Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problems with images that assume a particular workingDir and/or HOME environment variable #1836

Closed
skaegi opened this issue Jan 9, 2020 · 26 comments · Fixed by #4587
Closed

Problems with images that assume a particular workingDir and/or HOME environment variable #1836

skaegi opened this issue Jan 9, 2020 · 26 comments · Fixed by #4587
Labels
area/api Indicates an issue or PR that deals with the API. kind/design Categorizes issue or PR as related to design. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness.
Projects
Tekton Pipelines
Milestone
Formerly Pipeline...

Comments

@skaegi
Copy link
Contributor

skaegi commented Jan 9, 2020

I've been integrating with a few pen testing tool images that are relying on a very specific workingDir being set. The problem I've been having is that Tekton overrides this setting and then I had to go back into the image to reverse engineer its original value.

Could we provide a way to not override this setting and do we even need to do this anymore?
@bobcatfish
Copy link
Collaborator

The problem I've been having is that Tekton overrides this setting and then I had to go back into the image to reverse engineer its original value.

I'm surprised that Tekton overrides the workingDir - can you provide an example of this happening?

If that's the case I agree that we shouldn't be arbitrarily setting it (what is it getting set to?)

@bobcatfish bobcatfish added kind/design Categorizes issue or PR as related to design. priority/awaiting-more-evidence Lowest priority. Possibly useful, but not yet enough support to actually get it done. area/api Indicates an issue or PR that deals with the API. labels Jan 9, 2020
@skaegi
Copy link
Contributor Author

skaegi commented Jan 10, 2020
edited
Loading

Sure, any task will do -- just echo $(pwd) and it is always /workspace

https://github.com/tektoncd/pipeline/blob/master/pkg/pod/pod.go#L159

@vdemeester
Copy link
Member

Indeed, we are setting it to /workspace if there isn't any. I wonder if we should do the same as the entrypoint magic where we read the image configuration before doing that to see if any is set.

Also, maybe it should be the other way around, by default we do not set it if empty, but we have an option somewhere that tells Tekton to override it (per task or pipeline, or globally ?)

@vdemeester vdemeester added kind/feature Categorizes issue or PR as related to a new feature. and removed priority/awaiting-more-evidence Lowest priority. Possibly useful, but not yet enough support to actually get it done. labels Jan 10, 2020
@skaegi skaegi changed the title Problems with images that assume a particular workingDir Problems with images that assume a particular workingDir and/or HOME environment variable Jan 10, 2020
@skaegi
Copy link
Contributor Author

skaegi commented Jan 10, 2020
edited
Loading

I want to expand this issue as the HOME env (which gets set to /tekton/home)variable is the other common problem we see e.g. where an image has explicitly set HOME. We're currently asking our users to explicitly set HOME and workingDir.

I <3 the way the entrypoint works as it is mostly transparent and wonder if other things could work the same way.

@ghost ghost mentioned this issue Jan 13, 2020
Merged
3 tasks
@bobcatfish
Copy link
Collaborator

Also, maybe it should be the other way around, by default we do not set it if empty

👍 for not setting it if it's empty. I propose we warn in 0.10 and change it in the following release, whaddaya think @vdemeester @skaegi ?

but we have an option somewhere that tells Tekton to override it (per task or pipeline, or globally ?)

At the moment i think you can do this with the stepTemplate, maybe that's good enough for now?

I want to expand this issue as the HOME env (which gets set to /tekton/home)variable is the other common problem we see e.g. where an image has explicitly set HOME. We're currently asking our users to explicitly set HOME and workingDir.

This is a bit tricker imo b/c we're trying to create a "home" that is shared across all containers - ( + @imjasonh ) - I'd be up for adding logic like we do with entrypoint, so that we have a hierarchy like:

  • If the Step specifies HOME, use that
  • If not but the stepTemplate does, use that
  • If not but the Image does, use that
  • If none of the above, use /tekton/home

?

@imjasonh
Copy link
Member

+1 to falling back in that way.

We should consider phasing out /tekton/home and setting env: HOME=/tekton/home entirely. We did it in Knative Build, and in Cloud Build before it, but I think it's largely more confusing than it's worth.

We could make it a platform provider ConfigMap option, opt-out first, then release and announce it'll become opt-in, then eventually remove the option. Don't mount /tekton/home, and don't set HOME=/tekton/home, ever.

If the step or step template sets env: HOME=..., that's fine, a user has set that. If the image has a default HOME, that's fine too. We should get out of the game of setting home, ever.

workingDir and /workspace are harder, because I think users do benefit from being placed by default in a directory that persists across steps and can be guaranteed to exist. We could fallback in the same way, and look into the image metadata to determine whether it sets a WORKDIR, but I'm not sure every user would want that either. Platform providers could opt out of providing /workspace if they know their users don't expect it.

@skaegi
Copy link
Contributor Author

skaegi commented Jan 20, 2020

Inside my company we're starting larger adoption of Tekton and this single issue is constantly getting a ton of attention. Basically, we have teams moving from Jenkins, Travis, and other image based pipelines and are getting hammered when teams do not understand why things that worked in their old pipelines are no longer working.
re: Jason's post above -- the HOME problem is an order of magnitude worse than the workingDir issue. If at all possible I would really like to consider phasing that out if we can still consider it.

@vdemeester
Copy link
Member

I am definitely +:100: on phasing out HOME and /tekton/home 👼

@vdemeester vdemeester added this to the Pipelines 0.11 🐱 milestone Jan 21, 2020
@vdemeester
Copy link
Member

/assign

@bitsofinfo bitsofinfo mentioned this issue Jan 31, 2020
Closed
@ghost ghost self-assigned this Feb 6, 2020
@bobcatfish bobcatfish added this to In Progress in Tekton Pipelines Feb 6, 2020
This was referenced Feb 6, 2020
Closed
Merged
@skaegi
Copy link
Contributor Author

skaegi commented Feb 26, 2020

Once @sbwsg commits #2044 I'm happy to do the same work for workingDir as I really want this for 0.11.

@othomann
Copy link
Contributor

I am preparing a PR for the workingDir change.

@othomann othomann mentioned this issue Feb 26, 2020
Merged
3 tasks
@othomann
Copy link
Contributor

@sbwsg @skaegi @bobcatfish I created #2115 to take care of the working directory pending change.

@tekton-robot tekton-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 14, 2020
@tekton-robot
Copy link
Collaborator

@tekton-robot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

/close

Send feedback to tektoncd/plumbing.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Tekton Pipelines automation moved this from Needs triage to Closed Aug 14, 2020
@ghost
Copy link

ghost commented Aug 14, 2020

Reopening this one as deprecating the workingDir default is yet to happen.

/reopen
/remove-lifecycle stale
/remove-lifecycle rotten

@tekton-robot tekton-robot reopened this Aug 14, 2020
@tekton-robot
Copy link
Collaborator

@sbwsg: Reopened this issue.

In response to this:

Reopening this one as deprecating the workingDir default is yet to happen.

/reopen
/remove-lifecycle stale
/remove-lifecycle rotten

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Tekton Pipelines automation moved this from Closed to Needs triage Aug 14, 2020
@tekton-robot tekton-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 14, 2020
@tekton-robot
Copy link
Collaborator

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.

/lifecycle stale

Send feedback to tektoncd/plumbing.

@tekton-robot tekton-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 12, 2020
@bitsofinfo
Copy link

/remove-lifecycle stale

@tekton-robot tekton-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 13, 2020
@tekton-robot
Copy link
Collaborator

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale with a justification.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle stale

Send feedback to tektoncd/plumbing.

@tekton-robot tekton-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 11, 2021
@ghost
Copy link

ghost commented Feb 11, 2021

/remove-lifecycle stale
/lifecycle frozen

@tekton-robot tekton-robot added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Feb 11, 2021
@ghost ghost mentioned this issue Mar 9, 2021
Closed
17 tasks
@ghost ghost mentioned this issue Apr 13, 2021
Merged
5 tasks
@ghost ghost mentioned this issue May 7, 2021
Closed
5 tasks
tekton-robot pushed a commit that referenced this issue May 10, 2021
@tekton-robot
Disable the default workingDir and HOME overrides
b86a9a2 
Prior to this commit Steps were given a default HOME
env var and a default workingDir. These defaults collide
with any value set by the Step's image Dockerfile.

This commit removes the default home and workingDir
overrides (except in those few cases where they're
still expected, like PipelineResources).

See https://groups.google.com/g/tekton-dev/c/C-PL8VYN51E/m/el5Fca_PDAAJ
for our tekton-dev announcement of this change.

See #1836 for the
original problem description and workingDir tracking issue.

See #2013 for the
HOME change tracking issue.

See https://github.com/tektoncd/pipeline/blob/main/docs/deprecations.md
for our documented dates for these deprecations.

See
https://github.com/tektoncd/pipeline/blob/main/api_compatibility_policy.md#alpha-beta-and-ga
for our beta deprecation policy.
,
@afrittoli
Copy link
Member

Now that've switched the default behaviour to not-override HOME, I think this could be closed?
@skaegi @sbwsg

@ghost
Copy link

ghost commented Jul 7, 2021

I'm using the comment here: #1836 (comment) to track progress for this issue. We still plan to completely remove the feature flag so i'd like to keep this tracking issue open if that's ok.

jerop added a commit to jerop/pipeline that referenced this issue Jan 10, 2022
@jerop
Fix links in when expressions migrations announcements
64e2bda 
Today, those announcements link to tektoncd#1836 which is an unrelated issue. 

In this change, we add a link to the issue tracking that work - tektoncd#4461
@jerop jerop mentioned this issue Jan 10, 2022
Merged
4 tasks
tekton-robot pushed a commit that referenced this issue Jan 10, 2022
@jerop @tekton-robot
Fix links in when expressions migrations announcements
5d3a251 
Today, those announcements link to #1836 which is an unrelated issue. 

In this change, we add a link to the issue tracking that work - #4461
@afrittoli afrittoli mentioned this issue Feb 16, 2022
Merged
5 tasks
@vdemeester vdemeester mentioned this issue Oct 19, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/api Indicates an issue or PR that deals with the API. kind/design Categorizes issue or PR as related to design. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness.
Projects
Pipelines V1
Status: Done
Tekton Pipelines
  
Needs triage
Milestone
Formerly Pipelines 1.0/beta 🐱
Development

Successfully merging a pull request may close this issue.

Remove deprecated flags home-env and working-dir 🧹 afrittoli/pipeline
8 participants
@vdemeester @imjasonh @bobcatfish @skaegi @bitsofinfo @afrittoli @othomann @tekton-robot