From afc47919e0772ca643b4f555102503bcd58fc9e3 Mon Sep 17 00:00:00 2001 From: "Dr. Jan-Philip Gehrcke" Date: Wed, 11 Aug 2021 16:08:31 +0200 Subject: [PATCH] ci: container: non-root write access to /node_modules during preamble: error An unexpected error occurred: "EACCES: permission denied, unlink \ '/build/node_modules/.yarn-integrity'". Signed-off-by: Dr. Jan-Philip Gehrcke ci: container: non-root /node_modules Got this with the chmod -R technique: [2021-08-11T14:10:14Z] error An unexpected error occurred: "EPERM: operation not permitted, chmod '/node_modules/@babel /core/node_modules/ @babel/generator/node_modules/.bin/jsesc'". Signed-off-by: Dr. Jan-Philip Gehrcke ci: preamble: copy /node_modules Got this during yarn An unexpected error occurred: "EEXIST: file already exists, found https://github.com/yarnpkg/yarn/issues/8079#issuecomment-622817604 Signed-off-by: Dr. Jan-Philip Gehrcke --- Makefile | 5 ++++- ci/preamble.sh | 4 +++- containers/ci/opstrace-ci.Dockerfile | 23 ++++++++++++++++++++--- 3 files changed, 27 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index bcfa754c4..efd327510 100644 --- a/Makefile +++ b/Makefile @@ -405,7 +405,10 @@ rebuild-ci-container-image: #Note(JP): update: experiment with sending a small build context including # yarn.lock and package.json and run a yarn install in the image build #to populate the yarn cache in /usr in the image - docker build -t opstrace/opstrace-ci:$(CHECKOUT_VERSION_STRING) . -f containers/ci/opstrace-ci.Dockerfile + # inject current user uid/gid to write some directories as this + # identity, also see https://stackoverflow.com/a/44683248/145400 + docker build --build-arg CIUID=$(shell id -u) --build-arg CIGID=$(shell id -g) \ + -t opstrace/opstrace-ci:$(CHECKOUT_VERSION_STRING) . -f containers/ci/opstrace-ci.Dockerfile diff --git a/ci/preamble.sh b/ci/preamble.sh index 9b19dcb78..54e9e11d1 100644 --- a/ci/preamble.sh +++ b/ci/preamble.sh @@ -47,7 +47,9 @@ make set-build-info-constants # `package.json` is. Alternative is maybe to create a .yarnrc containing # --modules-folder /node_modules. The challenge is that /build is _mounted_ # into the container, while /node_modules is already there. -ln -s /node_modules ./node_modules +#ln -s /node_modules ./node_modules +# update: https://github.com/yarnpkg/yarn/issues/8079#issuecomment-622817604 -- huh +cp -a /node_modules ./node_modules # The depenencies for this linting effort should all be in the CI # container image, i.e. this should not rely on `yarn --frozen-lockfile` diff --git a/containers/ci/opstrace-ci.Dockerfile b/containers/ci/opstrace-ci.Dockerfile index 8f7fe07d5..6c9a9f380 100644 --- a/containers/ci/opstrace-ci.Dockerfile +++ b/containers/ci/opstrace-ci.Dockerfile @@ -105,17 +105,34 @@ RUN (cd /tmp && GOPATH=/usr/local/ go get github.com/google/addlicense) #RUN mkdir /tmp/yarninstall COPY package.json yarn.lock / +# Register build args, set defaults. GID and UID are expected to be overridden +# in CI. +ARG CIUNAME=ciuser +ARG CIUID=1000 +ARG CIGID=1000 + +# Switch user to the same user that is used when running the image. +# This is so that /yarncache and /node_modules contents are writable. +RUN mkdir /yarncache && chmod 777 /yarncache +RUN mkdir /node_modules && chmod 777 /node_modules +RUN echo "set up user $CIUNAME / $CIUID in group $CIGID" +RUN groupadd -g $CIGID -o $CIUNAME +RUN useradd -m -u $CIUID -g $CIGID -o -s /bin/bash $CIUNAME +USER $CIUNAME + # This is to populate the yarn cache at /yarncache in the container image and # to create a /node_modules dir -- let's see if that brings a speedup # downstream. -RUN mkdir /yarncache && yarn config set cache-folder /yarncache +RUN yarn config set cache-folder /yarncache RUN cd / && yarn --frozen-lockfile +# check if this command works RUN yarn wsrun -c lint RUN echo "biggest dirs" RUN cd / && du -ha . | sort -r -h | head -n 50 || true # show which cache dir is really configured RUN yarn cache dir -# make it so that a non-root user can write to this cache dir. -RUN chmod -R g+rwx,o+rwx /yarncache +# Allow for a non-root user to write to cache dir as well as to node_modules +#RUN chmod -R g+rwx,o+rwx /yarncache +#RUN chmod -R g+rwx,o+rwx /node_modules