search

renovatebot / renovate

Home of the Renovate CLI: Cross-platform Dependency Automation by Mend.io
https://mend.io/renovate
GNU Affero General Public License v3.0
17.6k stars 2.32k forks source link

Set GOCACHE when updating go artifacts #6225

Open proton-ab opened 4 years ago

proton-ab commented 4 years ago

What Renovate type are you using?

Self-hosted, Gitea, 19.236.8

Describe the bug

When renovate executes go get command to update go.mod file, it does not set GOCACHE environment, in result cache is written inside container. This makes it impossible to run container as different user (--user 1001:1001) because in such case go get will attempt to write to /.cache ($HOME does not exist for user without passwd entry).

Did you see anything helpful in debug logs?

DEBUG: go get command (repository=animebytes/chihaya, branch=renovate/github.com-prometheus-common-0.x)
       "cmd": "go",
       "args": "get -d ./..."
DEBUG: Executing command (repository=animebytes/chihaya, branch=renovate/github.com-prometheus-common-0.x)
       "command": "go get -d ./..."
DEBUG: Failed to update go.sum (repository=animebytes/chihaya, branch=renovate/github.com-prometheus-common-0.x)
       "err": {
         "killed": false,
         "code": 1,
         "signal": null,
         "cmd": "go get -d ./...",
         "stdout": "",
         "stderr": "failed to initialize build cache at /.cache/go-build: mkdir /.cache: permission denied\n",
         "message": "Command failed: go get -d ./...\nfailed to initialize build cache at /.cache/go-build: mkdir /.cache: permission denied\n",
         "stack": "Error: Command failed: go get -d ./...\nfailed to initialize build cache at /.cache/go-build: mkdir /.cache: permission denied\n\n    at ChildProcess.exithandler (child_process.js:303:12)\n    at ChildProcess.emit (events.js:310:20)\n    at ChildProcess.EventEmitter.emit (domain.js:482:12)\n    at maybeClose (internal/child_process.js:1021:16)\n    at Process.ChildProcess._handle.onexit (internal/child_process.js:286:5)"
       }

To Reproduce

No repro repo is given as this issue is internal to self-hosted instances in an edge case where docker container is run as different user.

Additional context

I'd expect Renovate to handle cache for Go the same way it handles cache for other package managers.

rarkins commented 4 years ago

Looks like we do not have any awareness of GOCACHE today. BTW if you're running self-hosted and enable trustLevel=high then Renovate will transparently pass through the entire env to child processes. But otherwise we should make GOCACHE behavior awareness similar to how we do for other package managers.

whilp commented 4 years ago

I'm seeing this in GitHub actions as well. You can see a few cases of me flailing embarrassingly linked back to this issue (using a pinned, latest renovate image with high trust). I tried a few things, all of which failed:

  1. Set XDG_CONFIG_HOME
  2. Set HOME
  3. Created ~/.cache/go-build
  4. chmod o+w ~/.cache/go-build (yikes!)

What else should I try here?

whilp commented 4 years ago

For reference, direct links to some of the actions runs:

https://github.com/whilp/world/actions/runs/262881062

https://github.com/whilp/world/actions/runs/262867258

And a PR produced by one of those runs:

https://github.com/whilp/world/pull/385