Added privileged property to dockerRun configuration

Authored-by: Leonhardt Koepsell <[email protected]>

Author: lnhrdt

CHANGELOG.md

@@ -9,6 +9,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.1.0] - 2024-11-07
+
+### Added
+
+- Added privileged property to dockerRun configuration, allowing tasks to run with Docker's privileged mode.
+
 ## [0.0.1] - 2024-11-06
 
 ### Added

src/main/kotlin/dev/codebandits/container/gradle/tasks/ContainerRunTask.kt

@@ -11,6 +11,7 @@ public abstract class ContainerRunTask : ContainerExecTask() {
     public val args: Property<Array<String>> = objects.property(Array<String>::class.java).convention(emptyArray())
     public val workdir: Property<String> = objects.property(String::class.java)
     public val user: Property<String> = objects.property(String::class.java)
+    public val privileged: Property<Boolean> = objects.property(Boolean::class.java).convention(false)
     public val autoRemove: Property<Boolean> = objects.property(Boolean::class.java).convention(true)
     public val alwaysPull: Property<Boolean> = objects.property(Boolean::class.java).convention(true)
     public val dockerHost: Property<String> = objects.property(String::class.java)
@@ -24,6 +25,9 @@ public abstract class ContainerRunTask : ContainerExecTask() {
     if (user != null) {
       options.addAll(listOf("--user", user))
     }
+    if (spec.privileged.get()) {
+      options.add("--privileged")
+    }
     if (spec.autoRemove.get()) {
       options.add("--rm")
     }

src/testFeatures/kotlin/dev/codebandits/container/gradle/DockerRunPrivilegedTest.kt

@@ -0,0 +1,75 @@
+package dev.codebandits.container.gradle
+
+import dev.codebandits.container.gradle.helpers.appendLine
+import org.gradle.testkit.runner.GradleRunner
+import org.gradle.testkit.runner.TaskOutcome
+import org.junit.jupiter.api.Test
+import strikt.api.expectThat
+import strikt.assertions.isEqualTo
+import strikt.assertions.isNotNull
+
+class DockerRunPrivilegedTest : GradleProjectTest() {
+
+  @Test
+  fun `dockerRun privileged is not set`() {
+    buildGradleKtsFile.appendLine(
+      """
+      import dev.codebandits.container.gradle.tasks.ContainerRunTask
+      
+      plugins {
+        id("dev.codebandits.container")
+      }
+      
+      tasks {
+        register<ContainerRunTask>("accessMemory") {
+          dockerRun {
+            image = "alpine:latest"
+            entrypoint = "ls"
+            args = arrayOf("/dev/mem")
+          }
+        }
+      }
+      """.trimIndent()
+    )
+
+    val result = GradleRunner.create()
+      .withPluginClasspath()
+      .withProjectDir(projectDirectory.toFile())
+      .withArguments("accessMemory")
+      .buildAndFail()
+
+    expectThat(result).get { task(":accessMemory") }.isNotNull().get { outcome }.isEqualTo(TaskOutcome.FAILED)
+  }
+
+  @Test
+  fun `dockerRun privileged is set`() {
+    buildGradleKtsFile.appendLine(
+      """
+      import dev.codebandits.container.gradle.tasks.ContainerRunTask
+      
+      plugins {
+        id("dev.codebandits.container")
+      }
+      
+      tasks {
+        register<ContainerRunTask>("accessMemory") {
+          dockerRun {
+            image = "alpine:latest"
+            entrypoint = "ls"
+            args = arrayOf("/dev/mem")
+            privileged = true
+          }
+        }
+      }
+      """.trimIndent()
+    )
+
+    val result = GradleRunner.create()
+      .withPluginClasspath()
+      .withProjectDir(projectDirectory.toFile())
+      .withArguments("accessMemory")
+      .build()
+
+    expectThat(result).get { task(":accessMemory") }.isNotNull().get { outcome }.isEqualTo(TaskOutcome.SUCCESS)
+  }
+}