You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix: image failures for non-root uses of yarn and pnpm
The lockfile generation tool `yarn` fails when used in the `phylum-ci`
Docker image as a non-root user. An example of the failure can be seen
from the output of the "smoke test," which is using
`scripts/docker_tests.sh` to ensure basic functionality:
```
yarn --version
Internal Error: EACCES: permission denied, open '/usr/local/corepack/lastKnownGood.json'
Error: EACCES: permission denied, open '/usr/local/corepack/lastKnownGood.json'
```
The same behavior happens for `pnpm`. These are the tools installed by
`corepack`, which changed recently to "Bump Known Good Release when
downloading new version" (nodejs/corepack#364).
Part of that change was to make use of the `COREPACK_DEFAULT_TO_LATEST`
environment variable to *not* update the last known good version, but
setting that to `0` does not appear to prevent *all* writes (or creating
a file handle with write permission) to the `lastKnownGood.json` file.
This fix simply modifies the file permissions for `lastKnownGood.json`
so that non-root users can read and write to it. This approach may seem
specific to a file that may change name or location in the future, but
the alternative method of adding `${COREPACK_HOME}` to the list of
directories that get updated with a `chmod -vR 777` was deemed to be too
blunt and therefore less desirable.
0 commit comments