Reputation: 51
(GitHub Actions, Upload artifact) Access denied trying to upload a file despite giving it full permissions
Describe the problem
I am making an action that runs API tests from a docker container, which generates a report.html. This report is saved into a docker volume. Within the action, after the report is created, I attempt to use actions/upload-artifact on report.html, using the path to its place in the volume on the host machine.
The problem is I get Error: EACCES: permission denied, lstat /path/to/report.html when the action attempts to do this.
I've tried to solve this by doing sudo chmod ugo+rwx /path/to/report.html before using the action but it changed nothing. I think running the action with sudo would work but that doesn't seem to be supported.
How to reproduce
Reproducing an analogous example where I just create a test.txt file in the volume. github action looks like this:
name: Action
on:
push:
jobs:
example:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Compose Containers and Run
run: |
docker-compose up --abort-on-container-exit
- name: Fix permissions
run: |
sudo chmod ugo+rwx /var/lib/docker/volumes/example_reports/_data/test.txt
- name: Upload test.txt
uses: actions/upload-artifact@v2
with:
name: test.txt
path: /var/lib/docker/volumes/example_reports/_data/test.txt
Dockerfile is simply:
FROM ubuntu
ENTRYPOINT [ "/bin/bash", "-c" ]
And doker compose:
version: "3.7"
services:
example:
build:
context: .
volumes:
- reports:/home/reports
command: ["touch /home/reports/test.txt"]
volumes:
reports:
Upvotes: 2
Views: 3595
Answers (2)
Reputation: 51
Turns out I was thinking about this too hard. All I needed to do to get upload-artifact to work was copy the file out of the volume directory first.
In the action file, instead of trying to fix permissions, simply do this after composing up the containers:
- name: Copy out file from volume
run: |
sudo cp /var/lib/docker/volumes/example_reports/_data/test.txt /home/
- name: Upload test.txt
uses: actions/upload-artifact@v2
with:
name: test.txt
path: /home/test.txt
Upvotes: 3
Reputation: 8433
Your docker container is running as root and therefore creating the file as root.
You can change that by specifying
user: '1000:1000'
for your service in your docker-compose file.
Upvotes: 0
Related Questions
- Authorization failure at Docker login step in Github Actions
- github action with docker makes error "exporting to image 403 forbidden error"
- Why are Docker filesystem permissions behaving differently on GitHub Actions (Permission denied on server)
- GITHUB_TOKEN permission denied write package when build and push docker in github workflows
- GitHub Actions workflow error: Permission denied
- GitHub Action I wrote doesn't have access to repo's files that is calling the action
- Adding a file to docker image results in "permission denied" error
- Github Actions cannot write to file, permission denied (Inside the docker container)
- Docker cloning - permission denied
- uploading a repository to github fails says "permission denied"