Docker user inconsistent when using GitHub Action #176

perezd · 2022-10-25T03:54:18Z

I have a simple Golang-based docker container, nothing special, looks like this:

ARG VARIANT="1.19-bullseye"
FROM mcr.microsoft.com/vscode/devcontainers/go:0-${VARIANT}

ARG NODE_VERSION="none"
RUN if [ "${NODE_VERSION}" != "none" ]; \
    then su vscode -c "umask 0002 && . /usr/local/share/nvm/nvm.sh && nvm install ${NODE_VERSION} 2>&1"; fi

RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
    && apt-get -y install --no-install-recommends openjdk-11-jdk wget bat

RUN wget https://www.antlr.org/download/antlr-4.11.1-complete.jar -O /usr/local/lib/antlr.jar
RUN echo "#/bin/sh" > /usr/local/bin/antlr && \
    echo "java -Xmx500M -cp /usr/local/lib/antlr.jar org.antlr.v4.Tool \$@" >> /usr/local/bin/antlr && \
    chmod +x /usr/local/bin/antlr

USER vscode
RUN go install github.com/josharian/impl@latest && \
    go install github.com/cweill/gotests/gotests@latest && \
    go install github.com/fatih/gomodifytags@latest && \
    go install github.com/haya14busa/goplay/cmd/goplay@latest && \
    go install github.com/go-delve/delve/cmd/dlv@latest && \
    go install honnef.co/go/tools/cmd/staticcheck@latest && \
    go install golang.org/x/tools/gopls@latest

My devcontainer.json looks like this:

{
	"name": "MyProject",
	"build": {
		"dockerfile": "Dockerfile",
		"args": {
			"VARIANT": "1.19-bullseye",
			"NODE_VERSION": "18"
		}
	},
	"runArgs": [
		"--cap-add=SYS_PTRACE",
		"--security-opt",
		"seccomp=unconfined"
	],
	"customizations": {
		"vscode": {
			"settings": {
				"go.toolsManagement.checkForUpdates": "local",
				"go.useLanguageServer": true,
				"go.installDependenciesWhenBuilding": true,
				"go.gopath": "/go"
			},
			"extensions": [
				"mike-lischke.vscode-antlr4",
				"golang.Go",
			]
		}
	},
	"remoteUser": "vscode",
	"features": {}
}

Notice that the user is vscode. Locally, if I built this container and run ls -l /go/pkg/mod, I see something like this:

drwxr-sr-x 3 vscode golang 4096 Oct 25 03:21 cache
drwxr-sr-x 8 vscode golang 4096 Oct 25 03:21 github.com
drwxr-sr-x 3 vscode golang 4096 Oct 25 03:21 golang.org

Notice the vscode user is properly named as the owner. Everything working as expected.
Now, If I do the very same thing w/ the GitHub Action, I see this:

drwxr-sr-x  3 1000 golang 4096 Oct 25 03:44 cache
drwxr-sr-x 22 1000 golang 4096 Oct 25 03:44 github.com
drwxr-sr-x  3 1000 golang 4096 Oct 25 03:44 golang.org

Here the username is 1000, and my runCmd to go test -v ./... results in a bunch of permission denied errors.

  go: writing go.mod cache: open /go/pkg/mod/cache/download/github.com/fatih/color/@v/v1.13.0.mod298498081.tmp: permission denied
  go: writing go.mod cache: mkdir /go/pkg/mod/cache/download/github.com/iancoleman: permission denied
  go: writing go.mod cache: open /go/pkg/mod/cache/download/github.com/inconshreveable/mousetrap/@v/v1.0.1.mod427131847.tmp: permission denied
  go: writing go.mod cache: mkdir /go/pkg/mod/cache/download/github.com/antlr: permission denied
  go: writing go.mod cache: open /go/pkg/mod/cache/download/github.com/mattn/go-colorable/@v/v0.1.13.mod939984059.tmp: permission denied
  go: writing go.mod cache: open /go/pkg/mod/cache/download/github.com/mattn/go-isatty/@v/v0.0.16.mod911902081.tmp: permission denied
  go: writing go.mod cache: open /go/pkg/mod/cache/download/github.com/spf13/cobra/@v/v1.5.0.mod474941318.tmp: permission denied
  go: writing go.mod cache: open /go/pkg/mod/cache/download/golang.org/x/exp/@v/v0.0.0-20221006183845-316c7553db56.mod140954425.tmp: permission denied
  go: writing go.mod cache: open /go/pkg/mod/cache/download/golang.org/x/sys/@v/v0.0.0-20221006211917-84dc82d7e875.mod336122540.tmp: permission denied
  go: writing go.mod cache: mkdir /go/pkg/mod/cache/download/github.com/ivanpirog: permission denied

I verified that the container built by this github action believes it is correctly logged in as the vscode user, but this file system seems to not be consistent with what I am producing locally when VSCode builds this container.

Am I doing something wrong? This feels like a bug, it should be otherwise fully reproducible.

The text was updated successfully, but these errors were encountered:

perezd · 2022-10-25T03:59:59Z

Also, in the container locally vscode user is user 1000 (according to id vscode):

uid=1000(vscode) gid=1000(vscode) groups=1000(vscode),999(golang),998(nvm)

The built container w/ this github action responds with this:

uid=1001(vscode) gid=121(vscode) groups=121(vscode),999(golang),998(nvm)

Not sure why it's different.

perezd · 2022-10-25T23:08:33Z

OK the problem was fixed by setting: skipContainerUserIdUpdate to true. That was just a very unclear option at first.

Avoid issues with inconsistent user in devcontainer ci see: devcontainers/ci#176

perezd closed this as completed Oct 25, 2022

lawrencegripper added a commit to lawrencegripper/azbrowse that referenced this issue Feb 22, 2023

Configure gopath to use non-root user

8eb7d97

Avoid issues with inconsistent user in devcontainer ci see: devcontainers/ci#176

kachick added a commit to kachick/wait-other-jobs that referenced this issue Jun 26, 2023

Looks like a same issue of devcontainers/ci#176 (comment)

206e8ad

kachick mentioned this issue Jun 27, 2023

Provide devcontainer kachick/wait-other-jobs#517

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Docker user inconsistent when using GitHub Action #176

Docker user inconsistent when using GitHub Action #176

perezd commented Oct 25, 2022

perezd commented Oct 25, 2022 •

edited

Loading

perezd commented Oct 25, 2022

Docker user inconsistent when using GitHub Action #176

Docker user inconsistent when using GitHub Action #176

Comments

perezd commented Oct 25, 2022

perezd commented Oct 25, 2022 • edited Loading

perezd commented Oct 25, 2022

perezd commented Oct 25, 2022 •

edited

Loading