actions / runner-container-hooks

Runner Container Hooks for GitHub Actions
MIT License
76 stars 46 forks source link

document Docker requirement for hooks #30

Closed Shegox closed 1 year ago

Shegox commented 2 years ago

Hi,

really awesome project and awesome options one can do with it! Thanks for providing this.

I tried today building my own container-hook and I struggled quite long to figure out that one requires to have the docker-cli installed anyway to have the hooks invoked. I assume the runner checks during start up if docker exists and if not bails early:

2022-08-31T14:30:57.3633295Z Requested labels: self-hosted
2022-08-31T14:30:57.3633387Z Job defined at: Shegox/actions-hook-test/.github/workflows/manual.yml@refs/heads/main
2022-08-31T14:30:57.3633405Z Waiting for a runner to pick up this job...
2022-08-31T14:30:58.1937121Z Job is about to start running on the runner: 8ec3dc71b260 (repository)
2022-08-31T14:31:10.3442300Z Current runner version: '2.296.0'
2022-08-31T14:31:10.3490931Z Runner name: '8ec3dc71b260'
2022-08-31T14:31:10.3495568Z Runner group name: 'Default'
2022-08-31T14:31:10.3502112Z Machine name: '8ec3dc71b260'
2022-08-31T14:31:10.3516066Z ##[group]GITHUB_TOKEN Permissions
2022-08-31T14:31:10.3521655Z Actions: write
2022-08-31T14:31:10.3523630Z Checks: write
2022-08-31T14:31:10.3525438Z Contents: write
2022-08-31T14:31:10.3527066Z Deployments: write
2022-08-31T14:31:10.3528799Z Discussions: write
2022-08-31T14:31:10.3530533Z Issues: write
2022-08-31T14:31:10.3532072Z Metadata: read
2022-08-31T14:31:10.3533947Z Packages: write
2022-08-31T14:31:10.3535620Z Pages: write
2022-08-31T14:31:10.3537222Z PullRequests: write
2022-08-31T14:31:10.3539129Z RepositoryProjects: write
2022-08-31T14:31:10.3540996Z SecurityEvents: write
2022-08-31T14:31:10.3542692Z Statuses: write
2022-08-31T14:31:10.3544555Z ##[endgroup]
2022-08-31T14:31:10.3569590Z Secret source: Actions
2022-08-31T14:31:10.3576656Z Prepare workflow directory
2022-08-31T14:31:11.1249868Z Prepare all required actions
2022-08-31T14:31:11.3129444Z ##[error]docker: command not found
My test workflow file ```yaml # This is a basic workflow that is manually triggered name: Manual workflow # Controls when the action will run. Workflow runs when manually triggered using the UI # or API. on: workflow_dispatch: # Inputs the workflow accepts. inputs: name: # Friendly description to be shown in the UI instead of 'name' description: 'Person to greet' # Default value if no value is explicitly provided default: 'World' # Input has to be provided for the workflow to run required: true # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: # This workflow contains a single job called "greet" greet: # The type of runner that the job will run on runs-on: self-hosted container: image: alpine:3.15 services: redis: image: redis # Steps represent a sequence of tasks that will be executed as part of the job steps: # Runs a single command using the runners shell - name: Send greeting run: echo "Hello ${{ github.event.inputs.name }}" ```

After I installed docker-cli the hooks got correctly invoked. I was now wondering if it makes sense to document that in the CONTRIBUTING.md here or upstream in the runner repository (or probably both)?

Runer version: 2.296.0


I noticed as well that it expects the variable ACTIONS_RUNNER_CONTAINER_HOOKS (with S), but both the ADR and the CONTRIBUTING.md in this repo specify ACTIONS_RUNNER_CONTAINER_HOOK.

nikola-jokic commented 2 years ago

Hey @Shegox, thank you for your kind words!

You are right, we can document this behaviour a bit better. Also, the docker cli is not a hard dependency. If you are trying to leverage Kubernetes hooks, they will work just fine without the need of docker cli being installed. However, we can improve docs to explain just that.

Thank you for raising the issue for the runner ADR! I will create an issue in the runner repo and create a fix for that :relaxed:

Shegox commented 2 years ago

Thanks a lot!

From my testing it seems like the docker-cli is a hard dependency. Because the error is thrown before the prepare_job hook is even invoked.

I start my self-hosted runner in a container:

$ docker -v
bash: docker: command not found

$ export RUNNER_ALLOW_RUNASROOT=true
$ export ACTIONS_RUNNER_CONTAINER_HOOKS=/workspaces/runner-container-hooks/packages/k8s/dist/index.js
$ ./run.sh

And the runner debug logs show in the set up job section

2022-09-01T11:01:37.6288018Z ##[debug]Update context data
2022-09-01T11:01:37.6303660Z ##[debug]Evaluating job-level environment variables
2022-09-01T11:01:38.0344082Z ##[debug]Evaluating job container
2022-09-01T11:01:38.1823090Z ##[debug]Evaluating job service containers
2022-09-01T11:01:38.1837533Z ##[debug]Evaluating job defaults
2022-09-01T11:01:38.2241052Z Prepare all required actions
2022-09-01T11:01:38.3838627Z ##[error]docker: command not found
2022-09-01T11:01:38.3902841Z ##[debug]System.IO.FileNotFoundException: docker: command not found
2022-09-01T11:01:38.3905628Z ##[debug]File name: 'docker'
2022-09-01T11:01:38.3908668Z ##[debug]   at GitHub.Runner.Sdk.WhichUtil.Which(String command, Boolean require, ITraceWriter trace, String prependPath)
2022-09-01T11:01:38.3913210Z ##[debug]   at GitHub.Runner.Worker.Container.DockerCommandManager.Initialize(IHostContext hostContext)
2022-09-01T11:01:38.3916703Z ##[debug]   at GitHub.Runner.Common.HostContext.CreateService[T]()
2022-09-01T11:01:38.3919642Z ##[debug]   at GitHub.Runner.Common.HostContext.GetService[T]()
2022-09-01T11:01:38.3922993Z ##[debug]   at GitHub.Runner.Worker.ContainerOperationProvider.Initialize(IHostContext hostContext)
2022-09-01T11:01:38.3926416Z ##[debug]   at GitHub.Runner.Common.HostContext.CreateService[T]()
2022-09-01T11:01:38.3929274Z ##[debug]   at GitHub.Runner.Common.HostContext.GetService[T]()
2022-09-01T11:01:38.3932825Z ##[debug]   at GitHub.Runner.Worker.JobExtension.InitializeJob(IExecutionContext jobContext, AgentJobRequestMessage message)
2022-09-01T11:01:38.3956375Z ##[debug]Finishing: Set up job
2022-09-01T11:01:38.5274248Z ##[debug]Finishing: greet

After installing docker into the container it works as expected.

Looking through the code it seems that the DockerCommandManager is always initialized and this has a check that docker needs to be installed:

https://github.com/actions/runner/blob/95459dea5f9a131ec084e2e2b53e8c87f61db81e/src/Runner.Worker/Container/DockerCommandManager.cs#L45-L50

nikola-jokic commented 2 years ago

Oh, I see, it is a requirement from the runner side… I apologize, I did not understand it well. Regarding the env name, I have created an issue and created a PR. Thank you for spotting that!

With regard to documenting the docker dependencies, I will talk to the team to figure out where should we document this and how to approach that.

nikola-jokic commented 2 years ago

Hey @Shegox,

Just to let you know, I am working on a runner fix not to have dependency to check the docker cli when container hooks are enabled. I don't have precise information when it will be merged, but thanks for raising this issue!

nikola-jokic commented 1 year ago

The PR https://github.com/actions/runner/pull/2317 fixing the issue has been merged :relaxed: Sorry for the delay