Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to set "Execute" permissions on files in Azure Function #2537

Open
gmantri opened this issue Aug 26, 2024 · 2 comments
Open

Unable to set "Execute" permissions on files in Azure Function #2537

gmantri opened this issue Aug 26, 2024 · 2 comments
Labels
bug

Comments

@gmantri
Copy link

gmantri commented Aug 26, 2024

I have an Azure Function that is running in Linux (Consumption plan). I have also enabled SCM_DO_BUILD_DURING_DEPLOYMENT by setting its value to true in my environment variables. The Function app has a dependency on Playwright where it needs to run Chrome browser to do some work. I am deploying the code using Github Actions. Everything works great as far as deployment is concerned however when I run my Function code to invoke Chrome, I am getting EACCES error.

Here's my error stack trace:

browserType.launch: Failed to launch: Error: spawn /home/site/wwwroot/node_modules/playwright-core/.local-browsers/chromium-1129/chrome-linux/chrome EACCES
Call log:
  [2m- <launching> /home/site/wwwroot/node_modules/playwright-core/.local-browsers/chromium-1129/chrome-linux/chrome --disable-field-trial-config --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-back-forward-cache --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-component-update --no-default-browser-check --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=ImprovedCookieControls,LazyFrameLoading,GlobalMediaControls,DestroyProfileOnBrowserClose,MediaRouter,DialMediaRouteProvider,AcceptCHFrame,AutoExpandDetailsElement,CertificateTransparencyComponentUpdater,AvoidUnnecessaryBeforeUnloadCheckSync,Translate,HttpsUpgrades,PaintHolding,PlzDedicatedWorker --allow-pre-commit-input --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --force-color-profile=srgb --metrics-recording-only --no-first-run --enable-automation --password-store=basic --use-mock-keychain --no-service-autorun --export-tagged-pdf --disable-search-engine-choice-screen --unsafely-disable-devtools-self-xss-warnings --headless=old --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --no-sandbox --disable-setuid-sandbox --user-data-dir=/tmp/playwright_chromiumdev_profile-XXXXXXZ5AVqE --remote-debugging-pipe --no-startup-window[22m
[2m  - [pid=N/A] starting temporary directories cleanup[22m
[2m  - [pid=N/A] finished temporary directories cleanup[22m

I know that this issue is related to the lack of Execute access. When I check the permissions on all files and folders inside my .local_browsers folder, I see that all folders have 755 permission however all files have 644 permission.

The issue I am running into is no matter what I do, I cannot change the permissions on the files from 644 to 755.

I have the following in my GitHub Action workflow file:

  deploy:
    runs-on: ubuntu-latest
    needs: build
    environment:
      name: 'Production'
      url: ${{ steps.fa.outputs.app-url }}
    permissions:
      id-token: write

    steps:
      - name: Download artifact from build job
        uses: actions/download-artifact@v4
        with:
          name: node-app

      - name: Unzip artifact for deployment
        run: unzip release.zip -d .

      - name: Set Execute Permissions for Chromium
        run: |
          chmod -R 755 node_modules/playwright-core/.local-browsers/chromium-*/chrome-linux/chrome

      - name: 'Run Azure Functions Action'
        uses: Azure/functions-action@v1
        id: fa
        with:
          app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }}
          slot-name: ${{ env.AZURE_FUNCTIONAPP_SLOT_NAME }}
          package: .
          publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_D22B9920848547EA85D3058628DD78B5 }}
          node-version: ${{ env.NODE_VERSION }}
          enable-oryx-build: true
          deployment-cmd: |
            chmod -R 755 node_modules/playwright-core/.local-browsers

This does not throw any error but it does not change the permission as well.

FWIW, here's my complete workflow:

name: Build and deploy code to Purple Leaf (Dev)

on:
  push:
    branches:
      - development
  workflow_dispatch:

env:
  AZURE_FUNCTIONAPP_PACKAGE_PATH: './src/functions'
  NODE_VERSION: '20.x'
  PLAYWRIGHT_BROWSERS_PATH: 0
  AZURE_FUNCTIONAPP_NAME: '<my function app name>'
  AZURE_FUNCTIONAPP_SLOT_NAME: 'Production'
  ACTIONS_STEP_DEBUG: true

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: 'Checkout GitHub Action'
        uses: actions/checkout@v4

      - name: Setup Node ${{ env.NODE_VERSION }} Environment
        uses: actions/setup-node@v3
        with:
          node-version: ${{ env.NODE_VERSION }}

      - name: Install Yarn
        run: npm install -g yarn

      - name: Install dependencies
        run: |
          echo "Installing dependencies..."
          yarn install --frozen-lockfile

      - name: Install Playwright Browsers
        run: |
          PLAYWRIGHT_BROWSERS_PATH=0 npx playwright install chromium --with-deps

      - name: Verify Browser Installation
        run: |
          if [ -d "node_modules/playwright-core/.local-browsers" ]; then
            echo "Playwright browsers installed successfully."
            ls -R node_modules/playwright-core/.local-browsers
          else
            echo "Playwright browser installation failed!" >&2
            exit 1
          fi

      - name: Build function project
        run: yarn build

      - name: Prepare files for deployment
        run: |
          mkdir deploy
          cp -r node_modules deploy/
          mkdir -p deploy/dist
          cp -r dist/* deploy/dist/
          cp package.json deploy/
          cp ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}/host.json deploy/
          echo "Contents of deploy folder:"
          ls -R deploy

      - name: Zip artifact for deployment
        run: |
          cd deploy
          zip -r ../release.zip ./*

      - name: Upload artifact for deployment job
        uses: actions/upload-artifact@v4
        with:
          name: node-app
          path: release.zip

  deploy:
    runs-on: ubuntu-latest
    needs: build
    environment:
      name: 'Production'
      url: ${{ steps.fa.outputs.app-url }}
    permissions:
      id-token: write

    steps:
      - name: Download artifact from build job
        uses: actions/download-artifact@v4
        with:
          name: node-app

      - name: Unzip artifact for deployment
        run: unzip release.zip -d .

      - name: Set Execute Permissions for Chromium
        run: |
          chmod -R 755 node_modules/playwright-core/.local-browsers/chromium-*/chrome-linux/chrome

      - name: 'Run Azure Functions Action'
        uses: Azure/functions-action@v1
        id: fa
        with:
          app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }}
          slot-name: ${{ env.AZURE_FUNCTIONAPP_SLOT_NAME }}
          package: .
          publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_D22B9920848547EA85D3058628DD78B5 }}
          node-version: ${{ env.NODE_VERSION }}
          enable-oryx-build: true
          deployment-cmd: |
            chmod -R 755 node_modules/playwright-core/.local-browsers

I even added a custom startup script and calling it as prestart script but still the permissions are not changed:

#!/bin/bash

# Define the path
LOCAL_BROWSERS_PATH="/home/site/wwwroot/node_modules/playwright-core/.local-browsers"

# Check if the directory exists
if [ -d "$LOCAL_BROWSERS_PATH" ]; then
    # If the file exists, change its permissions
    # chmod -R +x "$LOCAL_BROWSERS_PATH"
    find "$LOCAL_BROWSERS_PATH" -type d -exec chmod 755 {} \;
    find "$LOCAL_BROWSERS_PATH" -type f -exec chmod 755 {} \;
    echo "Permissions updated for $LOCAL_BROWSERS_PATH"
else
    # If the file doesn't exist, print a message and exit successfully
    echo "Chrome executable not found at $LOCAL_BROWSERS_PATH. Skipping permission change."
fi

I am at a complete loss of ideas here as to what I am doing wrong.

P.S. It is a cross-posting. I originally posted this on StackOverflow a few days ago. Posting it here because I did not get any response there. StackOverflow post can be found here: https://stackoverflow.com/questions/78909340/unable-to-set-execute-permissions-on-files-in-azure-function.
@gmantri gmantri added the bug label Aug 26, 2024
@gmantri gmantri mentioned this issue Aug 26, 2024
Open
@bhagyshricompany bhagyshricompany self-assigned this Aug 27, 2024
@bhagyshricompany
Copy link

Thanks for reporting will check and update.Thanks

@bhagyshricompany bhagyshricompany removed their assignment Sep 2, 2024
@ggsbbf
Copy link

ggsbbf commented Oct 22, 2024

+1. I am encountering a similar issue while running "ffmpeg" and "ffprobe" within a Node.js environment. The binary files have only read permissions after the zip deployment (using the Oryx build). This restriction seems to be the sole method for utilizing them in the Flex Plan deployment. Unfortunately, I am unable to chmod the files. However, in the App Service plan, I can employ scm-do-build-during-deployment to acquire the necessary execution permissions for these files. It's quite peculiar.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@gmantri @bhagyshricompany @ggsbbf and others