EACCES: permission denied, scandir

actions / upload-artifact

MIT License

3.24k stars 728 forks source link

EACCES: permission denied, scandir #192

Open smac89 opened 3 years ago

smac89 commented 3 years ago

Describe the bug Using a glob that happens to come across a folder not owned by the current user, causes the upload task to fail.

Version

[x] V2

Environment

[x] Linux

Screenshots ArcoLinux_2021-04-19_15-41-57

How to reproduce

- name: Upload root
  if: always()
  uses: actions/upload-artifact@v2
  with:
    name: root-logs@${{ github.sha }}
    path: |
      /root/build/**/*-log.gz
    retention-days: 3

Additional context I did a little digging, and the offending code is coming from @actions/glob which has been reported here. Just wanted to bring it to your attention as well, and for my reference, as I use a workaround

luillyfe commented 3 years ago

any updates here?? I am getting an error when uploading files to gcloud storage

kachkaev commented 2 years ago

Same issue here when trying to include a Postgres Docker volume:

- uses: actions/upload-artifact@v2
  if: ${{ failure() }}
  with:
    name: my-stuff
    path: stuff

Run actions/upload-artifact@v2
Error: EACCES: permission denied, scandir '/home/runner/work/repo-name/repo-name/stuff/docker-volumes/postgres/data'

Supplementing path: stuff with !glob does not seem to help:

    path: |
      stuff
      !stuff/docker-volumes/postgres

Looks like directory scanning still touches files with too few permissions.

My current workaround is to explicitly avoid stuff/docker-volumes. This is more verbose and means that I have to update path every time there is a new subfolder or a file in stuff.

    path: |
      stuff/a
      stuff/b
      stuff/c

silverqx commented 1 year ago

The same here, I'm trying to do something like this:

    - uses: actions/upload-artifact@v3
      with:
        name: mysql_after
        path: /var/lib/mysql

My current workaround for this is:

    - name: Prepare files
      run: |
        mkdir ./tmp
        sudo cp -r /var/lib/mysql ./tmp
        sudo chown -R runner:runner ./tmp

And after that upload the ./tmp folder instead.

Would be nice to have the user or sudo parameter.

spk121 commented 1 year ago

I think I have a related problem, although it is stat, not scandir. One file in a directory doesn't have the correct access rights, causing the whole upload to fail. I tried to glob around it as below, but, it still gets scanned and errors out, as below.

      with:
        name: App
        path: |
          app
          !app/**/guile-tools*

gives me

Error: EACCES: permission denied, stat 'D:\a\guile\guile\app\bin\guile-tools'

I can just delete the problematic file before running the action, of course, which will probably be my strategy.