fix(ci): run anvil L1 as root so state dump can write the bind mount#29
Open
douglance wants to merge 1 commit into
Open
fix(ci): run anvil L1 as root so state dump can write the bind mount#29douglance wants to merge 1 commit into
douglance wants to merge 1 commit into
Conversation
The foundry image runs anvil as the non-root `foundry` user (uid 1000). On Linux CI runners the bind-mounted config/anvil-state directory is owned by the runner user, so anvil cannot write /state/state.json; the periodic (--state-interval=1) and on-exit state dumps silently fail and no snapshot is produced. Docker Desktop on macOS masks this by mapping bind-mount writes to the host user regardless of container uid, so it only failed in CI. Running the L1 service as root lets the state dump land in the bind mount. Fixes the "Snapshot source missing non-empty Anvil state file" failure in the Publish Testnode workflow. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Collaborator
Author
|
✅ Proof: fix verified in CI. Dispatched the previously-failing Publish Testnode workflow on this branch, scoped to the exact combo that was failing (
With |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The Publish Testnode workflow fails at Generate snapshot with:
The full init sequence (L1→L2→L3 rollups, token bridges, deposits) succeeds — it only dies when capturing the snapshot because anvil's
state.jsonnever lands on the host.Root cause
ghcr.io/foundry-rs/foundry:v1.3.5runs anvil as the non-rootfoundryuser (uid 1000), confirmed from the image config:The L1 service dumps state into a host bind mount (
../config/anvil-state:/state,--state=/state/state.json --state-interval=1). On Linux CI runners that directory is owned by the runner user, so anvil (uid 1000) can't write it — the periodic and on-exit state dumps silently fail and no snapshot is produced.Docker Desktop on macOS maps bind-mount writes to the host user regardless of container uid, which is why this only broke in CI ("works locally, fails in CI").
Fix
Run the L1 anvil service as root (
user: "0:0") so the state dump can write the bind mount. One-line change plus an explanatory comment.Proof
Verified by dispatching the previously-failing Publish Testnode workflow on this branch — see the linked green run in the PR comments.
Follow-up (not in this PR)
finalizeFreshInitrunsdocker compose downbeforewaitForAnvilStateFile, so the failure-dump step captures no anvil logs (containers are already gone). Worth reordering log capture before teardown so future failures are diagnosable.