Unable to use actions/cache with Renovate: EACCESS #646
Description
When using GitHub Actions' caching functionality, Renovate ends up hitting an EACCESS when trying to write to the restored cache keys.
A failing job with workflow definition reports the following error on subsequent runs:
INFO: Renovate is exiting with a non-zero code due to the following logged errors
"loggerErrors": [
{
"name": "renovate",
"level": 60,
"logContext": "BxuFXuCsh1JmPxe_hfhG1",
"err": {
"errno": -13,
"code": "EACCES",
"syscall": "mkdir",
"path": "/tmp/renovate-baseDir/repos/github/jamietanna/jamietanna",
"message": "EACCES: permission denied, mkdir '/tmp/renovate-baseDir/repos/github/jamietanna/jamietanna'",
"stack": "Error: EACCES: permission denied, mkdir '/tmp/renovate-baseDir/repos/github/jamietanna/jamietanna'"
},
"msg": "Fatal error: EACCES: permission denied, mkdir '/tmp/renovate-baseDir/repos/github/jamietanna/jamietanna'"
}
]
It appears that:
/usr/bin/docker run --env RENOVATE_TOKEN=x-access-token:*** --env RENOVATE_CONFIG_FILE=/github-action/config.js --volume /home/runner/work/actions-testing/actions-testing/config.js:/github-action/config.js --volume /var/run/docker.sock:/var/run/docker.sock --volume /tmp:/tmp --user 1000:121 --rm renovate/renovate:34.2.0-slim
May be at fault, as running id -u outside of the Renovate runner shows:
uid=1001(runner) gid=121(docker) groups=121(docker),4(adm),101(systemd-journal)
Whereas we're trying to use the uid 1000, which doesn't match, and is therefore denied from reading the files:
# this is from a different run, so not visible on the above link
/tmp/renovate-baseDir:
total 12
drwxr-xr-x 3 runner docker 4096 Nov 2 16:40 .