assisted-installer-agent icon indicating copy to clipboard operation
assisted-installer-agent copied to clipboard
verified publisher icon openshift

NO-ISSUE-fix-broken-build: Fix broken build due to base image change.

Open paul-maidment opened this issue 1 year ago • 11 comments

The image registry.access.redhat.com/ubi9/go-toolset:1.20 does not default to the root user as registry.ci.openshift.org/openshift/release:golang-1.20 used to This results in a permissions issue when attempting to run go mod download

By setting the user directive prior to this operation, this PR resolves that issue

paul-maidment avatar Jul 31 '24 06:07 paul-maidment

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 59.90%. Comparing base (cda0ded) to head (1194e6d). Report is 1 commits behind head on master.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #761      +/-   ##
==========================================
- Coverage   59.95%   59.90%   -0.06%     
==========================================
  Files          74       74              
  Lines        3731     3731              
==========================================
- Hits         2237     2235       -2     
- Misses       1334     1335       +1     
- Partials      160      161       +1

see 1 file with indirect coverage changes

codecov[bot] avatar Jul 31 '24 06:07 codecov[bot]

/lgtm

danmanor avatar Jul 31 '24 07:07 danmanor

/approve

danmanor avatar Jul 31 '24 07:07 danmanor

/hold

where is this failing?

rccrdpccl avatar Jul 31 '24 08:07 rccrdpccl

/hold

where is this failing?

When you try to build the agent image, using

skipper make build-image

You will encounter an error message

go: updating go.sum: open /go/src/github.com/openshift/assisted-installer-agent/go.sum: permission denied

Further investigation shows that when running under the new base image, the user name is default when it used to be root in the old image, the default user does not have permission to access /go/src/github.com/openshift/assisted-installer-agent/go.sum

If you add the line

USER 0

The user is changed to root where it is able to access /go/src/github.com/openshift/assisted-installer-agent/go.sum

Note that this permission change only affects the build container and not the final agent image as this is a multi stage docker build, so from a security perspective, this change does not introduce concerns, especially since the build container is discarded after production of the final image.

paul-maidment avatar Jul 31 '24 10:07 paul-maidment

For the records we discuss this and it happens also outside skipper, due to misalignment of permissions.

rccrdpccl avatar Jul 31 '24 11:07 rccrdpccl

/lgtm /approve

rccrdpccl avatar Jul 31 '24 11:07 rccrdpccl

/unhold

rccrdpccl avatar Jul 31 '24 11:07 rccrdpccl

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: danmanor, paul-maidment, rccrdpccl

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • ~~OWNERS~~ [danmanor,paul-maidment,rccrdpccl]

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

openshift-ci[bot] avatar Jul 31 '24 11:07 openshift-ci[bot]

why not just use root in the base image as done initially ? @rccrdpccl @paul-maidment

danmanor avatar Jul 31 '24 12:07 danmanor

why not just use root in the base image as done initially ? @rccrdpccl @paul-maidment The base image is meant to be used differently, using the home folder instead of pre-go mod style of folder for the module being compiled. I think it would be easier to understand to use it that way and there is no real need to use root user.

That said, in this specific case it's not a real disadvantage using root.

rccrdpccl avatar Aug 01 '24 12:08 rccrdpccl

/retest

rccrdpccl avatar Aug 01 '24 12:08 rccrdpccl

/hold Let's make sure we agree on the solution before unholding I'm ok with both but I think the current one (using the home directory) is better.

/retest

flake

rccrdpccl avatar Aug 01 '24 15:08 rccrdpccl

/retest

rccrdpccl avatar Aug 01 '24 16:08 rccrdpccl

@paul-maidment: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

openshift-ci[bot] avatar Sep 04 '24 19:09 openshift-ci[bot]

/lgtm

rccrdpccl avatar Sep 05 '24 07:09 rccrdpccl

@paul-maidment: This pull request references MGMT-18837 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.18.0" version, but no target version was set.

In response to this:

The image registry.access.redhat.com/ubi9/go-toolset:1.20 does not default to the root user as registry.ci.openshift.org/openshift/release:golang-1.20 used to This results in a permissions issue when attempting to run go mod download

By setting the user directive prior to this operation, this PR resolves that issue

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci-robot avatar Sep 05 '24 08:09 openshift-ci-robot

/unhold

paul-maidment avatar Sep 05 '24 08:09 paul-maidment

[ART PR BUILD NOTIFIER]

Distgit: ose-agent-installer-node-agent This PR has been included in build ose-agent-installer-node-agent-container-v4.18.0-202409051243.p0.g06360b0.assembly.stream.el9. All builds following this will include this PR.

openshift-bot avatar Sep 05 '24 13:09 openshift-bot