Task Environment
A task runs in a new container every time, using the image provided by image_resource
as its base filesystem (i.e. /
).
The command specified by run
will be executed in a working directory containing each of the inputs
. If any inputs are missing the task will not run (and the container will not even be created).
The working directory will also contain empty directories for each of the outputs
. The task must place artifacts in the output directories for them to be exported. This meshes well with build tools with configurable destination paths.
If your build tools don't support output paths you'll have to copy bits around. If it's a
git
repo that you're modifying you can do a localgit clone ./input ./output
, which is much more efficient thancp
, and then work out of./output
.
Any params
configured will be set in the environment for the task's command, along with any environment variables provided by the task's image (i.e. ENV
rules from your Dockerfile
).
The user the command runs as is determined by the image. If you're using the Docker Image resource, this will be the user set by a USER
rule in your Dockerfile
, or root
if not specified.
Another relevant bit of configuration is privileged
, which determines whether the user the task runs as will have full privileges (primarily when running as root
). This is intentionally not configurable by the task itself, to prevent privilege escalation by way of pull requests to repositories containing task configs.
Putting all this together, the following task config:
---
platform: linux
image_resource:
type: docker-image
source:
repository: golang
tag: '1.6'
params:
SOME_PARAM: some-default-value
inputs:
- name: some-input
- name: some-input-with-custom-path
path: some/custom/path
outputs:
- name: some-output
run:
path: sh
args:
- -exc
- |
whoami
env
go version
find .
touch some-output/my-built-artifact
...will produce the following output:
+ whoami
root
+ env
USER=root
HOME=/root
GOLANG_DOWNLOAD_SHA256=5470eac05d273c74ff8bac7bef5bad0b5abbd1c4052efbdbc8db45332e836b0b
PATH=/go/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
GOPATH=/go
PWD=/tmp/build/e55deab7
GOLANG_DOWNLOAD_URL=https://golang.org/dl/go1.6.linux-amd64.tar.gz
GOLANG_VERSION=1.6
SOME_PARAM=some-default-value
+ go version
go version go1.6 linux/amd64
+ find .
.
./some-input
./some-input/foo
./some
./some/custom
./some/custom/path
./some/custom/path/bar
./some-output
+ touch some-output/my-built-artifact
...and propagate my-built-artifact
to any later task
steps or put
steps that reference the some-output
artifact, in the same way that this task had some-input
as an input.