-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
wp-env runs docker commands with same UID as host to prevent filesystem permission issues #42867
Open
Luc45
wants to merge
2
commits into
WordPress:trunk
Choose a base branch
from
Luc45:env-user-flag
base: trunk
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
2 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So I think this just changes the user when running something like
npx wp-env run wordpress bash. I don't think this change would impact permissions as wp-env starts up. 🤔Another change I was just working on in #42826 will use a git checkout for the main WordPress version rather than whatever Docker provides. I wonder if that would help the permissions issue as well...
I also experimented with file permissions in #40864.
But I was unfortunately never able to replicate the bug (even on Linux!), so I'm not sure what the best path is forwards! (I'm also curious if the steps on this page helped at all with permissions issues: https://docs.docker.com/engine/install/linux-postinstall/)
Could you describe the issues you're seeing?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is some scripting involved, so it's hard to get an accurate step-by-step, but it goes something like this:
<file permission issues>Even though, I could not reproduce it neither running these commands in a clean wp-env (this repo).
I'm not sure when the permission errors kicks-in, as it shouldn't happen if the
destroyalso happens inside the container. But if thedestroycallsrm -rfon the host, then it should have permission errors.This is the error that I can reproduce when using wp-env integrated with our tooling:
Is that call to
rm -rf pluginshappening on the host machine? If so, that's a likely cause of permission issuesThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ops, my bad.
rm -rf pluginsis called on our end of the tooling.This issue could theoretically be closed as a non-issue, but it's nice to have the UID mapping being done correctly in Linux as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've seen the #40864, I believe that mapping the host UID with the UID running inside the docker container is the most appopriate solution, as per this PR.
I believe that adding this UID mapping behind a feature flag, and optionally providing the ability to override Docker's UID with a environment variable will be enough to resolve the permission issues, as someone could do this if needed:
The Docker Desktop VM for Mac and Windows does something similar to this behind the scenes, but it's automatically managed for you, in Linux it has to be explicit. But if the
docker-compose runcall is behind an abstraction, such as wp-env's one, then the abstraction should allow to passthrough these arguments, ideally.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A cleaner approach would be to add support for a
-uor--userflag, mimicking docker-composeThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good points! I also like the idea of keeping the user information consistent.
The reason I'm not sure this PR completely solves it is because when wp-env starts up, it's running docker compose commands directly, without using the built-in run command. The run command modified in this PR only changes the user settings for
npx wp-env run .... But when everything is installed withnpx wp-env start, it's still using the default settings for everything.