about summary refs log tree commit diff
path: root/nixos/modules/services/continuous-integration
diff options
context:
space:
mode:
authorVincent Haupert <vincent@yaxi.tech>2023-02-23 08:41:06 +0100
committerVincent Haupert <vincent@yaxi.tech>2023-02-23 09:05:27 +0100
commit36949b9718fdaf0018b29c8598661ec758ac7b39 (patch)
treedcc7f7c4c3f742c860585d818dc70c1cc551f995 /nixos/modules/services/continuous-integration
parent79e0d204e20ff3dbefefec518f1c74a978bd6b1b (diff)
downloadnixlib-36949b9718fdaf0018b29c8598661ec758ac7b39.tar
nixlib-36949b9718fdaf0018b29c8598661ec758ac7b39.tar.gz
nixlib-36949b9718fdaf0018b29c8598661ec758ac7b39.tar.bz2
nixlib-36949b9718fdaf0018b29c8598661ec758ac7b39.tar.lz
nixlib-36949b9718fdaf0018b29c8598661ec758ac7b39.tar.xz
nixlib-36949b9718fdaf0018b29c8598661ec758ac7b39.tar.zst
nixlib-36949b9718fdaf0018b29c8598661ec758ac7b39.zip
nixos/github-runners: clean `workDir` as root
Purge contents of `workDir` as root to also allow the removal of files
marked as read-only. It is easy to create read-only files in `workDir`,
e.g., by copying files from the Nix store.
Diffstat (limited to 'nixos/modules/services/continuous-integration')
-rw-r--r--nixos/modules/services/continuous-integration/github-runner/service.nix5
1 files changed, 2 insertions, 3 deletions
diff --git a/nixos/modules/services/continuous-integration/github-runner/service.nix b/nixos/modules/services/continuous-integration/github-runner/service.nix
index db9a19815ec1..3d11728ebfdd 100644
--- a/nixos/modules/services/continuous-integration/github-runner/service.nix
+++ b/nixos/modules/services/continuous-integration/github-runner/service.nix
@@ -124,6 +124,8 @@ in
               # The state directory is entirely empty which indicates a first start
               copy_tokens
             fi
+            # Always clean workDir
+            find -H "$WORK_DIRECTORY" -mindepth 1 -delete
           '';
           configureRunner = writeScript "configure" ''
             if [[ -e "${newConfigTokenPath}" ]]; then
@@ -159,9 +161,6 @@ in
             fi
           '';
           setupWorkDir = writeScript "setup-work-dirs" ''
-            # Cleanup previous service
-            ${pkgs.findutils}/bin/find -H "$WORK_DIRECTORY" -mindepth 1 -delete
-
             # Link _diag dir
             ln -s "$LOGS_DIRECTORY" "$WORK_DIRECTORY/_diag"
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-13 19:25:16 +0000