I am currently working on a project where I have to set up a pipeline and add tasks. I was able to add a cleanup task, a git-clone task, flake8 task, and a nose task and it was working perfectly fine and the pipeline was succeeding. However, I noticed after I added the Buildah task and ran the pipeline again to see if it worked I would get an error message at the git-clone task that says;
+'[' false = true ']'+'[' false = true ']'+'[' false = true ']'+ CHECKOUT_DIR=/workspace/output/+'[' true = true ']'+ cleandir+'[' -d /workspace/output/ ']'+ rm -rf /workspace/output//service /workspace/output//testsrm: cannot remove '/workspace/output//service/common/__pycache__/status.cpython-39.pyc': Permission deniedrm: cannot remove '/workspace/output//service/common/__pycache__/log_handlers.cpython-39.pyc': Permission deniedrm: cannot remove '/workspace/output//service/__pycache__/__init__.cpython-39.pyc': Permission deniedrm: cannot remove '/workspace/output//service/__pycache__/routes.cpython-39.pyc': Permission deniedrm: cannot remove '/workspace/output//tests/__pycache__/test_routes.cpython-39.pyc': Permission denied
I don't understand why the pipeline and the tasks were running just fine before i added the buildah task. How do I resolve this error and what could be causing this problem with my pipeline once I add the buildah task?
If needed, this is what the yaml file looks like;
apiVersion: tekton.dev/v1beta1kind: TaskRunmetadata: annotations: operator.tekton.dev/last-applied-hash: 9ea8d01719d563a7f6b78776e6ccc9bfbd98b3df7de6ecea5029354f52c29fe0 pipeline.openshift.io/started-by: 'system:serviceaccount:sn-labs-sarmpinheiro:default' pipeline.tekton.dev/release: f6196c4 tekton.dev/categories: Git tekton.dev/displayName: git clone tekton.dev/pipelines.minVersion: 0.29.0 tekton.dev/platforms: 'linux/amd64,linux/s390x,linux/ppc64le,linux/arm64' tekton.dev/tags: git resourceVersion: '1359362153' name: ci-cd-pipeline-g2by2e-git-clone uid: c5ffd027-8ade-42e1-8d37-c4ae977ab0ae creationTimestamp: '2024-04-14T15:41:47Z' generation: 1 managedFields: - apiVersion: tekton.dev/v1beta1 fieldsType: FieldsV1 fieldsV1:'f:metadata':'f:annotations':'f:tekton.dev/platforms': {} .: {}'f:pipeline.tekton.dev/release': {}'f:tekton.dev/displayName': {}'f:tekton.dev/tags': {}'f:tekton.dev/categories': {}'f:operator.tekton.dev/last-applied-hash': {}'f:tekton.dev/pipelines.minVersion': {}'f:pipeline.openshift.io/started-by': {}'f:labels':'f:tekton.dev/pipelineTask': {}'f:tekton.dev/clusterTask': {}'f:operator.tekton.dev/operand-name': {}'f:tekton.dev/memberOf': {} .: {}'f:tekton.dev/pipelineRun': {}'f:app.kubernetes.io/version': {}'f:operator.tekton.dev/provider-type': {}'f:tekton.dev/pipeline': {}'f:ownerReferences': .: {}'k:{"uid":"c4b23453-817a-4343-9e63-88eb0e4a084a"}': {}'f:spec': .: {}'f:params': {}'f:resources': {}'f:serviceAccountName': {}'f:taskRef': .: {}'f:kind': {}'f:name': {}'f:workspaces': {} manager: openshift-pipelines-controller operation: Update time: '2024-04-14T15:41:47Z' - apiVersion: tekton.dev/v1beta1 fieldsType: FieldsV1 fieldsV1:'f:status': .: {}'f:completionTime': {}'f:conditions': {}'f:podName': {}'f:startTime': {}'f:steps': {}'f:taskSpec': .: {}'f:description': {}'f:params': {}'f:results': {}'f:steps': {}'f:workspaces': {} manager: openshift-pipelines-controller operation: Update subresource: status time: '2024-04-14T15:41:54Z' namespace: sn-labs-sarmpinheiro ownerReferences: - apiVersion: tekton.dev/v1beta1 blockOwnerDeletion: true controller: true kind: PipelineRun name: ci-cd-pipeline-g2by2e uid: c4b23453-817a-4343-9e63-88eb0e4a084a labels: tekton.dev/memberOf: tasks app.kubernetes.io/version: '0.8' tekton.dev/clusterTask: git-clone tekton.dev/pipeline: ci-cd-pipeline operator.tekton.dev/provider-type: redhat app.kubernetes.io/managed-by: tekton-pipelines operator.tekton.dev/operand-name: openshift-pipelines-addons tekton.dev/pipelineTask: git-clone tekton.dev/pipelineRun: ci-cd-pipeline-g2by2espec: params: - name: url value: 'https://github.com/ibm-developer-skills-network/wtecc-CICD_PracticeCode' - name: revision value: '' - name: refspec value: '' - name: submodules value: 'true' - name: depth value: '1' - name: sslVerify value: 'true' - name: crtFileName value: ca-bundle.crt - name: subdirectory value: '' - name: sparseCheckoutDirectories value: '' - name: deleteExisting value: 'true' - name: httpProxy value: '' - name: httpsProxy value: '' - name: noProxy value: '' - name: verbose value: 'true' - name: gitInitImage value: >- registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8@sha256:aa2599a70c14b4f30c9959f6ddafc2510180764d9464e6e2ec5f2147a0a0bf80 - name: userHome value: /tekton/home resources: {} serviceAccountName: pipeline taskRef: kind: ClusterTask name: git-clone timeout: 1h0m0s workspaces: - name: output persistentVolumeClaim: claimName: oc-lab-pvcstatus: completionTime: '2024-04-14T15:41:54Z' conditions: - lastTransitionTime: '2024-04-14T15:41:54Z' message: >"step-clone" exited with code 1 (image:"registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8@sha256:0d6c3122476682db4ac5f2e4cfd8322d48673736535e37b128d55948457f33db"); for logs run: kubectl -n sn-labs-sarmpinheiro logs ci-cd-pipeline-g2by2e-git-clone-pod -c step-clone reason: Failed status: 'False' type: Succeeded podName: ci-cd-pipeline-g2by2e-git-clone-pod startTime: '2024-04-14T15:41:47Z' steps: - container: step-clone imageID: >- registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8@sha256:0d6c3122476682db4ac5f2e4cfd8322d48673736535e37b128d55948457f33db name: clone terminated: containerID: >- cri-o://c30006de6459c7e7b9c092fa6cadae315a8f040fd5d3bf68aeedaa83bbfae587 exitCode: 1 finishedAt: '2024-04-14T15:41:53Z' reason: Error startedAt: '2024-04-14T15:41:53Z' taskSpec: description: >- These Tasks are Git tasks to work with repositories used by other tasks in your Pipeline. The git-clone Task will clone a repo from the provided url into the output Workspace. By default the repo will be cloned into the root of your Workspace. You can clone into a subdirectory by setting this Task's subdirectory param. This Task also supports sparse checkouts. To perform a sparse checkout, pass a list of comma separated directory patterns to this Task's sparseCheckoutDirectories param. params: - description: Repository URL to clone from. name: url type: string - default: '' description: 'Revision to checkout. (branch, tag, sha, ref, etc...)' name: revision type: string - default: '' description: Refspec to fetch before checking out revision. name: refspec type: string - default: 'true' description: Initialize and fetch git submodules. name: submodules type: string - default: '1' description: 'Perform a shallow clone, fetching only the most recent N commits.' name: depth type: string - default: 'true' description: >- Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote. name: sslVerify type: string - default: ca-bundle.crt description: >- file name of mounted crt using ssl-ca-directory workspace. default value is ca-bundle.crt. name: crtFileName type: string - default: '' description: Subdirectory inside the `output` Workspace to clone the repo into. name: subdirectory type: string - default: '' description: >- Define the directory patterns to match or exclude when performing a sparse checkout. name: sparseCheckoutDirectories type: string - default: 'true' description: >- Clean out the contents of the destination directory if it already exists before cloning. name: deleteExisting type: string - default: '' description: HTTP proxy server for non-SSL requests. name: httpProxy type: string - default: '' description: HTTPS proxy server for SSL requests. name: httpsProxy type: string - default: '' description: Opt out of proxying HTTP/HTTPS requests. name: noProxy type: string - default: 'true' description: Log the commands that are executed during `git-clone`'s operation. name: verbose type: string - default: >- registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8@sha256:aa2599a70c14b4f30c9959f6ddafc2510180764d9464e6e2ec5f2147a0a0bf80 description: The image providing the git-init binary that this Task runs. name: gitInitImage type: string - default: /tekton/home description: | Absolute path to the user's home directory. name: userHome type: string results: - description: The precise commit SHA that was fetched by this Task. name: commit type: string - description: The precise URL that was fetched by this Task. name: url type: string steps: - env: - name: HOME value: /tekton/home - name: PARAM_URL value: >- https://github.com/ibm-developer-skills-network/wtecc-CICD_PracticeCode - name: PARAM_REVISION - name: PARAM_REFSPEC - name: PARAM_SUBMODULES value: 'true' - name: PARAM_DEPTH value: '1' - name: PARAM_SSL_VERIFY value: 'true' - name: PARAM_CRT_FILENAME value: ca-bundle.crt - name: PARAM_SUBDIRECTORY - name: PARAM_DELETE_EXISTING value: 'true' - name: PARAM_HTTP_PROXY - name: PARAM_HTTPS_PROXY - name: PARAM_NO_PROXY - name: PARAM_VERBOSE value: 'true' - name: PARAM_SPARSE_CHECKOUT_DIRECTORIES - name: PARAM_USER_HOME value: /tekton/home - name: WORKSPACE_OUTPUT_PATH value: /workspace/output - name: WORKSPACE_SSH_DIRECTORY_BOUND value: 'false' - name: WORKSPACE_SSH_DIRECTORY_PATH - name: WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND value: 'false' - name: WORKSPACE_BASIC_AUTH_DIRECTORY_PATH - name: WORKSPACE_SSL_CA_DIRECTORY_BOUND value: 'false' - name: WORKSPACE_SSL_CA_DIRECTORY_PATH image: >- registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8@sha256:aa2599a70c14b4f30c9959f6ddafc2510180764d9464e6e2ec5f2147a0a0bf80 name: clone resources: {} script: > #!/usr/bin/env sh set -eu if [ "${PARAM_VERBOSE}" = "true" ] ; then set -x fi if [ "${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}" = "true" ] ; then cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials" "${PARAM_USER_HOME}/.git-credentials" cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig" "${PARAM_USER_HOME}/.gitconfig" chmod 400 "${PARAM_USER_HOME}/.git-credentials" chmod 400 "${PARAM_USER_HOME}/.gitconfig" fi if [ "${WORKSPACE_SSH_DIRECTORY_BOUND}" = "true" ] ; then cp -R "${WORKSPACE_SSH_DIRECTORY_PATH}" "${PARAM_USER_HOME}"/.ssh chmod 700 "${PARAM_USER_HOME}"/.ssh chmod -R 400 "${PARAM_USER_HOME}"/.ssh/* fi if [ "${WORKSPACE_SSL_CA_DIRECTORY_BOUND}" = "true" ] ; then export GIT_SSL_CAPATH="${WORKSPACE_SSL_CA_DIRECTORY_PATH}" if [ "${PARAM_CRT_FILENAME}" != "" ] ; then export GIT_SSL_CAINFO="${WORKSPACE_SSL_CA_DIRECTORY_PATH}/${PARAM_CRT_FILENAME}" fi fi CHECKOUT_DIR="${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}" cleandir() { # Delete any existing contents of the repo directory if it exists. # # We don't just "rm -rf ${CHECKOUT_DIR}" because ${CHECKOUT_DIR} might be "/" # or the root of a mounted volume. if [ -d "${CHECKOUT_DIR}" ] ; then # Delete non-hidden files and directories rm -rf "${CHECKOUT_DIR:?}"/* # Delete files and directories starting with . but excluding .. rm -rf "${CHECKOUT_DIR}"/.[!.]* # Delete files and directories starting with .. plus any other character rm -rf "${CHECKOUT_DIR}"/..?* fi } if [ "${PARAM_DELETE_EXISTING}" = "true" ] ; then cleandir fi test -z "${PARAM_HTTP_PROXY}" || export HTTP_PROXY="${PARAM_HTTP_PROXY}" test -z "${PARAM_HTTPS_PROXY}" || export HTTPS_PROXY="${PARAM_HTTPS_PROXY}" test -z "${PARAM_NO_PROXY}" || export NO_PROXY="${PARAM_NO_PROXY}" git config --global --add safe.directory "${WORKSPACE_OUTPUT_PATH}" /ko-app/git-init \ -url="${PARAM_URL}" \ -revision="${PARAM_REVISION}" \ -refspec="${PARAM_REFSPEC}" \ -path="${CHECKOUT_DIR}" \ -sslVerify="${PARAM_SSL_VERIFY}" \ -submodules="${PARAM_SUBMODULES}" \ -depth="${PARAM_DEPTH}" \ -sparseCheckoutDirectories="${PARAM_SPARSE_CHECKOUT_DIRECTORIES}" cd "${CHECKOUT_DIR}" RESULT_SHA="$(git rev-parse HEAD)" EXIT_CODE="$?" if [ "${EXIT_CODE}" != 0 ] ; then exit "${EXIT_CODE}" fi printf "%s" "${RESULT_SHA}" > "/tekton/results/commit" printf "%s" "${PARAM_URL}" > "/tekton/results/url" securityContext: runAsNonRoot: true runAsUser: 65532 workspaces: - description: The git repo will be cloned onto the volume backing this Workspace. name: output - description: > A .ssh directory with private key, known_hosts, config, etc. Copied to the user's home before git commands are executed. Used to authenticate with the git remote when performing the clone. Binding a Secret to this Workspace is strongly recommended over other volume types. name: ssh-directory optional: true - description: | A Workspace containing a .gitconfig and .git-credentials file. These will be copied to the user's home before any git commands are run. Any other files in this Workspace are ignored. It is strongly recommended to use ssh-directory over basic-auth whenever possible and to bind a Secret to this Workspace over other volume types. name: basic-auth optional: true - description: | A workspace containing CA certificates, this will be used by Git to verify the peer with when fetching or pushing over HTTPS. name: ssl-ca-directory optional: trueI tried waiting a bit and running the pipeline again to see if it would work, but it didnt.