Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

/github/home/.gitconfig: Permission denied #39

Closed
thisurawijesekera opened this issue Nov 27, 2023 · 11 comments · Fixed by #50 · May be fixed by #46
Closed

/github/home/.gitconfig: Permission denied #39

thisurawijesekera opened this issue Nov 27, 2023 · 11 comments · Fixed by #50 · May be fixed by #46
Assignees
@denis256
Labels
bug Something isn't working

Comments

@thisurawijesekera
Copy link

thisurawijesekera commented Nov 27, 2023
edited
Loading

Describe the bug
giving following error
/github/home/.gitconfig: Permission denied

To Reproduce
With the version v2.0 any Terragrunt command will give the error

Run gruntwork-io/terragrunt-action@v2
/usr/local/bin/docker run --name ed5a447e040ba0420f4672a13e1571e88a6ec2_85fc57 --label ed5a44 --workdir /github/workspace --rm -e "VAULT_URL" -e "VAULT_NAMESPACE" -e "TERRAFORM_VERSION" -e "TERRAGRUNT_VERSION" -e "AWS_ACCOUNT" -e "ENVIRONMENT" -e "AWS_ASSUME_ROLE" -e "AWS_REGION" -e "GITHUB_TOKEN" -e "GITHUB_USERNAME" -e "AWS_DEFAULT_REGION" -e "AWS_ACCESS_KEY_ID" -e "AWS_SECRET_ACCESS_KEY" -e "AWS_SESSION_TOKEN" -e "TF_VAR_vault_role_id" -e "TF_VAR_vault_secret_id" -e "INPUT_TF_VERSION" -e "INPUT_TG_VERSION" -e "INPUT_TG_DIR" -e "INPUT_TG_COMMAND" -e "INPUT_TG_COMMENT" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_EVENT_PATH" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "GITHUB_ACTION" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_ENVIRONMENT" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e "ACTIONS_RESULTS_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/runner/_work/_temp/_github_home":"/github/home" -v "/runner/_work/_temp/_github_workflow":"/github/workflow" -v "/runner/_work/_temp/_runner_file_commands":"/github/file_commands" -v "/runner/_work/dim-apic-k8s-cluster-infra/dim-apic-k8s-cluster-infra":"/github/workspace" ed5a44:7e040ba0420f4672a13e1571e88a6ec2
2023-11-[27](https://github.com/xxxxxxxxx/dim-apic-k8s-cluster-infra/actions/runs/7009370600/job/19067683357#step:20:28) 18:41:20 Starting Terragrunt Action
error: could not lock config file /github/home/.gitconfig: Permission denied
2023-11-27 18:41:20 Finished Terragrunt Action execution

Expected behavior
A clear and concise description of what you expected to happen.

Nice to have
2023-11-27 18:41:20 Starting Terragrunt Action
error: could not lock config file /github/home/.gitconfig: Permission denied
2023-11-27 18:41:20 Finished Terragrunt Action execution

Pipeline steps

- name: Set GitHub Creds
  run: |
    git config --global --add safe.directory /github/workspace
    git config --global url."https://${{ env.GITHUB_USERNAME }}:${{ env.GITHUB_TOKEN }}@github.com".insteadOf "https://github.com"
  shell: bash 

- name: Terragrunt init
  uses: gruntwork-io/[email protected]
  with:
    tf_version: ${{ env.TERRAFORM_VERSION }}
    tg_version: ${{ env.TERRAGRUNT_VERSION }}
    tg_dir: vars/${{ env.ENVIRONMENT }}
    tg_command: 'init'
  env:    
    TF_VAR_vault_role_id: ${{ secrets.DIM_VAULT_ROLE_ID }}      
    TF_VAR_vault_secret_id: ${{ secrets.DIM_VAULT_SECRET_ID }}        
    GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }}

Versions

  • Terragrunt Action version: 2.0
  • Environment details (Terragrunt version, Terraform version, etc.): TF version 1.4.6

Additional context
Add any other context about the problem here.
@thisurawijesekera thisurawijesekera added the bug Something isn't working label Nov 27, 2023
@denis256
Copy link
Member

Hello,
can be shared an example repo where this issue occurs?

@thisurawijesekera
Copy link
Author

Hi,

Unfortunately those repos are private repos and I am unable to share a example repo but when I tried with the version version 1.0.10 it worked

@josephniblo
Copy link

I have this on v2 also, but only when I run on a "larger runner". On standard github hosted runners v2 works fine for me.

I don't know if this is because the runners are behaving differently (possibly one is running the container as root by default?) or because of an artifact on the runner.

Looks like /github/home/.gitconfig is a mount of: /home/runner/work/_temp/_github_home

@yyarmoshyk
Copy link

I'm seeing the same problem on self hosted runner.

The volume mount config is the following:

-v "/home/ubuntu/actions-runner/_work/_temp/_github_home":"/github/home"

.gitconfig is to be created in /home/ubuntu/actions-runner/_work/_temp/_github_home.

I've made the ubuntu user to be the owner of the folder /home/ubuntu/actions-runner/_work/_temp additionally I recursively made it 0777 but it didn't help.

Any suggestions how to bypass it on the self hosted runner?

@denis256 denis256 self-assigned this Jan 26, 2024
@CsBigDataHub
Copy link

I'm seeing the same problem on self hosted runner.

The volume mount config is the following:

-v "/home/ubuntu/actions-runner/_work/_temp/_github_home":"/github/home"

.gitconfig is to be created in /home/ubuntu/actions-runner/_work/_temp/_github_home.

I've made the ubuntu user to be the owner of the folder /home/ubuntu/actions-runner/_work/_temp additionally I recursively made it 0777 but it didn't help.

Any suggestions how to bypass it on the self hosted runner?

Same issue for me as well on a self hosted runner.

@thisurawijesekera
Copy link
Author

I'm seeing the same problem on self hosted runner.
The volume mount config is the following:

-v "/home/ubuntu/actions-runner/_work/_temp/_github_home":"/github/home"

.gitconfig is to be created in /home/ubuntu/actions-runner/_work/_temp/_github_home.
I've made the ubuntu user to be the owner of the folder /home/ubuntu/actions-runner/_work/_temp additionally I recursively made it 0777 but it didn't help.
Any suggestions how to bypass it on the self hosted runner?

Same issue for me as well on a self hosted runner.

Used old version and it worked for me or you can manually run those terragrunt commands except using the action

@CsBigDataHub
Copy link

I'm seeing the same problem on self hosted runner.
The volume mount config is the following:

-v "/home/ubuntu/actions-runner/_work/_temp/_github_home":"/github/home"

.gitconfig is to be created in /home/ubuntu/actions-runner/_work/_temp/_github_home.
I've made the ubuntu user to be the owner of the folder /home/ubuntu/actions-runner/_work/_temp additionally I recursively made it 0777 but it didn't help.
Any suggestions how to bypass it on the self hosted runner?

Same issue for me as well on a self hosted runner.

Used old version and it worked for me or you can manually run those terragrunt commands except using the action

Used old version

Can you please be more specific, what tag/version are you referring to when you say old version

@thisurawijesekera
Copy link
Author

I'm seeing the same problem on self hosted runner.
The volume mount config is the following:

-v "/home/ubuntu/actions-runner/_work/_temp/_github_home":"/github/home"

.gitconfig is to be created in /home/ubuntu/actions-runner/_work/_temp/_github_home.
I've made the ubuntu user to be the owner of the folder /home/ubuntu/actions-runner/_work/_temp additionally I recursively made it 0777 but it didn't help.
Any suggestions how to bypass it on the self hosted runner?

Same issue for me as well on a self hosted runner.

Used old version and it worked for me or you can manually run those terragrunt commands except using the action

Used old version

Can you please be more specific, what tag/version are you referring to when you say old version

I have tried on v1.0.9 and v1.0.8

@CsBigDataHub
Copy link

Add USER root to docker file worked for me.

diff --git a/Dockerfile b/Dockerfile
index 76c2023..7ccc2ce 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,4 +4,6 @@ MAINTAINER Gruntwork <[email protected]>

 COPY ["./src/main.sh", "/action/main.sh"]

+USER root
+
 ENTRYPOINT ["/action/main.sh"]

@lucasmellos lucasmellos mentioned this issue Feb 7, 2024
Open
@denis256 denis256 mentioned this issue Feb 15, 2024
Merged
@oliverwiegers
Copy link

Hey folks, thank you for your work.

Why is this closed? The issue still persists and above workaround is not a solution

@yyarmoshyk
Copy link

I got it fixed but forgot to publish the solution here. In my case it was about the fact that runner agent is being executed under ubuntu while inside container the user is root.

Every execution was re-setting the permissions for the .git* files and folders

I had the following command insider the workflow:

 - name: Job_name
    run: |
        docker run --rm -t -v ./:/app -w /app \
          .... \
          -u 1000 \
          docker_image:image_tag command

The fix was about adding -u 1000. The uid corresponds with the Linux userid that starts github runner process.

Additionally I've added the workspace cleanup stage:

  cleanup:
    runs-on: [runner_lable]
    needs: [Job_name]
    steps:
    - name: cleanup
      run: |
        sudo rm -rf ${{ github.workspace }}/*

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@denis256 denis256

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
6 participants
@denis256 @oliverwiegers @yyarmoshyk @CsBigDataHub @josephniblo @thisurawijesekera