Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: adjust file permissions in case the symfony dev server is starte… #14

Closed
wants to merge 1 commit into from
Closed

fix: adjust file permissions in case the symfony dev server is starte… #14

wants to merge 1 commit into from

Conversation

philipreinken
Copy link
Contributor

…d as root

We've got failing builds due to permission errros like this one:

"errors": [
    {
      "status": "400",
      "code": "THEME__COMPILING_ERROR",
      "title": "Bad Request",
      "meta": {
        "parameters": {
          "themeName": "Storefront",
          "message": "Unable to set visibility for file theme-variables.scss. chmod(): Operation not permitted"
        }
      },
      "trace": [
...

I think this is due to the symfony dev server dropping privileges automatically when being run as root: https://github.com/symfony-cli/symfony-cli/blob/main/local/php/fpm.go#L41-L51

This PR adds similar logic to our workflow to set the file permissions accordingly.

@philipreinken philipreinken self-assigned this Nov 6, 2024
@shyim
Copy link
Member

shyim commented Nov 6, 2024

why is the image running as root?

@philipreinken
Copy link
Contributor Author

philipreinken commented Nov 6, 2024
edited
Loading

why is the image running as root?

We've just been using the defaults of the catthehacker/ubuntu image. Thanks for the hint, I think we could circumvent it as well by providing the corresponding options to the container config. I'll try that out.

@philipreinken
Copy link
Contributor Author

The shivammathur/setup-php action requires root privileges to interact with apt and install various packages. So I don't see an easy way around it at the moment 🤔

@philipreinken philipreinken marked this pull request as ready for review November 6, 2024 18:28
@shyim
Copy link
Member

shyim commented Nov 6, 2024

isn't it just calling sudo?

@philipreinken
Copy link
Contributor Author

philipreinken commented Nov 7, 2024
edited
Loading

isn't it just calling sudo?

Yes, it can do that - but the image needs to support that. The base image (catthehacker/ubuntu) we use on our self-hosted runners doesn't as far as I can tell:

sudo /bin/true 
:~$ docker run --rm -it -u www-data:www-data ghcr.io/catthehacker/ubuntu:act-latest sudo true
[sudo] password for www-data: 
sudo: a password is required

@philipreinken
Copy link
Contributor Author

philipreinken commented Nov 7, 2024
edited
Loading

As it turns out, the base image we're using is in fact not the one closest to the default GHA runner config. Instead this one is, since it's using a non-root user already, like the default runners are.

I'll try swapping out the base image and check how it affects test pipelines. Locally it seems to work out nicely.

If that works, we don't need to change anything else, the specific problem I tried to solve here should be gone then.

@philipreinken
Copy link
Contributor Author

It seems fine, so let's update the base image instead. I'll close this PR.

@shyim shyim deleted the 20241106-1825-symfony-permissions branch November 7, 2024 17:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shyim shyim Awaiting requested review from shyim

@mkraeml mkraeml Awaiting requested review from mkraeml

Assignees

@philipreinken philipreinken

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@philipreinken @shyim