.centurylinklabs.watchtower.stop-signal="SIGINT"