I'm running dockerized gocd server (gocd/gocd-server:v21.3.0) and agent (custom to support for docker-compose, built on top of gocd/gocd-agent-docker-dind, attaching Dockerfile)
For each new agent, everything works correctly on first pipeline run, but on the next run it will give permission errors along the lines of:
Error performing command: --- Command ---
git clean -dffx
--- Environment ---
{}
--- INPUT ----
--- EXIT CODE (1) ---
--- STANDARD OUT ---
Removing .phpunit.result.cache
... [similar lines for other files] ...
--- STANDARD ERR ---
STDERR: warning: failed to remove vendor/nunomaduro/collision/composer.json: Permission denied
... [similar lines for other files] ...
The Dockerfile looks like this:
ARG GOCD_VERSION=v21.3.0
# GOCD image
FROM gocd/gocd-agent-docker-dind:${GOCD_VERSION}
USER root
# Install compose
RUN apk add --update --no-cache \
py-pip \
python3-dev \
libffi-dev \
openssl-dev \
gcc \
libc-dev \
rust \
cargo \
make \
jq
ARG COMPOSE_VERSION=1.29.2
USER go
RUN pip install docker-compose==${COMPOSE_VERSION}
I ran the agent with this command:
docker run --privileged -d -v /root/my-gocd-agent/godata:/godata -e GO_SERVER_URL=http://xxx.xxx.xxx.xxx:xxxx/go gocd-custom-agent.
I changed the godata volume directory owner to uid 1000 (go:root) but it seems like it didn't help: sudo chown -R 1000 /root/my-gocd-agent/godata
Any idea how I can solve this?
In your case, adding this line at the end of your Dockerfile will fix it:
The reason is that docker runs containers with root privileges, by default, so you will be able to change the output of your container, but only after it’s done executing your CMD line.
Instead of hardcoding your user/group ids, you can pass them as ARGS, where the values are taken from your GoCD environment,
$(id -u)and$(id -g).