Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sharing pullrequest metadata from input to output PR resource results in permission error #3054

Closed
ghost opened this issue Aug 4, 2020 · 0 comments · Fixed by #3055
Closed

Sharing pullrequest metadata from input to output PR resource results in permission error #3054

ghost opened this issue Aug 4, 2020 · 0 comments · Fixed by #3055
Labels
kind/bug Categorizes issue or PR as related to a bug. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now.
Milestone
Pipelines v0.15

Comments

@ghost
Copy link

ghost commented Aug 4, 2020

Expected Behavior

One usecase for pull request resources is to have an input PR resource pull down the current state of a PR and then an output PR resource sync the updated state back to github. In order to make this work a step needs to be added to copy the input resource's metadata to the output resource's workspace directory (e.g. /workspace/output/pr). Once the metadata is copied into the output workspace the output resource should then be able to sync those changes back to github.

Actual Behavior

At the moment this does not appear to work - during pullrequest upload the pullrequest resource attempts to read from /workspace/output/pr/pr.json and gets a permission denied error like this:

[pr-source-pr-sng8f] {"level":"info","ts":1596551207.2666166,"caller":"pullrequest-init/main.go:68","msg":"RUNNING UPLOAD!","resource_type":"pullrequest","mode":"upload"}
[pr-source-pr-sng8f] {"level":"fatal","ts":1596551207.2668488,"caller":"pullrequest-init/main.go:71","msg":"open /workspace/output/pr/pr.json: permission denied","resource_type":"pullrequest","mode":"upload","stacktrace":"main.main\n\tgithub.com/tektoncd/pipeline/cmd/pullrequest-init/main.go:71\nruntime.main\n\truntime/proc.go:203"}

Steps to Reproduce the Problem

The following YAML reproduces the problem on current master:

apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
  name: pr-test
spec:
  taskSpec:
    resources:
      inputs:
        - name: pr
          type: pullRequest
      outputs:
        - name: pr
          type: pullRequest
    steps:
    - name: copy-pr-to-output
      image: busybox
      script: |
        #!/bin/sh
        mkdir -p $(outputs.resources.pr.path)
        cp -r $(inputs.resources.pr.path)/* $(outputs.resources.pr.path)/
  resources:
    inputs:
    - name: pr
      resourceSpec:
        type: pullRequest
        params:
        - name: url
          value: https://github.com/tektoncd/pipeline/pull/100
    outputs:
    - name: pr
      resourceSpec:
        type: pullRequest
        params:
        - name: url
          value: https://github.com/tektoncd/pipeline/pull/100

Additional Info

This may be related to the fact that we build the entrypoint using a nonroot base image. Still investigating.
@ghost ghost added kind/bug Categorizes issue or PR as related to a bug. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. needs-cherry-pick Indicates a PR needs to be cherry-pick to a release branch labels Aug 4, 2020
@ghost ghost added this to the Pipelines v0.15 milestone Aug 4, 2020
@ghost ghost mentioned this issue Aug 4, 2020
Merged
3 tasks
@bobcatfish bobcatfish removed the needs-cherry-pick Indicates a PR needs to be cherry-pick to a release branch label Sep 11, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now.
Projects
None yet
Milestone
Pipelines v0.15
Development

Successfully merging a pull request may close this issue.

Ensure pullrequest-init is based on a root image
1 participant
@bobcatfish