Support expression in uses (#75)

Since actions can specify the download source via a url prefix. The prefix may contain some sensitive information that needs to be stored in secrets or variable context, so we need to interpolate the expression value for`uses` firstly.

Reviewed-on: https://gitea.com/gitea/act/pulls/75
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>

cmd/input.go

@@ -54,6 +54,7 @@ type Input struct {
 	replaceGheActionWithGithubCom      []string
 	replaceGheActionTokenWithGithubCom string
 	matrix                             []string
+	actionCachePath                    string
 }
 
 func (i *Input) resolve(path string) string {

cmd/root.go

@@ -94,6 +94,7 @@ func Execute(ctx context.Context, version string) {
 	rootCmd.PersistentFlags().StringVarP(&input.cacheServerPath, "cache-server-path", "", filepath.Join(CacheHomeDir, "actcache"), "Defines the path where the cache server stores caches.")
 	rootCmd.PersistentFlags().StringVarP(&input.cacheServerAddr, "cache-server-addr", "", common.GetOutboundIP().String(), "Defines the address to which the cache server binds.")
 	rootCmd.PersistentFlags().Uint16VarP(&input.cacheServerPort, "cache-server-port", "", 0, "Defines the port where the artifact server listens. 0 means a randomly available port.")
+	rootCmd.PersistentFlags().StringVarP(&input.actionCachePath, "action-cache-path", "", filepath.Join(CacheHomeDir, "act"), "Defines the path where the actions get cached and host workspaces created.")
 	rootCmd.SetArgs(args())
 
 	if err := rootCmd.Execute(); err != nil {
@@ -580,6 +581,7 @@ func newRunCommand(ctx context.Context, input *Input) func(*cobra.Command, []str
 			ForceRebuild:                       input.forceRebuild,
 			ReuseContainers:                    input.reuseContainers,
 			Workdir:                            input.Workdir(),
+			ActionCacheDir:                     input.actionCachePath,
 			BindWorkdir:                        input.bindWorkdir,
 			LogOutput:                          !input.noOutput,
 			JSONLogger:                         input.jsonLogger,

go.mod

@@ -14,6 +14,7 @@ require (
 	github.com/docker/go-connections v0.4.0
 	github.com/go-git/go-billy/v5 v5.4.1
 	github.com/go-git/go-git/v5 v5.7.0
+	github.com/gobwas/glob v0.2.3
 	github.com/imdario/mergo v0.3.15
 	github.com/joho/godotenv v1.5.1
 	github.com/julienschmidt/httprouter v1.3.0

go.sum

@@ -68,6 +68,8 @@ github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw4
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f h1:Pz0DHeFij3XFhoBRGUDPzSJ+w2UcK5/0JvF8DRI58r8=
 github.com/go-git/go-git/v5 v5.7.0 h1:t9AudWVLmqzlo+4bqdf7GY+46SUuRsx59SboFxkq2aE=
 github.com/go-git/go-git/v5 v5.7.0/go.mod h1:coJHKEOk5kUClpsNlXrUvPrDxY3w3gjHvhcZd8Fodw8=
+github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
+github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=

pkg/container/docker_run.go

@@ -18,6 +18,7 @@ import (
 
 	"github.com/docker/docker/api/types/network"
 	networktypes "github.com/docker/docker/api/types/network"
+	"github.com/gobwas/glob"
 
 	"github.com/go-git/go-billy/v5/helper/polyfill"
 	"github.com/go-git/go-billy/v5/osfs"
@@ -883,13 +884,27 @@ func (cr *containerReference) wait() common.Executor {
 	}
 }
 
+// For Gitea
+// sanitizeConfig remove the invalid configurations from `config` and `hostConfig`
 func (cr *containerReference) sanitizeConfig(ctx context.Context, config *container.Config, hostConfig *container.HostConfig) (*container.Config, *container.HostConfig) {
 	logger := common.Logger(ctx)
 
 	if len(cr.input.ValidVolumes) > 0 {
-		vv := make(map[string]struct{}, len(cr.input.ValidVolumes))
-		for _, volume := range cr.input.ValidVolumes {
-			vv[volume] = struct{}{}
+		globs := make([]glob.Glob, 0, len(cr.input.ValidVolumes))
+		for _, v := range cr.input.ValidVolumes {
+			if g, err := glob.Compile(v); err != nil {
+				logger.Errorf("create glob from %s error: %v", v, err)
+			} else {
+				globs = append(globs, g)
+			}
+		}
+		isValid := func(v string) bool {
+			for _, g := range globs {
+				if g.Match(v) {
+					return true
+				}
+			}
+			return false
 		}
 		// sanitize binds
 		sanitizedBinds := make([]string, 0, len(hostConfig.Binds))
@@ -904,23 +919,26 @@ func (cr *containerReference) sanitizeConfig(ctx context.Context, config *contai
 				sanitizedBinds = append(sanitizedBinds, bind)
 				continue
 			}
-			if _, ok := vv[parsed.Source]; ok {
+			if isValid(parsed.Source) {
 				sanitizedBinds = append(sanitizedBinds, bind)
 			} else {
-				logger.Warnf("[%s] is not a valid volume, will be ignored", bind)
+				logger.Warnf("[%s] is not a valid volume, will be ignored", parsed.Source)
 			}
 		}
 		hostConfig.Binds = sanitizedBinds
 		// sanitize mounts
 		sanitizedMounts := make([]mount.Mount, 0, len(hostConfig.Mounts))
 		for _, mt := range hostConfig.Mounts {
-			if _, ok := vv[mt.Source]; ok {
+			if isValid(mt.Source) {
 				sanitizedMounts = append(sanitizedMounts, mt)
 			} else {
 				logger.Warnf("[%s] is not a valid volume, will be ignored", mt.Source)
 			}
 		}
 		hostConfig.Mounts = sanitizedMounts
+	} else {
+		hostConfig.Binds = []string{}
+		hostConfig.Mounts = []mount.Mount{}
 	}
 
 	return config, hostConfig

pkg/container/docker_run_test.go

@@ -9,8 +9,12 @@ import (
 	"testing"
 	"time"
 
+	"github.com/nektos/act/pkg/common"
+
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/client"
+	"github.com/sirupsen/logrus/hooks/test"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 )
@@ -166,3 +170,76 @@ func TestDockerExecFailure(t *testing.T) {
 
 // Type assert containerReference implements ExecutionsEnvironment
 var _ ExecutionsEnvironment = &containerReference{}
+
+func TestCheckVolumes(t *testing.T) {
+	testCases := []struct {
+		desc          string
+		validVolumes  []string
+		binds         []string
+		expectedBinds []string
+	}{
+		{
+			desc:         "match all volumes",
+			validVolumes: []string{"**"},
+			binds: []string{
+				"shared_volume:/shared_volume",
+				"/home/test/data:/test_data",
+				"/etc/conf.d/base.json:/config/base.json",
+				"sql_data:/sql_data",
+				"/secrets/keys:/keys",
+			},
+			expectedBinds: []string{
+				"shared_volume:/shared_volume",
+				"/home/test/data:/test_data",
+				"/etc/conf.d/base.json:/config/base.json",
+				"sql_data:/sql_data",
+				"/secrets/keys:/keys",
+			},
+		},
+		{
+			desc:         "no volumes can be matched",
+			validVolumes: []string{},
+			binds: []string{
+				"shared_volume:/shared_volume",
+				"/home/test/data:/test_data",
+				"/etc/conf.d/base.json:/config/base.json",
+				"sql_data:/sql_data",
+				"/secrets/keys:/keys",
+			},
+			expectedBinds: []string{},
+		},
+		{
+			desc: "only allowed volumes can be matched",
+			validVolumes: []string{
+				"shared_volume",
+				"/home/test/data",
+				"/etc/conf.d/*.json",
+			},
+			binds: []string{
+				"shared_volume:/shared_volume",
+				"/home/test/data:/test_data",
+				"/etc/conf.d/base.json:/config/base.json",
+				"sql_data:/sql_data",
+				"/secrets/keys:/keys",
+			},
+			expectedBinds: []string{
+				"shared_volume:/shared_volume",
+				"/home/test/data:/test_data",
+				"/etc/conf.d/base.json:/config/base.json",
+			},
+		},
+	}
+	for _, tc := range testCases {
+		t.Run(tc.desc, func(t *testing.T) {
+			logger, _ := test.NewNullLogger()
+			ctx := common.WithLogger(context.Background(), logger)
+			cr := &containerReference{
+				input: &NewContainerInput{
+					ValidVolumes: tc.validVolumes,
+				},
+			}
+			_, hostConf := cr.sanitizeConfig(ctx, &container.Config{}, &container.HostConfig{Binds: tc.binds})
+			assert.Equal(t, tc.expectedBinds, hostConf.Binds)
+		})
+	}
+}

pkg/runner/action.go

@@ -377,24 +377,25 @@ func newStepContainer(ctx context.Context, step step, image string, cmd []string
 		networkMode = "default"
 	}
 	stepContainer := container.NewContainer(&container.NewContainerInput{
-		Cmd:         cmd,
-		Entrypoint:  entrypoint,
-		WorkingDir:  rc.JobContainer.ToContainerPath(rc.Config.Workdir),
-		Image:       image,
-		Username:    rc.Config.Secrets["DOCKER_USERNAME"],
-		Password:    rc.Config.Secrets["DOCKER_PASSWORD"],
-		Name:        createSimpleContainerName(rc.jobContainerName(), "STEP-"+stepModel.ID),
-		Env:         envList,
-		Mounts:      mounts,
-		NetworkMode: networkMode,
-		Binds:       binds,
-		Stdout:      logWriter,
-		Stderr:      logWriter,
-		Privileged:  rc.Config.Privileged,
-		UsernsMode:  rc.Config.UsernsMode,
-		Platform:    rc.Config.ContainerArchitecture,
-		Options:     rc.Config.ContainerOptions,
-		AutoRemove:  rc.Config.AutoRemove,
+		Cmd:          cmd,
+		Entrypoint:   entrypoint,
+		WorkingDir:   rc.JobContainer.ToContainerPath(rc.Config.Workdir),
+		Image:        image,
+		Username:     rc.Config.Secrets["DOCKER_USERNAME"],
+		Password:     rc.Config.Secrets["DOCKER_PASSWORD"],
+		Name:         createSimpleContainerName(rc.jobContainerName(), "STEP-"+stepModel.ID),
+		Env:          envList,
+		Mounts:       mounts,
+		NetworkMode:  networkMode,
+		Binds:        binds,
+		Stdout:       logWriter,
+		Stderr:       logWriter,
+		Privileged:   rc.Config.Privileged,
+		UsernsMode:   rc.Config.UsernsMode,
+		Platform:     rc.Config.ContainerArchitecture,
+		Options:      rc.Config.ContainerOptions,
+		AutoRemove:   rc.Config.AutoRemove,
+		ValidVolumes: rc.Config.ValidVolumes,
 	})
 	return stepContainer
 }

pkg/runner/job_executor.go

@@ -6,6 +6,7 @@ import (
 	"time"
 
 	"github.com/nektos/act/pkg/common"
+	"github.com/nektos/act/pkg/container"
 	"github.com/nektos/act/pkg/model"
 )
 
@@ -125,12 +126,13 @@ func newJobExecutor(info jobInfo, sf stepFactory, rc *RunContext) common.Executo
 			if err = info.stopContainer()(ctx); err != nil {
 				logger.Errorf("Error while stop job container: %v", err)
 			}
-			if rc.Config.ContainerNetworkMode == "" {
+			if !rc.IsHostEnv(ctx) && rc.Config.ContainerNetworkMode == "" {
+				// clean network in docker mode only
 				// if the value of `ContainerNetworkMode` is empty string,
 				// it means that the network to which containers are connecting is created by `act_runner`,
 				// so, we should remove the network at last.
 				logger.Infof("Cleaning up network for job %s, and network name is: %s", rc.JobName, rc.networkName())
-				if err := rc.removeNetwork(rc.networkName())(ctx); err != nil {
+				if err := container.NewDockerNetworkRemoveExecutor(rc.networkName())(ctx); err != nil {
 					logger.Errorf("Error while cleaning network: %v", err)
 				}
 			}

pkg/runner/reusable_workflow.go

@@ -34,11 +34,10 @@ func newLocalReusableWorkflowExecutor(rc *RunContext) common.Executor {
 	// uses string format is {owner}/{repo}/.{git_platform}/workflows/{filename}@{ref}
 	uses := fmt.Sprintf("%s/%s@%s", rc.Config.PresetGitHubContext.Repository, trimmedUses, rc.Config.PresetGitHubContext.Sha)
 
-	remoteReusableWorkflow := newRemoteReusableWorkflowWithPlat(uses)
+	remoteReusableWorkflow := newRemoteReusableWorkflowWithPlat(rc.Config.GitHubInstance, uses)
 	if remoteReusableWorkflow == nil {
 		return common.NewErrorExecutor(fmt.Errorf("expected format {owner}/{repo}/.{git_platform}/workflows/{filename}@{ref}. Actual '%s' Input string was not in a correct format", uses))
 	}
-	remoteReusableWorkflow.URL = rc.Config.GitHubInstance
 
 	workflowDir := fmt.Sprintf("%s/%s", rc.ActionCacheDir(), safeFilename(uses))
 
@@ -54,7 +53,7 @@ func newLocalReusableWorkflowExecutor(rc *RunContext) common.Executor {
 func newRemoteReusableWorkflowExecutor(rc *RunContext) common.Executor {
 	uses := rc.Run.Job().Uses
 
-	remoteReusableWorkflow := newRemoteReusableWorkflowWithPlat(uses)
+	remoteReusableWorkflow := newRemoteReusableWorkflowWithPlat(rc.Config.GitHubInstance, uses)
 	if remoteReusableWorkflow == nil {
 		return common.NewErrorExecutor(fmt.Errorf("expected format {owner}/{repo}/.{git_platform}/workflows/{filename}@{ref}. Actual '%s' Input string was not in a correct format", uses))
 	}
@@ -95,8 +94,10 @@ func cloneIfRequired(rc *RunContext, remoteReusableWorkflow remoteReusableWorkfl
 			return notExists
 		},
 		func(ctx context.Context) error {
-			// Gitea has already full URL with rc.Config.GitHubInstance
-			//remoteReusableWorkflow.URL = rc.getGithubContext(ctx).ServerURL
+			// Do not change the remoteReusableWorkflow.URL, because:
+			// 	1. Gitea doesn't support specifying GithubContext.ServerURL by the GITHUB_SERVER_URL env
+			//	2. Gitea has already full URL with rc.Config.GitHubInstance when calling newRemoteReusableWorkflowWithPlat
+			// remoteReusableWorkflow.URL = rc.getGithubContext(ctx).ServerURL
 			return git.NewGitCloneExecutor(git.NewGitCloneExecutorInput{
 				URL:   remoteReusableWorkflow.CloneURL(),
 				Ref:   remoteReusableWorkflow.Ref,
@@ -163,7 +164,10 @@ func (r *remoteReusableWorkflow) FilePath() string {
 	return fmt.Sprintf("./.%s/workflows/%s", r.GitPlatform, r.Filename)
 }
 
-func newRemoteReusableWorkflowWithPlat(uses string) *remoteReusableWorkflow {
+// For Gitea
+// newRemoteReusableWorkflowWithPlat create a `remoteReusableWorkflow`
+// workflows from `.gitea/workflows` and `.github/workflows` are supported
+func newRemoteReusableWorkflowWithPlat(url, uses string) *remoteReusableWorkflow {
 	// GitHub docs:
 	// https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_iduses
 	r := regexp.MustCompile(`^([^/]+)/([^/]+)/\.([^/]+)/workflows/([^@]+)@(.*)$`)
@@ -177,6 +181,7 @@ func newRemoteReusableWorkflowWithPlat(uses string) *remoteReusableWorkflow {
 		GitPlatform: matches[3],
 		Filename:    matches[4],
 		Ref:         matches[5],
+		URL:         url,
 	}
 }
 

pkg/runner/run_context.go

@@ -375,7 +375,7 @@ func (rc *RunContext) startJobContainer() common.Executor {
 		return common.NewPipelineExecutor(
 			rc.pullServicesImages(rc.Config.ForcePull),
 			rc.JobContainer.Pull(rc.Config.ForcePull),
-			rc.createNetwork(networkName).IfBool(rc.Config.ContainerNetworkMode == ""), // if the value of `ContainerNetworkMode` is empty string, then will create a new network for containers.
+			container.NewDockerNetworkCreateExecutor(networkName).IfBool(!rc.IsHostEnv(ctx) && rc.Config.ContainerNetworkMode == ""), // if the value of `ContainerNetworkMode` is empty string, then will create a new network for containers.
 			rc.startServiceContainers(networkName),
 			rc.JobContainer.Create(rc.Config.ContainerCapAdd, rc.Config.ContainerCapDrop),
 			rc.JobContainer.Start(false),
@@ -392,18 +392,6 @@ func (rc *RunContext) startJobContainer() common.Executor {
 	}
 }
 
-func (rc *RunContext) createNetwork(name string) common.Executor {
-	return func(ctx context.Context) error {
-		return container.NewDockerNetworkCreateExecutor(name)(ctx)
-	}
-}
-
-func (rc *RunContext) removeNetwork(name string) common.Executor {
-	return func(ctx context.Context) error {
-		return container.NewDockerNetworkRemoveExecutor(name)(ctx)
-	}
-}
-
 func (rc *RunContext) execJobContainer(cmd []string, env map[string]string, user, workdir string) common.Executor {
 	return func(ctx context.Context) error {
 		return rc.JobContainer.Exec(cmd, env, user, workdir)(ctx)
@@ -512,6 +500,9 @@ func (rc *RunContext) stopServiceContainers() common.Executor {
 
 // ActionCacheDir is for rc
 func (rc *RunContext) ActionCacheDir() string {
+	if rc.Config.ActionCacheDir != "" {
+		return rc.Config.ActionCacheDir
+	}
 	var xdgCache string
 	var ok bool
 	if xdgCache, ok = os.LookupEnv("XDG_CACHE_HOME"); !ok || xdgCache == "" {
@@ -829,6 +820,15 @@ func (rc *RunContext) getGithubContext(ctx context.Context) *model.GithubContext
 			ghc.Token = preset.Token
 			ghc.RepositoryOwner = preset.RepositoryOwner
 			ghc.RetentionDays = preset.RetentionDays
+
+			instance := rc.Config.GitHubInstance
+			if !strings.HasPrefix(instance, "http://") &&
+				!strings.HasPrefix(instance, "https://") {
+				instance = "https://" + instance
+			}
+			ghc.ServerURL = instance
+			ghc.APIURL = instance + "/api/v1" // the version of Gitea is v1
+			ghc.GraphQLURL = ""               // Gitea doesn't support graphql
 			return ghc
 		}
 	}
@@ -862,6 +862,18 @@ func (rc *RunContext) getGithubContext(ctx context.Context) *model.GithubContext
 		ghc.APIURL = fmt.Sprintf("https://%s/api/v3", rc.Config.GitHubInstance)
 		ghc.GraphQLURL = fmt.Sprintf("https://%s/api/graphql", rc.Config.GitHubInstance)
 	}
+
+	{ // Adapt to Gitea
+		instance := rc.Config.GitHubInstance
+		if !strings.HasPrefix(instance, "http://") &&
+			!strings.HasPrefix(instance, "https://") {
+			instance = "https://" + instance
+		}
+		ghc.ServerURL = instance
+		ghc.APIURL = instance + "/api/v1" // the version of Gitea is v1
+		ghc.GraphQLURL = ""               // Gitea doesn't support graphql
+	}
+
 	// allow to be overridden by user
 	if rc.Config.Env["GITHUB_SERVER_URL"] != "" {
 		ghc.ServerURL = rc.Config.Env["GITHUB_SERVER_URL"]

pkg/runner/runner.go

@@ -24,6 +24,7 @@ type Runner interface {
 type Config struct {
 	Actor                              string                     // the user that triggered the event
 	Workdir                            string                     // path to working directory
+	ActionCacheDir                     string                     // path used for caching action contents
 	BindWorkdir                        bool                       // bind the workdir to the job container
 	EventName                          string                     // name of event to run
 	EventPath                          string                     // path to JSON file to use for event.json in containers
@@ -64,8 +65,7 @@ type Config struct {
 	ContainerNamePrefix   string                       // the prefix of container name
 	ContainerMaxLifetime  time.Duration                // the max lifetime of job containers
 	ContainerNetworkMode  docker_container.NetworkMode // the network mode of job containers (the value of --network)
-	DefaultActionInstance string                       // Deprecated: use DefaultActionsURLs instead.
-	DefaultActionsURLs    []string                     // urls from gitea's `DEFAULT_ACTIONS_URL` config
+	DefaultActionInstance string                       // the default actions web site
 	PlatformPicker        func(labels []string) string // platform picker, it will take precedence over Platforms if isn't nil
 	JobLoggerLevel        *log.Level                   // the level of job logger
 	ValidVolumes          []string                     // only volumes (and bind mounts) in this slice can be mounted on the job container or service containers

pkg/runner/step_action_remote.go

@@ -5,13 +5,11 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"net/http"
 	"os"
 	"path"
 	"path/filepath"
 	"regexp"
 	"strings"
-	"time"
 
 	gogit "github.com/go-git/go-git/v5"
 
@@ -20,8 +18,6 @@ import (
 	"github.com/nektos/act/pkg/model"
 )
 
-var detectActionClient = http.Client{Timeout: 5 * time.Second}
-
 type stepActionRemote struct {
 	Step                *model.Step
 	RunContext          *RunContext
@@ -43,14 +39,18 @@ func (sar *stepActionRemote) prepareActionExecutor() common.Executor {
 			return nil
 		}
 
+		// For gitea:
+		// Since actions can specify the download source via a url prefix.
+		// The prefix may contain some sensitive information that needs to be stored in secrets,
+		// so we need to interpolate the expression value for uses first.
+		sar.Step.Uses = sar.RunContext.NewExpressionEvaluator(ctx).Interpolate(ctx, sar.Step.Uses)
+
 		sar.remoteAction = newRemoteAction(sar.Step.Uses)
 		if sar.remoteAction == nil {
 			return fmt.Errorf("Expected format {org}/{repo}[/path]@ref. Actual '%s' Input string was not in a correct format", sar.Step.Uses)
 		}
 
 		github := sar.getGithubContext(ctx)
-		sar.remoteAction.URL = github.ServerURL
-
 		if sar.remoteAction.IsCheckout() && isLocalCheckout(github, sar.Step) && !sar.RunContext.Config.NoSkipCheckout {
 			common.Logger(ctx).Debugf("Skipping local actions/checkout because workdir was already copied")
 			return nil
@@ -63,14 +63,9 @@ func (sar *stepActionRemote) prepareActionExecutor() common.Executor {
 			}
 		}
 
-		cloneURL, err := sar.remoteAction.GetAvailableCloneURL(sar.RunContext.Config.DefaultActionsURLs)
-		if err != nil {
-			return fmt.Errorf("failed to get available clone url of [%s] action, error: %w", sar.Step.Uses, err)
-		}
-
 		actionDir := fmt.Sprintf("%s/%s", sar.RunContext.ActionCacheDir(), safeFilename(sar.Step.Uses))
 		gitClone := stepActionRemoteNewCloneExecutor(git.NewGitCloneExecutorInput{
-			URL:   cloneURL,
+			URL:   sar.remoteAction.CloneURL(sar.RunContext.Config.DefaultActionInstance),
 			Ref:   sar.remoteAction.Ref,
 			Dir:   actionDir,
 			Token: "", /*
@@ -225,14 +220,15 @@ type remoteAction struct {
 	Ref  string
 }
 
-func (ra *remoteAction) CloneURL(defaultURL string) string {
-	u := ra.URL
-	if u == "" {
-		u = defaultURL
-	}
-	if !strings.HasPrefix(u, "http://") && !strings.HasPrefix(u, "https://") {
-		u = "https://" + u
+func (ra *remoteAction) CloneURL(u string) string {
+	if ra.URL == "" {
+		if !strings.HasPrefix(u, "http://") && !strings.HasPrefix(u, "https://") {
+			u = "https://" + u
+		}
+	} else {
+		u = ra.URL
 	}
+
 	return fmt.Sprintf("%s/%s/%s", u, ra.Org, ra.Repo)
 }
 
@@ -243,29 +239,6 @@ func (ra *remoteAction) IsCheckout() bool {
 	return false
 }
 
-func (ra *remoteAction) GetAvailableCloneURL(actionURLs []string) (string, error) {
-	for _, u := range actionURLs {
-		cloneURL := ra.CloneURL(u)
-		resp, err := detectActionClient.Get(cloneURL)
-		if err != nil {
-			return "", err
-		}
-		defer resp.Body.Close()
-
-		switch resp.StatusCode {
-		case http.StatusOK:
-			return cloneURL, nil
-		case http.StatusNotFound:
-			continue
-
-		default:
-			return "", fmt.Errorf("unexpected http status code: %d", resp.StatusCode)
-		}
-	}
-
-	return "", fmt.Errorf("no available url found")
-}
-
 func newRemoteAction(action string) *remoteAction {
 	// support http(s)://host/owner/repo@v3
 	for _, schema := range []string{"https://", "http://"} {

pkg/runner/step_docker.go

@@ -114,23 +114,24 @@ func (sd *stepDocker) newStepContainer(ctx context.Context, image string, cmd []
 
 	binds, mounts := rc.GetBindsAndMounts()
 	stepContainer := ContainerNewContainer(&container.NewContainerInput{
-		Cmd:         cmd,
-		Entrypoint:  entrypoint,
-		WorkingDir:  rc.JobContainer.ToContainerPath(rc.Config.Workdir),
-		Image:       image,
-		Username:    rc.Config.Secrets["DOCKER_USERNAME"],
-		Password:    rc.Config.Secrets["DOCKER_PASSWORD"],
-		Name:        createSimpleContainerName(rc.jobContainerName(), "STEP-"+step.ID),
-		Env:         envList,
-		Mounts:      mounts,
-		NetworkMode: fmt.Sprintf("container:%s", rc.jobContainerName()),
-		Binds:       binds,
-		Stdout:      logWriter,
-		Stderr:      logWriter,
-		Privileged:  rc.Config.Privileged,
-		UsernsMode:  rc.Config.UsernsMode,
-		Platform:    rc.Config.ContainerArchitecture,
-		AutoRemove:  rc.Config.AutoRemove,
+		Cmd:          cmd,
+		Entrypoint:   entrypoint,
+		WorkingDir:   rc.JobContainer.ToContainerPath(rc.Config.Workdir),
+		Image:        image,
+		Username:     rc.Config.Secrets["DOCKER_USERNAME"],
+		Password:     rc.Config.Secrets["DOCKER_PASSWORD"],
+		Name:         createSimpleContainerName(rc.jobContainerName(), "STEP-"+step.ID),
+		Env:          envList,
+		Mounts:       mounts,
+		NetworkMode:  fmt.Sprintf("container:%s", rc.jobContainerName()),
+		Binds:        binds,
+		Stdout:       logWriter,
+		Stderr:       logWriter,
+		Privileged:   rc.Config.Privileged,
+		UsernsMode:   rc.Config.UsernsMode,
+		Platform:     rc.Config.ContainerArchitecture,
+		AutoRemove:   rc.Config.AutoRemove,
+		ValidVolumes: rc.Config.ValidVolumes,
 	})
 	return stepContainer
 }