diff --git a/pipeline/backend/local/clone.go b/pipeline/backend/local/clone.go index 30c072d8c..25fe9e3c4 100644 --- a/pipeline/backend/local/clone.go +++ b/pipeline/backend/local/clone.go @@ -124,6 +124,11 @@ func (e *local) writeNetRC(step *types.Step, state *workflowState) (string, erro return "", nil } + if !e.isolatedHome { + log.Trace().Msg("writing .netrc skipped due to disabled isolated home") + return "", nil + } + file := filepath.Join(state.homeDir, ".netrc") rmCmd := fmt.Sprintf("rm \"%s\"", file) if e.os == "windows" { diff --git a/pipeline/backend/local/flags.go b/pipeline/backend/local/flags.go index 7029d23da..7523dee69 100644 --- a/pipeline/backend/local/flags.go +++ b/pipeline/backend/local/flags.go @@ -28,4 +28,10 @@ var Flags = []cli.Flag{ DefaultText: "system temporary directory", Value: os.TempDir(), }, + &cli.BoolFlag{ + Sources: cli.EnvVars("WOODPECKER_BACKEND_LOCAL_ISOLATED_HOME"), + Name: "backend-local-isolated-home", + Usage: "set HOME, USERPROFILE and other variables to an isolated directory, if false we ignore netrc", + Value: true, + }, } diff --git a/pipeline/backend/local/local.go b/pipeline/backend/local/local.go index f6c13a2ef..3430a8729 100644 --- a/pipeline/backend/local/local.go +++ b/pipeline/backend/local/local.go @@ -47,6 +47,7 @@ type stepState struct { type local struct { tempDir string + isolatedHome bool workflows sync.Map pluginGitBinary string os, arch string @@ -84,6 +85,7 @@ func (e *local) Load(ctx context.Context) (*types.BackendInfo, error) { c, ok := ctx.Value(types.CliCommand).(*cli.Command) if ok { e.tempDir = c.String("backend-local-temp-dir") + e.isolatedHome = c.Bool("backend-local-isolated-home") } e.loadClone() @@ -154,9 +156,11 @@ func (e *local) StartStep(ctx context.Context, step *types.Step, taskUUID string } } - // Set HOME and CI_WORKSPACE - env = append(env, "HOME="+state.homeDir) - env = append(env, "USERPROFILE="+state.homeDir) + if e.isolatedHome { + env = append(env, "HOME="+state.homeDir) + env = append(env, "USERPROFILE="+state.homeDir) + } + env = append(env, "CI_WORKSPACE="+state.workspaceDir) switch step.Type { diff --git a/pipeline/backend/local/local_test.go b/pipeline/backend/local/local_test.go index 373ff9d8b..3dc17aadb 100644 --- a/pipeline/backend/local/local_test.go +++ b/pipeline/backend/local/local_test.go @@ -190,6 +190,7 @@ func TestRunStep(t *testing.T) { backend, _ := New().(*local) backend.tempDir = t.TempDir() + backend.isolatedHome = true ctx := t.Context() taskUUID := "test-run-tasks"