-
Notifications
You must be signed in to change notification settings - Fork 272
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v6.22.1 patch includes breaking(?) change #1341
Comments
Hi @Syriiin, thanks for the report! #1334 was not intended as a breaking change, so it's always interesting to hear when a use case is broken. That said, this seems as though the change that happened as a result of #1334 uncovered a bug in your pipeline more than it uncovered a bug in the stack. The intention was always to only run fix-perms when Docker user remapping is disabled, because checking and fixing the owning user/group on every file in a repo on every job can be expensive. I agree that ideally the agent would be always be able to clean up after a previous job, but this is in tension with wanting to run jobs quickly since that relies on reusing previous state on the instance. There are all sorts of things a job could do to the instance state that would prevent future jobs running, even if fix-perms ran on every job. A compromise might be to expose (yet another) stack parameter to force fix-perms regardless of the other settings - WDYT? |
Yea definitely. I've fixed these issues with our pipelines now and have been able to upgrade without issue.
Yea that was my thought exactly. |
Describe the bug
The v6.22.1 patch doesn't mention it in the release notes, but it includes a PR that fixes a bug where
fix-buildkite-agent-builds-permissions
is run always instead of only when docker user namespace remapping is disabled.Even with docker user namespace remapping enabled, there are cases where files written from a container via a bind mount will be owned by a user that prevents
buildkite-agent
from cleaning them upon running a new step, hence this can be considered a breaking change.I noticed this when our pipeline broke following the
v6.22.1
upgrade.The root cause for us was actually a typo, of
chown 775
instead ofchmod 775
, but even still, this should probably not prevent further jobs from being run.Steps To Reproduce
Steps to reproduce the behavior:
git clean -ffxdq
failExpected behavior
A step should run, regardless of what any previous step has done to the file permissions within the cloned repo.
Actual behaviour
If file permissions are sufficiently broken from a previous step on the agent, further steps will fail to clean the working directory for checkout.
Stack parameters (please complete the following information):
Related to #409
The text was updated successfully, but these errors were encountered: