Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: could not open '.git/COMMIT_EDITMSG': Permission denied #484

Closed
1 task done
kdeldycke opened this issue Mar 3, 2024 · 4 comments · Fixed by #498
Closed
1 task done

[Bug]: could not open '.git/COMMIT_EDITMSG': Permission denied #484

kdeldycke opened this issue Mar 3, 2024 · 4 comments · Fixed by #498
Labels
bug Something isn't working

Comments

@kdeldycke
Copy link
Contributor

Is there an existing issue for this?

  • I have searched the existing issues

Describe the bug

Re-checking out the PR created by actions-template-sync works but doesn't allow for pushing back to the PR because of permission issues.

Expected Behavior

I'm surprised there is an issue with file permissions as I am not messing anytime with users on the file system. Is this an edge-case that's introduced by actions-template-sync?

Current Behavior

The following workflow:

  awesome-template-sync:
    name: Sync awesome template
    if: >
      startsWith(github.event.repository.name, 'awesome-')
      && github.event.repository.name != 'awesome-template'
    runs-on: ubuntu-22.04
    # We need custom PAT through the whole job so we get workflow permissions to update all the boilerplate .github
    # files from awesome-template.
    steps:

      - uses: actions/checkout@v4.1.1
        with:
          token: ${{ secrets.WORKFLOW_UPDATE_GITHUB_PAT || secrets.GITHUB_TOKEN }}

      - name: Sync from template repo
        id: template_sync
        uses: AndreasAugustin/actions-template-sync@v1.8.1
        with:
          github_token: ${{ secrets.WORKFLOW_UPDATE_GITHUB_PAT || secrets.GITHUB_TOKEN }}
          source_repo_path: kdeldycke/awesome-template
          pr_title: "[sync] Updates from `awesome-template` repository"
          pr_commit_msg: "[sync] Updates from `awesome-template` repository"
          pr_branch_name_prefix: "sync-awesome-template"
          pr_labels: "📚 documentation"

      - name: Checkout template sync PR
        uses: actions/checkout@v4.1.1
        with:
          ref: ${{ steps.template_sync.outputs.pr_branch }}
          token: ${{ secrets.WORKFLOW_UPDATE_GITHUB_PAT || secrets.GITHUB_TOKEN }}


      - name: Update repo URLs
        # Replace "/kdeldycke/awesome-template/" in URLs by "/kdeldycke/awesome-<repo_id>/".
        run: >
          find ./.github/ -type f -iregex '.*\.\(md\|yaml\)$' -print -exec sed -i
          "s/\/kdeldycke\/awesome-template\//\/kdeldycke\/${{ github.event.repository.name }}\//g" "{}" \;

      - uses: peter-evans/create-pull-request@v6.0.1
        with:
          token: ${{ secrets.WORKFLOW_UPDATE_GITHUB_PAT || secrets.GITHUB_TOKEN }}
          assignees: ${{ github.actor }}
          commit-message: "[sync] Updates from `awesome-template`"
          title: "[sync] Updates from `awesome-template`"
          body: >
            <details><summary><code>Workflow metadata</code></summary>
            > [Auto-generated on run `#${{ github.run_id }}`](${{ github.event.repository.html_url }}/actions/runs/${{
            github.run_id }}) by `${{ github.job }}` job from [`docs.yaml`](${{ github.event.repository.html_url
            }}/blob/${{ github.sha }}/.github/workflows/docs.yaml) workflow.
            </details>
          branch: ${{ needs.awesome-template-sync.outputs.pr_branch }}

Ends up with this error at the create-pull-request step:

Screenshot 2024-03-03 at 17 05 07

See the source of the workflow run at: https://github.com/kdeldycke/awesome-billing/actions/runs/8130308519/job/22218375401#step:10:71

Steps To Reproduce

No response

Possible Solution

No response

Additional Information/Context

No response

Template sync version Version

1.8.1
@kdeldycke kdeldycke added the bug Something isn't working label Mar 3, 2024
kdeldycke added a commit to kdeldycke/awesome-billing that referenced this issue Mar 3, 2024
@kdeldycke
Reverts to bare git calls
c757be8 
This work around AndreasAugustin/actions-template-sync#484
@kdeldycke kdeldycke mentioned this issue Mar 4, 2024
Closed
1 task
@AndreasAugustin
Copy link
Owner

AndreasAugustin commented Mar 5, 2024
edited
Loading

Hi @kdeldycke and thanks for the bug. Will have a look into it. A first guess: owner of the file is the user within the docker container (root) different to the user running on the host (most likely ubuntu).

I made a simple test ls -la .git/ outside the docker action and the output is

Run ls -la .git/
  ls -la .git/
  shell: /usr/bin/bash -e {0}
total 68
drwxr-xr-x  9 runner docker 4096 Mar  5 [2](https://github.com/AndreasAugustin/gpg-test/actions/runs/8163057306/job/22315422609#step:7:2)1:11 .
drwxr-xr-x  5 runner docker 4096 Mar  5 21:11 ..
-rw-r--r--  1 root   root    105 Mar  5 21:11 COMMIT_EDITMSG
-rw-r--r--  1 runner docker   86 Mar  5 21:11 FETCH_HEAD
-rw-r--r--  1 root   root     44 Mar  5 21:11 HEAD
-rw-r--r--  1 root   root     41 Mar  5 21:11 ORIG_HEAD
drwxr-xr-x  2 runner docker 4096 Mar  5 21:11 branches
-rw-r--r--  1 root   root    560 Mar  5 21:11 config
-rwxr-xr-x  1 runner docker   7[3](https://github.com/AndreasAugustin/gpg-test/actions/runs/8163057306/job/22315422609#step:7:3) Mar  5 21:11 description
drwxr-xr-x  2 runner docker [4](https://github.com/AndreasAugustin/gpg-test/actions/runs/8163057306/job/22315422609#step:7:5)096 Mar  [5](https://github.com/AndreasAugustin/gpg-test/actions/runs/8163057306/job/22315422609#step:7:6) 21:11 hooks
-rw-r--r--  1 root   root   2901 Mar  5 21:11 index
drwxr-xr-x  2 runner docker 409[6](https://github.com/AndreasAugustin/gpg-test/actions/runs/8163057306/job/22315422609#step:7:7) Mar  5 21:11 info
drwxr-xr-x  4 root   root   40[9](https://github.com/AndreasAugustin/gpg-test/actions/runs/8163057306/job/22315422609#step:7:10)6 Mar  5 21:[11](https://github.com/AndreasAugustin/gpg-test/actions/runs/8163057306/job/22315422609#step:7:12) lfs
drwxr-xr-x  3 runner docker 4096 Mar  5 21:11 logs
drwxr-xr-x 40 runner docker 4096 Mar  5 21:11 objects
drwxr-xr-x  5 runner docker 4096 Mar  5 21:11 refs
-rw-r--r--  1 runner docker   41 Mar  5 [21](https://github.com/AndreasAugustin/gpg-test/actions/runs/8163057306/job/22315422609#step:7:22):11 shallow

We see that the others only have read permissions on .git/COMMIT_EDITMSG (and other files).

Need to think about a solution.
Possible:

@AndreasAugustin AndreasAugustin mentioned this issue Mar 11, 2024
Merged
4 tasks
@AndreasAugustin
Copy link
Owner

Remark:
#498 will solve this issue. The PR need some more testing and some small adjustments and checks.

@AndreasAugustin AndreasAugustin mentioned this issue Mar 11, 2024
Closed
1 task
@AndreasAugustin
Copy link
Owner

@kdeldycke with v2 (#498) the action is migrated from docker to composite action.
Therefore the underlying user is not root anymore and the bug is gone.
For any reasons github recommends to use root as the default user within docker related actions https://docs.github.com/en/actions/creating-actions/dockerfile-support-for-github-actions#user

@kdeldycke
Copy link
Contributor Author

Again, I can confirm I am not encountering this issue. Thanks @AndreasAugustin !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat!: ✨ migrate from docker action to composite action AndreasAugustin/actions-template-sync
2 participants
@kdeldycke @AndreasAugustin