Move actions path outside of workdir (#701)

* feat: add option to specify user for exec

* fix: move actions to static path outside workdir

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

pkg/runner/run_context.go

@@ -19,6 +19,8 @@ import (
 	"github.com/nektos/act/pkg/model"
 )
 
+const ActPath string = "/var/run/act"
+
 // RunContext contains info about current job
 type RunContext struct {
 	Name           string
@@ -77,7 +79,6 @@ func (rc *RunContext) GetBindsAndMounts() ([]string, map[string]string) {
 
 	mounts := map[string]string{
 		"act-toolcache": "/toolcache",
-		"act-actions":   "/actions",
 	}
 
 	if rc.Config.BindWorkdir {
@@ -150,8 +151,9 @@ func (rc *RunContext) startJobContainer() common.Executor {
 			rc.JobContainer.Create(),
 			rc.JobContainer.Start(false),
 			rc.JobContainer.UpdateFromEnv("/etc/environment", &rc.Env),
+			rc.JobContainer.Exec([]string{"mkdir", "-m", "0777", "-p", ActPath}, rc.Env, "root"),
 			rc.JobContainer.CopyDir(copyToPath, rc.Config.Workdir+string(filepath.Separator)+".", rc.Config.UseGitIgnore).IfBool(copyWorkspace),
-			rc.JobContainer.Copy("/tmp/", &container.FileEntry{
+			rc.JobContainer.Copy(ActPath+"/", &container.FileEntry{
 				Name: "workflow/event.json",
 				Mode: 0644,
 				Body: rc.EventJSON,
@@ -169,7 +171,7 @@ func (rc *RunContext) startJobContainer() common.Executor {
 }
 func (rc *RunContext) execJobContainer(cmd []string, env map[string]string) common.Executor {
 	return func(ctx context.Context) error {
-		return rc.JobContainer.Exec(cmd, env)(ctx)
+		return rc.JobContainer.Exec(cmd, env, "")(ctx)
 	}
 }
 
@@ -488,7 +490,7 @@ type githubContext struct {
 func (rc *RunContext) getGithubContext() *githubContext {
 	ghc := &githubContext{
 		Event:            make(map[string]interface{}),
-		EventPath:        "/tmp/workflow/event.json",
+		EventPath:        ActPath + "/workflow/event.json",
 		Workflow:         rc.Run.Workflow.Name,
 		RunID:            rc.Config.Env["GITHUB_RUN_ID"],
 		RunNumber:        rc.Config.Env["GITHUB_RUN_NUMBER"],
@@ -660,8 +662,8 @@ func withDefaultBranch(b string, event map[string]interface{}) map[string]interf
 func (rc *RunContext) withGithubEnv(env map[string]string) map[string]string {
 	github := rc.getGithubContext()
 	env["CI"] = "true"
-	env["GITHUB_ENV"] = "/tmp/workflow/envs.txt"
-	env["GITHUB_PATH"] = "/tmp/workflow/paths.txt"
+	env["GITHUB_ENV"] = ActPath + "/workflow/envs.txt"
+	env["GITHUB_PATH"] = ActPath + "/workflow/paths.txt"
 	env["GITHUB_WORKFLOW"] = github.Workflow
 	env["GITHUB_RUN_ID"] = github.RunID
 	env["GITHUB_RUN_NUMBER"] = github.RunNumber

pkg/runner/run_context_test.go

@@ -316,6 +316,6 @@ func TestGetGitHubContext(t *testing.T) {
 	assert.Equal(t, ghc.Repository, "nektos/act")
 	assert.Equal(t, ghc.RepositoryOwner, "nektos")
 	assert.Equal(t, ghc.RunnerPerflog, "/dev/null")
-	assert.Equal(t, ghc.EventPath, "/tmp/workflow/event.json")
+	assert.Equal(t, ghc.EventPath, ActPath+"/workflow/event.json")
 	assert.Equal(t, ghc.Token, rc.Config.Secrets["GITHUB_TOKEN"])
 }

pkg/runner/step_context.go

@@ -383,13 +383,13 @@ func (sc *StepContext) getContainerActionPaths(step *model.Step, actionDir strin
 	containerActionDir := "."
 	if !rc.Config.BindWorkdir && step.Type() != model.StepTypeUsesActionRemote {
 		actionName = getOsSafeRelativePath(actionDir, rc.Config.Workdir)
-		containerActionDir = rc.Config.ContainerWorkdir() + "/_actions/" + actionName
+		containerActionDir = ActPath + "/actions/" + actionName
 	} else if step.Type() == model.StepTypeUsesActionRemote {
 		actionName = getOsSafeRelativePath(actionDir, rc.ActionCacheDir())
-		containerActionDir = rc.Config.ContainerWorkdir() + "/_actions/" + actionName
+		containerActionDir = ActPath + "/actions/" + actionName
 	} else if step.Type() == model.StepTypeUsesActionLocal {
 		actionName = getOsSafeRelativePath(actionDir, rc.Config.Workdir)
-		containerActionDir = rc.Config.ContainerWorkdir() + "/_actions/" + actionName
+		containerActionDir = ActPath + "/actions/" + actionName
 	}
 
 	if actionName == "" {