Open ctmbl opened 5 months ago
on next action it seemed to work fine, maybe the time that all files in .git
get converted to the right owner/perms
https://github.com/iScsc/blog.iscsc.fr/actions/runs/9285642478/job/25550640703
so I'll let this open and idle for a while and then close it if no other errors show up
the problem is that newly created (or updated by fetching and rebasing) files and directories are created without the group write bit.
on the server:
$ git show --compact-summary
commit 5e394324f35f71bb3b3a40f5216f75766ada44a8 (HEAD -> main)
Author: ClementMabileau <mabileau.clement@gmail.com>
Date: Tue Sep 17 09:15:21 2024 +0200
Add an Events page (#81)
...
src/assets/css/custom.css | 11 ++++++++++
src/config.toml | 1 +
$ ll src/
total 28K
drwxrwsr-x 3 ci-deployment maintainers 4.0K Sep 1 12:23 assets
-rw-r--r-- 1 ci-deployment maintainers 5.6K Sep 17 07:39 config.toml
...
$ ll src/assets/css/
-rw-r--r-- 1 ci-deployment maintainers 1.2K Sep 17 07:39 custom.css
due to the value of umask:
$ umask
0022
so when other users than the CI one fetch or change files they own the file, and the CI can no longer change this file
the solution:
0002
so that files are created WITH the group write bit, tks to the setgid bit and the maintainer bit, all users of the maintainer group will be able to modify the filessources:
a script
remote_git_pull.sh
has been introduced by #55 , it aims to update the state of the local git copy on the remote server from where we deploy the website. This PR also reworks the use and names of secrets in the deployment workflow, which needed some rework for sure!However sometimes this script fails, due to permissions or owning problems on the remote server, and is therefore really server-state dependant. The change is recent I expect that this script will fail again in the future but I hope that less and less as the change grows old
A possible patch would be to overwrite the return code of the command and instead just emit a GitHub Action warning something like:
But I don't want to patch it right now, this is the kind of bug due to permission and environment, I prefer to get a bit more of information and experience before patching it