New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[aws-lambda-nodejs] Broken in BitBucket Pipelines #8757
Comments
I've done some digging. I think using mkdtemp to create the staged asset directories is where the problem starts. From what I'm seeing, mkdtemp is creating the asset staging directories with mode 0700. It seems that unless "group" and "other" have read/write on that directory (i.e., mode 0777), the volume is inaccessible from the bundler's container in Bitbucket Pipelines. I managed to get the bundler to work by writing a hacky script outside of CDK and by providing bin/docker-stub.sh #!/bin/bash
echo "Running docker $*" >>docker-stub.log
ASSET_NAME=$(egrep -o "asset-bundle-[^:]*" <<<"$*")
if [ ! -z "$ASSET_NAME" ]; then
echo "Caught bundling: $ASSET_NAME." >>docker-stub.log
echo "Chmodding og+rwx" >>docker-stub.log
chmod og+rwx .cdk.staging/$ASSET_NAME &>>docker-stub.log
fi
exec docker "$@" Updated bitbucket-pipelines.yml image: node:12
pipelines:
default:
- step:
caches:
- node
- docker
services:
- docker
script:
- node -v
- yarn
- export CDK_DOCKER=$PWD/bin/docker-stub.sh
- yarn cdk synth
after-script:
- cat docker-stub.log docker-stub.log
One other thing worth noting is that if I rm -rf the asset directories in my script, instead of chmodding, Docker still works fine. I don't know that it's strictly necessary to pre-create the .cdk.staging asset directories, as Docker seems to be happy enough to create the host volume directories (and any parent directories necessary) on its own. |
@jogold can you take a look? |
…8767) The new bundler uses `mkdtempSync` to pre-create uniquely named directories for asset staging. But, `mkdtempSync` creates the staging directories with a restrictive `0700 & ~umask` mode, rather than `mkdir`'s usual `0777 & ~umask` mode. In Bitbucket Pipelines, these restrictive permissions prevent the bundler from accessing its `/asset-output` volume. And, if the bundler can't access `/asset-output`, bundling fails. This fix chmods the asset staging directory to 0777. This change fixes my Bitbucket Pipelines issue. Closes #8757 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
I am also running into this issue and unable to upgrade my cdk version from 1.36.1 to 1.58.0. I tried couple of previous versions to upgrade but the issue is been there for quite some time. Please some one help, what is the work around on this, I tried providing the 777 permission to both .cdk.staging and .parcel-cache folders and deleted these folders before running the synth. Still getting the same error. Bundling asset hello-world-dev-ApiDynamoDbStack/dlqS3UtilFunction/dlqS3UtilFunction/Code/Stage... |
There seems to be a problem with NodejsFunction in Bitbucket Pipelines. When I attempt to create a lambda using that construct and synthesize, I get an error about
lscpu
and anotherError: EACCES: permission denied, open '/asset-output/index.js'
.Reproduction Steps
bug-stack.ts
bug-stack.handler.ts
bitbucket-pipelines.yml
Error Log
Environment
Other
This might be related to #8707, #8492
Here's what I get from ls -la in my pipeline:
In .cdk.staging.
If I change the pipeline user to 1000, by changing the yml image to
image: { name: node:12, run-as-user: 1000 }
, the synth still fails with the same error. The only difference I can see is that the .cdk.staging and cdk.out directories have a different owner. (1000, which is the 'node' user)This is 🐛 Bug Report
The text was updated successfully, but these errors were encountered: