Commit de7855d - fangorn/anvil-cli


      fangorn/anvil-cli

public

ref:de7855d2dfc161c0a0e79e9f1b82284d3fd466c0

fix: Docker workspace ownership and runner labels parsing

Docker containers run as root, creating root-owned files in the mounted workspace. Subsequent CI steps fail when compilers try to write to these directories. Fix by appending chown -R to restore host user ownership before the container exits, preserving the original exit code. Also fix runner registration to split comma-separated labels into an array instead of sending as a single string. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

SHA: de7855d2dfc161c0a0e79e9f1b82284d3fd466c0

Author: Cole Christensen <cole.christensen@macmillan.com>

Date: 2026-03-14 01:48

Parents: bfb5d89

2 files changed +14 -2

Type

Type
	src/runner/executor.rs	+13 −1
@@ -101,11 +101,23 @@ args.push("-w".into()); args.push("/workspace".into()); // Pass host UID/GID so the command wrapper can fix file ownership. // Docker runs as root (needed for apt-get), but files created in the // mounted workspace end up owned by root:root on the host. Subsequent // steps fail when parallel compilers try to write to root-owned build // directories. We append a chown to the user's command so ownership // is fixed before the container exits. let uid = unsafe { libc::getuid() }; let gid = unsafe { libc::getgid() }; let wrapped_command = format!( "{command}\n_exit_code=$?\nchown -R {uid}:{gid} /workspace 2>/dev/null \|\| true\nexit $_exit_code" ); // Image and command args.push(image.to_string()); args.push("/bin/sh".into()); args.push("-c".into()); args.push(wrapped_command); args.push(command.to_string()); run_and_stream( "docker",

src/runner/executor.rs

+13 −1

@@ -101,11 +101,23 @@
    args.push("-w".into());
    args.push("/workspace".into());
    // Pass host UID/GID so the command wrapper can fix file ownership.
    // Docker runs as root (needed for apt-get), but files created in the
    // mounted workspace end up owned by root:root on the host. Subsequent
    // steps fail when parallel compilers try to write to root-owned build
    // directories. We append a chown to the user's command so ownership
    // is fixed before the container exits.
    let uid = unsafe { libc::getuid() };
    let gid = unsafe { libc::getgid() };
    let wrapped_command = format!(
        "{command}\n_exit_code=$?\nchown -R {uid}:{gid} /workspace 2>/dev/null || true\nexit $_exit_code"
    );
    // Image and command
    args.push(image.to_string());
    args.push("/bin/sh".into());
    args.push("-c".into());
    args.push(wrapped_command);
    args.push(command.to_string());
    run_and_stream(
        "docker",