Support running an action as a non-root user

[spkane]

Act version

act version 0.2.26

Feature description

Some things simply fail if you try to run them as root.

In my case I am installing Linuxbrew, to manage some additional software dependencies and it fails because it refuses to install when run as the root user.

[pre-commit checks/pre-commit-checks] ⭐  Run Install Linuxbrew
[pre-commit checks/pre-commit-checks]   🐳  docker exec cmd=[bash --noprofile --norc -e -o pipefail /var/run/act/workflow/3] user= workdir=
| Warning: Running in non-interactive mode because `$CI` is set.
| ==> Checking for `sudo` access (which may request your password)...
| Don't run this as root!
[pre-commit checks/pre-commit-checks]   ❌  Failure - Install Linuxbrew
[pre-commit checks/pre-commit-checks] exit with `FAILURE`: 1

It would be nice if the containers had another user, called something like runner or nonpriv that could be used for a single action somehow when required.

[jayvdb]

I also ran into this, and here is my recipe, still a bit of a WIP trying to reach installation of ktlint, and the if [ .. ] here is because I use act -r -j ... locally

      - name: Set up Homebrew (Linux)
        if: ${{ matrix.os == 'ubuntu-22.04' }}
        shell: bash
        env:
          LB_USERNAME: linuxbrew
        run: |
          if [ ! -f /home/$LB_USERNAME/.linuxbrew/bin/brew ]; then
            rm -rf /home/$LB_USERNAME/
            deluser $LB_USERNAME
            adduser --disabled-password --gecos "" $LB_USERNAME
            wget -c https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh
            # https://stackoverflow.com/questions/72435188/how-to-install-brew-using-a-shallow-clone
            sed -i 's:"git" "fetch":"git" "fetch" "--depth" "1":' install.sh
            sed -i '/"update" "--force"/d' install.sh
            mv install.sh /tmp
            chmod a+r /tmp/install.sh
            echo "export HOMEBREW_NO_AUTO_UPDATE=1" >> /home/$LB_USERNAME/.profile
            su -l $LB_USERNAME -c "CI=1 USER=$LB_USERNAME bash /tmp/install.sh"
            echo "eval \"\$(/home/$LB_USERNAME/.linuxbrew/bin/brew shellenv)\"" >> /home/$LB_USERNAME/.profile
          fi
          chmod a+x /home/$LB_USERNAME/.linuxbrew/bin/brew
          chmod a+x /home/$LB_USERNAME/.linuxbrew/Homebrew/bin/brew
          su -l $LB_USERNAME -c 'brew tap holgerbrandl/tap https://github.com/holgerbrandl/homebrew-tap'
          su -l $LB_USERNAME -c 'time brew install ktlint kscript'
          eval "$(/home/$LB_USERNAME/.linuxbrew/bin/brew shellenv)"
          which ktlint kscript

[ChristopherHX]

Can anyone confirm if this is still a problem? Non root user container support should be available in the current version.

You now need to choose a non root user container: act -P ubuntu-latest=ghcr.io/catthehacker/ubuntu:runner-latest

Change ubuntu-latest to the runs-on value you specified.

[jayvdb]

I see the "runner" images are documented at https://github.com/catthehacker/docker_images , but not at https://github.com/nektos/act/blob/master/IMAGES.md and IMO the root/non-root distinction is worth mentioning at https://github.com/nektos/act/blob/master/README.md#runners

[alvis]

@ChristopherHX I've tried ubuntu:runner-20.04 and it's working fine for me ✅

[Stanzilla]

It installs fine but the brew command is not available afterwards:

Run Main Set up Homebrew
[Update Wiki API Documentation/update-wiki-api-docs]   🐳  docker cp src=/home/stan/.cache/act/Homebrew-actions-setup-homebrew@master/ dst=/var/run/act/actions/Homebrew-actions-setup-homebrew@master/
[Update Wiki API Documentation/update-wiki-api-docs]   🐳  docker exec cmd=[node /var/run/act/actions/Homebrew-actions-setup-homebrew@master/setup-homebrew/main.mjs] user= workdir=
| [command]/bin/bash /run/act/actions/Homebrew-actions-setup-homebrew@master/setup-homebrew/main.sh false false auto false  false
| Could not find 'brew' command in PATH or standard locations.
[Update Wiki API Documentation/update-wiki-api-docs]   ❗  ::error::The process '/bin/bash' failed with exit code 1
[Update Wiki API Documentation/update-wiki-api-docs]   ❌  Failure - Main Set up Homebrew
[Update Wiki API Documentation/update-wiki-api-docs] exitcode '1': failure

[ChristopherHX]

I would expect that setup actions would install tools like brew and not assert that these has been preinstalled.