search

actions / runner-images

GitHub Actions runner images
MIT License
9.74k stars 2.99k forks source link

`bundle install` with cached Ruby version fails #10215

Open rafalhejna opened 1 month ago

rafalhejna commented 1 month ago

Description

Running bundle install is fine when we're using the non-cached version of Ruby on the previous Ubuntu runner image version

2024-07-10T14:37:33.9769136Z Current runner version: '2.317.0' 2024-07-10T14:37:33.9790402Z ##[group]Operating System 2024-07-10T14:37:33.9790998Z Ubuntu 2024-07-10T14:37:33.9791488Z 22.04.4 2024-07-10T14:37:33.9791825Z LTS 2024-07-10T14:37:33.9792186Z ##[endgroup] 2024-07-10T14:37:33.9792700Z ##[group]Runner Image 2024-07-10T14:37:33.9793146Z Image: ubuntu-22.04 2024-07-10T14:37:33.9793536Z Version: 20240630.1.0 2024-07-10T14:37:33.9794589Z Included Software: https://github.com/actions/runner-images/blob/ubuntu22/20240630.1/images/ubuntu/Ubuntu2204-Readme.md 2024-07-10T14:37:33.9796238Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240630.1 (...) 2024-07-10T14:37:38.9526000Z ##[group]Run ruby/setup-ruby@v1 2024-07-10T14:37:38.9526424Z with: 2024-07-10T14:37:38.9526819Z ruby-version: 3.2 2024-07-10T14:37:38.9527225Z working-directory: mfe-deployer-cli 2024-07-10T14:37:38.9527681Z bundler-cache: false 2024-07-10T14:37:38.9528118Z env: 2024-07-10T14:37:38.9528509Z ARTIFACTORY_USER: 2024-07-10T14:37:38.9529075Z ARTIFACTORY_SECRET: 2024-07-10T14:37:38.9529488Z BUNDLE_GEMFILE: Gemfile 2024-07-10T14:37:38.9529893Z ##[endgroup] 2024-07-10T14:37:39.0813459Z ##[group]Modifying PATH 2024-07-10T14:37:39.0816638Z Entries added to PATH to use selected Ruby: 2024-07-10T14:37:39.0824323Z /opt/hostedtoolcache/Ruby/3.2.4/x64/bin 2024-07-10T14:37:39.0825311Z ##[endgroup] 2024-07-10T14:37:39.0853873Z ##[group]Downloading Ruby 2024-07-10T14:37:39.0856708Z https://github.com/ruby/ruby-builder/releases/download/toolcache/ruby-3.2.4-ubuntu-22.04.tar.gz 2024-07-10T14:37:40.0313603Z Took 0.95 seconds 2024-07-10T14:37:40.0315668Z ##[endgroup] 2024-07-10T14:37:40.0316771Z ##[group]Extracting Ruby 2024-07-10T14:37:40.0351346Z [command]/usr/bin/tar -xz -C /opt/hostedtoolcache/Ruby/3.2.4 -f /home/runner/work/_temp/b8ede50a-14c4-44f2-9367-4e8b6d82f189 2024-07-10T14:37:40.4519673Z Took 0.42 seconds 2024-07-10T14:37:40.4524272Z ##[endgroup] 2024-07-10T14:37:40.4525198Z ##[group]Print Ruby version 2024-07-10T14:37:40.4540984Z [command]/opt/hostedtoolcache/Ruby/3.2.4/x64/bin/ruby --version 2024-07-10T14:37:40.4752622Z ruby 3.2.4 (2024-04-23 revision af471c0e01) [x86_64-linux] 2024-07-10T14:37:40.4776078Z Took 0.03 seconds 2024-07-10T14:37:40.4777092Z ##[endgroup] (...) 2024-07-10T14:37:56.5613666Z Resolving dependencies... 2024-07-10T14:37:56.6730433Z Installing rake 13.2.1 2024-07-10T14:37:56.6900067Z Installing public_suffix 6.0.0 2024-07-10T14:37:56.6986005Z Installing addressable 2.8.7 2024-07-10T14:37:56.7098775Z Installing ast 2.4.2 2024-07-10T14:37:56.7154023Z Installing aws-eventstream 1.3.0 2024-07-10T14:37:56.7199656Z Installing aws-partitions 1.949.0 (...) 2024-07-10T14:38:12.3313472Z Updating files in vendor/cache 2024-07-10T14:38:12.6282042Z Bundle complete! 12 Gemfile dependencies, 87 gems now installed.

But, when using the same Ruby version on the latest ubuntu-22.04 image (which is cached now), the same process fails:

2024-07-11T08:17:45.8734859Z Current runner version: '2.317.0' 2024-07-11T08:17:45.8759431Z ##[group]Operating System 2024-07-11T08:17:45.8760172Z Ubuntu 2024-07-11T08:17:45.8760546Z 22.04.4 2024-07-11T08:17:45.8760878Z LTS 2024-07-11T08:17:45.8761308Z ##[endgroup] 2024-07-11T08:17:45.8761694Z ##[group]Runner Image 2024-07-11T08:17:45.8762218Z Image: ubuntu-22.04 2024-07-11T08:17:45.8762639Z Version: 20240708.1.0 2024-07-11T08:17:45.8763594Z Included Software: https://github.com/actions/runner-images/blob/ubuntu22/20240708.1/images/ubuntu/Ubuntu2204-Readme.md 2024-07-11T08:17:45.8765108Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240708.1 (...) 2024-07-11T08:17:49.2356296Z ##[group]Run ruby/setup-ruby@v1 2024-07-11T08:17:49.2356834Z with: 2024-07-11T08:17:49.2357162Z ruby-version: 3.2 2024-07-11T08:17:49.2357748Z working-directory: mfe-deployer-cli 2024-07-11T08:17:49.2358224Z bundler-cache: false 2024-07-11T08:17:49.2358605Z env: 2024-07-11T08:17:49.2359196Z ARTIFACTORY_USER: 2024-07-11T08:17:49.2359775Z ARTIFACTORY_SECRET: 2024-07-11T08:17:49.2360286Z BUNDLE_GEMFILE: Gemfile 2024-07-11T08:17:49.2360664Z ##[endgroup] 2024-07-11T08:17:49.3649305Z ##[group]Modifying PATH 2024-07-11T08:17:49.3656182Z Entries added to PATH to use selected Ruby: 2024-07-11T08:17:49.3661447Z /opt/hostedtoolcache/Ruby/3.2.4/x64/bin 2024-07-11T08:17:49.3663008Z ##[endgroup] 2024-07-11T08:17:49.3672701Z ##[group]Print Ruby version 2024-07-11T08:17:49.3752651Z [command]/opt/hostedtoolcache/Ruby/3.2.4/x64/bin/ruby --version 2024-07-11T08:17:49.6350374Z ruby 3.2.4 (2024-04-23 revision af471c0e01) [x86_64-linux] 2024-07-11T08:17:49.6384838Z Took 0.27 seconds 2024-07-11T08:17:49.6386482Z ##[endgroup] (...) 2024-07-11T08:18:06.7804824Z Resolving dependencies... 2024-07-11T08:18:06.8980268Z Installing rake 13.2.1 2024-07-11T08:18:06.9163191Z Installing public_suffix 6.0.0 2024-07-11T08:18:06.9254810Z Installing addressable 2.8.7 2024-07-11T08:18:06.9376314Z Installing ast 2.4.2 2024-07-11T08:18:06.9440183Z Installing aws-eventstream 1.3.0 2024-07-11T08:18:06.9521833Z Installing aws-partitions 1.949.0 2024-07-11T08:18:06.9611562Z Installing aws-sigv4 1.8.0 2024-07-11T08:18:06.9662496Z Installing jmespath 1.6.2 2024-07-11T08:18:06.9769621Z Installing aws-sdk-core 3.200.0 2024-07-11T08:18:07.0387049Z Installing aws-sdk-cloudfront 1.95.0 2024-07-11T08:18:07.0584938Z Installing aws-sdk-dynamodb 1.115.0 2024-07-11T08:18:07.0774526Z Installing aws-sdk-kms 1.87.0 2024-07-11T08:18:07.0947666Z Installing aws-sdk-s3 1.155.0 2024-07-11T08:18:07.1433257Z Installing aws-sdk-sts 1.11.0 2024-07-11T08:18:07.1479781Z Installing thread_safe 0.3.6 2024-07-11T08:18:07.1645890Z Installing descendants_tracker 0.0.4 2024-07-11T08:18:07.1735172Z Installing ice_nine 0.11.2 2024-07-11T08:18:07.1908758Z Installing axiom-types 0.1.1 2024-07-11T08:18:07.2097510Z Installing base64 0.2.0 2024-07-11T08:18:07.2135264Z Installing bigdecimal 3.1.8 with native extensions (...) 2024-07-11T08:18:16.4172445Z The installation path is insecure. Bundler cannot continue. 2024-07-11T08:18:16.4174345Z /opt/hostedtoolcache/Ruby/3.2.4/x64/lib/ruby/gems/3.2.0/gems is world-writable 2024-07-11T08:18:16.4175595Z (without sticky bit). 2024-07-11T08:18:16.4176918Z Bundler cannot safely replace gems in world-writeable directories due to 2024-07-11T08:18:16.4222809Z potential vulnerabilities. 2024-07-11T08:18:16.4223945Z Please change the permissions of this directory or choose a different install 2024-07-11T08:18:16.4224961Z path.

Platforms affected

Runner images affected

Image version and build link

20240708.1.0

Is it regression?

Yes, it worked on 20240630.1.0

Expected behavior

bundle install is successful

Actual behavior

bundle install fails

Repro steps

  1. Create a workflow with ubuntu-latest as a runner image
  2. Prepare a sample Gemfile with couple of gems
  3. Add setup-ruby@v1 step with version 3.2 of Ruby
  4. Add bundle install step
  5. Run the workflow
vidyasagarnimmagaddi commented 1 month ago

Hi @rafalhejna , We will analyse the issue and provide the solution, thanks

vidyasagarnimmagaddi commented 1 month ago

Hi @rafalhejna , Could you please retry the same and share the snippet/workflow file is any errors. thanks

rafalhejna commented 1 month ago

@vidyasagarnimmagaddi The issue is still present. I haven't done enough research into it, so my recreation steps are not quite correct. Below please find sample workflow and Gemfile files, that will cause the same issue.

workflow.yml

name: 'Ruby test'

on:
  workflow_dispatch:

jobs:
  test:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Ruby
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: 3.2
          bundler: 2.5.13
        env:
          BUNDLE_GEMFILE: Gemfile

      - name: bundle install
        run: bundle install

Gemfile

source 'https://rubygems.org'

gem 'faraday'
vidyasagarnimmagaddi commented 1 month ago

Hi @rafalhejna , the above provided workflow , successful at our end,. Follow below steps

  1. Make sure your installing the bundler where Gemfile is located.

  2. If not move to the Gemfile location and try to run .

    
  run: |
    cd ${{ github.workspace }}
    bundle install
   shell: bash
rafalhejna commented 1 month ago

@vidyasagarnimmagaddi Still the same error. Here's my workflow file

name: 'Ruby test'

on:
  workflow_dispatch:

jobs:
  test:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Ruby
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: 3.2
          working-directory: ./ruby-test
        env:
          BUNDLE_GEMFILE: Gemfile

      - name: bundle install
        run: |
          cd ruby-test
          gem install bundler -v 2.5.13
          bundle install
        shell: bash

And here is the output log

2024-07-15T15:31:34.0859573Z Current runner version: '2.317.0' 2024-07-15T15:31:34.0885887Z ##[group]Operating System 2024-07-15T15:31:34.0886507Z Ubuntu 2024-07-15T15:31:34.0886969Z 22.04.4 2024-07-15T15:31:34.0887288Z LTS 2024-07-15T15:31:34.0887611Z ##[endgroup] 2024-07-15T15:31:34.0887946Z ##[group]Runner Image 2024-07-15T15:31:34.0888478Z Image: ubuntu-22.04 2024-07-15T15:31:34.0888872Z Version: 20240708.1.0 2024-07-15T15:31:34.0889929Z Included Software: https://github.com/actions/runner-images/blob/ubuntu22/20240708.1/images/ubuntu/Ubuntu2204-Readme.md 2024-07-15T15:31:34.0891336Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240708.1 2024-07-15T15:31:34.0892181Z ##[endgroup] (...) 2024-07-15T15:31:36.2826476Z ##[group]Run ruby/setup-ruby@v1 2024-07-15T15:31:36.2826925Z with: 2024-07-15T15:31:36.2827335Z ruby-version: 3.2 2024-07-15T15:31:36.2827665Z working-directory: ./ruby-test 2024-07-15T15:31:36.2828073Z bundler-cache: false 2024-07-15T15:31:36.2828485Z env: 2024-07-15T15:31:36.2828780Z BUNDLE_GEMFILE: Gemfile 2024-07-15T15:31:36.2829146Z ##[endgroup] 2024-07-15T15:31:36.5000307Z ##[group]Modifying PATH 2024-07-15T15:31:36.5051966Z Entries added to PATH to use selected Ruby: 2024-07-15T15:31:36.5052956Z /opt/hostedtoolcache/Ruby/3.2.4/x64/bin 2024-07-15T15:31:36.5054079Z ##[endgroup] 2024-07-15T15:31:36.5055101Z ##[group]Print Ruby version 2024-07-15T15:31:36.5056095Z [command]/opt/hostedtoolcache/Ruby/3.2.4/x64/bin/ruby --version 2024-07-15T15:31:36.7928677Z ruby 3.2.4 (2024-04-23 revision af471c0e01) [x86_64-linux] 2024-07-15T15:31:36.7967094Z Took 0.38 seconds 2024-07-15T15:31:36.7973298Z ##[endgroup] 2024-07-15T15:31:36.7974295Z ##[group]Installing Bundler 2024-07-15T15:31:36.7975405Z Using Bundler 2 shipped with ruby-3.2.4 2024-07-15T15:31:36.7976128Z Took 0.00 seconds 2024-07-15T15:31:36.7977470Z ##[endgroup] 2024-07-15T15:31:36.8088188Z ##[group]Run cd ruby-test 2024-07-15T15:31:36.8088640Z cd ruby-test 2024-07-15T15:31:36.8089067Z gem install bundler -v 2.5.13 2024-07-15T15:31:36.8089625Z bundle install 2024-07-15T15:31:36.8135404Z shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0} 2024-07-15T15:31:36.8136066Z ##[endgroup] 2024-07-15T15:31:38.2230565Z Successfully installed bundler-2.5.13 2024-07-15T15:31:38.2231843Z 1 gem installed 2024-07-15T15:31:39.2517623Z Fetching gem metadata from https://rubygems.org/........ 2024-07-15T15:31:39.6319014Z Resolving dependencies... 2024-07-15T15:31:39.6616629Z Installing logger 1.6.0 2024-07-15T15:31:39.6620372Z Installing uri 0.13.0 2024-07-15T15:31:39.6766090Z Installing net-http 0.4.1 2024-07-15T15:31:39.6863774Z The installation path is insecure. Bundler cannot continue. 2024-07-15T15:31:39.6864804Z /opt/hostedtoolcache/Ruby/3.2.4/x64/lib/ruby/gems/3.2.0/gems is world-writable 2024-07-15T15:31:39.6870220Z (without sticky bit). 2024-07-15T15:31:39.6872331Z Bundler cannot safely replace gems in world-writeable directories due to 2024-07-15T15:31:39.6873502Z potential vulnerabilities. 2024-07-15T15:31:39.6874454Z Please change the permissions of this directory or choose a different install 2024-07-15T15:31:39.6875610Z path. 2024-07-15T15:31:39.7095068Z ##[error]Process completed with exit code 38.

vidyasagarnimmagaddi commented 1 month ago

Hi @rafalhejna , the issue is due to the permissions.Kindly try this.


name: 'Ruby test'

on:
  push

jobs:
  test:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Ruby
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: 3.2
          working-directory: ./ruby-test
        env:
          BUNDLE_GEMFILE: Gemfile

      - name: Change permissions
        run: chmod -R o-w /opt/hostedtoolcache/Ruby/3.2.4/x64/lib/ruby/gems/3.2.0/gems

      - name: bundle install
        run: |
          cd ruby-test
          gem install bundler -v 2.5.13
          bundle install
        shell: bash
rafalhejna commented 1 month ago

@vidyasagarnimmagaddi So your suggestion worked, but this solution looks rather "hacky". Is it really the only way to make this work? Can this setting be applied more "globally" to all runners?

jcoyne commented 1 month ago

This is a real challenge to do if you happen to be using a matrix build with many different versions of ruby.

jamis commented 1 month ago

This is a real challenge to do if you happen to be using a matrix build with many different versions of ruby.

This is exactly what we are encountering. We were able to just be quite a bit more liberal in our chmod usage, though:

chmod -R o-w /opt/hostedtoolcache/Ruby

That seemed to do the trick for us.

eregon commented 1 month ago

This seems a bug of the prebuilt Ruby 3.2.4 in the toolcache, where it got wrong permissions.

Since https://github.com/ruby/setup-ruby/issues/98 the expectation is the binaries from https://github.com/ruby/ruby-builder are used.

Asjnhbv commented 3 weeks ago

Included Software: https://github.com/actions/runner-images/blob/ubuntu22/20240708.1/images/ubuntu/Ubuntu2204-Readme.md

eregon commented 3 weeks ago

https://github.com/eregon/actions-shell/actions/runs/10199673790/job/28217339098 shows that indeed the permissions are wrong:

$ ls -la /opt/hostedtoolcache/Ruby/3.2.4/x64/lib/ruby/gems/3.2.0/gems
total 352
drwxrwxrwx+ 88 runner docker 4096 Apr 23 13:04 .
drwxrwxrwx+  9 runner docker 4096 Apr 23 13:04 ..
drwxrwxrwx+  2 runner docker 4096 Apr 23 13:04 abbrev-0.1.1
drwxrwxrwx+  2 runner docker 4096 Apr 23 13:04 base64-0.1.1
...

That should be fixed in the scripts creating the runner images (i.e., this repo).

https://github.com/ruby/ruby-builder/releases/download/toolcache/ruby-3.2.4-ubuntu-22.04.tar.gz has the correct permissions, see https://github.com/ruby/setup-ruby/issues/624#issuecomment-2263113830

eregon commented 3 weeks ago

OTOH it seems the permissions are wrong for everything under /opt/hostedtoolcache on all 3 ubuntu versions: https://github.com/eregon/actions-shell/actions/runs/10199733618/job/28217556337

Run ls -la /opt/hostedtoolcache
total 36
drwxrwxrwx+  9 runner root        4096 Jul 21 22:30 .
drwxrwxrwx+ 17 root   root        4096 Aug  1 13:49 ..
drwxrwxrwx+  3 runner root        4096 Jul 21 21:20 CodeQL
drwxrwxrwx+  6 runner root        4096 Jul 21 21:40 Java_Temurin-Hotspot_jdk
drwxrwxrwx+  8 runner runneradmin 4096 Jul 21 22:23 PyPy
drwxrwxrwx+  8 runner runneradmin 4096 Jul 21 22:29 Python
drwxrwxrwx+  5 runner root        4096 Jul 21 22:00 Ruby
drwxrwxrwx+  5 runner runneradmin 4096 Jul 21 22:30 go
drwxrwxrwx+  5 runner runneradmin 4096 Jul 21 22:29 node

I don't know if that is new or it was always like that.