With TorizonCore Builder there is a certain behavior for setting the ownership of files and directories that get generated. Simply it copies the UID/GID of the current working directory used by TorizonCore Builder and uses that to set the UID/GID of all files and directories generated.
If output_provisioned is root owned then that must mean the working directory was root owned as well. Therefore you need the working directory to have the UID/GID you want output_provisioned to have. Though I don’t know how trivial or complex this is for your CI system.
I still think there is a first-use bug somewhere as the working directory is owned by the user “tcagent” as are all its contents, and this is the user the service runs as. The issue is unrelated to CI as the same thing happened in a different checkout. However, after removing the folder(s) and repeating the build the problem does not seem to recur.
However, after removing the folder(s) and repeating the build the problem does not seem to recur.
That sounds very strange. Could you see if you could find a reproducible way to make this behavior happen. That way we can analyze if there really is a first-use bug of some kind.
I think I foundthe problem and it’s cleanup related. These folders generated during the build are all created and owned by root during the process, but it looks like they are chmodded as a last step before the process completes. So if something interrupts or causes the tcb command to abort, you will be left with these uncleanable directories.
You can easily reproduce this e.g. with the ‘bundle’ command and then press CTRL-C before it completes - the specified output directory and its contents will remain owned by root with 644 permissions (rw-r–r–)