-
-
Notifications
You must be signed in to change notification settings - Fork 375
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
2.4.1
backend docker run error cannot create /root/.netrc: Permission denied
#3552
Comments
Are you sure that's a woodpecker issue? We didn't change anything related to docker in 2.4.1. For non-root images see #1077 |
Confirm that 2.4.1 has appeared, 2.4.0 In the same host environment, the docker-compose file only changes the version number and can be used docker information
some config of labels:
backend: docker
platform: linux/amd64
skip_clone: true
steps:
init:
image: sinlov/woodpecker-plugin-env:1.13.0 # https://hub.docker.com/r/sinlov/woodpecker-plugin-env/tags
pull: false
settings:
# debug: true
env_printer_padding_left_max: 36 # padding left max
python-poetry-gcc:
image: fnndsc/python-poetry:1.7.1
pull: false
commands:
- export HOME="$(getent passwd $(id -u) | cut '-d:' -f6)"
- whoami
- id
- pwd
- ls -alFh
Inheriting the mirror image separately, maintaining a mirror to change user to
drone runer ...
- name: python-poetry-build
image: fnndsc/python-poetry:1.7.1 # https://hub.docker.com/r/fnndsc/python-poetry/tags
pull: if-not-exists
user: root # for image fnndsc/python-poetry:1.7.1 default use `mambauser` can not management file
volumes:
- name: tmp-python-poetry-gcc-cache
path: /root/.cache
- name: tmp-python-poetry-gcc-local
path: /root/.local
commands:
- whoami
- id
- pwd
- ls -alFh .
... |
Experiencing this issue as well after upgrading from 1.0.0 to 2.4.1. Reverting back to 2.4.0 did not fix it. My docker environment is alpine 3.19 |
The docker image I used has a
section. I have rebuilt that image without the |
This is probably because Woodpecker incorrectly modified some environment variables when starting the container, causing the user executed in the container to not match the HOME variable. This also caused other related failures on my side, and I had to manually set the HOME variable. |
since the milestones changed, is that issue planed for 2.x.x or 3.x.x? |
3.x.x. because we'll release 3.0.0 next. |
See https://github.com/woodpecker-ci/woodpecker/blob/main/pipeline/backend/common/script.go#L31 Why do we hard-code As @Hentioe said already setting @woodpecker-ci/maintainers do you have a preferred way? I tend to drop the hard-coded |
yes we can drop the hardcoded home var |
Ok, but what happens if $HOME is not set by the container, e.g. on distroless/scratch containers or due to any other reason? We rely on it at some parts e.g. to write |
There is no shell.
What if I run container as user and group If |
Any fix or workaround for this, just trying to make the switch from drone and falling over this? |
What about #3552 (comment)? |
@qwerty287 thanks for the suggestion but doesn't seem to work for me, will adapt the image i use for now. |
@mortbauer, what exactly did you try? |
I've debugged this a bit (using 2.7.0) and I think there are two different issues here:
For (1), I currently only see the option to use an image with For (2), the following should be a generic snippet that works for most pipelines (untrusted) and containers:
In addition, we should ensure that Manually setting |
Component
server, agent
Describe the bug
will be error as
but if use woodpecker
2.4.0
can run and printSystem Info
Additional context
beacuse
fnndsc/python-poetry:1.7.1
image not useroot
python build file
and the permission to run thecache
are isolatedValidations
next
version already [https://woodpecker-ci.org/faq#which-version-of-woodpecker-should-i-use]The text was updated successfully, but these errors were encountered: