Skip to content

fix: ensure /home/runner/.copilot directory has correct ownership before Copilot CLI install#13980

Merged
Mossaka merged 4 commits intomainfrom
copilot/fix-copilot-cli-directory-ownership
Feb 5, 2026
Merged

fix: ensure /home/runner/.copilot directory has correct ownership before Copilot CLI install#13980
Mossaka merged 4 commits intomainfrom
copilot/fix-copilot-cli-directory-ownership

Conversation

Copy link
Contributor

Copilot AI commented Feb 5, 2026
edited by github-actions bot
Loading

Copilot CLI installation intermittently fails with EACCES: permission denied, mkdir '/home/runner/.copilot/pkg' when a previous AWF run on the same runner used sudo -E awf --enable-chroot, creating the .copilot directory with root ownership.

Changes

  • Add directory ownership fix at the start of install_copilot_cli.sh: 
    mkdir -p "$COPILOT_DIR"
sudo chown -R runner:runner "$COPILOT_DIR"

This ensures consistent ownership regardless of prior runner state.

Original prompt

This section details on the original issue you should resolve

<issue_title>fix: ensure /home/runner/.copilot directory has correct ownership before Copilot CLI install</issue_title>
<issue_description>## Problem

When running smoke tests (e.g., smoke-chroot.lock.yml), the "Install GitHub Copilot CLI" step intermittently fails with:

Error creating package directory: /home/runner/.copilot/pkg/linux-x64/0.0.402
Failed to extract bundled package: Error: EACCES: permission denied, mkdir '/home/runner/.copilot/pkg'

This happens because a previous AWF run on the same runner used sudo -E awf --enable-chroot ..., which may have created /home/runner/.copilot with root ownership. A subsequent job on the same runner then fails when the Copilot CLI (running as the runner user) tries to create subdirectories.

Evidence

Proposed Fix

Add a directory ownership fix before the install_copilot_cli.sh step in the Copilot engine compiler output:

mkdir -p /home/runner/.copilot && chown -R runner:runner /home/runner/.copilot

This should be added to install_copilot_cli.sh or emitted by the Copilot engine in the compiled workflow, before the Copilot CLI installation step.

Context

This was discovered while working on github/gh-aw-firewall#522 (mounting /etc/hosts in chroot mode). The failure is in the runner-level Copilot CLI installation, not inside the AWF container.</issue_description>

Comments on the Issue (you are @copilot in this section)

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Changeset

  • Type: patch
  • Description: Ensure /home/runner/.copilot is owned by runner:runner before the Copilot CLI install so chroot runs cannot leave the directory root-owned and trigger EACCES errors.

Generated by Changeset Generator

@github-actions github-actions bot mentioned this pull request Feb 5, 2026
Closed
@Mossaka
fix: ensure /home/runner/.copilot directory has correct ownership bef…
e9dac20 
…ore Copilot CLI install

Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix ownership issue for Copilot CLI install directory fix: ensure /home/runner/.copilot directory has correct ownership before Copilot CLI install Feb 5, 2026
Copilot AI requested a review from Mossaka February 5, 2026 19:57
@Mossaka Mossaka marked this pull request as ready for review February 5, 2026 20:39
Copilot AI review requested due to automatic review settings February 5, 2026 20:39
@Mossaka Mossaka added the smoke label Feb 5, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Feb 5, 2026
edited
Loading

Changeset Generator completed successfully!

@github-actions
Copy link
Contributor

github-actions bot commented Feb 5, 2026
edited
Loading

🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation...

@github-actions
Copy link
Contributor

github-actions bot commented Feb 5, 2026

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

@github-actions
Copy link
Contributor

github-actions bot commented Feb 5, 2026
edited
Loading

🎬 THE ENDSmoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

Copilot AI reviewed Feb 5, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request addresses an intermittent failure in the "Install GitHub Copilot CLI" step during smoke tests. The issue occurs when a previous AWF run on the same runner used sudo -E awf --enable-chroot, creating the /home/runner/.copilot directory with root ownership. Subsequent jobs on the reused runner fail when the Copilot CLI (running as the runner user) attempts to create subdirectories.

Changes:

  • Adds directory ownership fix to install_copilot_cli.sh before Copilot CLI installation
  • Creates /home/runner/.copilot directory if it doesn't exist and ensures correct ownership (runner:runner)
  • Includes explanatory comments documenting the issue and linking to the relevant GitHub issue

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

actions/setup/sh/install_copilot_cli.sh
# This is needed because a previous AWF run on the same runner may have used
# `sudo -E awf --enable-chroot ...`, which creates the .copilot directory with
# root ownership. The Copilot CLI (running as the runner user) then fails when
# trying to create subdirectories. See: https://github.com/github/gh-aw/issues/12066
Copy link

Copilot AI Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The issue reference in the comment points to https://github.com/github/gh-aw/issues/12066, but according to the PR description, this fix is for issue #13979. The comment should be updated to reference the correct issue number.

Suggested change
# trying to create subdirectories. See: https://github.com/github/gh-aw/issues/12066
# trying to create subdirectories. See: https://github.com/github/gh-aw/issues/13979

Copilot uses AI. Check for mistakes.
actions/setup/sh/install_copilot_cli.sh
Comment on lines +24 to +33
COPILOT_DIR="/home/runner/.copilot"

# Fix directory ownership before installation
# This is needed because a previous AWF run on the same runner may have used
# `sudo -E awf --enable-chroot ...`, which creates the .copilot directory with
# root ownership. The Copilot CLI (running as the runner user) then fails when
# trying to create subdirectories. See: https://github.com/github/gh-aw/issues/12066
echo "Ensuring correct ownership of $COPILOT_DIR..."
mkdir -p "$COPILOT_DIR"
sudo chown -R runner:runner "$COPILOT_DIR"
Copy link

Copilot AI Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The COPILOT_DIR path /home/runner/.copilot and the user:group runner:runner are hardcoded, which means this script will only work correctly in GitHub Actions hosted runners. If this script is ever used in self-hosted runners or different CI environments where the user is not runner, the chown command may fail or be incorrect. Consider using environment variables like $HOME/.copilot and $(whoami):$(whoami) for better portability, or at a minimum, document that this script is specifically designed for GitHub Actions hosted runners.

Copilot uses AI. Check for mistakes.
@github-actions
Copy link
Contributor

github-actions bot commented Feb 5, 2026

Agent Container Tool Check

Tool Status Version
bash 5.2.21
sh available
git 2.52.0
jq 1.7
yq 4.50.1
curl 8.5.0
gh 2.86.0
node 20.20.0
python3 3.12.3
go 1.24.12
java ⚠️ installed but execution issue
dotnet ⚠️ installed but execution issue

Result: 10/12 tools fully operational ✅

Note: Java and .NET binaries are present at expected paths but encounter execution issues when invoked. This appears to be an environment-specific problem rather than missing installations.

  • Java: /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk/21.0.10-7/x64/bin/java
  • .NET: /usr/share/dotnet/dotnet

AI generated by Agent Container Smoke Test

@github-actions github-actions bot mentioned this pull request Feb 5, 2026
Closed
@github-actions github-actions bot removed the smoke label Feb 5, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Feb 5, 2026

Smoke Test: Copilot - 21727679475

PRs Reviewed:

Test Results:

  • ✅ GitHub MCP
  • ✅ Safe Inputs GH CLI
  • ✅ Serena MCP (6 symbols)
  • ⚠️ Playwright (network error)
  • ✅ File Writing
  • ✅ Bash Tool
  • ✅ Discussion Interaction
  • ✅ Build gh-aw
  • ✅ Workflow Dispatch

Overall: ⚠️ PASS WITH WARNING

@Copilot @pelikhan

AI generated by Smoke Copilot

@github-actions
Copy link
Contributor

github-actions bot commented Feb 5, 2026

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

@Mossaka Mossaka merged commit ada84f0 into main Feb 5, 2026
@Mossaka Mossaka deleted the copilot/fix-copilot-cli-directory-ownership branch February 5, 2026 21:02
This was referenced Feb 5, 2026
Closed
Merged
@github-actions github-actions bot mentioned this pull request Feb 6, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Mossaka Mossaka Awaiting requested review from Mossaka

Assignees

@Mossaka Mossaka

Copilot code review Copilot

Labels

smoke-copilot

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

fix: ensure /home/runner/.copilot directory has correct ownership before Copilot CLI install

2 participants

@Mossaka