From 0ddde1be661a1249f90daf6501864744f19f8837 Mon Sep 17 00:00:00 2001 From: Garry Tan Date: Mon, 23 Mar 2026 17:07:20 -0700 Subject: [PATCH] fix: ensure writable temp dirs in CI container Bun fails with "unable to write files to tempdir: AccessDenied" when the container user doesn't own /tmp. This cascades to Playwright (can't launch Chromium) and browse (server won't start). Fix: create writable temp dirs at job start. If /tmp isn't writable, fall back to $HOME/tmp via TMPDIR. Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/docker/Dockerfile.ci | 3 ++- .github/workflows/evals.yml | 14 ++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/.github/docker/Dockerfile.ci b/.github/docker/Dockerfile.ci index b507200b..0149cf8e 100644 --- a/.github/docker/Dockerfile.ci +++ b/.github/docker/Dockerfile.ci @@ -57,4 +57,5 @@ RUN mv /workspace/node_modules /opt/node_modules_cache \ # the workflow must set options.user or use gosu/su-exec at runtime). RUN useradd -m -s /bin/bash runner \ && chmod -R a+rX /opt/node_modules_cache \ - && mkdir -p /home/runner/.gstack && chown -R runner:runner /home/runner/.gstack + && mkdir -p /home/runner/.gstack && chown -R runner:runner /home/runner/.gstack \ + && mkdir -p /tmp/bun-cache && chmod 1777 /tmp/bun-cache diff --git a/.github/workflows/evals.yml b/.github/workflows/evals.yml index f2fea6c7..ce21d8f5 100644 --- a/.github/workflows/evals.yml +++ b/.github/workflows/evals.yml @@ -98,6 +98,20 @@ jobs: with: fetch-depth: 0 + # Ensure temp directories are writable (GH Actions container user may not own /tmp) + - name: Fix temp dirs + run: | + mkdir -p /tmp/bun-cache /tmp/playwright-tmp + chmod 1777 /tmp/bun-cache /tmp/playwright-tmp 2>/dev/null || true + # If /tmp isn't writable, use home dir + if ! touch /tmp/.write-test 2>/dev/null; then + export TMPDIR="$HOME/tmp" + mkdir -p "$TMPDIR" + echo "TMPDIR=$TMPDIR" >> "$GITHUB_ENV" + else + rm -f /tmp/.write-test + fi + # Restore pre-installed node_modules from Docker image via symlink (~0s vs ~15s install) # If package.json changed since image was built, fall back to fresh install - name: Restore deps