Add option to remove container when action is done

[savvn001]

Hi, I'm getting the following error when Github actions is trying to start a container and run commands. I have a simple workflow file, running on a self hosted runner.

name: run-tests
run-name: ${{ github.actor }} is running
on:
  push:
    # Sequence of patterns matched against refs/heads
    branches:    
      - develop
  workflow_dispatch:

env:
  ARCH: amd64

jobs:
  run-tests:
    runs-on: self-hosted
    steps:

      - uses: actions/checkout@v4

      - name: Build and run dev container task
        uses: devcontainers/ci@v0.3.1900000348
        with:
          # ci.sh script builds and runs all unit tests 
          runCmd: chmod +x ./ci.sh && ./ci.sh
        env:
          ARCH: amd64

Github actions can build the dev container, but fails at the "run command in container" step of the "Build and run dev container" task.

🚀 Run command in container
  About to run devcontainer exec --workspace-folder /home/me/actions-runner/_work/my_repo --remote-env GITHUB_OUTPUT=/mnt/github/output --remote-env GITHUB_ENV=/mnt/github/env --remote-env GITHUB_PATH=/mnt/github/path --remote-env GITHUB_STEP_SUMMARY=/mnt/github/step-summary bash -c chmod +x ./ci.sh && ./ci.sh

  OCI runtime exec failed: exec failed: unable to start container process: current working directory is outside of container mount namespace root -- possible container breakout detected: unknown

  Error: Dev container exec failed: (exit code: 126)
  Error: Dev container exec failed: (exit code: 126)

I'm not sure exactly where this is originating from. If I cd to /home/me/actions-runner/_work/my_repo and do devcontainer exec --workspace-folder . I get the same error msg:

OCI runtime exec failed: exec failed: unable to start container process: current working directory is outside of container mount namespace root -- possible container breakout detected: unknown

[savvn001]

I should add, dev containers normally works fine when I use it directly in my project repo.

I can do devcontainer up --workspace-folder . and then do devcontainer exec --workspace-folder . <some command> with no issues at all.

[chrmarti]

This looks like https://github.com/opencontainers/runc/commit/8e1cd2f56d518f8d6292b8bb39f0d0932e4b6c2a which made it into runc 1.1.12. You can check the runc version with docker version.

[savvn001]

@chrmarti Sorry, to update this issue, this issue only happens when there was an issue with the container itself, and it didn't stop properly, and then on the next run it tries to start that same container.

For some reason the devcontainer ci doesn't clean up after itself. I added an extra step in GH actions to manually stop and prune all containers so that it always starts a fresh one on the next run:

      # Devcontainers CLI doesn't clean up at all. So stop, remove and
      # manually prune container
      - name: Clean up stopped container
        run: docker stop $(docker ps -a -q) && docker rm $(docker ps -a -q) && docker container prune -f 

[savvn001]

Otherwise, docker version is:

Client: Docker Engine - Community
 Version:           25.0.5
 API version:       1.44
 Go version:        go1.21.8
 Git commit:        5dc9bcc
 Built:             Tue Mar 19 15:05:18 2024
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          25.0.5
  API version:      1.44 (minimum version 1.24)
  Go version:       go1.21.8
  Git commit:       e63daec
  Built:            Tue Mar 19 15:05:18 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.28
  GitCommit:        ae07eda36dd25f8a1b98dfbf587313b99c0190bb
 runc:
  Version:          1.1.12
  GitCommit:        v1.1.12-0-g51d5e94
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

[chrmarti]

We could add an option to remove the container when the action is done.