search

buildsec / frsca

https://buildsec.github.io/frsca
Apache License 2.0
227 stars 31 forks source link

Documentation update #396

Closed rguptar closed 1 year ago

rguptar commented 1 year ago

Just a couple things I noticed when I set FRSCA up locally:

  1. In the quickstart, it lists make setup-dev, setup-frsca, and setup-examples. However, setup-frsca itself runs setup-dev and setup-examples. Should we remove setup-dev and setup-examples, not from the Makefile, but from the quickstart?
  2. In 00-kubernetes-minikube-setup.sh, there's a crane install for Mac but not Linux. We can reference the binaries from GitHub.
  3. I'm getting the following error when running the samples. I'm including it here but perhaps it would be better to open an issue w/ Tekton.
$ k logs example-golang-g24dz-clone-pod -f
+ '[' false '=' true ]
+ '[' false '=' true ]
+ '[' false '=' true ]
+ CHECKOUT_DIR=/workspace/output/.
+ '[' true '=' true ]
+ cleandir
+ '[' -d /workspace/output/. ]
+ rm -rf /workspace/output/./lost+found
+ rm -rf '/workspace/output/./.[!.]*'
+ rm -rf '/workspace/output/./..?*'
+ test -z
+ test -z
+ test -z
+ git config --global --add safe.directory /workspace/output
+ /ko-app/git-init '-url=https://gitea-http.gitea:3000/frsca/example-golang' '-revision=3094f6f5715119bdd556dda00ea8d8f832efbd9e' '-refspec=' '-path=/workspace/output/.' '-sslVerify=true' '-submodules=true' '-depth=1' '-sparseCheckoutDirectories='
{"level":"error","ts":1675387447.1612756,"caller":"git/git.go:53","msg":"Error running git [init /workspace/output/.]: exit status 1\n/workspace/output/.git: Permission denied\n","stacktrace":"github.com/tektoncd/pipeline/pkg/git.run\n\tgithub.com/tektoncd/pipeline/pkg/git/git.go:53\ngithub.com/tektoncd/pipeline/pkg/git.Fetch\n\tgithub.com/tektoncd/pipeline/pkg/git/git.go:88\nmain.main\n\tgithub.com/tektoncd/pipeline/cmd/git-init/main.go:53\nruntime.main\n\truntime/proc.go:250"}
{"level":"fatal","ts":1675387447.161342,"caller":"git-init/main.go:54","msg":"Error fetching git repository: exit status 1","stacktrace":"main.main\n\tgithub.com/tektoncd/pipeline/cmd/git-init/main.go:54\nruntime.main\n\truntime/proc.go:250"}
pxp928 commented 1 year ago

@sudo-bmitch Have you seen this error before with gitea?

sudo-bmitch commented 1 year ago

Is that error pointing to a permission issue with the workspace volume? It could be related to the CSI driver.

pxp928 commented 1 year ago

The pipelineRun could require the following fsGroup permission to be set for the git clone task to read and write to the workspace volume.

rguptar commented 1 year ago

@pxp928, changing the file permissions resolved the error, thanks for taking a look!

  podTemplate:
    securityContext:
      fsGroup: 65532
GooseYArd commented 1 year ago

@pxp928, changing the file permissions resolved the error, thanks for taking a look!

  podTemplate:
    securityContext:
      fsGroup: 65532

I ran into this issue as well am clueless about cue and have what I suspect is a dumb question- did you correct this by editing sample-pipeline.cue and redeploying the sample pipeline? If so, would you be willing to share a diff that shows the content you added to the cue file? Thanks in advance!!

pxp928 commented 1 year ago

@GooseYArd made a PR to fix this issue. #414 also shows the diff.