From 068d4e81c76dc051ef611c7513fc17653c4e8f7f Mon Sep 17 00:00:00 2001
From: Chris Evich <cevich@redhat.com>
Date: Mon, 5 Feb 2024 11:16:30 -0500
Subject: [PATCH] Allow CI user to cleanup own files

According to https://go.dev/ref/mod#module-cache golang will leave
behind read-only bits.  It was observed that these cause the find/rm
cleanup operations to fail fail with `permission denied` on thousands
of files.  This is preventing cleanup of cruft from unrelated Cirrus-tasks
leading to unnecessary occupation of critical, local-ssd storage space.
Fix this by ensuring the user has at least write access to the entire
contents of `$TMPDIR` and `$HOME`, `ci` subdirs.

Signed-off-by: Chris Evich <cevich@redhat.com>
---
 contrib/cirrus/mac_cleanup.sh | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/contrib/cirrus/mac_cleanup.sh b/contrib/cirrus/mac_cleanup.sh
index 37e8081b8f..cf02f7acb8 100755
--- a/contrib/cirrus/mac_cleanup.sh
+++ b/contrib/cirrus/mac_cleanup.sh
@@ -11,14 +11,26 @@ set +e -x
 # These are the main processes which could leak out of testing.
 killall podman vfkit gvproxy make go ginkgo
 
+# Golang will leave behind lots of read-only bits, ref:
+# https://go.dev/ref/mod#module-cache
+# However other tools/scripts could also set things read-only.
+# At this point in CI, we really want all this stuff gone-gone,
+# so there's actually zero-chance it can interfere.
+chmod -R u+w /private/tmp/ci/* /private/tmp/ci/.??*
+
 # This is defined as $TMPDIR during setup.  Name must be kept
 # "short" as sockets may reside here.  Darwin suffers from
 # the same limited socket-pathname character-length restriction
 # as Linux.
 rm -rf /private/tmp/ci/* /private/tmp/ci/.??*
 
-# Don't clobber the $CIRRUS_WORKING_DIR for this (running) task.
+# Don't change or clobber anything under $CIRRUS_WORKING_DIR for
+# the currently running task.  But make sure we have write permission
+# (go get sets dependencies ro) for everything else, before removing it.
+# First make everything writeable - see the "Golang will..." comment above.
 # shellcheck disable=SC2154
+find "${ORIGINAL_HOME:-$HOME}/ci" -mindepth 1 -maxdepth 1 \
+    -not -name "*task-${CIRRUS_TASK_ID}*" -prune -exec chmod -R u+w '{}' +
 find "${ORIGINAL_HOME:-$HOME}/ci" -mindepth 1 -maxdepth 1 \
     -not -name "*task-${CIRRUS_TASK_ID}*" -prune -exec rm -rf '{}' +