Update dev and ci Dockerfile to match updater #3279
Conversation
feelepxyz
force-pushed
the
feelepxyz/fix-bundler-gem-home-path
branch
3 times, most recently
from
27ca2fa to
c4f8de5
Compare
| ENV BUNDLE_PATH="/home/dependabot/.bundle" \ | ||
| BUNDLE_BIN=".bundle/binstubs" \ | ||
| PATH=".bundle/binstubs:$PATH:/home/dependabot/.bundle/bin" | ||
| USER ${USERNAME} |
There was a problem hiding this comment.
This setup is the same as Dockerfile.development and the updater, previously ci would run as root having access to /var/lib which is the default cache directory for rubygems when GEM_HOME isn't set
feelepxyz
force-pushed
the
feelepxyz/fix-bundler-gem-home-path
branch
4 times, most recently
from
65e4ce3 to
aa568b6
Compare
This fixes a permissions error when vendoring gems, when `GEM_HOME` was unset it defaulted to `/var/lib` which isn't writeable. Attempting to fix the discrepancy between ci and updater here: #3279
|
|
||
| ENV BUNDLE_PATH="${CODE_DIR}/.bundle" \ | ||
| BUNDLE_BIN=".bundle/bin" | ||
| ENV PATH="$BUNDLE_BIN:$PATH:$BUNDLE_PATH/bin" |
There was a problem hiding this comment.
$BUNDLE_BIN and $BUNDLE_PATH/bin are now the same value of .bundle/bin - do we still need both?
There was a problem hiding this comment.
Yeah this tripped me up several times, the BUNDLE_BIN is set to a relative path but the BUNDLE_PATH isn't
| COPY --chown=${USERNAME}:${USERNAME} nuget/ ${CODE_DIR}/nuget/ | ||
| COPY --chown=${USERNAME}:${USERNAME} python/ ${CODE_DIR}/python/ | ||
| COPY --chown=${USERNAME}:${USERNAME} terraform/ ${CODE_DIR}/terraform/ | ||
| COPY --chown=${USERNAME}:${USERNAME} omnibus/ ${CODE_DIR}/omnibus/ |
There was a problem hiding this comment.
Seems COPY defaults to the file being owned by root, this was failing when running rspec and loading the vcr configuration that attempted to create a folder here: https://github.com/dependabot/dependabot-core/blob/main/common/spec/spec_helper.rb#L38 (vcr codes)
There was a problem hiding this comment.
Yeah, the default COPY behaviour is surprising.
To reduce repetition we need to update this, we could just chown -r ${CODE_DIR} after the copy block? I don't feel strongly about making that change.
There was a problem hiding this comment.
Hm attempted to run a chwon -r ${CODE_DIR} after the copy but looks like its failing and running out of disk space, reverting to the inline option https://github.com/dependabot/dependabot-core/runs/2122700298
feelepxyz
force-pushed
the
feelepxyz/fix-bundler-gem-home-path
branch
2 times, most recently
from
51c8e58 to
42c0761
Compare
Updating the dev and ci Dockerfile to match the user permissions set by the updater image. This reproduces the error seen production when updating a vendored bundler project.
feelepxyz
force-pushed
the
feelepxyz/fix-bundler-gem-home-path
branch
from
42c0761 to
5e32580
Compare
This reverts #3279 It looks like this change has broken ci builds on `main`: https://github.com/dependabot/dependabot-core/runs/2168623534 Reverting this change until we've figured out a fix for it.
Revert Update dev and ci Dockerfile to match updater #3279
Updating the dev and ci Dockerfile to match the user permissions set by the updater image.
This reproduces the error seen production when updating a vendored bundler project.
The failing bundler specs are expected and fixed here #3280