search

seek-oss / docker-ecr-cache-buildkite-plugin

Zero config plugin for caching Docker images in Amazon ECR or Google Container Registry
BSD 3-Clause Clear License
59 stars 16 forks source link

permission denied when mounting node modules #13

Open shavo007 opened 5 years ago

shavo007 commented 5 years ago

I get a permission error when mounting my cached node modules

error is 


yarn run v1.15.2
--
  | warning Skipping preferred cache folder "/usr/local/share/.cache/yarn" because it is not writable.
  | warning Selected the next writable cache folder in the list, will be "/tmp/.yarn-cache-0".
  | $   eslint --fix src && rimraf reports pacts logs && cross-env NODE_ENV=test nyc mocha
  | /workdir/node_modules/mkdirp/index.js:90
  | throw err0;
  | ^
  |  
  | Error: EACCES: permission denied, mkdir '/workdir/node_modules/.cache'
  | at Object.mkdirSync (fs.js:773:3)
  | at sync (/workdir/node_modules/mkdirp/index.js:71:13)
  | at sync (/workdir/node_modules/mkdirp/index.js:77:24)
  | at sync (/workdir/node_modules/mkdirp/index.js:77:24)
  | at save (/workdir/node_modules/@babel/register/lib/cache.js:50:20)
  | at processTicksAndRejections (internal/process/task_queues.js:79:9)
  | at process.runNextTicks [as _tickCallback] (internal/process/task_queues.js:56:3)
  | at Function.Module.runMain (internal/modules/cjs/loader.js:871:11)
  | at internal/main/run_main_module.js:21:11

looks like there is no user for node modules

drwxr-xr-x 1071 nobody nogroup 28672 Apr 17 04:08 node_modules

pipeline.yaml

plugins: &plugins #alias for shared plugins
  seek-oss/aws-sm#v0.0.3:
    env:
      NPM_TOKEN: "arn:aws:secretsmanager:ap-southeast-2:xxx:secret:npm/xxx"
  seek-oss/private-npm#v1.1.1:
    env: "NPM_TOKEN"
  docker#v3.0.1:
    volumes:
      - /workdir/node_modules
    environment:
      - "DOCKER_BUILDKIT=1"  
  seek-oss/docker-ecr-cache#v1.1.6:
    dockerfile: Dockerfile-builder
    cache-on:
      - yarn.lock   

steps:
  - label: "yarn :yarn: :eslint: Lint  and :mocha: unit test"
    <<: *dev-agent
    plugins:
      <<: *plugins
    env:
      DOCKER_BUILDKIT: 1  
    command:
      - echo "--- list work dir"
      - ls -al /workdir
      - echo "--- Running yarn test:unit :mocha:"
      - yarn test:unit
    artifact_paths: 
      - reports/junit.xml
      - reports/coverage/**/*
  - wait: ~ #annotate test failures
    continue_on_failure: true
  - plugins:
      - junit-annotate#v1.7.0:
          artifacts: reports/junit.xml

Docker file

FROM node:11.13-slim

RUN curl -L -o terminal-to-html.gz https://github.com/buildkite/terminal-to-html/releases/download/v3.1.0/terminal-to-html-3.1.0-linux-amd64.gz \
&& gzip -d terminal-to-html.gz \
&& mv terminal-to-html /usr/bin/terminal-to-html \
&& chmod +x /usr/bin/terminal-to-html \
&& mkdir -p /workdir

WORKDIR /workdir

COPY package.json yarn.lock .npmrc ./

RUN yarn install --frozen-lockfile
72636c commented 5 years ago

🤔 I'm not seeing this error with a minimal configuration of:

.buildkite/pipeline.yml

```yaml steps: - agents: queue: xxx command: yarn test env: DOCKER_BUILDKIT: 1 plugins: - seek-oss/docker-ecr-cache#v1.1.6: cache-on: yarn.lock - docker#v3.0.1: environment: - DOCKER_BUILDKIT volumes: - /workdir/node_modules ```

Dockerfile

```dockerfile FROM node:8.16-alpine WORKDIR /workdir COPY package.json yarn.lock ./ RUN yarn install --frozen-lockfile ```

package.json

```jsonc { "dependencies": { // xxx }, "devDependencies": { // xxx }, "license": "UNLICENSED", "private": true, "repository": { "type": "git", "url": "xxx" }, "scripts": { "test": "jest" } } ```

Do you still get it if: