Child container unable to write files in docker-compose volume mount when using shared runner

Hi,

I am using a volume to access a pytest coverage report that is generated from a docker-compose process in gitlab-ci. When I run the docker-compose in a local development environment to achieve the same task it works fine.

The problem is that I am getting a file permission error, from within the child container, when pytest tries to create the coverage report files. The problem occurs when the same task is run from within a shared runner.

I am following the docker-executor template suggested in the documentation for shared runners:

image: docker:stable

stages:
  - build
  - test
  - deploy

before_script:
  - 'which ssh-agent'
  - eval $(ssh-agent -s)
  - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
  - mkdir -p ~/.ssh
  - chmod 700 ~/.ssh
  - ssh-keyscan gitlab.com >> ~/.ssh/known_hosts
  - chmod 644 ~/.ssh/known_hosts
  - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY

build:
  stage: build
  variables:
    DOCKER_DRIVER: overlay2
    DOCKER_HOST: tcp://docker:2375
    SHARED_PATH: ${CI_PROJECT_DIR}/app-rest-api/docker-compose
    POSTGRES_DB: ${PG_DB}
    POSTGRES_PASSWORD: ${PG_PASSWORD}
    POSTGRES_USER: ${PG_USER}
  services:
    - docker:dind
  script:
    - cd app-rest-api/docker-compose
    ...
    - docker-compose -f docker-compose.yaml -f docker-compose.ci.yaml run -v /builds/<path...>/coverage:/server/coverage rest-api pytest --cov=api --cov-report term-missing --cov-report html:coverage tests/functional/test_functional_documents.py
    ...

The Dockerfile for the child container, (rest-api), contains a USER instruction.

I receive the following file permission error when pytest tries to create the coverage report files within the /server/coverage folder within the child container…

INTERNALERROR>   File "/home/user/.local/lib/python3.6/site-packages/coverage/html.py", line 69, in write_html
INTERNALERROR>     with open(fname, "wb") as fout:
INTERNALERROR> PermissionError: [Errno 13] Permission denied: 'coverage/_home_user__local_lib_python3_6_site-packages_api___init___py.html'

Anyone any ideas what is causing the file permission error and how I can access the test coverage report from within the child container?

Solved 12/1/2019
Made mountpoint directory in CI job before running docker-compose and used chmod to set appropriate write permissions!

Kind regards

dcs3spp