推送到GitHub时出现了一个奇怪的权限问题。我有一个测试工作,它在覆盖范围内运行测试,然后在每个推拉请求中将结果推送到codecov。但是,此场景仅适用于root用户。
如果与digitalshop用户一起运行,则会抛出错误:
Couldn't use data file '/digital-shop-app/.coverage': unable to open database file
我的问题是:如何在docker容器中运行覆盖,这样它就不会抛出这个错误?我的猜测是因为权限。
docker-compose.yml:
version: '3.9'
services:
test:
build: .
command: >
sh -c "
python manage.py wait_for_db &&
coverage run --source='.' manage.py test mainapp.tests &&
coverage report &&
coverage xml
"
volumes:
- ./digital-shop-app:/digital-shop-app
env_file: .env
depends_on:
- db
db:
image: postgres:13-alpine
environment:
- POSTGRES_DB=${DB_NAME}
- POSTGRES_USER=${DB_USER}
- POSTGRES_PASSWORD=${DB_PASS}
Dockerfile:
FROM python:3.9-alpine3.13
ENV PYTHONUNBUFFERED 1
COPY ./requirements.txt /requirements.txt
COPY ./digital-shop-app /digital-shop-app
COPY ./scripts /scripts
WORKDIR /digital-shop-app
RUN python -m venv /py &&
/py/bin/pip install --upgrade pip &&
apk add --no-cache bash &&
apk add --update --no-cache postgresql-client &&
apk add --update --no-cache --virtual .tmp-deps
build-base jpeg-dev postgresql-dev musl-dev linux-headers
zlib-dev libffi-dev openssl-dev python3-dev cargo &&
apk add --update --no-cache libjpeg &&
/py/bin/pip install -r /requirements.txt &&
apk del .tmp-deps &&
adduser --disabled-password --no-create-home digitalshop &&
chown -R digitalshop:digitalshop /py/lib/python3.9/site-packages &&
chmod -R +x /scripts
ENV PATH="/scripts:/py/bin:/py/lib:$PATH"
USER digitalshop
CMD ["run.sh"]
所以我最终创建了另一个名为Dockerfile.test的Dockerfile,并放置了几乎相同的配置,除了非管理员用户创建。这是最后一个变体:
不建议以root用户身份运行代码,因此请阅读更新部分
Dockerfile.test:
FROM python:3.9-alpine3.13
ENV PYTHONUNBUFFERED 1
COPY ./requirements.txt /requirements.txt
COPY ./digital-shop-app /digital-shop-app
WORKDIR /digital-shop-app
RUN python -m venv /py &&
/py/bin/pip install --upgrade pip &&
apk add --no-cache bash curl gnupg coreutils &&
apk add --update --no-cache postgresql-client libjpeg &&
apk add --update --no-cache --virtual .tmp-deps
build-base jpeg-dev postgresql-dev musl-dev linux-headers
zlib-dev libffi-dev openssl-dev python3-dev cargo &&
/py/bin/pip install -r /requirements.txt &&
apk del .tmp-deps
ENV PATH="/py/bin:/py/lib:$PATH"
docker-compose.yml:
version: '3.9'
services:
test:
build:
context: .
dockerfile: Dockerfile.test
command: >
sh -c "
python manage.py wait_for_db &&
coverage run --source='.' manage.py test mainapp.tests &&
coverage report &&
coverage xml
"
volumes:
- ./digital-shop-app:/digital-shop-app
env_file: .env
depends_on:
- db
我不知道这究竟是不是一种好的做法。如果没有,请说明如何正确操作。
更新:
感谢@β.εηιτ.βε给了我思考的食物。
经过一些本地调试,我发现覆盖范围需要用户拥有.coverage文件所在的目录。所以我在项目文件夹中创建了名为/cov的子目录,并将digitalshop用户设置为它的所有者,包括里面的所有内容。最后,我通过设置环境变量COVERAGE_FILE=/digital-shop-app/cov/.coverage指定了.coverage文件的路径,其中digital-shop-app是项目根文件夹。并在docker-compose.yml中指定了与coverage.xml报告相同的路径。这是代码:
docker-compose.yml(在coverage xml命令中添加了-o标志(:
version: '3.9'
services:
test:
build:
context: .
command: >
sh -c "
python manage.py wait_for_db &&
coverage run --source='.' manage.py test mainapp.tests &&
coverage xml -o /digital-shop-app/cov/coverage.xml
"
env_file: .env
depends_on:
- db
db:
image: postgres:13-alpine
environment:
- POSTGRES_DB=${DB_NAME}
- POSTGRES_USER=${DB_USER}
- POSTGRES_PASSWORD=${DB_PASS}
Dockerfile:
FROM python:3.9-alpine3.13
ENV PYTHONUNBUFFERED 1
COPY ./requirements.txt /requirements.txt
COPY ./digital-shop-app /digital-shop-app
COPY ./scripts /scripts
WORKDIR /digital-shop-app
RUN python -m venv /py &&
/py/bin/pip install --upgrade pip &&
apk add --no-cache bash &&
apk add --update --no-cache postgresql-client &&
apk add --update --no-cache --virtual .tmp-deps
build-base jpeg-dev postgresql-dev musl-dev linux-headers
zlib-dev libffi-dev openssl-dev python3-dev cargo &&
apk add --update --no-cache libjpeg &&
/py/bin/pip install -r /requirements.txt &&
apk del .tmp-deps &&
adduser --disabled-password --no-create-home digitalshop &&
chown -R digitalshop:digitalshop /py/lib/python3.9/site-packages &&
chmod -R +x /scripts &&
# New code here
mkdir -p /digital-shop-app/cov &&
chown -R digitalshop:digitalshop /digital-shop-app/cov
ENV PATH="/scripts:/py/bin:/py/lib:$PATH"
USER digitalshop
CMD ["run.sh"]