Hugh Pearse created CALCITE-6803:
------------------------------------
Summary: Publish website: error while trying to write to
/home/jekyll/Gemfile.lock
Key: CALCITE-6803
URL: https://issues.apache.org/jira/browse/CALCITE-6803
Project: Calcite
Issue Type: Task
Reporter: Hugh Pearse
PR #4162 ([CALCITE-6794] Site Gemfile contains vulnerable ruby libraries)
broke our automated site publishing due to permissions issues:
[https://github.com/apache/calcite/actions/runs/12972791903/job/36180649311]
In the original docker build it runs as root
https://github.com/apache/calcite/blob/main/site/docker-compose.yml#L26C1-L28C26
foo@host$ sudo docker run -t -i --entrypoint /bin/bash jekyll/jekyll:4
bash-5.1# whoami
root
bash-5.1# id
uid=0(root) gid=0(root)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)
In the new docker build, it also runs as root, same as before.
foo@host$ sudo docker run -t -i --entrypoint /bin/bash ruby:3.3.7-slim-bullseye
root@154758938c85:/# whoami
root
root@154758938c85:/# id
uid=0(root) gid=0(root) groups=0(root)
I think the jekyll userid and groupid is determined by the host, not the docker
guest
Probably the fix is to default the docker-compose file to use uid 0 and gid 0
when not specified. This way it will be consistent across both docker images
for local build and image for git workflow action.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
