redhat-actions/buildah-build@v2 failure while performing build from Containerfile

Question

I'm trying to setup github workflow for building image and pushing it to the registry using redhat-actions actions:

workflow.yaml

name: build-maven-runner
on:
  workflow_dispatch:
jobs:
  build-test-push:
    outputs:
      image-url: ${{ steps.push-to-artifactory.outputs.registry-path }}
      image-digest: ${{ steps.push-to-artifactory.outputs.digest }}
    name: build-job
    env:
      runner_memorylimit: 2Gi
      runner_cpulimit: 2
    runs-on: [ linux ]
    steps:
      - name: Clone
        uses: actions/checkout@v2

      - name: Pre-Login
        # podman-login: requires docker config repo auths
        # Error: TypeError: Cannot set property 'some.repo.com' of undefined
        mkdir /home/runner/.docker/
        cat <<EOT >> /home/runner/.docker/config.json
        {
          "auths": {
            "some.repo.com": {}
          }
        }
        EOT

      - name: Login
        uses: redhat-actions/podman-login@v1
        with:
          registry: some.repo.com
          username: ${{ secrets.USERNAME }}
          password: ${{ secrets.PASSWORD }}
          auth_file_path: /tmp/podman-run-1000/containers/auth.json

      - name: Build
        id: build-image
        uses: redhat-actions/buildah-build@v2
        with:
          image: some-image
          tags: latest
          containerfiles: ./config/Dockerfile
          tls-verify: false

      - name: Push
        id: push-to-artifactory
        uses: redhat-actions/push-to-registry@v2
        with:
          image: ${{ steps.build-image.outputs.image }}
          tags: latest
          registry: some.other.repo.com/project
          username: ${{ secrets.USERNAME }}
          password: ${{ secrets.PASSWORD }}
          tls-verify: false

./config/Dockerfile

FROM .../openshift/origin-cli:4.10
USER root

RUN sudo yum update -y
RUN sudo yum install -y maven

RUN maven -version
RUN oc version

But Build step failing resulting in:

/usr/bin/buildah version
  Version:         1.22.3
  Go Version:      go1.15.2
  Image Spec:      1.0.1-dev
  Runtime Spec:    1.0.2-dev
  CNI Spec:        0.4.0
  libcni Version:  
  image Version:   5.15.2
  Git Commit:      
  Built:           Thu Jan  1 00:00:00 1970
  OS/Arch:         linux/amd64
Overriding storage mount_program with "fuse-overlayfs" in environment
Performing build from Containerfile
/usr/bin/buildah bud -f /runner/_work/some-project/some-project/config/Dockerfile --format docker --tls-verify=false -t some-image:latest /runner/_work/some-project/some-project
chown /home/runner/.local/share/containers/storage/overlay/l: operation not permitted
time="2022-12-12T16:13:52Z" level=warning msg="failed to shutdown storage: \"chown /home/runner/.local/share/containers/storage/overlay/l: operation not permitted\""
time="2022-12-12T16:13:52Z" level=error msg="exit status 125"
Error: Error: buildah exited with code 125

I'm fairly out of ideas at this point.. I was thinking if it has to do with storage.conf like mentioned here, but even overriding storage.conf still having same error. Originally this how storage.conf looks like:

[storage]
driver = "overlay"
runroot = "/run/containers/storage"
graphroot = "/var/lib/containers/storage"

[storage.options]
additionalimagestores = [
]

[storage.options.overlay]
mountopt = "nodev,metacopy=on"

[storage.options.thinpool]

Does the problem lies deeper like in Dockerfile image ```openshif/origin-cli?

Any help would be appreciated

Answer 1

I ran into this issue today because I was doing some tests locally, typically your CICD should give the correct permissions to your containers (or the workers running your jobs). I fixed this issue by adding the --privileged flag while running my container, I do not recommend using that mode in production unless you are really sure what you are doing. Perhaps not exactly your issue but dropping it here in case it helps someone else.