search

nektos / act

Run your GitHub Actions locally 🚀
https://nektosact.com
MIT License
54.58k stars 1.36k forks source link

Container options not parsed in acrtrc #2412

Open this-oliver opened 2 months ago

this-oliver commented 2 months ago

Bug report info

act version:            0.2.61
GOOS:                   linux
GOARCH:                 amd64
NumCPU:                 20
Docker host:            DOCKER_HOST environment variable is not set
Sockets found:
        /var/run/docker.sock
Config files:
        /home/bob/.config/act/actrc:
                --platform ubuntu-latest=catthehacker/ubuntu:act-latest
                --platform ubuntu-22.04=catthehacker/ubuntu:act-22.04
                --platform ubuntu-20.04=catthehacker/ubuntu:act-20.04
                --platform ubuntu-18.04=catthehacker/ubuntu:act-18.04
                --platform arc=repo.artifactory.org.com/runner-image/releases/v1.1.4:v1.1.4
                --github-instance org.com
                --container-options "--group-add $(stat -c %g /var/run/docker.sock)"
                --replace-ghe-action-with-github-com actions/checkout,actions/setup-node,advanced-security/spdx-dependency-submission-action
Build info:
        Go version:            go1.20.14
        Module path:           github.com/nektos/act
        Main version:          (devel)
        Main path:             github.com/nektos/act
        Main checksum:
        Build settings:
                -buildmode:           exe
                -compiler:            gc
                -trimpath:            true
                CGO_ENABLED:          0
                GOARCH:               amd64
                GOOS:                 linux
                GOAMD64:              v1
                vcs:                  git
                vcs.revision:         e8856f0fb00fcdd16eef2325b845f55f5d346f51
                vcs.time:             2023-08-21T16:17:06Z
                vcs.modified:         true
Docker Engine:
        Engine version:        27.1.1
        Engine runtime:        runc
        Cgroup version:        1
        Cgroup driver:         cgroupfs
        Storage driver:        overlay2
        Registry URI:          https://index.docker.io/v1/
        OS:                    Debian GNU/Linux 12 (bookworm)
        OS type:               linux
        OS version:            12
        OS arch:               x86_64
        OS kernel:             5.15.153.1-microsoft-standard-WSL2
        OS CPU:                20
        OS memory:             31934 MB
        Security options:
                name=seccomp,profile=builtin

Command used with act

gh act

Describe issue

I get the error Cannot parse container options: '"--group-add $(stat -c %g /var/run/docker.sock)"': 'unknown flag: --group-add $(stat -c %g /var/run/docker.sock)' whenever I try to run act with the command --container-options "--group-add $(stat -c %g /var/run/docker.sock)" in the actrc config file but the issue doesn't appear when I run the same flag directly in the command as follows gh act --container-options "--group-add $(stat -c %g /var/run/docker.sock)".

Link to GitHub repository

No response

Workflow content

name: CI

on:
  push:
    branches: main
  pull_request:
    branches: main

jobs:
  quality-analysis:
    runs-on: arc
    steps:
      - name: checkout code
        uses: actions/checkout@v4
      - uses: actions/setup-node@v3
        with:
          node-version: 18
      - name: Install dependencies
        run: npm install
      - name: Run unit tests
        run: npm test

  security:
    runs-on: arc
    steps:
      - name: checkout code
        uses: actions/checkout@v4
      - name: Scan for code/dependency vulnerabilities
        uses: devsecops/action-security@v0
        with:
          report: true

  deploy:
    needs: [quality-analysis, security]
    runs-on: arc
    steps:
      - name: checkout code
        uses: actions/checkout@v4
      - name: build
        run: echo "add build steps here"
      - name: deploy
        run: echo "add deploy steps here"

Relevant log output

DEBU[0000] Handling container host and socket
DEBU[0000] Defaulting container socket to DOCKER_HOST
INFO[0000] Using docker host 'unix:///var/run/docker.sock', and daemon socket 'unix:///var/run/docker.sock'
DEBU[0000] Loading environment from /home/bob/app/.env
DEBU[0000] Loading action inputs from /home/bob/app/.input
DEBU[0000] Loading secrets from /home/bob/app/.secrets
DEBU[0000] Loading vars from /home/bob/app/.vars
DEBU[0000] Evaluated matrix inclusions: map[]
DEBU[0000] Loading workflows from '/home/bob/app/.github/workflows'
DEBU[0000] Loading workflows recursively
DEBU[0000] Found workflow 'ci.yaml' in '/home/bob/app/.github/workflows/ci.yaml'
DEBU[0000] Reading workflow '/home/bob/app/.github/workflows/ci.yaml'
DEBU[0000] Conditional GET for notices etag=3afd0192-3e44-4605-b79d-f67196b544ab
DEBU[0000] Preparing plan with all jobs
DEBU[0000] Using default workflow event: push
DEBU[0000] Planning jobs for event: push
DEBU[0000] gc: 2024-08-02 11:52:44.124777193 +0200 CEST m=+0.004219033  module=artifactcache
DEBU[0000] Plan Stages: [0xc0003b4270 0xc0003b4288]
DEBU[0000] Stages Runs: [quality-analysis security]
DEBU[0000] Job.Name: quality-analysis
DEBU[0000] Job.RawNeeds: {0 0    <nil> []    0 0}
DEBU[0000] Job.RawRunsOn: {8 0 !!str arc  <nil> []    11 14}
DEBU[0000] Job.Env: {0 0    <nil> []    0 0}
DEBU[0000] Job.If: {0 0  success()  <nil> []    0 0}
DEBU[0000] Job.Steps: checkout code
DEBU[0000] Job.Steps: actions/setup-node@v3
DEBU[0000] Job.Steps: Install dependencies
DEBU[0000] Job.Steps: Run unit tests
DEBU[0000] Job.TimeoutMinutes:
DEBU[0000] Job.Services: map[]
DEBU[0000] Job.Strategy: <nil>
DEBU[0000] Job.RawContainer: {0 0    <nil> []    0 0}
DEBU[0000] Job.Defaults.Run.Shell:
DEBU[0000] Job.Defaults.Run.WorkingDirectory:
DEBU[0000] Job.Outputs: map[]
DEBU[0000] Job.Uses:
DEBU[0000] Job.With: map[]
DEBU[0000] Job.Result:
DEBU[0000] Empty Strategy, matrixes=[map[]]
DEBU[0000] Job Matrices: [map[]]
DEBU[0000] Runner Matrices: map[]
DEBU[0000] Final matrix after applying user inclusions '[map[]]'
DEBU[0000] Loading revision from git directory
DEBU[0000] Found revision: c4030f4037c21775edd64dee9fd4a2d78c06f467
DEBU[0000] HEAD points to 'c4030f4037c21775edd64dee9fd4a2d78c06f467'
DEBU[0000] using github ref: refs/heads/ft-workflow
DEBU[0000] Found revision: c4030f4037c21775edd64dee9fd4a2d78c06f467
DEBU[0000] Stages Runs: [quality-analysis security]
DEBU[0000] Job.Name: security
DEBU[0000] Job.RawNeeds: {0 0    <nil> []    0 0}
DEBU[0000] Job.RawRunsOn: {8 0 !!str arc  <nil> []    27 14}
DEBU[0000] Job.Env: {0 0    <nil> []    0 0}
DEBU[0000] Job.If: {0 0  success()  <nil> []    0 0}
DEBU[0000] Job.Steps: checkout code
DEBU[0000] Job.Steps: Scan for code/dependency vulnerabilities
DEBU[0000] Job.TimeoutMinutes:
DEBU[0000] Job.Services: map[]
DEBU[0000] Job.Strategy: <nil>
DEBU[0000] Job.RawContainer: {0 0    <nil> []    0 0}
DEBU[0000] Job.Defaults.Run.Shell:
DEBU[0000] Job.Defaults.Run.WorkingDirectory:
DEBU[0000] Job.Outputs: map[]
DEBU[0000] Job.Uses:
DEBU[0000] Job.With: map[]
DEBU[0000] Job.Result:
DEBU[0000] Empty Strategy, matrixes=[map[]]
DEBU[0000] Job Matrices: [map[]]
DEBU[0000] Runner Matrices: map[]
DEBU[0000] Final matrix after applying user inclusions '[map[]]'
DEBU[0000] Loading revision from git directory
DEBU[0000] Found revision: c4030f4037c21775edd64dee9fd4a2d78c06f467
DEBU[0000] HEAD points to 'c4030f4037c21775edd64dee9fd4a2d78c06f467'
DEBU[0000] using github ref: refs/heads/ft-workflow
DEBU[0000] Found revision: c4030f4037c21775edd64dee9fd4a2d78c06f467
DEBU[0000] Detected CPUs: 20
[CI/quality-analysis] [DEBUG] evaluating expression 'success()'
[CI/security        ] [DEBUG] evaluating expression 'success()'
[CI/security        ] [DEBUG] expression 'success()' evaluated to 'true'
[CI/security        ] 🚀  Start image=repo.artifactory.org.com/runner-image/releases/v1.1.4:v1.1.4
[CI/quality-analysis] [DEBUG] expression 'success()' evaluated to 'true'
[CI/quality-analysis] 🚀  Start image=repo.artifactory.org.com/runner-image/releases/v1.1.4:v1.1.4
DEBU[0000] Parallel tasks (0) below minimum, setting to 1
[CI/security        ]   🐳  docker pull image=repo.artifactory.org.com/runner-image/releases/v1.1.4:v1.1.4 platform= username= forcePull=true
[CI/security        ] [DEBUG]   🐳  docker pull repo.artifactory.org.com/runner-image/releases/v1.1.4:v1.1.4
DEBU[0000] Parallel tasks (0) below minimum, setting to 1
[CI/security        ] [DEBUG] pulling image 'repo.artifactory.org.com/runner-image/releases/v1.1.4:v1.1.4' ()
[CI/quality-analysis]   🐳  docker pull image=repo.artifactory.org.com/runner-image/releases/v1.1.4:v1.1.4 platform= username= forcePull=true
[CI/quality-analysis] [DEBUG]   🐳  docker pull repo.artifactory.org.com/runner-image/releases/v1.1.4:v1.1.4
[CI/quality-analysis] [DEBUG] pulling image 'repo.artifactory.org.com/runner-image/releases/v1.1.4:v1.1.4' ()
[CI/quality-analysis] [DEBUG] Pulling from runner-image/releases/v1.1.4 :: v1.1.4
[CI/quality-analysis] [DEBUG] Digest: sha256:766b89cd40d477148de363e289e602cd8b436e5c8e0e5c7853cbbb83c25138b9 ::
[CI/quality-analysis] [DEBUG] Status: Image is up to date for repo.artifactory.org.com/runner-image/releases/v1.1.4:v1.1.4 ::
[CI/security        ] [DEBUG] Pulling from runner-image/releases/v1.1.4 :: v1.1.4
DEBU[0000] Parallel tasks (0) below minimum, setting to 1
[CI/quality-analysis]   🐳  docker create image=repo.artifactory.org.com/runner-image/releases/v1.1.4:v1.1.4 platform= entrypoint=["tail" "-f" "/dev/null"] cmd=[] network="host"
[CI/quality-analysis] [DEBUG] Common container.Config ==> &{Hostname: Domainname: User: AttachStdin:false AttachStdout:false AttachStderr:false ExposedPorts:map[] Tty:true OpenStdin:false StdinOnce:false Env:[RUNNER_TOOL_CACHE=/opt/hostedtoolcache RUNNER_OS=Linux RUNNER_ARCH=X64 RUNNER_TEMP=/tmp LANG=C.UTF-8] Cmd:[] Healthcheck:<nil> ArgsEscaped:false Image:repo.artifactory.org.com/runner-image/releases/v1.1.4:v1.1.4 Volumes:map[] WorkingDir:/home/bob/app Entrypoint:[] NetworkDisabled:false MacAddress: OnBuild:[] Labels:map[] StopSignal: StopTimeout:<nil> Shell:[]}
[CI/security        ] [DEBUG] Digest: sha256:766b89cd40d477148de363e289e602cd8b436e5c8e0e5c7853cbbb83c25138b9 ::
[CI/security        ] [DEBUG] Status: Image is up to date for repo.artifactory.org.com/runner-image/releases/v1.1.4:v1.1.4 ::
[CI/quality-analysis] [DEBUG] Common container.HostConfig ==> &{Binds:[/var/run/docker.sock:/var/run/docker.sock] ContainerIDFile: LogConfig:{Type: Config:map[]} NetworkMode:host PortBindings:map[] RestartPolicy:{Name: MaximumRetryCount:0} AutoRemove:false VolumeDriver: VolumesFrom:[] ConsoleSize:[0 0] Annotations:map[] CapAdd:[] CapDrop:[] CgroupnsMode: DNS:[] DNSOptions:[] DNSSearch:[] ExtraHosts:[] GroupAdd:[] IpcMode: Cgroup: Links:[] OomScoreAdj:0 PidMode: Privileged:false PublishAllPorts:false ReadonlyRootfs:false SecurityOpt:[] StorageOpt:map[] Tmpfs:map[] UTSMode: UsernsMode: ShmSize:0 Sysctls:map[] Runtime: Isolation: Resources:{CPUShares:0 Memory:0 NanoCPUs:0 CgroupParent: BlkioWeight:0 BlkioWeightDevice:[] BlkioDeviceReadBps:[] BlkioDeviceWriteBps:[] BlkioDeviceReadIOps:[] BlkioDeviceWriteIOps:[] CPUPeriod:0 CPUQuota:0 CPURealtimePeriod:0 CPURealtimeRuntime:0 CpusetCpus: CpusetMems: Devices:[] DeviceCgroupRules:[] DeviceRequests:[] KernelMemory:0 KernelMemoryTCP:0 MemoryReservation:0 MemorySwap:0 MemorySwappiness:<nil> OomKillDisable:<nil> PidsLimit:<nil> Ulimits:[] CPUCount:0 CPUPercent:0 IOMaximumIOps:0 IOMaximumBandwidth:0} Mounts:[{Type:volume Source:act-toolcache Target:/opt/hostedtoolcache ReadOnly:false Consistency: BindOptions:<nil> VolumeOptions:<nil> TmpfsOptions:<nil> ClusterOptions:<nil>} {Type:volume Source:act-CI-quality-analysis-13b4298e7cc91767972b8091021220fc686679f45dbc7129c784cde784fdc716-env Target:/var/run/act ReadOnly:false Consistency: BindOptions:<nil> VolumeOptions:<nil> TmpfsOptions:<nil> ClusterOptions:<nil>} {Type:volume Source:act-CI-quality-analysis-13b4298e7cc91767972b8091021220fc686679f45dbc7129c784cde784fdc716 Target:/home/bob/app ReadOnly:false Consistency: BindOptions:<nil> VolumeOptions:<nil> TmpfsOptions:<nil> ClusterOptions:<nil>}] MaskedPaths:[] ReadonlyPaths:[] Init:<nil>}
DEBU[0000] Parallel tasks (0) below minimum, setting to 1
[CI/security        ]   🐳  docker create image=repo.artifactory.org.com/runner-image/releases/v1.1.4:v1.1.4 platform= entrypoint=["tail" "-f" "/dev/null"] cmd=[] network="host"
[CI/security        ] [DEBUG] Common container.Config ==> &{Hostname: Domainname: User: AttachStdin:false AttachStdout:false AttachStderr:false ExposedPorts:map[] Tty:true OpenStdin:false StdinOnce:false Env:[RUNNER_TOOL_CACHE=/opt/hostedtoolcache RUNNER_OS=Linux RUNNER_ARCH=X64 RUNNER_TEMP=/tmp LANG=C.UTF-8] Cmd:[] Healthcheck:<nil> ArgsEscaped:false Image:repo.artifactory.org.com/runner-image/releases/v1.1.4:v1.1.4 Volumes:map[] WorkingDir:/home/bob/app Entrypoint:[] NetworkDisabled:false MacAddress: OnBuild:[] Labels:map[] StopSignal: StopTimeout:<nil> Shell:[]}
[CI/security        ] [DEBUG] Common container.HostConfig ==> &{Binds:[/var/run/docker.sock:/var/run/docker.sock] ContainerIDFile: LogConfig:{Type: Config:map[]} NetworkMode:host PortBindings:map[] RestartPolicy:{Name: MaximumRetryCount:0} AutoRemove:false VolumeDriver: VolumesFrom:[] ConsoleSize:[0 0] Annotations:map[] CapAdd:[] CapDrop:[] CgroupnsMode: DNS:[] DNSOptions:[] DNSSearch:[] ExtraHosts:[] GroupAdd:[] IpcMode: Cgroup: Links:[] OomScoreAdj:0 PidMode: Privileged:false PublishAllPorts:false ReadonlyRootfs:false SecurityOpt:[] StorageOpt:map[] Tmpfs:map[] UTSMode: UsernsMode: ShmSize:0 Sysctls:map[] Runtime: Isolation: Resources:{CPUShares:0 Memory:0 NanoCPUs:0 CgroupParent: BlkioWeight:0 BlkioWeightDevice:[] BlkioDeviceReadBps:[] BlkioDeviceWriteBps:[] BlkioDeviceReadIOps:[] BlkioDeviceWriteIOps:[] CPUPeriod:0 CPUQuota:0 CPURealtimePeriod:0 CPURealtimeRuntime:0 CpusetCpus: CpusetMems: Devices:[] DeviceCgroupRules:[] DeviceRequests:[] KernelMemory:0 KernelMemoryTCP:0 MemoryReservation:0 MemorySwap:0 MemorySwappiness:<nil> OomKillDisable:<nil> PidsLimit:<nil> Ulimits:[] CPUCount:0 CPUPercent:0 IOMaximumIOps:0 IOMaximumBandwidth:0} Mounts:[{Type:volume Source:act-toolcache Target:/opt/hostedtoolcache ReadOnly:false Consistency: BindOptions:<nil> VolumeOptions:<nil> TmpfsOptions:<nil> ClusterOptions:<nil>} {Type:volume Source:act-CI-security-c2a1f99cb29341accc7208e574e09ee6c85863cb6dc2f338067b26c4c7c2503a-env Target:/var/run/act ReadOnly:false Consistency: BindOptions:<nil> VolumeOptions:<nil> TmpfsOptions:<nil> ClusterOptions:<nil>} {Type:volume Source:act-CI-security-c2a1f99cb29341accc7208e574e09ee6c85863cb6dc2f338067b26c4c7c2503a Target:/home/bob/app ReadOnly:false Consistency: BindOptions:<nil> VolumeOptions:<nil> TmpfsOptions:<nil> ClusterOptions:<nil>}] MaskedPaths:[] ReadonlyPaths:[] Init:<nil>}
Error: Cannot parse container options: '"--group-add $(stat -c %g /var/run/docker.sock)"': 'unknown flag: --group-add $(stat -c %g /var/run/docker.sock)'

Additional information

I am running my environment on a Windows Subsystem for Linux (WSL) which depends on the Docker Desktop running on the Windows host (not on the WSL).

enricojonas commented 2 hours ago

Suffering the same issue - would be nice to be able to use it from actrc instead.