File tree Expand file tree Collapse file tree
packages/razorback-plugin-dab
src/razorback_plugin_dab/generate Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -153,6 +153,13 @@ def generate_compose(
153153 main_service : dict [str , Any ] = {
154154 "image" : docker_image ,
155155 "working_dir" : container_workdir ,
156+ # Run as root. Harbor's codex runtime pre-creates root-owned
157+ # /logs/agent and $CODEX_HOME during setup, then runs the agent as the
158+ # image's default USER. dab-agent:latest ships USER exedev (non-root),
159+ # so the agent cannot write those dirs and codex aborts with
160+ # "Permission denied (os error 13)". ade-bench's images run as root and
161+ # never hit this; pin main to root to match.
162+ "user" : "0:0" ,
156163 "networks" : ["dab-net" ] if networks_used else [],
157164 }
158165 if main_file_volumes :
Original file line number Diff line number Diff line change @@ -63,6 +63,22 @@ def test_sqlite_does_not_spawn_service(tmp_path: Path):
6363 assert "dab-sqlite" not in compose ["services" ]
6464
6565
66+ def test_main_service_runs_as_root (tmp_path : Path ):
67+ # The codex runtime's setup (run as root) pre-creates root-owned
68+ # /logs/agent and $CODEX_HOME, then harbor runs the agent as the image's
69+ # default USER. dab-agent:latest is USER exedev (non-root), so the agent
70+ # cannot write those dirs -> codex aborts with "Permission denied
71+ # (os error 13)". Pin the main service to root so it can write them,
72+ # matching the root images ade-bench runs successfully.
73+ compose_text = generate_compose (
74+ db_config = _BOOKREVIEW_LIKE ,
75+ dataset_name = "bookreview" ,
76+ data_root = tmp_path ,
77+ )
78+ compose = yaml .safe_load (compose_text )
79+ assert compose ["services" ]["main" ]["user" ] == "0:0"
80+
81+
6682def test_dab_net_declared (tmp_path : Path ):
6783 compose_text = generate_compose (
6884 db_config = _BOOKREVIEW_LIKE ,
You can’t perform that action at this time.
0 commit comments