search

18F / concourse-compliance-testing

Concourse CI assets for Compliance Toolkit
https://compliance-viewer.18f.gov/
Other
17 stars 7 forks source link

fix Docker permissions issues #134

Closed afeld closed 7 years ago

afeld commented 7 years ago

We were getting the following error in the scan-zap task:

+ mkdir -p tmp
mkdir: cannot create directory 'tmp': Permission denied

Working through subsequent issues.

afeld commented 7 years ago

Ok, got this working!

https://concourse-ci.fr.cloud.gov/teams/cloud-gov-compliance-toolkit/pipelines/zap/jobs/zap-ondemand-login-dot-gov/builds/10

The issue is that the ZAP Docker image changed to running via the zap user (https://github.com/zaproxy/zaproxy/commit/fdcd67ef91bda6f48e2be93e1942ae8dd6aec424), but the working directory and subdirectories (like the reports output) is owned by root. In other words, seems that Concourse doesn't respect the USER specified in the Dockerfile.

Also switched to using a custom Docker image, which will make the builds faster since it doesn't need to install the dependencies every time.

Follow-up task: