Option "include" in manifest.yml file does not preserve files permission

[DenisMedeiros]

Hi all,

We are facing an issue when using the option include in the manifest.yml file, where the permissions of the included files are not preserved.

Our manifest.yaml file looks like:

packages:
  poc:
    actions:
      example:
        annotations:
          web-export: true
        function: src/example
        include:
          - ["tls"]
          - ["virtualenv"]
          - ["requirements.txt"]
        inputs: {}
        runtime: python:3.9
        version: 1.0.0
        web: true
    version: 1.0.0

Inside of the directly tls, we have some TLS certificates that are used by PostgreSQL, and the private key must have the limited permissions (600 if owned by a regular user, or 640 is owned by root - reference). In our local environment, the files have the permissions set properly:

-rw-------  1 denis  test  1703 Apr  5 16:30 tls/client-tls.key

However, once it's deployed, the TLS files are copied with broader access (644) and then the PostgreSQL connection fails complaining about the permissions.

Is there a way to include these files and also keeping the existing permissions? A workaround so far is to make the Python code to fix the files permissions but ideally it would be nice if this could be fixed during deployment (rather than in each function run).

Thanks in advance.