forked from taskcluster/taskcluster
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathfeatures.js
More file actions
108 lines (96 loc) · 3.86 KB
/
features.js
File metadata and controls
108 lines (96 loc) · 3.86 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
/**
The docker worker has a number of features all of which are optional and can be
enabled/disabled at will... This module defines the list of features and which
module is responsible for handling them.
*/
const _ = require('lodash');
const assert = require('assert');
const TaskclusterLogs = require('./features/local_live_log');
const ArtifactUpload = require('./features/artifacts');
const AllowPtrace = require('./features/allow_ptrace');
const ChainOfTrust = require('./features/chain_of_trust');
const BulkLog = require('./features/bulk_log');
const TaskclusterProxy = require('./features/taskcluster_proxy');
const Dind = require('./features/dind');
const DockerSave = require('./features/docker_save');
const Interactive = require('./features/interactive.js');
const features = {
localLiveLog: {
title: 'Enable live logging (worker local)',
description: 'Logs are stored on the worker during the duration of tasks ' +
'and available via http chunked streaming then uploaded to s3',
defaults: true,
module: TaskclusterLogs,
},
artifacts: {
title: 'Artifact uploads',
description: '',
defaults: true,
module: ArtifactUpload,
},
chainOfTrust: {
title: 'Enable generation of ed25519-signed Chain of Trust artifacts',
description: 'Artifacts named public/chain-of-trust.json and ' +
'public/chain-of-trust.json.sig should be generated ' +
'which will include information for downstream tasks to build ' +
'a level of trust for the artifacts produced by the task and ' +
'the environment it ran in.',
defaults: false,
module: ChainOfTrust,
},
bulkLog: {
title: 'Bulk upload the task log into a single artifact',
description: 'Useful if live logging is not interesting but the overall' +
'log is later on',
defaults: false,
module: BulkLog,
},
taskclusterProxy: {
title: 'Taskcluster auth proxy service',
description: 'The auth proxy allows making requests to taskcluster/queue ' +
'directly from your task with the ' +
'same scopes as set in the task. This can be used to make ' +
'api calls via the [client](https://github.com/taskcluster/taskcluster-client) ' +
'CURL, etc... Without embedding credentials in the task.',
defaults: false,
module: TaskclusterProxy,
},
dind: {
title: 'Docker in Docker',
description: 'Runs docker-in-docker and binds `/var/run/docker.sock` ' +
'into the container. Doesn\'t allow privileged mode, ' +
'capabilities or host volume mounts.',
defaults: false,
module: Dind,
},
dockerSave: {
title: 'Docker save',
description: 'Uploads docker images as artifacts',
defaults: false,
module: DockerSave,
},
interactive: {
title: 'Docker Exec Interactive',
description: 'This allows you to interactively run commands inside the container ' +
'and attaches you to the stdin/stdout/stderr over a websocket. ' +
'Can be used for SSH-like access to docker containers.',
defaults: false,
module: Interactive,
},
allowPtrace: {
title: 'Allow ptrace within the container',
description: 'This allows you to use the Linux ptrace functionality inside the ' +
'container; it is otherwise disallowed by Docker\'s security policy. ',
defaults: false,
module: AllowPtrace,
},
};
// Basic sanity check for features
_.forIn(features, ({ title, description, defaults, module }) => {
assert(typeof title === 'string', 'Expected title');
assert(typeof description === 'string', 'Expected description');
assert(typeof defaults === 'boolean', 'Expected a boolean default');
assert(module instanceof Function, 'Expected module to be class');
});
// Export features
module.exports = features;