Details
-
Task
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
None
Description
PR #4162 (CALCITE-6794 Site Gemfile contains vulnerable ruby libraries)
broke our automated site publishing due to permissions issues: https://github.com/apache/calcite/actions/runs/12972791903/job/36180649311
In the original docker build it runs as root
https://github.com/apache/calcite/blob/main/site/docker-compose.yml#L26C1-L28C26
foo@host$ sudo docker run -t -i --entrypoint /bin/bash jekyll/jekyll:4
bash-5.1# whoami
root
bash-5.1# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)
In the new docker build, it also runs as root, same as before.
foo@host$ sudo docker run -t -i --entrypoint /bin/bash ruby:3.3.7-slim-bullseye
root@154758938c85:/# whoami
root
root@154758938c85:/# id
uid=0(root) gid=0(root) groups=0(root)
I think the jekyll userid and groupid is determined by the host, not the docker guest
Probably the fix is to default the docker-compose file to use uid 0 and gid 0 when not specified. This way it will be consistent across both docker images for local build and image for git workflow action.
see following build error
https://github.com/apache/calcite/actions/runs/12972791903/job/36180649311
Attachments
Issue Links
- is related to
-
-
- Closed
-
- links to