GNOME.org
 

[gnome-music/wip/jfelder/3-34-unprivileged-ci] CI: Update to run as unprivileged

commit 4915d81e3686a92d83d29620d62f42a209c6f675
Author: Jean Felder <jfelder src gnome org>
Date:   Fri Feb 21 11:55:30 2020 +0100

    CI: Update to run as unprivileged
    
    The following changes are required:
     * there is no default image for the runner. An image needs to be
       specified in order to install flake8.
     * the jobs using flatpak commands need the "flatpak" tag
     * flatpak-builder invocation need "--user --disable-rofiles-fuse"
       options
     * update the cache paths

 .gitlab-ci.yml | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)
---
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 88b15236..3a6e2e88 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -14,11 +14,13 @@ variables:
 
 flatpak:
   stage: build-flatpak
+  tags:
+    - flatpak
   script:
-    - flatpak-builder --stop-at=${FLATPAK_MODULE} app ${MANIFEST_PATH}
+    - flatpak-builder --user --disable-rofiles-fuse --stop-at=${FLATPAK_MODULE} app ${MANIFEST_PATH}
     - flatpak build app meson --prefix=/app _build
     - flatpak build app ninja -C _build install
-    - flatpak-builder --finish-only --repo=repo app ${MANIFEST_PATH}
+    - flatpak-builder --user --disable-rofiles-fuse --finish-only --repo=repo app ${MANIFEST_PATH}
     - flatpak build-bundle repo ${BUNDLE} --runtime-repo=${RUNTIME_REPO} ${DBUS_ID}
   artifacts:
     paths:
@@ -27,7 +29,8 @@ flatpak:
     expire_in: 2 days
   cache:
     paths:
-      - .flatpak-builder/cache
+      - .flatpak-builder/downloads
+      - .flatpak-builder/git
 
 review:
     stage: deploy
@@ -60,6 +63,7 @@ stop_review:
         - tags
 
 flake8:
+  image: fedora:28
   stage: check
   script:
     - dnf install -y python3-flake8
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]