Skip to content

fix: Renovate cache permission errors in Docker container#515

Merged
erezrokah merged 4 commits intomainfrom
claude/vigilant-babbage
Mar 19, 2026
Merged

fix: Renovate cache permission errors in Docker container#515
erezrokah merged 4 commits intomainfrom
claude/vigilant-babbage

Conversation

@erezrokah
Copy link
Copy Markdown
Member

@erezrokah erezrokah commented Mar 18, 2026
edited
Loading

Summary

  • Set RENOVATE_CACHE_DIR=/tmp/renovate/cache to override the action's auto-detected path (/home/runner/work/...) which doesn't exist inside the Docker container
  • Add a step to create the cache directory with world-writable permissions so the container user (uid 1000) can write to it

Fixes the EACCES: permission denied errors introduced by #509.

Test plan

  • Re-run the Renovate workflow and confirm no EACCES errors
  • Verify logs show "cacheDir": "/tmp/renovate/cache"
  • Verify cache is saved and restored on subsequent runs

@erezrokah erezrokah requested a review from a team as a code owner March 18, 2026 20:12
@erezrokah erezrokah requested review from Copilot and stoovon and removed request for a team March 18, 2026 20:12
Copilot AI reviewed Mar 18, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adjusts the self-hosted Renovate GitHub Actions workflow to avoid cache permission/path issues when the Renovate action runs in a Docker container.

Changes:

  • Adds a step to pre-create the Renovate cache directory and adjust permissions.
  • Sets RENOVATE_CACHE_DIR to /tmp/renovate/cache to ensure the container uses a valid, writable path.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@erezrokah erezrokah requested a review from Copilot March 18, 2026 20:16
@erezrokah erezrokah changed the title fix: fix Renovate cache permission errors in Docker container fix: Renovate cache permission errors in Docker container Mar 18, 2026
Copilot AI reviewed Mar 18, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the self-hosted Renovate GitHub Actions workflow to avoid cache permission issues when Renovate runs inside its container, aiming to eliminate EACCES errors introduced with the caching changes from #509.

Changes:

  • Add a workflow step that creates the Renovate cache directory and relaxes its permissions.
  • Set RENOVATE_CACHE_DIR to a fixed path (/tmp/renovate/cache) to avoid the action’s auto-detected cache location.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@erezrokah
fix: fix Renovate cache permission errors in Docker container
7be5ea3 
The renovatebot/github-action auto-sets RENOVATE_CACHE_DIR to a path
under /home/runner which doesn't exist inside the Docker container.
Additionally, cache files restored by actions/cache are owned by the
runner user, not the container user (uid 1000).

- Set RENOVATE_CACHE_DIR=/tmp/renovate/cache explicitly
- Add step to create cache dir with world-writable permissions
@erezrokah erezrokah force-pushed the claude/vigilant-babbage branch from 99c0be5 to 7be5ea3 Compare March 18, 2026 20:20
@erezrokah
fix: use chown to container uid instead of world-writable permissions
5b9e5a2 
Address review feedback: chown to uid 1000 (Renovate container user)
instead of chmod 777 to avoid unnecessarily broad permissions.
@erezrokah
fix: use correct Renovate container uid 12021 for cache ownership
c435525 
Per renovatebot/github-action#827, the Renovate Docker container runs
as uid 12021, not 1000. Also add sudo since the runner user may not
own /tmp/renovate after cache restore.
erezrokah
erezrokah commented Mar 18, 2026
View reviewed changes
.github/workflows/renovate.yml
key: renovate-cache-${{ env.RENOVATE_VERSION }}-${{ github.run_id }}
restore-keys: |
renovate-cache-${{ env.RENOVATE_VERSION }}-
- name: Fix cache permissions
Copy link
Copy Markdown
Member Author

@erezrokah erezrokah Mar 18, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See https://github.com/renovatebot/github-action?tab=readme-ov-file#persisting-the-repository-cache

@erezrokah
fix: fix Renovate cache permissions following official README example
3f7a9cb 
- Cache the specific repository cache dir /tmp/renovate/cache/renovate/repository
- Use sudo chown -R 12021:0 to match Renovate container uid (per official docs)
- Remove RENOVATE_CACHE_DIR override to avoid permission issues (per README warning)

See https://github.com/renovatebot/github-action#persisting-the-repository-cache
@erezrokah erezrokah requested a review from mnorbury March 18, 2026 22:23
@erezrokah erezrokah merged commit e6e1fb1 into main Mar 19, 2026
3 checks passed
@erezrokah erezrokah deleted the claude/vigilant-babbage branch March 19, 2026 10:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@stoovon stoovon Awaiting requested review from stoovon stoovon is a code owner automatically assigned from cloudquery/infra

@mnorbury mnorbury Awaiting requested review from mnorbury

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@erezrokah