docker-buildkite-plugin icon indicating copy to clipboard operation
docker-buildkite-plugin copied to clipboard

Published 20 hours ago verified publisher icon buildkite-plugins

Providing a custom seccomp profile

Open lewisl9029 opened this issue 5 years ago • 2 comments

Hi, we're looking to run playwright in CI for end to end testing, and the docs mention we can run chrome without disabling sandbox by providing their custom seccomp profile to docker run: https://playwright.dev/#version=v1.3.0&path=docs%2Fdocker%2FREADME.md&q=run-the-image

I've verified that this works great locally.

However I can't seem to find a way supply the required args using docker-buildkite-plugin: --security-opt seccomp=seccomp_profile.json

Would you be willing to accept a PR to add this functionality?

In the mean time we can disable chrome sandboxing in CI, but that's not ideal as we would not be testing in the same environment as users.

lewisl9029 avatar Aug 11 '20 00:08 lewisl9029

Hey @lewisl9029, we support passing in args like (taken from the readme):

steps:
  - plugins:
      - docker#v3.5.0:
          image: "mesosphere/aws-cli"
          always-pull: true
          command: ["s3", "sync", "s3://my-bucket/dist/", "/app/dist"]
    artifact_paths: "dist/**"

Would this work for your usecase?

jayco avatar Sep 22 '20 04:09 jayco

Hi @jayco apologies for the late follow up. --security-opt seccomp=seccomp_profile.json is an arg to docker itself, not to the program running in the container. See https://docs.docker.com/engine/security/seccomp/

It looks like the suggestion you posted is for passing args to the program running inside the container, correct?

lewisl9029 avatar Dec 09 '20 22:12 lewisl9029

This has been implemented in #171 and released in version v3.14.0 :)

toote avatar Sep 20 '22 18:09 toote