From a12ef53b9c38c7826bd3103c991f2dddde98d33f Mon Sep 17 00:00:00 2001
From: Rhys Arkins <rhys@arkins.net>
Date: Sat, 23 Nov 2019 11:08:16 +0100
Subject: [PATCH] fix: escape docker volumes and working dir values
---
lib/manager/bundler/artifacts.ts | 4 ++--
lib/manager/cargo/artifacts.ts | 4 ++--
lib/manager/composer/artifacts.ts | 4 ++--
lib/manager/gomod/artifacts.ts | 4 ++--
lib/manager/gradle/index.ts | 2 +-
lib/manager/npm/post-update/npm.ts | 4 ++--
lib/manager/npm/post-update/pnpm.ts | 4 ++--
lib/manager/pipenv/artifacts.ts | 4 ++--
lib/manager/poetry/artifacts.ts | 4 ++--
test/manager/gradle/index.spec.ts | 10 +++-------
10 files changed, 20 insertions(+), 24 deletions(-)
diff --git a/lib/manager/bundler/artifacts.ts b/lib/manager/bundler/artifacts.ts
index a7f60c3e56..fdb859440c 100644
--- a/lib/manager/bundler/artifacts.ts
+++ b/lib/manager/bundler/artifacts.ts
@@ -98,10 +98,10 @@ export async function updateArtifacts(
cmd += `--user=${config.dockerUser} `;
}
const volumes = [config.localDir];
- cmd += volumes.map(v => `-v ${v}:${v} `).join('');
+ cmd += volumes.map(v => `-v "${v}":"${v}" `).join('');
const envVars = [];
cmd += envVars.map(e => `-e ${e} `);
- cmd += `-w ${cwd} `;
+ cmd += `-w "${cwd}" `;
cmd += `renovate/ruby:${tag} bash -l -c "ruby --version && `;
cmd += 'gem install bundler' + bundlerVersion + ' --no-document';
cmd += ' && bundle';
diff --git a/lib/manager/cargo/artifacts.ts b/lib/manager/cargo/artifacts.ts
index b24da15be3..125990df72 100644
--- a/lib/manager/cargo/artifacts.ts
+++ b/lib/manager/cargo/artifacts.ts
@@ -47,10 +47,10 @@ export async function updateArtifacts(
cmd += `--user=${config.dockerUser} `;
}
const volumes = [cwd];
- cmd += volumes.map(v => `-v ${v}:${v} `).join('');
+ cmd += volumes.map(v => `-v "${v}":"${v}" `).join('');
const envVars = [];
cmd += envVars.map(e => `-e ${e} `).join('');
- cmd += `-w ${cwd} `;
+ cmd += `-w "${cwd}" `;
cmd += `renovate/rust cargo`;
} else {
logger.info('Running cargo via global cargo');
diff --git a/lib/manager/composer/artifacts.ts b/lib/manager/composer/artifacts.ts
index f7b6d9ee16..cf2583dda1 100644
--- a/lib/manager/composer/artifacts.ts
+++ b/lib/manager/composer/artifacts.ts
@@ -106,10 +106,10 @@ export async function updateArtifacts(
cmd += `--user=${config.dockerUser} `;
}
const volumes = [config.localDir, process.env.COMPOSER_CACHE_DIR];
- cmd += volumes.map(v => `-v ${v}:${v} `).join('');
+ cmd += volumes.map(v => `-v "${v}":"${v}" `).join('');
const envVars = ['COMPOSER_CACHE_DIR'];
cmd += envVars.map(e => `-e ${e} `);
- cmd += `-w ${cwd} `;
+ cmd += `-w "${cwd}" `;
cmd += `renovate/composer composer`;
} else {
logger.info('Running composer via global composer');
diff --git a/lib/manager/gomod/artifacts.ts b/lib/manager/gomod/artifacts.ts
index 0ba2d1fe0b..9d49dad9c6 100644
--- a/lib/manager/gomod/artifacts.ts
+++ b/lib/manager/gomod/artifacts.ts
@@ -50,11 +50,11 @@ export async function updateArtifacts(
cmd += `--user=${config.dockerUser} `;
}
const volumes = [config.localDir, process.env.GOPATH];
- cmd += volumes.map(v => `-v ${v}:${v} `).join('');
+ cmd += volumes.map(v => `-v "${v}":"${v}" `).join('');
const envVars = customEnv;
cmd += envVars.map(e => `-e ${e} `).join('');
cmd += '-e CGO_ENABLED=0 ';
- cmd += `-w ${cwd} `;
+ cmd += `-w "${cwd}" `;
cmd += `renovate/go `;
const credentials = find({
hostType: 'github',
diff --git a/lib/manager/gradle/index.ts b/lib/manager/gradle/index.ts
index bfbb44ce10..25bc1cc988 100644
--- a/lib/manager/gradle/index.ts
+++ b/lib/manager/gradle/index.ts
@@ -148,7 +148,7 @@ async function getGradleCommandLine(
if (config.dockerUser) {
cmd += `--user=${config.dockerUser} `;
}
- cmd += `-v ${cwd}:${cwd} -w ${cwd} `;
+ cmd += `-v "${cwd}":"${cwd}" -w "${cwd}" `;
cmd += `renovate/gradle gradle`;
} else if (gradlewExecutable) {
cmd = './gradlew';
diff --git a/lib/manager/npm/post-update/npm.ts b/lib/manager/npm/post-update/npm.ts
index 05b20be8c4..f6cc933d5e 100644
--- a/lib/manager/npm/post-update/npm.ts
+++ b/lib/manager/npm/post-update/npm.ts
@@ -78,7 +78,7 @@ export async function generateLockFile(
if (config.cacheDir) {
volumes.push(config.cacheDir);
}
- cmd += volumes.map(v => `-v ${v}:${v} `).join('');
+ cmd += volumes.map(v => `-v "${v}":"${v}" `).join('');
if (config.dockerMapDotfiles) {
const homeDir =
process.env.HOME || process.env.HOMEPATH || process.env.USERPROFILE;
@@ -87,7 +87,7 @@ export async function generateLockFile(
}
const envVars = ['NPM_CONFIG_CACHE', 'npm_config_store'];
cmd += envVars.map(e => `-e ${e} `).join('');
- cmd += `-w ${cwd} `;
+ cmd += `-w "${cwd}" `;
cmd += `renovate/npm npm`;
}
args = `install`;
diff --git a/lib/manager/npm/post-update/pnpm.ts b/lib/manager/npm/post-update/pnpm.ts
index e5f285a313..ac60717b7a 100644
--- a/lib/manager/npm/post-update/pnpm.ts
+++ b/lib/manager/npm/post-update/pnpm.ts
@@ -75,7 +75,7 @@ export async function generateLockFile(
if (config.cacheDir) {
volumes.push(config.cacheDir);
}
- cmd += volumes.map(v => `-v ${v}:${v} `).join('');
+ cmd += volumes.map(v => `-v "${v}":"${v}" `).join('');
// istanbul ignore if
if (config.dockerMapDotfiles) {
const homeDir =
@@ -85,7 +85,7 @@ export async function generateLockFile(
}
const envVars = ['NPM_CONFIG_CACHE', 'npm_config_store'];
cmd += envVars.map(e => `-e ${e} `).join('');
- cmd += `-w ${cwd} `;
+ cmd += `-w "${cwd}" `;
cmd += `renovate/pnpm pnpm`;
}
logger.debug(`Using pnpm: ${cmd}`);
diff --git a/lib/manager/pipenv/artifacts.ts b/lib/manager/pipenv/artifacts.ts
index 3d373da822..1a64a02d1d 100644
--- a/lib/manager/pipenv/artifacts.ts
+++ b/lib/manager/pipenv/artifacts.ts
@@ -41,10 +41,10 @@ export async function updateArtifacts(
cmd += `--user=${config.dockerUser} `;
}
const volumes = [config.localDir, process.env.PIPENV_CACHE_DIR];
- cmd += volumes.map(v => `-v ${v}:${v} `).join('');
+ cmd += volumes.map(v => `-v "${v}":"${v}" `).join('');
const envVars = ['LC_ALL', 'LANG', 'PIPENV_CACHE_DIR'];
cmd += envVars.map(e => `-e ${e} `).join('');
- cmd += `-w ${cwd} `;
+ cmd += `-w "${cwd}" `;
cmd += `renovate/pipenv pipenv`;
} else {
logger.info('Running pipenv via global command');
diff --git a/lib/manager/poetry/artifacts.ts b/lib/manager/poetry/artifacts.ts
index 41568bdff6..f70e0e3847 100644
--- a/lib/manager/poetry/artifacts.ts
+++ b/lib/manager/poetry/artifacts.ts
@@ -53,10 +53,10 @@ export async function updateArtifacts(
cmd += `--user=${config.dockerUser} `;
}
const volumes = [cwd];
- cmd += volumes.map(v => `-v ${v}:${v} `).join('');
+ cmd += volumes.map(v => `-v "${v}":"${v}" `).join('');
const envVars = [];
cmd += envVars.map(e => `-e ${e} `);
- cmd += `-w ${cwd} `;
+ cmd += `-w "${cwd}" `;
cmd += `renovate/poetry poetry`;
} else {
logger.info('Running poetry via global poetry');
diff --git a/test/manager/gradle/index.spec.ts b/test/manager/gradle/index.spec.ts
index 56653c59d7..1991cfd1d4 100644
--- a/test/manager/gradle/index.spec.ts
+++ b/test/manager/gradle/index.spec.ts
@@ -165,12 +165,10 @@ describe('manager/gradle', () => {
};
await manager.extractAllPackageFiles(configWithDocker, ['build.gradle']);
- expect(exec.mock.calls[0][0]).toBe(
- 'docker run --rm -v localDir:localDir -w localDir renovate/gradle gradle --init-script renovate-plugin.gradle renovate'
- );
+ expect(exec.mock.calls[0][0].includes('docker run')).toBe(true);
});
- it('should use dcoker even if gradlew is available', async () => {
+ it('should use docker even if gradlew is available', async () => {
const configWithDocker = {
binarySource: 'docker',
...config,
@@ -178,9 +176,7 @@ describe('manager/gradle', () => {
};
await manager.extractAllPackageFiles(configWithDocker, ['build.gradle']);
- expect(exec.mock.calls[0][0]).toBe(
- 'docker run --rm -v localDir:localDir -w localDir renovate/gradle gradle --init-script renovate-plugin.gradle renovate'
- );
+ expect(exec.mock.calls[0][0].includes('docker run')).toBe(true);
});
});
--
GitLab