You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix(openemr-cmd): auto-chown bind mount via container before worktree remove (#833)
## Summary
Follow-on to #826. The A5 permission probe catches container-uid files
cleanly, but still requires the user to run a manual `sudo chown -R`
before retry. The container itself has root, so it can do the chown for
us before tear-down — eliminating the manual step in the common case.
## Change
In `cmd_worktree_remove`, between the dir-exists check and the A5 probe:
1. Find the worktree's openemr container by compose project label (same
pattern as `cmd_worktree_exec`).
2. If a container is running, run `docker exec -u root <id> chown -R
<host-uid>:<host-gid> /var/www/localhost/htdocs/openemr`.
3. Best-effort: stderr suppressed, `|| true` swallows non-zero exits.
The probe is the safety net for anything chown couldn't fix (container
not running, root-owned files outside the openemr workdir, chown itself
failed).
4. Probe runs as before; usually passes now.
5. Destructive ops proceed.
## Why now
This was filed as the natural next step after a user hit the
manual-chown requirement during cleanup of an in-flight worktree. The
probe surfaced the issue cleanly, but the user had to context-switch
into a sudo-capable terminal to fix it. With the container itself doing
the chown, the most common case (root-owned files inside the openemr
workdir) becomes invisible to the user.
## Tests (`tests/bats/openemr-cmd/remove_graceful.bats`)
| Scenario | Assertion |
|---|---|
| Container running | docker.log shows `exec -u root <id> chown -R
<uid>:<gid> /var/www/.../openemr` + "Auto-chowning bind mount via
container" message |
| No container running | chown step skipped silently (no exec
invocation, no log line); remove still completes |
| Chown returns non-zero | attempt logged, failure ignored, probe +
destructive ops continue, remove still succeeds |
## Test plan
- [x] Full hermetic bats suite — 293 tests, 0 failures
- [x] `shellcheck utilities/openemr-cmd/openemr-cmd` clean
- [ ] CI: BATS openemr-cmd (ubuntu-22.04) green
- [ ] CI: BATS openemr-cmd (macos-14) green
- [ ] CI: ShellCheck / actionlint green
- [ ] CI: e2e jobs green (the lifecycle job's A5 probe step should still
pass — the auto-chown runs first but the probe step intentionally
re-creates the container-uid state, so the probe contract is unchanged)
- [ ] CodeRabbit review
Assisted-by: Claude Code
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* `openemr-cmd worktree remove` now attempts an auto-chown inside the
running app container (when available) to help prevent
permission-related removal failures.
* Updated `openemr-cmd --version` to **1.0.48**.
* **Bug Fixes**
* Removal continues to succeed even if the container auto-chown attempt
fails.
* Improved failure guidance with two recovery options: start the stack
and retry, or manually run `sudo chown -R` on the worktree directory.
* **Tests**
* Expanded BATS coverage for auto-chown behavior: confirmation abort,
container running, container not running, and container chown errors.
* Updated test helper behavior to source the correct portion of the
command script.
* **Chores**
* Adjusted CI workflow concurrency to cancel in-progress runs only for
pull requests.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Code <noreply@anthropic.com>
0 commit comments