I have a bazel test that docker build and docker push to google artifact registry a docker image. It fails, because "cannot create private file:
/home/bill/.config/gcloud/credentials.db".
I can turn off bazel sandboxing by either using local=True in bazel rule or avoid docker push (i.e. test with local image). Is there some better work-around?
You can use Bazel's --sandbox_writable_path flag to explicitly specify the path. As mentioned in this Bazel's doc
For sandboxed actions, make an existing directory writable in the sandbox (if supported by the sandboxing implementation, ignored otherwise).
--sandbox_writable_path, which asks the sandbox to make an existing directory writable when running actions.
Seems the flag --sandbox_writable_path applies to the entire build process, Not possible to specify on a per test rule basis.