Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: permission issue #49

Open
wants to merge 20 commits into
base: main
Choose a base branch
from
Open

fix: permission issue #49

wants to merge 20 commits into from

Conversation

mazzy89
Copy link

@mazzy89 mazzy89 commented Sep 27, 2023
edited
Loading

This is an attempt to fix permission issue running a rootless container which is anyway always a good practice in the industry.

I have tested and it works. permissions inside the docker container for the pulled repo are now correct and at the next checkout no other issues are present.

Close #48

@mazzy89
Copy link
Author

mazzy89 commented Sep 27, 2023

Hey @highb please can you take a look to this PR?

@mazzy89 mazzy89 mentioned this pull request Sep 27, 2023
Open
mazzy89
mazzy89 commented Sep 27, 2023
View reviewed changes
action.yml Outdated
#image: 'Dockerfile'
image: 'docker://ghcr.io/kustomize-everything/action-promote:v4.1.3'
image: 'Dockerfile'
#image: 'docker://ghcr.io/kustomize-everything/action-promote:v4.1.3'
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will switch this once the PR is reviewed and approved.

@highb
Copy link
Contributor

highb commented Sep 29, 2023

Hey @mazzy89 , thanks for the contribution! I'll take a look today.

@highb
Copy link
Contributor

highb commented Sep 29, 2023
edited
Loading

Ah, I remember why I didn't set a USER. GitHub's documentation explicitly says you shouldn't set one:

Docker actions must be run by the default Docker user (root). Do not use the USER instruction in your Dockerfile, because you won't be able to access the GITHUB_WORKSPACE directory.

But if you're finding different behavior in your testing, perhaps it might work.

@highb highb self-requested a review September 29, 2023 17:47
@mazzy89
Copy link
Author

mazzy89 commented Sep 29, 2023

Thanks @highb

I didn't know that limitation. I have implemented and I have personally tested and this branch is currently running on my side and it worked without issues.

@mazzy89
Copy link
Author

mazzy89 commented Sep 29, 2023

@highb testing jobs are failing for permission issues. I will check. Build job is failing for something else I guess.

@mazzy89
Copy link
Author

mazzy89 commented Sep 29, 2023

The testing job fails with error

/action-promote/entrypoint.sh: line 23: /github/file_commands/set_env_beb44ca8-e410-464a-8194-7ab590e9e158: Permission denied

It seems it cannot setup GITHUB_ENV. The user kustomize-everything created in the Dockerfile misses permissions. On my side I do not experience this issue. I run on a self-hosted runner though.

@mazzy89
Copy link
Author

mazzy89 commented Oct 1, 2023

Unfortunately we are experiencing the typical issue "it works on my computer". The issue is extensively documented here actions/runner#2411. It works for me because the user in the runner maps the one created in the Docker container (by coincidence). I need to sit and think about how we could solve this issue. Open to any suggestions.

@highb
Copy link
Contributor

highb commented Oct 2, 2023

Unfortunately we are experiencing the typical issue "it works on my computer". The issue is extensively documented here actions/runner#2411. It works for me because the user in the runner maps the one created in the Docker container (by coincidence). I need to sit and think about how we could solve this issue. Open to any suggestions.

A classic issue, for sure. As for ideas, I'll also have to think this over for a while and see if I come up with anything.

@highb highb mentioned this pull request Feb 27, 2024
Open
@highb
Copy link
Contributor

highb commented Feb 27, 2024

@mazzy89 Sorry for the radio silence, there. Are you still interested in getting this PR in? Did you verify the newer changes you've made against your code base to see if it fixes the problem? I'm trying out the changes on my own branch.

@highb
Copy link
Contributor

highb commented Feb 27, 2024

Looking at the actions runs, it looks like there are still some permissions issues on the Dockerfile build.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codescene-delta-analysis codescene-delta-analysis[bot] codescene-delta-analysis[bot] approved these changes

@highb highb Awaiting requested review from highb

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Permission denied: file unable to be removed
2 participants
@mazzy89 @highb