Skip to content

Sharing pullrequest metadata from input to output PR resource results in permission error #3054

New issue
New issue
Closed
#3055
Closed
Sharing pullrequest metadata from input to output PR resource results in permission error#3054
#3055
Labels
kind/bugCategorizes issue or PR as related to a bug.priority/critical-urgentHighest priority. Must be actively worked on as someone's top priority right now.
Milestone
Pipelines v0.15
@ghost

Description

@ghost
ghost
opened on Aug 4, 2020

Expected Behavior

One usecase for pull request resources is to have an input PR resource pull down the current state of a PR and then an output PR resource sync the updated state back to github. In order to make this work a step needs to be added to copy the input resource's metadata to the output resource's workspace directory (e.g. /workspace/output/pr). Once the metadata is copied into the output workspace the output resource should then be able to sync those changes back to github.

Actual Behavior

At the moment this does not appear to work - during pullrequest upload the pullrequest resource attempts to read from /workspace/output/pr/pr.json and gets a permission denied error like this:

[pr-source-pr-sng8f] {"level":"info","ts":1596551207.2666166,"caller":"pullrequest-init/main.go:68","msg":"RUNNING UPLOAD!","resource_type":"pullrequest","mode":"upload"}
[pr-source-pr-sng8f] {"level":"fatal","ts":1596551207.2668488,"caller":"pullrequest-init/main.go:71","msg":"open /workspace/output/pr/pr.json: permission denied","resource_type":"pullrequest","mode":"upload","stacktrace":"main.main\n\tgithub.com/tektoncd/pipeline/cmd/pullrequest-init/main.go:71\nruntime.main\n\truntime/proc.go:203"}

Steps to Reproduce the Problem

The following YAML reproduces the problem on current master:

apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
  name: pr-test
spec:
  taskSpec:
    resources:
      inputs:
        - name: pr
          type: pullRequest
      outputs:
        - name: pr
          type: pullRequest
    steps:
    - name: copy-pr-to-output
      image: busybox
      script: |
        #!/bin/sh
        mkdir -p $(outputs.resources.pr.path)
        cp -r $(inputs.resources.pr.path)/* $(outputs.resources.pr.path)/
  resources:
    inputs:
    - name: pr
      resourceSpec:
        type: pullRequest
        params:
        - name: url
          value: https://github.com/tektoncd/pipeline/pull/100
    outputs:
    - name: pr
      resourceSpec:
        type: pullRequest
        params:
        - name: url
          value: https://github.com/tektoncd/pipeline/pull/100

Additional Info

This may be related to the fact that we build the entrypoint using a nonroot base image. Still investigating.

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugCategorizes issue or PR as related to a bug.priority/critical-urgentHighest priority. Must be actively worked on as someone's top priority right now.

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions