"make lint" leaves behind files which are annoying to clean up

[willbeason]

"make lint" leaves behind files in .tmp/ that cause other make targets to fail.

To recreate:

$ make lint
...
$ make deploy
updating kustomize image patch file for manager resource
cp ./config/overlays/dev/manager_image_patch.yaml ./config/overlays/dev_mutation/manager_image_patch.yaml
docker build . \
	-t gatekeeper-tooling \
	-f build/tooling/Dockerfile
error checking context: 'can't stat '/usr/local/google/home/willbeason/go/src/github.com/open-policy-agent/gatekeeper/.tmp/golangci-lint/00/000111e60f9b706f7753fd146633593afdfd328be6a61f3aae3228c4aa1974e8-a''.
make: *** [Makefile:321: __tooling-image] Error 1

Deleting these files requires admin privileges:

$ rm -rf .tmp
...
rm: cannot remove '.tmp/golangci-lint/9c/9c9cc668da69ca2f8c6df657c0e8bacbe064178c4c8bf7cc5a98ead4d8f63d79-a': Permission denied

Removing the files makes the targets pass again.

[willbeason]

Background on docker and file permissions.

Sadly, setting --user does not help:

     --user "$(shell id -u):$(shell id -g)" \

That is, modifying make lint to be:

lint:
	docker run --rm -v $(shell pwd):/app \
	 -v ${GOLANGCI_LINT_CACHE}:/root/.cache/golangci-lint \
	 -w /app golangci/golangci-lint:${GOLANGCI_LINT_VERSION}-alpine \
	 --user "$(shell id -u):$(shell id -g)" \
	 golangci-lint run -v

This causes make lint to not work:

$ make lint
docker run --rm -v /usr/local/google/home/willbeason/go/src/github.com/open-policy-agent/gatekeeper:/app \
 -v /usr/local/google/home/willbeason/go/src/github.com/open-policy-agent/gatekeeper/.tmp/golangci-lint:/root/.cache/golangci-lint \
 -w /app golangci/golangci-lint:v1.40.1-alpine \
     --user "329321:89939" \
 golangci-lint run -v
docker: Error response from daemon: OCI runtime create failed: container_linux.go:370: starting container process caused: exec: "--user": executable file not found in $PATH: unknown.
make: *** [Makefile:213: lint] Error 127

[maxsmythe]

• I think the --user flag needs to come before the image name
• Why is Docker caring about .tmp for building gatekeeper-tooling? The Dockerfile just downloads controller gen and creates a workdir: https://github.com/open-policy-agent/gatekeeper/blob/master/build/tooling/Dockerfile

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.