Open mpconte opened 2 years ago
I'm getting this same error on GitHub-hosted runners, in the container docker.io/homebrew/ubuntu22.04
:
Run actions/checkout@v3
/usr/bin/docker exec ed6660d87643174caa84af01b2dbb9fdb674b0c924ad206c2a17f548d5f1eefb sh -c "cat /etc/*release | grep ^ID"
node:internal/fs/utils:344
throw err;
^
Error: EACCES: permission denied, open '/__w/_temp/_runner_file_commands/save_state_07a163e4-5330-44dc-9944-6f61ac3f315f'
at Object.openSync (node:fs:585:3)
at Object.writeFileSync (node:fs:2153:35)
at Object.appendFileSync (node:fs:2215:6)
at Object.issueFileCommand (/__w/_actions/actions/checkout/v3/dist/index.js:2344:8)
at Object.saveState (/__w/_actions/actions/checkout/v3/dist/index.js:11928:31)
at Object.153 (/__w/_actions/actions/checkout/v3/dist/index.js:4095:10)
at __webpack_require__ (/__w/_actions/actions/checkout/v3/dist/index.js:22:30)
at Object.287 (/__w/_actions/actions/checkout/v3/dist/index.js:7064:34)
at __webpack_require__ (/__w/_actions/actions/checkout/v3/dist/index.js:22:30)
at Object.853 (/__w/_actions/actions/checkout/v3/dist/index.js:31838:36) {
errno: -[13](https://github.com/nschmeller/dotfiles/actions/runs/3826496339/jobs/6510334541#step:3:14),
syscall: 'open',
code: 'EACCES',
path: '/__w/_temp/_runner_file_commands/save_state_07a163e4-5330-44dc-9944-6f61ac3f3[15](https://github.com/nschmeller/dotfiles/actions/runs/3826496339/jobs/6510334541#step:3:16)f'
}
I'm invoking the action as
runs-on: ubuntu-latest
container:
image: docker.io/homebrew/ubuntu22.04
steps:
- uses: actions/checkout@v3
name: Clone this repository
Looks like https://github.com/actions/checkout/issues/956 is related...
I think https://github.com/actions/checkout/issues/956 has workarounds, so I think this issue can be closed.
The workaround that I used was to "override the default container user and use 'root'":
container:
image: alpine:latest
options: --user root
Thanks for the workaround. I faced this kind of permission error on the "Post Run actions/check" process when running the container by a regular user.
https://github.com/junaruga/ruby/actions/runs/4175636293/jobs/7230829664
Error: EACCES: permission denied, open '/__w/_temp/_runner_file_commands/save_state_90003fcf-9614-4b4d-8680-bf040803c6fc'
at Object.openSync (node:fs:585:3)
at Object.writeFileSync (node:fs:2170:35)
at Object.appendFileSync (node:fs:2232:6)
at Object.issueFileCommand (/__w/_actions/actions/checkout
As an behavior of the software is a bit different between root and regular users, I still want to run the container by a regular user.
You can override the default container user using options: --user root
Yes, that's what I am doing it now. But ideally, I want to run the unit tests in the container by a regular user. Because there is a bit of difference between running the program by a regular user and the root user in my case.
Adding my 2 cents as well, we want to specifically not run as root so the workaround doesn't work in our case. We figured any other way around this?
I have my own workaround - nonroot:
# add to dockerfile RUN mkdir -m 1777 /__w
+1 I am facing this similar issue after I upgraded my Github runner version from 2.303.0 to 2.308.0.
Today GitHub only supports root users on the container, so we likely will only get workarounds unless/until that changes.
anyone has a working workaround? my setup is that we are building our base image for running tests - that has all the packages installed. the user in that base image needs to be non-root because of SQLAlchemy tests that require that. we are running self hosted runner in K8S - runner-scale-set.
Facing same issue on Ubuntu 22.04 LTS
Anyone got to know any fix for the issue ? I am stuck with it for 2 days. Need to run container test suite as non-root
I got rid of the EACCES
after installing the runner in the /
directory. So the path is /actions-runner
.
I did create the directory using sudo, and then change the permisions and ownership using chown
and chmod
.
I hope it is useful for someone.
This is also related to https://github.com/actions/checkout/issues/1552
I get this when using a larger runner as well (following https://docs.github.com/en/actions/using-github-hosted-runners/about-larger-runners/running-jobs-on-larger-runners)
I have a self hosted actions-runner on Ubuntu 20.04. It runs without sudo. It was having this problem.
Adding this "cleanup old checkout" step is working for me.
steps:
# The "cleanup old checkout" step is needed because of this bug: https://github.com/actions/checkout/issues/1014
- name: cleanup old checkout
run: chmod +w -R ${GITHUB_WORKSPACE}; rm -rf ${GITHUB_WORKSPACE}/*;
- name: Check out repository
uses: actions/checkout@v4
The easiest way to workaround this is to go back to actions/upload-artifact@v2 not ideal although but it works
pavel.slavinskiy@yandex.ru
Post job cleanup. /usr/bin/git version git version 2.43.0 Temporarily overriding HOME='/home/runner/work/_temp/82270d65-7fc0-4573-a3d3-808b3e966a08' before making global git config changes Adding repository directory to the temporary git global config as a safe directory /usr/bin/git config --global --add safe.directory /home/runner/work/git-manpages-l10n/git-manpages-l10n /usr/bin/git config --local --name-only --get-regexp core.sshCommand /usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core.sshCommand' && git config --local --unset-all 'core.sshCommand' || :" /usr/bin/git config --local --name-only --get-regexp http.https\:\/\/github.com\/.extraheader http.https://github.com/.extraheader
Hi all,
I am not sure if this is still a valid place to comment, but I got similar errors and I want to give you some feedback and workaround.
The initial idea is to not use root, so we wanted non-root
access to some host folders inside our container.
The solution mentioned earlier RUN mkdir -m 1777 /__w
does not work (anymore) as of today.
Runner version [v2.315.0]
and [v2.316.0]
were tested here on GHE 3.12.
Another hint I need to give: https://docs.github.com/en/enterprise-server@3.12/actions/creating-actions/dockerfile-support-for-github-actions#user
Github still suggests to use root.
Anyways, this is the workaround for non-root
access inside container.
--userns=host
option, see: https://docs.docker.com/engine/security/userns-remap/#disable-namespace-remapping-for-a-containerRUN useradd runner_1000 -m -u 1000 -s /bin/bash
for the UID 1000 to exist inside the docker container.This made it work. The cleanup step was not throwing access errors anymore.
:warning: Please do know that you might mitigate some security features and you might be exposing too many files and access rights.
I wish that Github would fix the access to the host folders that are anyways used inside the container...
Best regards
In an effort to checkout a repo within a container that's being self hosted on a Linux VM running Ubuntu 20.04 as follows:
With the image Docker file defined as:
I get the following error: