diff --git a/.circleci/config.yml b/.circleci/config.yml index c6ff0986de2b45..3f18591ddb1a24 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -219,7 +219,9 @@ jobs: # has its own remote docker VM. make prep - mkdir -p test-results/go-test + + # Permissions have changed inside docker containers; see hack note below. + mkdir --mode=777 -p test-results/go-test # We don't want VAULT_LICENSE set when running Go tests, because that's # not what developers have in their environments and it could break some @@ -240,6 +242,19 @@ jobs: # reasons unclear. export DOCKER_API_VERSION=1.39 + # Hack: Docker permissions appear to have changed; let's explicitly + # chmod the docker certificate path to give other grouped users + # access. + # + # Notably, in this shell pipeline we see: + # uid=1001(circleci) gid=1002(circleci) groups=1002(circleci) + # + # but inside the docker image below, we see: + # uid=3434(circleci) gid=3434(circleci) groups=3434(circleci) + # + # See also: https://github.com/CircleCI-Public/cimg-base/issues/122 + chmod o+r -R $DOCKER_CERT_PATH + TEST_DOCKER_NETWORK_NAME="${CIRCLE_WORKFLOW_JOB_ID}-${CIRCLE_NODE_INDEX}" export TEST_DOCKER_NETWORK_ID=$(docker network list --quiet --no-trunc --filter="name=${TEST_DOCKER_NETWORK_NAME}") if [ -z $TEST_DOCKER_NETWORK_ID ]; then @@ -459,7 +474,9 @@ jobs: # has its own remote docker VM. make prep - mkdir -p test-results/go-test + + # Permissions have changed inside docker containers; see hack note below. + mkdir --mode=777 -p test-results/go-test # We don't want VAULT_LICENSE set when running Go tests, because that's # not what developers have in their environments and it could break some @@ -480,6 +497,19 @@ jobs: # reasons unclear. export DOCKER_API_VERSION=1.39 + # Hack: Docker permissions appear to have changed; let's explicitly + # chmod the docker certificate path to give other grouped users + # access. + # + # Notably, in this shell pipeline we see: + # uid=1001(circleci) gid=1002(circleci) groups=1002(circleci) + # + # but inside the docker image below, we see: + # uid=3434(circleci) gid=3434(circleci) groups=3434(circleci) + # + # See also: https://github.com/CircleCI-Public/cimg-base/issues/122 + chmod o+r -R $DOCKER_CERT_PATH + TEST_DOCKER_NETWORK_NAME="${CIRCLE_WORKFLOW_JOB_ID}-${CIRCLE_NODE_INDEX}" export TEST_DOCKER_NETWORK_ID=$(docker network list --quiet --no-trunc --filter="name=${TEST_DOCKER_NETWORK_NAME}") if [ -z $TEST_DOCKER_NETWORK_ID ]; then @@ -650,7 +680,9 @@ jobs: # has its own remote docker VM. make prep - mkdir -p test-results/go-test + + # Permissions have changed inside docker containers; see hack note below. + mkdir --mode=777 -p test-results/go-test # We don't want VAULT_LICENSE set when running Go tests, because that's # not what developers have in their environments and it could break some @@ -671,6 +703,19 @@ jobs: # reasons unclear. export DOCKER_API_VERSION=1.39 + # Hack: Docker permissions appear to have changed; let's explicitly + # chmod the docker certificate path to give other grouped users + # access. + # + # Notably, in this shell pipeline we see: + # uid=1001(circleci) gid=1002(circleci) groups=1002(circleci) + # + # but inside the docker image below, we see: + # uid=3434(circleci) gid=3434(circleci) groups=3434(circleci) + # + # See also: https://github.com/CircleCI-Public/cimg-base/issues/122 + chmod o+r -R $DOCKER_CERT_PATH + TEST_DOCKER_NETWORK_NAME="${CIRCLE_WORKFLOW_JOB_ID}-${CIRCLE_NODE_INDEX}" export TEST_DOCKER_NETWORK_ID=$(docker network list --quiet --no-trunc --filter="name=${TEST_DOCKER_NETWORK_NAME}") if [ -z $TEST_DOCKER_NETWORK_ID ]; then @@ -951,7 +996,9 @@ jobs: # has its own remote docker VM. make prep - mkdir -p test-results/go-test + + # Permissions have changed inside docker containers; see hack note below. + mkdir --mode=777 -p test-results/go-test # We don't want VAULT_LICENSE set when running Go tests, because that's # not what developers have in their environments and it could break some @@ -972,6 +1019,19 @@ jobs: # reasons unclear. export DOCKER_API_VERSION=1.39 + # Hack: Docker permissions appear to have changed; let's explicitly + # chmod the docker certificate path to give other grouped users + # access. + # + # Notably, in this shell pipeline we see: + # uid=1001(circleci) gid=1002(circleci) groups=1002(circleci) + # + # but inside the docker image below, we see: + # uid=3434(circleci) gid=3434(circleci) groups=3434(circleci) + # + # See also: https://github.com/CircleCI-Public/cimg-base/issues/122 + chmod o+r -R $DOCKER_CERT_PATH + TEST_DOCKER_NETWORK_NAME="${CIRCLE_WORKFLOW_JOB_ID}-${CIRCLE_NODE_INDEX}" export TEST_DOCKER_NETWORK_ID=$(docker network list --quiet --no-trunc --filter="name=${TEST_DOCKER_NETWORK_NAME}") if [ -z $TEST_DOCKER_NETWORK_ID ]; then diff --git a/.circleci/config/commands/go_test.yml b/.circleci/config/commands/go_test.yml index 87855794f0a995..40d32e09169be2 100644 --- a/.circleci/config/commands/go_test.yml +++ b/.circleci/config/commands/go_test.yml @@ -95,7 +95,9 @@ steps: # has its own remote docker VM. make prep - mkdir -p test-results/go-test + + # Permissions have changed inside docker containers; see hack note below. + mkdir --mode=777 -p test-results/go-test # We don't want VAULT_LICENSE set when running Go tests, because that's # not what developers have in their environments and it could break some @@ -116,6 +118,19 @@ steps: # reasons unclear. export DOCKER_API_VERSION=1.39 + # Hack: Docker permissions appear to have changed; let's explicitly + # chmod the docker certificate path to give other grouped users + # access. + # + # Notably, in this shell pipeline we see: + # uid=1001(circleci) gid=1002(circleci) groups=1002(circleci) + # + # but inside the docker image below, we see: + # uid=3434(circleci) gid=3434(circleci) groups=3434(circleci) + # + # See also: https://github.com/CircleCI-Public/cimg-base/issues/122 + chmod o+r -R $DOCKER_CERT_PATH + TEST_DOCKER_NETWORK_NAME="${CIRCLE_WORKFLOW_JOB_ID}-${CIRCLE_NODE_INDEX}" export TEST_DOCKER_NETWORK_ID=$(docker network list --quiet --no-trunc --filter="name=${TEST_DOCKER_NETWORK_NAME}") if [ -z $TEST_DOCKER_NETWORK_ID ]; then