Permission problems on cached files
I've only recently started using Gitlab & am using for a PHP project. In order to prevent having to do a composer install on each build I've added the following to the top of my .gitlab-ci.yml file…
cache:
paths:
- vendor/Which appears to work OK… for the first build. If I attempt to retry the build, or push another commit to trigger the build, all subsequent builds fails, with the error that the build can't delete certain files within the /vendor/ directory. This is due to the files being owned by root, rather than gitlab-runner.
I've checked the status of the file after the initial build & they are all set to gitlab-runner so something that the cache is doing to restore the cache is setting the files to owned by root.
Surely this should use the gitlab-runner user, right… or am I missing something (it could quite easily be that I've not understood how this works)?
Here's my .gitlab-ci.yml file…
cache:
paths:
- vendor/
stages:
- build
- test
- image
before_script:
- pwd
- docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN registry.gitlab.com
- docker info
unit_tests:
stage: test
script:
- make test
build_images:
stage: image
script:
- ./bin/prepare_env_file
- cat .env.stag
- make build-stag
after_script:
- make cleanAnd here's my Makefile…
# Script environment variables
SHELL := /bin/bash
USER_ID := $(shell id -u)
GROUP_ID := $(shell id -g)
# Directories
MAKEFILE := $(realpath $(lastword $(MAKEFILE_LIST)))
ROOT_DIR := $(dir $(MAKEFILE))
DEV_CERT_DIR := $(ROOT_DIR)docker/nginx/certs.local
# Docker compose files
DOCKER_CONFIG_ROOT := ./docker
DOCKER_CONFIG_COMPOSER := -f $(DOCKER_CONFIG_ROOT)/docker-compose.composer.yml
DOCKER_CONFIG_DEV := -f $(DOCKER_CONFIG_ROOT)/docker-compose.dev.yml
DOCKER_CONFIG_PROD := -f $(DOCKER_CONFIG_ROOT)/docker-compose.prod.yml
###
# Dev tasks
###
setup-dev: githooks dev-certs composer-dev ip-alias run-dev
ip-alias:
sudo ifconfig lo0 alias 10.254.254.254
githooks:
./bin/install_githooks.sh
dev-certs:
docker-compose ${DOCKER_CONFIG_DEV} run --rm certs
env-dev:
cp .env.dev .env
composer-dev: env-dev
docker-compose ${DOCKER_CONFIG_DEV} run --user ${USER_ID}:${GROUP_ID} composer install
ls -alsR vendor |grep root
clean-dev: env-dev
docker-compose ${DOCKER_CONFIG_DEV} stop
docker-compose ${DOCKER_CONFIG_DEV} rm -f
build-dev: env-dev clean-dev
docker-compose ${DOCKER_CONFIG_DEV} build
run-dev: env-dev build-dev
docker-compose ${DOCKER_CONFIG_DEV} up nginx
docker-logs-dev: env-dev
docker-compose ${DOCKER_CONFIG_DEV} logs -f
###
# CI/CD tasks
###
test: env-dev composer-dev
docker-compose ${DOCKER_CONFIG_DEV} run --user ${USER_ID}:${GROUP_ID} php ./vendor/bin/phpunit
ls -alsR vendor |grep root
composer:
docker-compose ${DOCKER_CONFIG_PROD} run --user ${USER_ID}:${GROUP_ID} composer install --no-dev --optimize-autoloader
ls -alsR vendor |grep root
prepare-src: composer
tar -czvf ${DOCKER_CONFIG_ROOT}/nginx/src.tar.gz ./app ./bin ./src ./var ./vendor ./web
cp ${DOCKER_CONFIG_ROOT}/nginx/src.tar.gz ${DOCKER_CONFIG_ROOT}/php/src.tar.gz
env-stag:
cp .env.stag .env
build-stag: env-stag composer prepare-src
docker-compose ${DOCKER_CONFIG_PROD} build
source .env && docker tag my-org-api/nginx-prod registry.gitlab.com/my-org/nginx:${CI_BUILD_REF_SHORT}
source .env && docker tag my-org-api/php-prod registry.gitlab.com/my-org/php:${CI_BUILD_REF_SHORT}
source .env && docker push registry.gitlab.com/my-org/nginx:${CI_BUILD_REF_SHORT}
source .env && docker push registry.gitlab.com/my-org/php:${CI_BUILD_REF_SHORT}
certs-stag: env-stag
docker-compose ${DOCKER_CONFIG_PROD} up --build certs
docker-compose ${DOCKER_CONFIG_PROD} rm certs
run-stag: env-stag build-stag certs-stag
docker-compose ${DOCKER_CONFIG_PROD} up -d
env-prod:
cp .env.prod .env
clean: env-prod
docker-compose ${DOCKER_CONFIG_PROD} stop
docker-compose ${DOCKER_CONFIG_PROD} rm -f
build: env-prod clean composer prepare-src
docker-compose ${DOCKER_CONFIG_PROD} build
certs: env-prod
docker-compose ${DOCKER_CONFIG_PROD} up --build certs
run: env-prod build certs
docker-compose ${DOCKER_CONFIG_PROD} up -d
docker-logs: env-prod
docker-compose ${DOCKER_CONFIG_PROD} logs -f