JorgeGar opened a new issue, #5128: URL: https://github.com/apache/incubator-devlake/issues/5128
### Search before asking - [X] I had searched in the [issues](https://github.com/apache/incubator-devlake/issues?q=is%3Aissue) and found no similar issues. ### What happened Devlake cannot be run as non-root. When trying to run DevLake backend as non-root, it tries to load the external plugins by running some scripts (i.e. [azuredevops/run.sh](https://github.com/apache/incubator-devlake/blob/main/backend/python/plugins/azuredevops/run.sh) ) and fails with "Permission denied" message. ```time="2023-05-08 09:53:17" level=info msg="Loading remote plugins" time="2023-05-08 09:53:17" level=error msg="./run.sh: 20: poetry: Permission denied" time="2023-05-08 09:53:17" level=error msg="failed to load plugins caused by: Error calling plugin-info Wraps: (2) get error when invoking remote function plugin-info Wraps: (3) remote error response: | ./run.sh: 20: poetry: Permission denied Wraps: (4) exit status 127 Wraps: (5) exit status 127 Error types: (1) *hintdetail.withDetail (2) *hintdetail.withDetail (3) *hintdetail.withDetail (4) *hintdetail.withDetail (5) *exec.ExitError" panic: Error calling plugin-info Wraps: (2) get error when invoking remote function plugin-info Wraps: (3) remote error response: | ./run.sh: 20: poetry: Permission denied Wraps: (4) exit status 127 Wraps: (5) exit status 127 Error types: (1) *hintdetail.withDetail (2) *hintdetail.withDetail (3) *hintdetail.withDetail (4) *hintdetail.withDetail (5) *exec.ExitError goroutine 1 [running]: github.com/apache/incubator-devlake/server/services.Init() /app/server/services/init.go:90 +0x225 github.com/apache/incubator-devlake/server/api.CreateApiService() /app/server/api/api.go:61 +0x2e main.main() /app/server/main.go:39 +0x7e``` ### What do you expect to happen DevLake should be able to run as non-root. ### How to reproduce Deploy Devlake in a kubernetes cluster (minikube) with helm adding these values: ``` lake: securityContext: fsGroup: 101 runAsGroup: 1000 runAsNonRoot: true runAsUser: 101 containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - all ``` You can also try to run it with Docker setting a non-root user. ### Anything else I think it should be easy to fix by changing the ownership of the app folder in the Dockerfile. Maybe you could setup a specific non-root user to run the application. ### Version main ### Are you willing to submit PR? - [X] Yes I am willing to submit a PR! ### Code of Conduct - [X] I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
