Fix non-root permission errors and uv usage#14765
Conversation
|
|
||
| exit_code=$? | ||
|
|
||
| # FIXME: The above command leaves behind an empty node_modules directory if it |
There was a problem hiding this comment.
why did you remove the comment? it doesn't seem to be fixed, no?
There was a problem hiding this comment.
because this is not actually a bug. The empty directory left behind when deleting an anonymous volume is due to its underlying Linux mounting mechanism. a volume must be mounted at a specified location inside the container. If the directory does not exist, Docker automatically creates an empty directory as the mount point, and this empty directory remains in the container's file system even if the volume is subsequently deleted.
Anonymous volumes must create this directory to overwrite the original directory within the container -- and they are designed to be independent of the container's lifecycle; therefore, by default anonymous volumes do not automatically remove the directories they created when the container is deleted.
manually removing the folders in later steps is the final solution.
| # Install osu-wiki tool dependencies | ||
| COPY package.json package-lock.json pyproject.toml uv.lock ./ | ||
| RUN npm install && npm install -g osu-wiki && uv sync | ||
| RUN chmod o+rx /root |
There was a problem hiding this comment.
I feel like this is not needed and can be resolved with:
UV_CACHE_DIR=/tmp/uv-cache
UV_PYTHON_INSTALL_DIR=/opt/uv/pythonref: https://docs.astral.sh/uv/reference/environment/#uv_python_install_dir
if you don't want to get into this I can look it up later
There was a problem hiding this comment.
yes UV_CACHE_DIR should work. I'm just hoping all tool cache can be fixed in one line instead of trying to fix for each everytime. I can switch to this if you want
2 participants
This PR addresses two independent issues affecting
run-checks.sh.Part 1: Permission errors (bug fix)
Problem
When running
run-checks.shon Windows or macOS (and any Linux setup where the host user's UID does not exist in the image), the container falls through to theuseradd/gosubranch inmeta/docker-entrypoint.shand switches to a freshly-createdosu-wiki-dockeruser. Two issues then surface:1.
uvfails to initialize its cacheuseraddis invoked without-m, so the new user's$HOME(/home/osu-wiki-docker) is never created on disk.uvexpected a writable$HOMEand failed.2.
uvcannot reach the Python interpreteruv syncruns as root during image build, so the managed Python interpreter ends up under/root/.local/share/uv/python/..../roothas mode700by default, so the non-root user cannot traverse into it, and any symlink chain that ends up inside/rootis unreachable.Changes
meta/docker-entrypoint.sh: add-mtouseraddso the new user getsa home directory.
Dockerfile: addRUN chmod o+rx /rootso non-root users can traverse/rootand reach the Python interpreter installed byuv. This only opensthe directory for traversal — files inside
/rootkeep their own modes.Part 2. Use
uv runinstead ofuv tool runosu-wiki-tools==2.5.1is already declared inpyproject.toml, anduv syncinstalls it into/osu-wiki/.venvduring image build. However, all use of uv invoke the tool viauv tool run, which ignores the project venv and installs the tool into an ephemeraluv toolenvironment under~/.cache/uv/tools/...instead.This means:
uv tool runresolves the latest compatible release from PyPI rather than honoring the==2.5.1constraint inpyproject.toml.Changes
run-checks.sh: add--volume /osu-wiki/.venv/so the image's prebuilt venv is preserved when the bind mount is applied. Without this,uv runwould not find.venvinside the container, would download Python 3.14 (~34 MiB) and rebuild the venv on every run, **writing the resulting.venvdirectory into the host's repo..venvfolder left after running the test (same as removingnode_modules)Testing
docker image rm osu-wiki && bash run-checks.sh --show-build