From f25ee4fc3e0c9c7caa3ead11bd4f987045deb84e Mon Sep 17 00:00:00 2001 From: monsieurleberre Date: Tue, 23 Jun 2026 11:29:34 +0200 Subject: [PATCH] fix(go-ci): take coverage report ownership without sudo The 'Augment coverage report with cyclomatic complexity' step ran 'sudo chown' to reclaim code-coverage-results.md (written as root by the irongut/CodeCoverageSummary Docker action). Self-hosted runners lack passwordless sudo, so the step failed with 'sudo: a password is required', breaking every Go consumer's build-and-test job. Replace the file with a runner-owned copy via cp + mv -f when it is not writable; this needs only workspace-directory permissions and is a no-op on GitHub-hosted runners. --- .github/workflows/go-ci.yaml | 13 +++++++++---- CHANGELOG.md | 4 ++++ 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/.github/workflows/go-ci.yaml b/.github/workflows/go-ci.yaml index 93e4342..d551a1c 100644 --- a/.github/workflows/go-ci.yaml +++ b/.github/workflows/go-ci.yaml @@ -208,10 +208,15 @@ jobs: echo "::error::CodeCoverageSummary did not produce code-coverage-results.md" exit 1 fi - # Workaround: CodeCoverageSummary runs inside a Docker container - # that writes code-coverage-results.md as root, so chown it back - # before editing. - sudo chown "$(id -un)" code-coverage-results.md + # Workaround: irongut/CodeCoverageSummary runs inside a Docker + # container that may write code-coverage-results.md as root. Self-hosted + # runners lack passwordless sudo, so take ownership without sudo by + # replacing the file with a runner-owned copy when it is not already + # writable (a same-directory rename only needs workspace dir perms). + if [ ! -w code-coverage-results.md ]; then + cp code-coverage-results.md code-coverage-results.md.owned + mv -f code-coverage-results.md.owned code-coverage-results.md + fi go install github.com/fzipp/gocyclo/cmd/gocyclo@v0.6.0 GOCYCLO="$(go env GOPATH)/bin/gocyclo" diff --git a/CHANGELOG.md b/CHANGELOG.md index 82e402b..8bfc8e2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Fixed + +- Fix `go-ci.yaml` failing the `Augment coverage report with cyclomatic complexity` step on self-hosted runners. The step ran `sudo chown "$(id -un)" code-coverage-results.md` to take back a file that `irongut/CodeCoverageSummary` (a Docker action) writes as root, but self-hosted runners (e.g. the Hetzner pool) lack passwordless sudo, so the step died with `sudo: a password is required` — breaking every Go consumer's `build-and-test` job once it compiled far enough to reach coverage. Ownership is now taken without sudo: when the report is not writable it is replaced with a runner-owned copy via a same-directory `cp` + `mv -f`, which needs only workspace-directory permissions and is a no-op on GitHub-hosted runners where the file is already writable. Reported by `peacefulstudio/terraform-provider-canton-internal`. + ## [2.3.1] - 2026-06-19 ### Fixed