-
-
Notifications
You must be signed in to change notification settings - Fork 7.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docker image permission issue when run in GitHub Action #12991
Comments
cc: @dvdksn |
You can probably just add the lock file to dockerignore and it'll work. Can you share your workflow and Dockerfile please. |
Here's my workflow, and here is the project Dockerfile. |
Possible workaround:
|
@bep how do you feel about letting this image run as root? There have already been quite a few issues related to permissions. Users wouldn't typically run this image in production, but as a build step, so I don't really think running as root would be a security concern. |
Why not? It seems like we began this effort (many hours now) without a clear definition of intended use:
I created an image several months ago as a learning/testing exercise, and use it with both GitHub Pages and GitLab Pages as demonstrated with this test site:
It can also be used for local builds. I'm not advocating that we use this test image, but its composition intentionally targeted the use cases above. Other than documentation and support I don't have a stake in this. But it would be good if the target stopped moving. |
I don't see any
|
Using
From the Dockerfile, it looks like you never set the user, so it will run as root, which is what GitHub actions, at least, require. |
If you mean it builds the static files and they get deployed somewhere, but the image itself isn't spun up to serve the site or do anything else for a production server, then it seems as though it doesn't matter whether it runs as |
This is what I meant. We only care about static output generated from the container. So the user privileges in the container are only relevant at build-time (and/or during development), which is why I think running as root is probably fine for this image. |
I think so, too. |
OK, I have spent some time on this today, and my conclusions are:
And when I say I above, I'm also assuming a lot of other Hugo users' having the same view on things. I don't have a practical solution for this, I'm afraid; I suspect the solution might be to set up a separate "Hugo GitHub Action". |
Well, GitHub actions don't run the |
Hi, I also encountered it using Woodpecker CI because in that case the git repository pull step is done with root user and therefore the Hugo image is not able to write inside the directory tree. On my pipeline I solved it by adding between the workspace download and the hugo execution a step that changes the owner of the file inside the workspace to hugo (uid 1000). |
Until there is a solution for gohugoio/hugo#12991
I'd like to share an idea to create another tag for the root user image with GitHub Actions The keys are as follows:
|
What version of Hugo are you using (
hugo version
)?Does this issue reproduce with the latest release?
Yes.
It looks like b5852d0 fixed #12946, but now, using v0.136.5, I get a new error:
I suspect this is because the Docker image runs as
hugo:hugo
by default, but GitHub, for better or worse, requires that processes in Docker run asroot
in order to have permission to write files and whatnot.The text was updated successfully, but these errors were encountered: