Broken on Github's ubuntu-latest runner

[theCalcaholic]

Behaviour

Steps to reproduce this issue

1. Create a workflow with the following job:

   jobs:
     setup-qemu:
       runs-on: ubuntu-latest # or ubuntu-22.04
       steps:
         - name: setup qemu
           uses: docker/setup-buildx-action@v2

2. Run the workflow

Expected behaviour

setup-qemu-action should setup binfmt and qemu successfully.

Actual behaviour

The job fails with:

> Run docker/setup-qemu-action@v2
> Docker info
> Pulling binfmt Docker image
> Image info
> Installing QEMU static binaries
  /usr/bin/docker run --rm --privileged tonistiigi/binfmt:latest --install all
  error: operation not permitted
  cannot mount binfmt_misc filesystem at /proc/sys/fs/binfmt_misc
  main.run
    /src/cmd/binfmt/main.go:183
  main.main
    /src/cmd/binfmt/main.go:170
  runtime.main
    /usr/local/go/src/runtime/proc.go:250
  runtime.goexit
    /usr/local/go/src/runtime/asm_amd64.s:1571
> Extracting available platforms
Error: Unexpected end of JSON input

Configuration

• Repository URL (if public): https://github.com/nextcloud/nextcloudpi
• Build URL (if public): https://github.com/nextcloud/nextcloudpi/actions/runs/5529886024/jobs/10088602638

YAML workflow file (shortened to the relevant portion):

name: 'Docker Integration Tests and Release'

on:
  workflow_call:
    inputs:
      git_ref:
        required: true
        type: string
      arch:
        required: false
        type: string
        default: 'x86'
  push:
    branches:
      - docker-stable
      - docker-devel
  pull_request:
    branches:
      - docker-stable
      - docker-devel
      - release/docker/*

jobs:
  build:
    if: ${{ github.repository == 'nextcloud/nextcloudpi' }}
    runs-on: ubuntu-latest
    env:
      VERSION: "${{ inputs.git_ref || github.ref }}"
      ARCH: "${{ inputs.arch || 'x86' }}"
      LOG_DCKR: "\\033[1;34mDCKR::\\033[0m"
      LOG_NCP: "\\033[1;36m~NCP::\\033[0m"
      LOG_CICD: "\\033[1;35mCICD::\\033[0m"
      LOG_TEST: "\\033[1;33mTEST::\\033[0m"
      LOG_DIAG: "\\033[1;31mDIAG::\\033[0m"
    steps:
      - name: Setup Docker Buildx
        uses: docker/setup-buildx-action@v2

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2

      - name: Checkout code
        uses: actions/checkout@v3
        with:
          ref: "${{ env.VERSION }}"

      - name: Login to docker
        run: |
          echo "${{ secrets.DOCKER_PASSWORD_INTERNAL }}" | docker login -u "${{ secrets.DOCKER_LOGIN_INTERNAL }}" --password-stdin

      - name: Build images
        id: build-container
        run: |
          ./build/build-docker.sh "${ARCH?}"
          docker tag "ownyourbits/nextcloudpi-${ARCH?}:latest" "thecalcaholic/ncp-internal-${ARCH?}:${{ github.run_id }}"
          testing_image="ownyourbits/nextcloudpi-${ARCH?}:latest"
          [[ "${ARCH?}" == "x86" ]] || testing_image="ownyourbits/ncp-qemu-fix-${ARCH?}:latest"
          docker tag "${testing_image}" "thecalcaholic/ncp-internal-${ARCH?}:${{ github.run_id }}-testing"
          docker push "thecalcaholic/ncp-internal-${ARCH?}:${{ github.run_id }}"
          docker push "thecalcaholic/ncp-internal-${ARCH?}:${{ github.run_id }}-testing"

Logs

setup-qemu-action-logs.zip

[crazy-max]

Looking at your docker info output, there's something odd with your runner compared to a public one: https://github.com/nextcloud/nextcloudpi/actions/runs/5529886024/jobs/10088602638#step:3:44

3c3
<    Version:           20.10.25+azure-2
---
>    Version:           20.10.25+azure-1
5c5
<    Go version:        go1.19.10
---
>    Go version:        go1.19.9
14c14
<     Version:          20.10.25+azure-2
---
>     Version:          20.10.25+azure-1
16c16
<     Go version:       go1.19.10
---
>     Go version:       go1.19.9
35,36c35,36
<     buildx: Docker Buildx (Docker Inc., 0.11.0+azure-1)
<     compose: Docker Compose (Docker Inc., 2.19.0+azure-1)
---
>     buildx: Docker Buildx (Docker Inc., 0.10.4+azure-1)
>     compose: Docker Compose (Docker Inc., 2.18.0+azure-1)
39,40c39,40
<    Containers: 0
<     Running: 0
---
>    Containers: 1
>     Running: 1
43,49c43,45
<    Images: 19
<    Server Version: 20.10.25+azure-2
<    Storage Driver: overlay2
<     Backing Filesystem: extfs
<     Supports d_type: true
<     Native Overlay Diff: false
<     userxattr: false
---
>    Images: 1
>    Server Version: 20.10.25+azure-1
>    Storage Driver: fuse-overlayfs
51c47
<    Cgroup Driver: cgroupfs
---
>    Cgroup Driver: systemd
69c65
<    Kernel Version: 5.15.0-1041-azure
---
>    Kernel Version: 5.19.0-46-generic
74,76c70,72
<    Total Memory: 6.769GiB
<    Name: fv-az1246-293
<    ID: XBHE:RVNQ:HBDP:OJ2N:BTWO:2U7W:54S3:4W73:PZYS:MEPG:WIZN:AARQ
---
>    Total Memory: 6.519GiB
>    Name: garm-BGZU1eqVp3MP
>    ID: VSE7:N3C7:RHGU:45D3:6S5L:J67K:JVIQ:ON4I:JP66:AN64:X3W4:NC3E
79d74
<    Username: githubactions
84a80,81
>    Registry Mirrors:
>     http://docker-registry:5000/
85a83,85
>   
>   WARNING: bridge-nf-call-iptables is disabled
>   WARNING: bridge-nf-call-ip6tables is disabled

Looks like ubuntu-latest is not a public runner in your organization but a self-hosted one.

Closing since that does not seem an issue with the action but runner configuration.

[theCalcaholic]

@crazy-max Actually, I'm relatively sure that I'm using the official github hosted runners. What makes you think otherwise? :thinking:

[crazy-max]

Actually I encounter a similar issue on another repo where ubuntu-latest runner was not consistent: https://github.com/tonistiigi/xx/pull/116

Looks like the latest runner image is not synced properly across their infra:

One is 20230710.1.0 and the other 20230517.1 while being part of the same matrix using ubuntu-latest. So I'm pretty confident this is a GitHub runner issue that should be reported in https://github.com/actions/runner-images. (fyi @cpuguy83)

[crazy-max]

@theCalcaholic In your case you're not using a public runner from what I see though: https://github.com/nextcloud/nextcloudpi/actions/runs/5529886024/jobs/10088602638#step:3:44

[theCalcaholic]

I see, thank you. Looks, like this is due to GH organization policy - I didn't even realize that. (I don't actually belong to the Nextcloud company which owns the Github org, but am maintaining a community project within their GH namespace).