Closed pharindoko closed 1 year ago
For EC2 instances, this could be added here, then the user can use sudo if needed.
sorry had a wrong understanding what exactly RUNNER_ALLOW_RUNASROOT does :)
For EC2 instances, this could be added here, then the user can use sudo if needed.
https://github.com/CloudSnorkel/cdk-github-runners/blob/29708ebe9a83cf84566a7073cda60dd6bbff402a/src/providers/image-builders/linux-components.ts#L44 @lazyfrosch: I like your idea :) (... we have already discussed it internally)
@kichik what`s your opinion ?
Are you guys saying you can't sudo
in your jobs? What's the exact runner configuration you're using? This is tested in the integration tests and seems to be working.
We use EC2 (spot) instances, but there is no sudo rule for runner
. We just added the following component to our default builder:
defaultBuilder.addComponent(
new ImageBuilderComponent(defaultBuilder, `sudo-for-runner`, {
platform: 'Linux',
displayName: 'Allow sudo for runner',
description: 'Grant sudo with NOPASSWD for runner user',
commands: [
'set -ex',
'echo "runner ALL=(ALL) NOPASSWD: ALL" >/etc/sudoers.d/github-runner',
'chmod 0400 /etc/sudoers.d/github-runner'
],
})
);
Turns out we don't have the tests I thought we did.
It would be great to have an option to run the runner job as root user. this option has been built in ... https://github.com/actions/runner/blob/caec043085990710070108f375cd0aeab45e1017/images/Dockerfile#L20
and would be set when you configure a runner e.g. here https://github.com/CloudSnorkel/cdk-github-runners/blob/ae30d9050e2cc2a4280ab4663ae82459c011a30b/src/providers/docker-images/lambda/linux-arm64/runner.sh#L11
Would look like this: