gperdomor / nx-tools

Nx Workspaces builders and tools
MIT License
360 stars 56 forks source link

nx-podman image not work on gitlab CI - pnpm and codepack not found #1151

Open sebglon opened 1 month ago

sebglon commented 1 month ago

The CI job has no access to codepack and pnpm. The user used to run cmd is podman. this user does not have access to codepack and pnpm. But if i mnualy start a container, i am connected as root user and i can run pnpm.

Gitlab CI not authorize non-root user on Kubernetes pods for jobs.

CI job definition:

nx:container:
  extends: .nxdefault
  stage: build
  image: gperdomor/nx-podman:22.9.0
  variables:
    INPUT_PUSH: 'true'
    INPUT_ENGINE: 'podman'
    KUBERNETES_POD_ANNOTATIONS_1: "container.apparmor.security.beta.kubernetes.io/build=unconfined"
  script:
    - podman login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
    - podman login -u $CI_DEPENDENCY_PROXY_USER -p $CI_DEPENDENCY_PROXY_PASSWORD $CI_SERVER_HOST
    - pnpm nx show projects --affected --base=$NX_BASE --head=$NX_HEAD
    - pnpm run version --projects=$(pnpm nx show projects --affected -t container --base=$NX_BASE --head=$NX_HEAD --sep=",")
    - pnpm nx affected -t container-version --base=$NX_BASE --head=$NX_HEAD --parallel=1
    - NODE_ENV=production pnpm nx affected -t container --base=$NX_BASE --head=$NX_HEAD --parallel=1

CI job logs:

Running on runner-a6ggycboa-project-7-concurrent-0-2gob635t via gitlab-gitlab-runner-6dbfd695c6-fhwq8...
Getting source from Git repository
00:09
Fetching changes with git depth set to 50...
Initialized empty Git repository in /my_custom_dir/ubbleai/core/.git/
Created fresh repository.
Checking out e14b5cdf as detached HEAD (ref is refs/merge-requests/9049/head)...
Skipping Git submodules setup
Restoring cache
00:00
Checking cache for 0_pnpm-lock-db917d[15](https://gitlab.ubble.ai/ubbleai/core/-/jobs/517690#L15)dc551e7186f9566bc1bc5326a34699ee-6-non_protected...
WARNING: file does not exist                       
Failed to extract cache
Downloading artifacts
00:01
Downloading artifacts for nx:metadata (5[17](https://gitlab.ubble.ai/ubbleai/core/-/jobs/517690#L17)668)...
Downloading artifacts from coordinator... ok        host=gitlab.ubble.ai id=517668 responseStatus=200 OK token=glcbt-64
Downloading artifacts for trivy-check (517672)...
Downloading artifacts from coordinator... ok        host=gitlab.ubble.ai id=517672 responseStatus=[20](https://gitlab.ubble.ai/ubbleai/core/-/jobs/517690#L20)0 OK token=glcbt-64
Executing "step_script" stage of the job script
00:01
$ podman login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
Login Succeeded!
$ podman login -u $CI_DEPENDENCY_PROXY_USER -p $CI_DEPENDENCY_PROXY_PASSWORD $CI_SERVER_HOST
Login Succeeded!
$ pnpm nx show projects --affected --base=$NX_BASE --head=$NX_HEAD
/scripts-7-517690/step_script: line [25](https://gitlab.ubble.ai/ubbleai/core/-/jobs/517690#L25)6: pnpm: command not found
Cleaning up project directory and file based variables
00:01
ERROR: Job failed: command terminated with exit code 1
sebglon commented 1 month ago

Where can i find the nx-podman dockerfile to helm on the fix?

sebglon commented 1 month ago

related to ticket https://github.com/gperdomor/nx-tools/issues/1149