Skip to content

ci: run InstallerAuto.php as apache, not root#782

Merged
kojiromike merged 1 commit into
openemr:masterfrom
kojiromike:ci-test-drop-privs
Jun 5, 2026
Merged

ci: run InstallerAuto.php as apache, not root#782
kojiromike merged 1 commit into
openemr:masterfrom
kojiromike:ci-test-drop-privs

Conversation

@kojiromike
Copy link
Copy Markdown
Member

@kojiromike kojiromike commented Jun 4, 2026

What

Add --user apache to the Install step in test-actions-core/action.yml so InstallerAuto.php runs as the apache user instead of root.

Why

openemr/openemr#12267 added RootCliGuard, which aborts the installer when it runs as a root CLI (UID 0). The CI harness runs InstallerAuto.php via docker compose exec, which defaults to root in every slot, so every install-driven test slot now fails the guard.

Approach

The Install step is shared across all slots (7.0.4, 8.0.0, 8.1.0, 8.1.1, binary, flex). --user apache is portable: the apache user (uid 1000) and an apache-owned openemr/ tree exist in every slot's Dockerfile. su-exec was not an option — #743 only added it to flex/8.1.1/binary, so hardcoding it would break 7.0.4/8.0.0/8.1.0 with "su-exec: not found".

phpunit steps are unaffected: interface/globals.php skips the guard under PHPUNIT_COMPOSER_INSTALL, so those bootstraps stay exempt even as root.

Validation

  • 8.1.1 (production path) validated locally: patched install on a fresh DB exits 0 with no RootCliGuard/RuntimeException, writes sqlconf.php as apache:apache with $config = 1, web returns HTTP 302; phpunit --testsuite unit → 275 tests pass.
  • flex prod mode is structurally identical (baked, apache-owned) → covered by the 8.1.1 result.
  • flex dev mode relies on the already-merged feat(devtools): drop privileges to apache for OpenEMR CLI invocations #743 entrypoint, which (running as root) chowns the mounted source to apache before the --user apache exec — exercised by CI here.

Unblocks #777, which only needs a rebase once this lands.

Assisted-by: Claude Code

@kojiromike
ci: run InstallerAuto.php as apache, not root
2ce1e4a 
openemr/openemr#12267 added RootCliGuard, which aborts the CI installer
when it runs as root (UID 0). The Install step in test-actions-core is
shared across all slots (7.0.4, 8.0.0, 8.1.0, 8.1.1, binary, flex), so
add --user apache rather than su-exec (which openemr#743 only added to
flex/8.1.1/binary). apache owns the baked source in every slot, so it
can write sqlconf.php and generated keys.

phpunit steps are unaffected: interface/globals.php skips the guard
under PHPUNIT_COMPOSER_INSTALL.

Assisted-by: Claude Code
Copilot AI review requested due to automatic review settings June 4, 2026 19:15
Copilot AI reviewed Jun 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the shared CI composite action to run the OpenEMR installer script (InstallerAuto.php) inside the container as the apache user rather than as root, avoiding failures introduced by OpenEMR’s RootCliGuard when installer/CLI paths execute with UID 0.

Changes:

  • Add docker compose exec --user apache to the “Install” step in the shared test action.
  • Document why the installer must not run as root and why --user is chosen over su-exec.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@kojiromike kojiromike requested a review from bradymiller June 4, 2026 19:28
@kojiromike kojiromike merged commit f8fb94e into openemr:master Jun 5, 2026
35 checks passed
@kojiromike kojiromike deleted the ci-test-drop-privs branch June 5, 2026 14:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@bradymiller bradymiller bradymiller approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kojiromike @bradymiller