fix: ensure that compute functions are running as non-root #228
Conversation
SdgJlbl
force-pushed
the
fix/compute-function-non-root
branch
from
85ed65f
to
274b2d0
Compare
|
/e2e --tests=substrafl,mnist,doc |
SdgJlbl
force-pushed
the
fix/compute-function-non-root
branch
2 times, most recently
from
59627a2
to
ba33753
Compare
|
/e2e --tests=substrafl |
|
End to end tests: ✔️ SUCCESS |
Signed-off-by: SdgJlbl <sarah.diot-girard@owkin.com>
SdgJlbl
force-pushed
the
fix/compute-function-non-root
branch
from
ba33753
to
9086b1e
Compare
| # create a non-root user | ||
| RUN addgroup --gid 1001 group | ||
| RUN adduser --disabled-password --gecos "" --uid 1001 --gid 1001 --home /home/user user | ||
| ENV PYTHONPATH /home/user | ||
| WORKDIR /home/user | ||
| USER user | ||
|
|
There was a problem hiding this comment.
Can we somehow factorize some of this and reuse part of the DOCKERFILE_TEMPLATE?
There was a problem hiding this comment.
This is part of the test. We are checking that the dockerfile template is what we expect it to be.
Else, we would just be checking that Python f-strings are working as intended, and that should be tested in the standard library :)
There was a problem hiding this comment.
I meant, I think we could avoid updating twice the constant part (where we just run commands that does not depend on anything else) and extract it in a dedicated variable that could be re-injected in the expected result (precisely because we can assume that (f-)strings work as intended) so the test actually focus on the templating part. But no big deal.
Related issue
fixes FL-1664
Summary
Notes
Please check if the PR fulfills these requirements