I have yet another issue with permissions running Docker through Jenkins declarative pipeline. I want to build and publish a Python package through a Jenkins job in a Docker container:
pipeline {
agent {
docker {
image 'python:3.7'
label 'docker && linux'
}
}
environment {
PACKAGE_VERSION = readFile 'VERSION'
}
stages {
stage('Package') {
steps {
sh 'python -V'
sh 'python -m pip install -r requirements.txt --user --no-cache'
sh 'python setup.py sdist'
}
}
stage('Deploy') {
steps {
...
}
}
}
post {
always {
cleanWs()
}
}
}
However, I am not allowed to pip install
due to a PermissionError
:
+python -m pip install -r requirements.txt --user --no-cache Requirement already satisfied: setuptools in /usr/local/lib/python3.7/site-packages (from -r requirements.txt (line 1)) (40.0.0) Collecting pytest (from -r requirements.txt (line 2))
Downloading https://files.pythonhosted.org/packages/9e/a1/8166a56ce9d89fdd9efcae5601e71758029d90e5644e0b7b6eda07e67c35/pytest-3.7.0-py2.py3-none-any.whl (202kB) Collecting py>=1.5.0 (from pytest->-r requirements.txt (line 2)) Downloading https://files.pythonhosted.org/packages/f3/bd/83369ff2dee18f22f27d16b78dd651e8939825af5f8b0b83c38729069962/py-1.5.4-py2.py3-none-any.whl (83kB) Collecting more-itertools>=4.0.0 (from pytest->-r requirements.txt (line 2)) Downloading https://files.pythonhosted.org/packages/79/b1/eace304ef66bd7d3d8b2f78cc374b73ca03bc53664d78151e9df3b3996cc/more_itertools-4.3.0-py3-none-any.whl (48kB) Collecting pluggy>=0.7 (from pytest->-r requirements.txt (line 2)) Downloading https://files.pythonhosted.org/packages/f5/f1/5a93c118663896d83f7bcbfb7f657ce1d0c0d617e6b4a443a53abcc658ca/pluggy-0.7.1-py2.py3-none-any.whl Collecting six>=1.10.0 (from pytest->-r requirements.txt (line 2))
Downloading https://files.pythonhosted.org/packages/67/4b/141a581104b1f6397bfa78ac9d43d8ad29a7ca43ea90a2d863fe3056e86a/six-1.11.0-py2.py3-none-any.whl Collecting atomicwrites>=1.0 (from pytest->-r requirements.txt (line 2)) Downloading https://files.pythonhosted.org/packages/0a/e8/cd6375e7a59664eeea9e1c77a766eeac0fc3083bb958c2b41ec46b95f29c/atomicwrites-1.1.5-py2.py3-none-any.whl Collecting attrs>=17.4.0 (from pytest->-r requirements.txt (line 2))
Downloading https://files.pythonhosted.org/packages/41/59/cedf87e91ed541be7957c501a92102f9cc6363c623a7666d69d51c78ac5b/attrs-18.1.0-py2.py3-none-any.whl Installing collected packages: py, six, more-itertools, pluggy, atomicwrites, attrs, pytestCould not install packages due to an EnvironmentError: [Errno 13] Permission denied: '/.local' Check the permissions.
How do I fix these permissions?
--user
since it looks like you're already root in the container.--user
is for unprivileged installs. – hoeflingargs '--user 0:0'
to thedocker
declaration, but it would be interesting to figure out what's wrong with the default setup andpip install
ing with--user
flag. – hoefling-u 1001:1001
and it's true that overruling this with-u 0:0
solves the issue. But then it doesn't make sense to me thatpip install ... --user
does not work. Could permissions in the docker image be faulty set up? – casparjespersenpython:3.7
image knows nothing about the user with ID 1001 - if you runcat /etc/passwd | grep 1001
inside the container, nothing will be found. Jenkins starts the container as a user that does not exist, no entry inpasswd
, no home dir etc. I assume thatHOME
is left to/
in that case, sopip install --user
resorts to installing to/.local
which 1. doesn't exist and if it would 2. would belong to root anyway. – hoeflingpython:3.7
that adds a proper non-root user. Then pass this user to docker agent in Jenkinsfile. – hoefling