-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to use actions/cache
with Renovate: EACCESS
#646
Comments
It looks like Line 20 in d7c9fe4
|
As mentioned in renovatebot#646, we're receiving permissions issues due to the use of the wrong UID for our user binding. Closes renovatebot#646.
@jamietanna were you able to work past this? |
@Akaame we are working around that like this:
|
Due to the size of our organisation, the recommendation from the Renovate team was to use Mend Renovate On-Prem (which is free!) and much less costly for our usages, and has its own means to do caching |
@GSala thanks this is what we also ended up doing. |
v35 will use current host user id and use |
Need to revert the default user change because of |
One can now specify the docker user. When setting this to the runner user, it seems to work fine. As I couldn't find a predefined variable/context for the current runner user/group, I added a step to determine this via We are using something similar to: - uses: actions/[email protected]
- uses: actions/[email protected]
if: github.event.inputs.repoCache != 'disabled'
with:
path: /tmp/renovate/cache
key: renovate
- name: Determine current user
id: id
run: |
echo "user=$(id -u)" >> $GITHUB_OUTPUT
echo "group=$(id -g)" >> $GITHUB_OUTPUT
- name: Generate app token
id: renovate-token
uses: getsentry/[email protected]
with:
app_id: ${{ secrets.RENOVATE_APP_ID }}
private_key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }}
- uses: renovatebot/[email protected]
with:
configurationFile: renovate.json5
token: "${{ steps.renovate-token.outputs.token }}"
docker-user: "${{ steps.id.outputs.user }}:${{ steps.id.outputs.group }}"
docker-volumes: /tmp/renovate:/tmp/renovate
env:
RENOVATE_REPOSITORY_CACHE: ${{ github.event.inputs.repoCache || 'enabled' }} |
When using GitHub Actions' caching functionality, Renovate ends up hitting an
EACCESS
when trying to write to the restored cache keys.A failing job with workflow definition reports the following error on subsequent runs:
It appears that:
May be at fault, as running
id -u
outside of the Renovate runner shows:Whereas we're trying to use the uid
1000
, which doesn't match, and is therefore denied from reading the files:The text was updated successfully, but these errors were encountered: