stackoom
  简体   繁体   中英

(GitHub Actions, Upload artifact) Access denied trying to upload a file despite giving it full permissions

 原文  2021-11-15 16:19:06       docker/ github/ docker-compose/ permissions/ github-actions

Question

Describe the problem

I am making an action that runs API tests from a docker container, which generates a report.html. This report is saved into a docker volume. Within the action, after the report is created, I attempt to use actions/upload-artifact on report.html, using the path to its place in the volume on the host machine.

The problem is I get Error: EACCES: permission denied, lstat /path/to/report.html when the action attempts to do this.

I've tried to solve this by doing sudo chmod ugo+rwx /path/to/report.html before using the action but it changed nothing. I think running the action with sudo would work but that doesn't seem to be supported.

How to reproduce

Reproducing an analogous example where I just create a test.txt file in the volume. github action looks like this: 

name: Action
on:
  push:
    
jobs:
  example:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Compose Containers and Run 
        run: |
          docker-compose up --abort-on-container-exit
      
      - name: Fix permissions 
        run: |
          sudo chmod ugo+rwx /var/lib/docker/volumes/example_reports/_data/test.txt
        
      - name: Upload report.html
        uses: actions/upload-artifact@v2
        with:
          name: test.txt
          path: /var/lib/docker/volumes/example_reports/_data/test.txt

Dockerfile is simply: 

FROM ubuntu

ENTRYPOINT [ "/bin/bash", "-c" ]

And doker compose:

version: "3.7"

services:
  example:
    build:
      context: .
    volumes:
      - reports:/home/reports
    command: ["touch /home/reports/test.txt"]

volumes:
  reports:

2 answers

solution1
 0  2021-11-15 16:32:22

Your docker container is running as root and therefore creating the file as root.

You can change that by specifying

    user: '1000:1000'

for your service in your docker-compose file.

solution2
 0  2021-11-16 16:07:55

Turns out I was thinking about this too hard. All I needed to do to get upload-artifact to work was copy the file out of the volume directory first.

In the action file, instead of trying to fix permissions, simply do this after composing up the containers:

 - name: Copy out file from volume
   run: |
     sudo cp /var/lib/docker/volumes/example_reports/_data/test.txt /home/
  
  - name: Upload report.html
    uses: actions/upload-artifact@v2
    with:
      name: test.txt
      path: /home/test.txt

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Docker daemon access denied while running from github actions Why are Docker filesystem permissions behaving differently on GitHub Actions (Permission denied on server) GitHub Actions workflow error: Permission denied Curl error while trying to automate file upload - http no such file docker volume after upload to github? In Docker with root, error `EACCES: permission denied, open '/root/.config/configstore/bower-github.json'` despite that file being accessible Permission denied: Shared volume write and Read failing on Github Actions How selenium access capybara server on Github Actions? How to upload a file to kubernetes cluster for my Apps to access it? Docker push giving “blob upload unknown”
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM