Move actions path outside of workdir (#701)
* feat: add option to specify user for exec * fix: move actions to static path outside workdir Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
This commit is contained in:
		| @@ -68,7 +68,7 @@ type Container interface { | ||||
| 	CopyDir(destPath string, srcPath string, useGitIgnore bool) common.Executor | ||||
| 	Pull(forcePull bool) common.Executor | ||||
| 	Start(attach bool) common.Executor | ||||
| 	Exec(command []string, env map[string]string) common.Executor | ||||
| 	Exec(command []string, env map[string]string, user string) common.Executor | ||||
| 	UpdateFromEnv(srcPath string, env *map[string]string) common.Executor | ||||
| 	UpdateFromPath(env *map[string]string) common.Executor | ||||
| 	Remove() common.Executor | ||||
| @@ -145,9 +145,7 @@ func (cr *containerReference) Copy(destPath string, files ...*FileEntry) common. | ||||
| func (cr *containerReference) CopyDir(destPath string, srcPath string, useGitIgnore bool) common.Executor { | ||||
| 	return common.NewPipelineExecutor( | ||||
| 		common.NewInfoExecutor("%sdocker cp src=%s dst=%s", logPrefix, srcPath, destPath), | ||||
| 		cr.connect(), | ||||
| 		cr.find(), | ||||
| 		cr.exec([]string{"mkdir", "-p", destPath}, nil), | ||||
| 		cr.Exec([]string{"mkdir", "-p", destPath}, nil, ""), | ||||
| 		cr.copyDir(destPath, srcPath, useGitIgnore), | ||||
| 	).IfNot(common.Dryrun) | ||||
| } | ||||
| @@ -160,11 +158,12 @@ func (cr *containerReference) UpdateFromPath(env *map[string]string) common.Exec | ||||
| 	return cr.extractPath(env).IfNot(common.Dryrun) | ||||
| } | ||||
|  | ||||
| func (cr *containerReference) Exec(command []string, env map[string]string) common.Executor { | ||||
| func (cr *containerReference) Exec(command []string, env map[string]string, user string) common.Executor { | ||||
| 	return common.NewPipelineExecutor( | ||||
| 		common.NewInfoExecutor("%sdocker exec cmd=[%s] user=%s", logPrefix, strings.Join(command, " "), user), | ||||
| 		cr.connect(), | ||||
| 		cr.find(), | ||||
| 		cr.exec(command, env), | ||||
| 		cr.exec(command, env, user), | ||||
| 	).IfNot(common.Dryrun) | ||||
| } | ||||
|  | ||||
| @@ -407,7 +406,7 @@ func (cr *containerReference) extractPath(env *map[string]string) common.Executo | ||||
| 	} | ||||
| } | ||||
|  | ||||
| func (cr *containerReference) exec(cmd []string, env map[string]string) common.Executor { | ||||
| func (cr *containerReference) exec(cmd []string, env map[string]string, user string) common.Executor { | ||||
| 	return func(ctx context.Context) error { | ||||
| 		logger := common.Logger(ctx) | ||||
| 		// Fix slashes when running on Windows | ||||
| @@ -427,6 +426,7 @@ func (cr *containerReference) exec(cmd []string, env map[string]string) common.E | ||||
| 		} | ||||
|  | ||||
| 		idResp, err := cr.cli.ContainerExecCreate(ctx, cr.id, types.ExecConfig{ | ||||
| 			User:         user, | ||||
| 			Cmd:          cmd, | ||||
| 			WorkingDir:   cr.input.WorkingDir, | ||||
| 			Env:          envList, | ||||
|   | ||||
| @@ -19,6 +19,8 @@ import ( | ||||
| 	"github.com/nektos/act/pkg/model" | ||||
| ) | ||||
|  | ||||
| const ActPath string = "/var/run/act" | ||||
|  | ||||
| // RunContext contains info about current job | ||||
| type RunContext struct { | ||||
| 	Name           string | ||||
| @@ -77,7 +79,6 @@ func (rc *RunContext) GetBindsAndMounts() ([]string, map[string]string) { | ||||
|  | ||||
| 	mounts := map[string]string{ | ||||
| 		"act-toolcache": "/toolcache", | ||||
| 		"act-actions":   "/actions", | ||||
| 	} | ||||
|  | ||||
| 	if rc.Config.BindWorkdir { | ||||
| @@ -150,8 +151,9 @@ func (rc *RunContext) startJobContainer() common.Executor { | ||||
| 			rc.JobContainer.Create(), | ||||
| 			rc.JobContainer.Start(false), | ||||
| 			rc.JobContainer.UpdateFromEnv("/etc/environment", &rc.Env), | ||||
| 			rc.JobContainer.Exec([]string{"mkdir", "-m", "0777", "-p", ActPath}, rc.Env, "root"), | ||||
| 			rc.JobContainer.CopyDir(copyToPath, rc.Config.Workdir+string(filepath.Separator)+".", rc.Config.UseGitIgnore).IfBool(copyWorkspace), | ||||
| 			rc.JobContainer.Copy("/tmp/", &container.FileEntry{ | ||||
| 			rc.JobContainer.Copy(ActPath+"/", &container.FileEntry{ | ||||
| 				Name: "workflow/event.json", | ||||
| 				Mode: 0644, | ||||
| 				Body: rc.EventJSON, | ||||
| @@ -169,7 +171,7 @@ func (rc *RunContext) startJobContainer() common.Executor { | ||||
| } | ||||
| func (rc *RunContext) execJobContainer(cmd []string, env map[string]string) common.Executor { | ||||
| 	return func(ctx context.Context) error { | ||||
| 		return rc.JobContainer.Exec(cmd, env)(ctx) | ||||
| 		return rc.JobContainer.Exec(cmd, env, "")(ctx) | ||||
| 	} | ||||
| } | ||||
|  | ||||
| @@ -488,7 +490,7 @@ type githubContext struct { | ||||
| func (rc *RunContext) getGithubContext() *githubContext { | ||||
| 	ghc := &githubContext{ | ||||
| 		Event:            make(map[string]interface{}), | ||||
| 		EventPath:        "/tmp/workflow/event.json", | ||||
| 		EventPath:        ActPath + "/workflow/event.json", | ||||
| 		Workflow:         rc.Run.Workflow.Name, | ||||
| 		RunID:            rc.Config.Env["GITHUB_RUN_ID"], | ||||
| 		RunNumber:        rc.Config.Env["GITHUB_RUN_NUMBER"], | ||||
| @@ -660,8 +662,8 @@ func withDefaultBranch(b string, event map[string]interface{}) map[string]interf | ||||
| func (rc *RunContext) withGithubEnv(env map[string]string) map[string]string { | ||||
| 	github := rc.getGithubContext() | ||||
| 	env["CI"] = "true" | ||||
| 	env["GITHUB_ENV"] = "/tmp/workflow/envs.txt" | ||||
| 	env["GITHUB_PATH"] = "/tmp/workflow/paths.txt" | ||||
| 	env["GITHUB_ENV"] = ActPath + "/workflow/envs.txt" | ||||
| 	env["GITHUB_PATH"] = ActPath + "/workflow/paths.txt" | ||||
| 	env["GITHUB_WORKFLOW"] = github.Workflow | ||||
| 	env["GITHUB_RUN_ID"] = github.RunID | ||||
| 	env["GITHUB_RUN_NUMBER"] = github.RunNumber | ||||
|   | ||||
| @@ -316,6 +316,6 @@ func TestGetGitHubContext(t *testing.T) { | ||||
| 	assert.Equal(t, ghc.Repository, "nektos/act") | ||||
| 	assert.Equal(t, ghc.RepositoryOwner, "nektos") | ||||
| 	assert.Equal(t, ghc.RunnerPerflog, "/dev/null") | ||||
| 	assert.Equal(t, ghc.EventPath, "/tmp/workflow/event.json") | ||||
| 	assert.Equal(t, ghc.EventPath, ActPath+"/workflow/event.json") | ||||
| 	assert.Equal(t, ghc.Token, rc.Config.Secrets["GITHUB_TOKEN"]) | ||||
| } | ||||
|   | ||||
| @@ -383,13 +383,13 @@ func (sc *StepContext) getContainerActionPaths(step *model.Step, actionDir strin | ||||
| 	containerActionDir := "." | ||||
| 	if !rc.Config.BindWorkdir && step.Type() != model.StepTypeUsesActionRemote { | ||||
| 		actionName = getOsSafeRelativePath(actionDir, rc.Config.Workdir) | ||||
| 		containerActionDir = rc.Config.ContainerWorkdir() + "/_actions/" + actionName | ||||
| 		containerActionDir = ActPath + "/actions/" + actionName | ||||
| 	} else if step.Type() == model.StepTypeUsesActionRemote { | ||||
| 		actionName = getOsSafeRelativePath(actionDir, rc.ActionCacheDir()) | ||||
| 		containerActionDir = rc.Config.ContainerWorkdir() + "/_actions/" + actionName | ||||
| 		containerActionDir = ActPath + "/actions/" + actionName | ||||
| 	} else if step.Type() == model.StepTypeUsesActionLocal { | ||||
| 		actionName = getOsSafeRelativePath(actionDir, rc.Config.Workdir) | ||||
| 		containerActionDir = rc.Config.ContainerWorkdir() + "/_actions/" + actionName | ||||
| 		containerActionDir = ActPath + "/actions/" + actionName | ||||
| 	} | ||||
|  | ||||
| 	if actionName == "" { | ||||
|   | ||||
		Reference in New Issue
	
	Block a user