search

super-linter / super-linter

Combination of multiple linters to run as a GitHub Action or standalone
https://github.com/super-linter/super-linter
MIT License
9.53k stars 972 forks source link

Configure a non-root user #5658

Open jasonkarns opened 6 months ago

jasonkarns commented 6 months ago

Is there an existing issue for this?

Current Behavior

Trying to redirect the log file output to GitHub Job Summaries.

      - uses: github/super-linter/slim@v6
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          CREATE_LOG_FILE: true
          # /snip
      - if: always()
        run: cat super-linter.log >> $GITHUB_STEP_SUMMARY

But catting the logfile gives a permissions error.

Expected Behavior

I'd expect subsequent steps to have access to the log file that is created.

Super-Linter version

slim-v6.4.1

Relevant log output

Run cat super-linter.log >> $GITHUB_STEP_SUMMARY
  cat super-linter.log >> $GITHUB_STEP_SUMMARY
  shell: /usr/bin/bash -e {0}
cat: super-linter.log: Permission denied
Error: Process completed with exit code 1.

Steps To Reproduce

on github actions run while creating log file attempt to read log file after step is complete

Anything else?

full job run: https://github.com/jasonkarns/bats-mock/actions/runs/9129703172/job/25104872145

ferrarimarco commented 6 months ago

Hi @jasonkarns ! This is currently expected and not a bug because we don't create a user within the container image.

This came up in the past (#1861), so it might be a valid request, also considering that is a recommended best practice.

Feel free to send a PR to implement this, we'll happily review it.