adding user 1001 throws EACCES permission issue
gkatsanos opened this issue · comments
I tried adding options: --user 1001 to ensure commit name / information are shown on my cypress cloud runs.
But doing so, throws an EACCES permission issue.
jobs:
cypress:
runs-on: default-visable
container:
image: cypress/browsers:node-18.14.1-chrome-110.0.5481.96-1-ff-109.0-edge-110.0.1587.41-1
options: --user 1001
env:
GITHUB_TOKEN: ${{ secrets.PACKAGES_READ_ONLY_TOKEN_GITHUB }}
PUBLIC_API_URL: "https://api.staging.visable.io"
IS_CYPRESS: "true"
BASE_URL: "https://www.wlw-staging.de"
REQUESTS_INTERNAL_API: "https://requests-service.internal.wlw-1.staging.visable.cloud/requests_service/internal_api"
RECAPTCHA_SITE_KEY: "6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI"
RECAPTCHA_SECRET_KEY: "6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe"
steps:
- uses: pnpm/action-setup@v3
with:
version: 8.15.3
- name: Define proper Checkout REF
shell: bash
run: echo "ref=$(echo ${GITHUB_HEAD_REF:-${GITHUB_REF}})" >> $GITHUB_OUTPUT
id: extract_ref
- uses: actions/checkout@v4
with:
ref: "${{ steps.extract_ref.outputs.ref }}"
- name: setup github packages authentication
run: 'echo "//npm.pkg.github.com/:_authToken=${{ secrets.PACKAGES_READ_ONLY_TOKEN_GITHUB }}" > ~/.npmrc'
- uses: cypress-io/github-action@v6
id: cypress
env:
GITHUB_TOKEN: ${{ secrets.PACKAGES_READ_ONLY_TOKEN_GITHUB }}
COMMIT_INFO_BRANCH: ${{ github.ref_name }}
CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
with:
record: true
build: pnpm build
start: pnpm start
browser: chrome
- name: cleanup repo files
if: always()
run: find . -mindepth 1 -delete
I also tried to do what was suggested in #1129 (comment) add options: --user 1001 but I get permissions issues.
The Docker image section of the documentation says:
Include
options: --user 1001to avoid permissions issues.
This is missing from the workflow posted above.
sure, trying that just to make it clearer:
jobs:
cypress:
runs-on: default-visable
container:
image: cypress/browsers:node-18.14.1-chrome-110.0.5481.96-1-ff-109.0-edge-110.0.1587.41-1
options: --user 1001
env:
GITHUB_TOKEN: ${{ secrets.PACKAGES_READ_ONLY_TOKEN_GITHUB }}
PUBLIC_API_URL: "https://api.staging.visable.io"
IS_CYPRESS: "true"
BASE_URL: "https://www.wlw-staging.de"
REQUESTS_INTERNAL_API: "https://requests-service.internal.wlw-1.staging.visable.cloud/requests_service/internal_api"
RECAPTCHA_SITE_KEY: "6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI"
RECAPTCHA_SECRET_KEY: "6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe"
steps:
- uses: pnpm/action-setup@v3
with:
version: 8.15.3
- name: Define proper Checkout REF
shell: bash
run: echo "ref=$(echo ${GITHUB_HEAD_REF:-${GITHUB_REF}})" >> $GITHUB_OUTPUT
id: extract_ref
- uses: actions/checkout@v4
with:
ref: "${{ steps.extract_ref.outputs.ref }}"
- name: setup github packages authentication
run: 'echo "//npm.pkg.github.com/:_authToken=${{ secrets.PACKAGES_READ_ONLY_TOKEN_GITHUB }}" > ~/.npmrc'
- uses: cypress-io/github-action@v6
id: cypress
env:
COMMIT_INFO_BRANCH: ${{ github.ref_name }}
CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
HOME: /root
with:
record: true
build: pnpm build
start: pnpm start
browser: chrome
- name: cleanup repo files
if: always()
run: find . -mindepth 1 -delete
ci output:
Post job cleanup.
/usr/bin/docker exec 3a50adb[2](https://github.com/visable-dev/requests-frontend/actions/runs/9002225121/job/24730081606#step:15:2)fe9e22a9b93f6506f220d00efdbc147d50a723d2b370fdb7ebd00848 sh -c "cat /etc/*release | grep ^ID"
Error: EACCES: permission denied, open '/__w/_temp/_runner_file_commands/save_state_9b4a8efb-[3](https://github.com/visable-dev/requests-frontend/actions/runs/9002225121/job/24730081606#step:15:3)432-4129-8f67-4e61c97ba8db'
at Object.open (node:internal/fs/sync:78:18)
at Object.openSync (node:fs:565:17)
at Object.writeFileSync (node:fs:2288:35)
at Object.appendFileSync (node:fs:2350:6)
at Object.issueFileCommand (/__w/_actions/pnpm/action-setup/v3/dist/index.js:1:1[4](https://github.com/visable-dev/requests-frontend/actions/runs/9002225121/job/24730081606#step:15:4)731)
at saveState (/__w/_actions/pnpm/action-setup/v3/dist/index.js:1:12889)
at main (/__w/_actions/pnpm/action-setup/v3/dist/index.js:1:42[5](https://github.com/visable-dev/requests-frontend/actions/runs/9002225121/job/24730081606#step:15:5))
at 276 (/__w/_actions/pnpm/action-setup/v3/dist/index.js:1:539)
at __nccwpck_require__ (/__w/_actions/pnpm/action-setup/v3/dist/index.js:10:243127)
at /__w/_actions/pnpm/action-setup/v3/dist/index.js:10:243312 {
errno: -13,
code: 'EACCES',
syscall: 'open',
path: '/__w/_temp/_runner_file_commands/save_state_9b4a8efb-3432-4129-8f[6](https://github.com/visable-dev/requests-frontend/actions/runs/9002225121/job/24730081606#step:15:6)7-4e61c97ba8db'
}
Error: Error: EACCES: permission denied, open '/__w/_temp/_runner_file_commands/save_state_9b4a8efb-3432-4129-8f6[7](https://github.com/visable-dev/requests-frontend/actions/runs/9002225121/job/24730081606#step:15:7)-4e61c97ba8db'
- The issue about installing pnpm in your runner is a different one.
- It seems that you had a problem with this before, that you reported in #947
@MikeMcC399 I'm not sure how pnpm is related to the error we see there. It seems the permissions issue disappears when I remove:
options: --user 1001
Shall I create a new issue or shall I modify the existing one?
Any debugging info I can provide?
This seems to be an ownership / permissions issue on your self-hosted runner default-visable
I tried to reproduce your problem on a GitHub-hosted runner ubuntu-22.04 (with options: --user 1001) using latest versions and everything worked correctly.
Are you able to run a test of your workflow on ubuntu-22.04 instead of default-visable?
I'm not a devops expert, but I'm pretty sure a generic ubuntu runner won't work in our infra. Our runners are not running inside docker by default. They are ephemeral EC2 instances with docker installed.
just in case I missed something, is there a documentation you can link with regards to how to display the commit name / or the branch name in the description of the cypress cloud run? I've read about different github env variables that should be passed but I may be forgetting something
@gkatsanos These are the docs for how we get git info for Cloud runs: https://docs.cypress.io/guides/continuous-integration/introduction#Git-information
I'm still not seeing the commit message as shown in the screenshot of the description of my issue. Any clues as to why? "no commit message available".
I'm still not seeing the commit message as shown in the screenshot of the description of my issue. Any clues as to why? I'm using:
COMMIT_INFO_MESSAGE: ${{ github.event.head_commit.message }}
I'm not a devops expert, but I'm pretty sure a generic ubuntu runner won't work in our infra. Our runners are not running inside docker by default. They are ephemeral EC2 instances with docker installed.
I don't really understand this. Normally you would just change
runs-on: default-visablein your workflow to
runs-on: ubuntu-22.04and GitHub Actions takes care of the rest. But perhaps I am missing something fundamental here about your setup?
@MikeMcC399 indeed : I was able to reproduce / fix the issue and it seems to be related to the runs-on value which you mentioned.
I guess I need to check with our devops team if we could/should use the github public runners - maybe there's costs involved.
any thoughts as to why it would fail with our private runners?
by the way, setting record: true occasionally hangs the test run, so I decided to not use cypress cloud after all. Any clue if there's other documented similar issues?
If your workflow runs successfully on a GitHub-hosted runner and it fails on a self-hosted runner then you would need to look at how your self-hosted runner is set up. Unfortunately that is out-of-scope for this Cypress GitHub Actions repo to provide any specific information about self-hosted runners. The GitHub documentation About self-hosted runners appears not to cover the subject of directory ownership and permissions. The topic generally only becomes a problem when a Docker image is run inside a runner. You can find a mention of a related issue in the cypress-docker-images README where it notes:
The GitHub Actions Runner creates the
/github/home($HOME) directory with non-root ownership1001(runner).
by the way, setting
record: trueoccasionally hangs the test run, so I decided to not use cypress cloud after all. Any clue if there's other documented similar issues?
This is a different topic and generally it is not something which the Cypress GitHub Action has any influence on.
Cypress Cloud has its own different support channel which is open to customers on paid plans.
Community support is available independent of whether you use the Free plan or one of the paid plans. You can access this through 
by the way, setting
record: trueoccasionally hangs the test run, so I decided to not use cypress cloud after all. Any clue if there's other documented similar issues?This is a different topic and generally it is not something which the Cypress GitHub Action has any influence on.
Cypress Cloud has its own different support channel which is open to customers on paid plans.
Community support is available independent of whether you use the Free plan or one of the paid plans. You can access this through
(click on button). If you want to discuss your issue on Discord be prepared to provide more details about configuration, versions, where it hangs, how it hangs, etc. otherwise the question is too vague to give any meaningful response.
thank you. I'm not sure the product offering is such that deserves any more investment in time. I was merely evaluating it.
I'll try to see what's wrong with the self-hosted runners though as this might be a blocker down the line.
Closing this issue now as the permissions issue on the GitHub self-hosted runner default-visable is not something which can be solved by changes to the Cypress GitHub Action.