GitLab CI/CD挂载Docker卷时权限被拒绝

huangapple go评论65阅读模式
英文:

GitLab CI/CD permission denied when mounting volume for docker

问题

以下是代码部分的翻译:

For the past few days I have been trying to setup a GitLab pipeline for my Laravel application, so that it installs, tests, builds and deploys to my kubernetes cluster. However, when i am trying to install composer using the following line:

过去几天,我一直在尝试为我的Laravel应用程序设置GitLab管道,以便它可以安装、测试、构建并部署到我的Kubernetes集群。然而,当我尝试使用以下命令安装Composer时:

docker run --volume $(pwd):/app --rm $CONTAINER_REGISTRY_URL/internal/docker/composer:${COMPOSER_TAG} install $COMPOSER_ARGS

I am getting a permission denied error on the $(pwd) command. This is the error:

我在$(pwd)命令上收到了权限被拒绝的错误。错误信息如下:

/scripts-66-218/step_script: eval: line 153: /builds/my-project/laravel-api: Permission denied

I am not an expert in GitLab CI/CD, but I do know my ways with dockers etc, but in this case I don't exactly know why I am getting this permission denied. The files are readable for every user, so I am not sure, but that seems correct. This is the full composer pipeline code:

我不是GitLab CI/CD的专家,但我对Docker等方面有一些了解,但在这种情况下,我不确定为什么会出现权限被拒绝的问题。文件对每个用户都可读,所以我不确定,但这看起来是正确的。这是完整的Composer管道代码:

composer-install-production:
  extends: .custom-composer-install
  variables:
      COMPOSER_ARGS: "--ignore-platform-reqs --no-ansi --no-interaction --no-progress --optimize-autoloader --prefer-dist --no-dev --no-scripts"
  before_script:
    - echo $CONTAINER_REGISTRY_PASSWORD | docker login -u $CONTAINER_REGISTRY_USERNAME $CONTAINER_REGISTRY_URL --password-stdin
    - cp .env.pipeline .env
  only:
    - tags


.custom-composer-install:
  extends: .composer-install
  variables:
    COMPOSER_TAG: "2"
    COMPOSER_SSH_DEPLOY_KEY: $GITLAB_RUNNER_RSA
  artifacts:
    paths:
      - .env
      - public/
      - vendor/
      - storage/

.composer-install:

  # Default variables
  variables:
    COMPOSER_TAG:             "prestissimo" # Change composer tag to use a differrent version. 
    COMPOSER_ARGS:            "--ignore-platform-reqs --no-ansi --no-interaction --no-progress --optimize-autoloader --prefer-dist" # If provided, composer arguments are added to the install.
    COMPOSER_AUTHJSON:        "" # If provided, authentication can be added to install private packages like Nova.
    COMPOSER_SSH_DEPLOY_KEY:  "" # If provided, adds an SSH key to the composer image to access private packages.

  stage: install

  before_script:
    - echo $CONTAINER_REGISTRY_PASSWORD | docker login -u $CONTAINER_REGISTRY_USERNAME $CONTAINER_REGISTRY_URL --password-stdin

  script:
    - $(pwd)
    - >
      if [ "$COMPOSER_AUTHJSON" != "" ]; then
        echo $COMPOSER_AUTHJSON > auth.json
      fi
    - >
      if [ "$COMPOSER_SSH_DEPLOY_KEY" == "" ]; then
        docker run --volume $PWD:/app --rm $CONTAINER_REGISTRY_URL/internal/docker/composer:${COMPOSER_TAG} install $COMPOSER_ARGS
      else
        docker run --volume $PWD:/app --rm -e "SSH_DEPLOY_KEY=$COMPOSER_SSH_DEPLOY_KEY" $CONTAINER_REGISTRY_URL/internal/docker/composer:${COMPOSER_TAG} install --ignore-platform-reqs $COMPOSER_ARGS
      fi

  artifacts:
    name: "$CI_JOB_ID-$CI_BUILD_REF_NAME"
    expire_in: 1 day
    paths:
      - vendor/

  interruptible: true

And the script crashes on this line:

脚本在这一行崩溃:

- $(pwd)

Does somebody know what is going on here and how to fix this?
有人知道这里发生了什么,以及如何修复吗?
英文:

For the past few days I have been trying to setup a GitLab pipeline for my Laravel application, so that it installs, tests, builds and deploys to my kubernetes cluster. However, when i am trying to install composer using the following line:

docker run --volume $(pwd):/app --rm $CONTAINER_REGISTRY_URL/internal/docker/composer:${COMPOSER_TAG} install $COMPOSER_ARGS

I am getting a permission denied error on the $(pwd) command. This is the error:

/scripts-66-218/step_script: eval: line 153: /builds/my-project/laravel-api: Permission denied

I am not an expert in GitLab CI/CD, but I do know my ways with dockers etc, but in this case I don't exactly know why I am getting this permission denied. The files are readable for every user, so I am not sure, but that seems correct. This is the full composer pipeline code:

composer-install-production:
  extends: .custom-composer-install
  variables:
      COMPOSER_ARGS: "--ignore-platform-reqs --no-ansi --no-interaction --no-progress --optimize-autoloader --prefer-dist --no-dev --no-scripts"
  before_script:
    - echo $CONTAINER_REGISTRY_PASSWORD | docker login -u $CONTAINER_REGISTRY_USERNAME $CONTAINER_REGISTRY_URL --password-stdin
    - cp .env.pipeline .env
  only:
    - tags


.custom-composer-install:
  extends: .composer-install
  variables:
    COMPOSER_TAG: "2"
    COMPOSER_SSH_DEPLOY_KEY: $GITLAB_RUNNER_RSA
  artifacts:
    paths:
      - .env
      - public/
      - vendor/
      - storage/

.composer-install:

  # Default variables
  variables:
    COMPOSER_TAG:             "prestissimo" # Change composer tag to use a differrent version. 
    COMPOSER_ARGS:            "--ignore-platform-reqs --no-ansi --no-interaction --no-progress --optimize-autoloader --prefer-dist" # If provided, composer arguments are added to the install.
    COMPOSER_AUTHJSON:        "" # If provided, authentication can be added to install private packages like Nova.
    COMPOSER_SSH_DEPLOY_KEY:  "" # If provided, adds an SSH key to the composer image to access private packages.

  stage: install

  before_script:
    - echo $CONTAINER_REGISTRY_PASSWORD | docker login -u $CONTAINER_REGISTRY_USERNAME $CONTAINER_REGISTRY_URL --password-stdin

  script:
    - $(pwd)
    - >
      if [ "$COMPOSER_AUTHJSON" != "" ]; then
        echo $COMPOSER_AUTHJSON > auth.json
      fi
    - >
      if [ "$COMPOSER_SSH_DEPLOY_KEY" == "" ]; then
        docker run --volume $PWD:/app --rm $CONTAINER_REGISTRY_URL/internal/docker/composer:${COMPOSER_TAG} install $COMPOSER_ARGS
      else
        docker run --volume $PWD:/app --rm -e "SSH_DEPLOY_KEY=$COMPOSER_SSH_DEPLOY_KEY" $CONTAINER_REGISTRY_URL/internal/docker/composer:${COMPOSER_TAG} install --ignore-platform-reqs $COMPOSER_ARGS
      fi

  artifacts:
    name: "$CI_JOB_ID-$CI_BUILD_REF_NAME"
    expire_in: 1 day
    paths:
      - vendor/

  interruptible: true

And the script crashes on this line:

- $(pwd)

Does somebody know what is going on here and how to fix this?

答案1

得分: 0

我首先会测试是否使用 pws 而不是 $(pwd)(执行子shell中的命令)会起作用:

script:
    - pwd
    - >
      ...

当你想将当前工作目录分配给一个变量时,你会发现 $(pwd),就像这里所示。

ci_app_path=$(pwd) && echo "INFO: current directory: $ci_app_path"
英文:

I would first test if using pws instead of $(pwd) (which executes a command in a subshell) would work:

script:
    - pwd
    - >
      ...

You would find $(pwd) when you want to assign the current working directory to a variable, as in here.

ci_app_path=$(pwd) && echo "INFO: current directory: $ci_app_path"

huangapple
  • 本文由 发表于 2023年2月27日 07:19:33
  • 转载请务必保留本文链接:https://go.coder-hub.com/75575608.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定