Allow backup to be run as non-root user

2025-09-10 16:34:40 +08:00 · 2024-02-17 09:12:59 +01:00 · 2024-02-17 09:12:59 +01:00 · 83fc3dcf34
commit 83fc3dcf34
parent dd8ff5ee0c
4 changed files with 68 additions and 2 deletions
--- a/3
+++ b/3
@ -13,7 +13,8 @@ FROM alpine:3.19

 WORKDIR /root

-RUN apk add --no-cache ca-certificates
+RUN apk add --no-cache ca-certificates && \
+  chmod a+rw /var/lock

 COPY --from=builder /app/cmd/backup/backup /usr/bin/backup

--- a/test/nonroot/docker-compose.yml
+++ b/test/nonroot/docker-compose.yml
@ -0,0 +1,40 @@
+version: '3'
+
+services:
+  minio:
+    image: minio/minio:RELEASE.2020-08-04T23-10-51Z
+    environment:
+      MINIO_ROOT_USER: test
+      MINIO_ROOT_PASSWORD: test
+      MINIO_ACCESS_KEY: test
+      MINIO_SECRET_KEY: GMusLtUmILge2by+z890kQ
+    entrypoint: /bin/ash -c 'mkdir -p /data/backup && minio server /data'
+    volumes:
+      - ${LOCAL_DIR:-local}:/data
+
+  backup:
+    image: offen/docker-volume-backup:${TEST_VERSION:-canary}
+    user: 1000:1000
+    depends_on:
+      - minio
+    restart: always
+    environment:
+      AWS_ACCESS_KEY_ID: test
+      AWS_SECRET_ACCESS_KEY: GMusLtUmILge2by+z890kQ
+      AWS_ENDPOINT: minio:9000
+      AWS_ENDPOINT_PROTO: http
+      AWS_S3_BUCKET_NAME: backup
+      BACKUP_CRON_EXPRESSION: 0 0 5 31 2 ?
+      BACKUP_FILENAME: test.tar.gz
+    volumes:
+      - app_data:/backup/app_data:ro
+
+  offen:
+    image: offen/offen:latest
+    labels:
+      - docker-volume-backup.stop-during-backup=true
+    volumes:
+      - app_data:/var/opt/offen
+
+volumes:
+  app_data:
--- a/test/nonroot/run.sh
+++ b/test/nonroot/run.sh
@ -0,0 +1,25 @@
+#!/bin/sh
+
+set -e
+
+cd "$(dirname "$0")"
+. ../util.sh
+current_test=$(basename $(pwd))
+
+export LOCAL_DIR=$(mktemp -d)
+
+docker compose up -d --quiet-pull
+sleep 5
+
+docker compose exec backup backup
+
+sleep 5
+
+expect_running_containers "3"
+
+if [ ! -f "$LOCAL_DIR/backup/test.tar.gz" ]; then
+  fail "Could not find archive."
+fi
+pass "Archive was created."
+
+docker compose logs backup
--- a/test/util.sh
+++ b/test/util.sh
@ -22,7 +22,7 @@ skip () {

 expect_running_containers () {
  if [ "$(docker ps -q | wc -l)" != "$1" ]; then
-    fail "Expected $1 containers to be running, instead seen: "$(docker ps -a | wc -l)""
+    fail "Expected $1 containers to be running, instead seen: "$(docker ps -q | wc -l)""
  fi
  pass "$1 containers running."
 }