Support expression in uses (#75 )

Since actions can specify the download source via a url prefix. The prefix may contain some sensitive information that needs to be stored in secrets or variable context, so we need to interpolate the expression value for`uses` firstly. Reviewed-on: https://gitea.com/gitea/act/pulls/75 Co-authored-by: sillyguodong <gedong_1994@163.com> Co-committed-by: sillyguodong <gedong_1994@163.com>
Fix missed ValidVolumes for docker steps (#74 )
2023-07-17 03:46:34 +00:00 · 2023-07-11 02:08:22 +00:00 · 2023-07-03 03:43:44 +00:00 · 2023-06-30 07:45:13 +00:00 · 2023-06-28 02:27:12 +00:00 · 2023-06-20 07:36:10 +00:00
13 changed files with 201 additions and 106 deletions
--- a/cmd/input.go
+++ b/cmd/input.go
@@ -54,6 +54,7 @@ type Input struct {
 	replaceGheActionWithGithubCom      []string
 	replaceGheActionTokenWithGithubCom string
 	matrix                             []string
+	actionCachePath                    string
 }

 func (i *Input) resolve(path string) string {
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -94,6 +94,7 @@ func Execute(ctx context.Context, version string) {
 	rootCmd.PersistentFlags().StringVarP(&input.cacheServerPath, "cache-server-path", "", filepath.Join(CacheHomeDir, "actcache"), "Defines the path where the cache server stores caches.")
 	rootCmd.PersistentFlags().StringVarP(&input.cacheServerAddr, "cache-server-addr", "", common.GetOutboundIP().String(), "Defines the address to which the cache server binds.")
 	rootCmd.PersistentFlags().Uint16VarP(&input.cacheServerPort, "cache-server-port", "", 0, "Defines the port where the artifact server listens. 0 means a randomly available port.")
+	rootCmd.PersistentFlags().StringVarP(&input.actionCachePath, "action-cache-path", "", filepath.Join(CacheHomeDir, "act"), "Defines the path where the actions get cached and host workspaces created.")
 	rootCmd.SetArgs(args())

 	if err := rootCmd.Execute(); err != nil {
@@ -580,6 +581,7 @@ func newRunCommand(ctx context.Context, input *Input) func(*cobra.Command, []str
 			ForceRebuild:                       input.forceRebuild,
 			ReuseContainers:                    input.reuseContainers,
 			Workdir:                            input.Workdir(),
+			ActionCacheDir:                     input.actionCachePath,
 			BindWorkdir:                        input.bindWorkdir,
 			LogOutput:                          !input.noOutput,
 			JSONLogger:                         input.jsonLogger,
--- a/go.mod
+++ b/go.mod
@@ -14,6 +14,7 @@ require (
 	github.com/docker/go-connections v0.4.0
 	github.com/go-git/go-billy/v5 v5.4.1
 	github.com/go-git/go-git/v5 v5.7.0
+	github.com/gobwas/glob v0.2.3
 	github.com/imdario/mergo v0.3.15
 	github.com/joho/godotenv v1.5.1
 	github.com/julienschmidt/httprouter v1.3.0
--- a/go.sum
+++ b/go.sum
@@ -68,6 +68,8 @@ github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw4
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f h1:Pz0DHeFij3XFhoBRGUDPzSJ+w2UcK5/0JvF8DRI58r8=
 github.com/go-git/go-git/v5 v5.7.0 h1:t9AudWVLmqzlo+4bqdf7GY+46SUuRsx59SboFxkq2aE=
 github.com/go-git/go-git/v5 v5.7.0/go.mod h1:coJHKEOk5kUClpsNlXrUvPrDxY3w3gjHvhcZd8Fodw8=
+github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
+github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
--- a/pkg/container/docker_run.go
+++ b/pkg/container/docker_run.go
@@ -18,6 +18,7 @@ import (

 	"github.com/docker/docker/api/types/network"
 	networktypes "github.com/docker/docker/api/types/network"
+	"github.com/gobwas/glob"

 	"github.com/go-git/go-billy/v5/helper/polyfill"
 	"github.com/go-git/go-billy/v5/osfs"
@@ -883,13 +884,27 @@ func (cr *containerReference) wait() common.Executor {
 	}
 }

+// For Gitea
+// sanitizeConfig remove the invalid configurations from `config` and `hostConfig`
 func (cr *containerReference) sanitizeConfig(ctx context.Context, config *container.Config, hostConfig *container.HostConfig) (*container.Config, *container.HostConfig) {
 	logger := common.Logger(ctx)

 	if len(cr.input.ValidVolumes) > 0 {
-		vv := make(map[string]struct{}, len(cr.input.ValidVolumes))
-		for _, volume := range cr.input.ValidVolumes {
-			vv[volume] = struct{}{}
+		globs := make([]glob.Glob, 0, len(cr.input.ValidVolumes))
+		for _, v := range cr.input.ValidVolumes {
+			if g, err := glob.Compile(v); err != nil {
+				logger.Errorf("create glob from %s error: %v", v, err)
+			} else {
+				globs = append(globs, g)
+			}
+		}
+		isValid := func(v string) bool {
+			for _, g := range globs {
+				if g.Match(v) {
+					return true
+				}
+			}
+			return false
 		}
 		// sanitize binds
 		sanitizedBinds := make([]string, 0, len(hostConfig.Binds))
@@ -904,23 +919,26 @@ func (cr *containerReference) sanitizeConfig(ctx context.Context, config *contai
 				sanitizedBinds = append(sanitizedBinds, bind)
 				continue
 			}
-			if _, ok := vv[parsed.Source]; ok {
+			if isValid(parsed.Source) {
 				sanitizedBinds = append(sanitizedBinds, bind)
 			} else {
-				logger.Warnf("[%s] is not a valid volume, will be ignored", bind)
+				logger.Warnf("[%s] is not a valid volume, will be ignored", parsed.Source)
 			}
 		}
 		hostConfig.Binds = sanitizedBinds
 		// sanitize mounts
 		sanitizedMounts := make([]mount.Mount, 0, len(hostConfig.Mounts))
 		for _, mt := range hostConfig.Mounts {
-			if _, ok := vv[mt.Source]; ok {
+			if isValid(mt.Source) {
 				sanitizedMounts = append(sanitizedMounts, mt)
 			} else {
 				logger.Warnf("[%s] is not a valid volume, will be ignored", mt.Source)
 			}
 		}
 		hostConfig.Mounts = sanitizedMounts
+	} else {
+		hostConfig.Binds = []string{}
+		hostConfig.Mounts = []mount.Mount{}
 	}

 	return config, hostConfig
--- a/pkg/container/docker_run_test.go
+++ b/pkg/container/docker_run_test.go
@@ -9,8 +9,12 @@ import (
 	"testing"
 	"time"

+	"github.com/nektos/act/pkg/common"
+
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/client"
+	"github.com/sirupsen/logrus/hooks/test"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 )
@@ -166,3 +170,76 @@ func TestDockerExecFailure(t *testing.T) {

 // Type assert containerReference implements ExecutionsEnvironment
 var _ ExecutionsEnvironment = &containerReference{}
+
+func TestCheckVolumes(t *testing.T) {
+	testCases := []struct {
+		desc          string
+		validVolumes  []string
+		binds         []string
+		expectedBinds []string
+	}{
+		{
+			desc:         "match all volumes",
+			validVolumes: []string{"**"},
+			binds: []string{
+				"shared_volume:/shared_volume",
+				"/home/test/data:/test_data",
+				"/etc/conf.d/base.json:/config/base.json",
+				"sql_data:/sql_data",
+				"/secrets/keys:/keys",
+			},
+			expectedBinds: []string{
+				"shared_volume:/shared_volume",
+				"/home/test/data:/test_data",
+				"/etc/conf.d/base.json:/config/base.json",
+				"sql_data:/sql_data",
+				"/secrets/keys:/keys",
+			},
+		},
+		{
+			desc:         "no volumes can be matched",
+			validVolumes: []string{},
+			binds: []string{
+				"shared_volume:/shared_volume",
+				"/home/test/data:/test_data",
+				"/etc/conf.d/base.json:/config/base.json",
+				"sql_data:/sql_data",
+				"/secrets/keys:/keys",
+			},
+			expectedBinds: []string{},
+		},
+		{
+			desc: "only allowed volumes can be matched",
+			validVolumes: []string{
+				"shared_volume",
+				"/home/test/data",
+				"/etc/conf.d/*.json",
+			},
+			binds: []string{
+				"shared_volume:/shared_volume",
+				"/home/test/data:/test_data",
+				"/etc/conf.d/base.json:/config/base.json",
+				"sql_data:/sql_data",
+				"/secrets/keys:/keys",
+			},
+			expectedBinds: []string{
+				"shared_volume:/shared_volume",
+				"/home/test/data:/test_data",
+				"/etc/conf.d/base.json:/config/base.json",
+			},
+		},
+	}
+	for _, tc := range testCases {
+		t.Run(tc.desc, func(t *testing.T) {
+			logger, _ := test.NewNullLogger()
+			ctx := common.WithLogger(context.Background(), logger)
+			cr := &containerReference{
+				input: &NewContainerInput{
+					ValidVolumes: tc.validVolumes,
+				},
+			}
+			_, hostConf := cr.sanitizeConfig(ctx, &container.Config{}, &container.HostConfig{Binds: tc.binds})
+			assert.Equal(t, tc.expectedBinds, hostConf.Binds)
+		})
+	}
+}
--- a/pkg/runner/action.go
+++ b/pkg/runner/action.go
@@ -377,24 +377,25 @@ func newStepContainer(ctx context.Context, step step, image string, cmd []string
 		networkMode = "default"
 	}
 	stepContainer := container.NewContainer(&container.NewContainerInput{
-		Cmd:         cmd,
-		Entrypoint:  entrypoint,
-		WorkingDir:  rc.JobContainer.ToContainerPath(rc.Config.Workdir),
-		Image:       image,
-		Username:    rc.Config.Secrets["DOCKER_USERNAME"],
-		Password:    rc.Config.Secrets["DOCKER_PASSWORD"],
-		Name:        createSimpleContainerName(rc.jobContainerName(), "STEP-"+stepModel.ID),
-		Env:         envList,
-		Mounts:      mounts,
-		NetworkMode: networkMode,
-		Binds:       binds,
-		Stdout:      logWriter,
-		Stderr:      logWriter,
-		Privileged:  rc.Config.Privileged,
-		UsernsMode:  rc.Config.UsernsMode,
-		Platform:    rc.Config.ContainerArchitecture,
-		Options:     rc.Config.ContainerOptions,
-		AutoRemove:  rc.Config.AutoRemove,
+		Cmd:          cmd,
+		Entrypoint:   entrypoint,
+		WorkingDir:   rc.JobContainer.ToContainerPath(rc.Config.Workdir),
+		Image:        image,
+		Username:     rc.Config.Secrets["DOCKER_USERNAME"],
+		Password:     rc.Config.Secrets["DOCKER_PASSWORD"],
+		Name:         createSimpleContainerName(rc.jobContainerName(), "STEP-"+stepModel.ID),
+		Env:          envList,
+		Mounts:       mounts,
+		NetworkMode:  networkMode,
+		Binds:        binds,
+		Stdout:       logWriter,
+		Stderr:       logWriter,
+		Privileged:   rc.Config.Privileged,
+		UsernsMode:   rc.Config.UsernsMode,
+		Platform:     rc.Config.ContainerArchitecture,
+		Options:      rc.Config.ContainerOptions,
+		AutoRemove:   rc.Config.AutoRemove,
+		ValidVolumes: rc.Config.ValidVolumes,
 	})
 	return stepContainer
 }
--- a/pkg/runner/job_executor.go
+++ b/pkg/runner/job_executor.go
@@ -6,6 +6,7 @@ import (
 	"time"

 	"github.com/nektos/act/pkg/common"
+	"github.com/nektos/act/pkg/container"
 	"github.com/nektos/act/pkg/model"
 )

@@ -125,12 +126,13 @@ func newJobExecutor(info jobInfo, sf stepFactory, rc *RunContext) common.Executo
 			if err = info.stopContainer()(ctx); err != nil {
 				logger.Errorf("Error while stop job container: %v", err)
 			}
-			if rc.Config.ContainerNetworkMode == "" {
+			if !rc.IsHostEnv(ctx) && rc.Config.ContainerNetworkMode == "" {
+				// clean network in docker mode only
 				// if the value of `ContainerNetworkMode` is empty string,
 				// it means that the network to which containers are connecting is created by `act_runner`,
 				// so, we should remove the network at last.
 				logger.Infof("Cleaning up network for job %s, and network name is: %s", rc.JobName, rc.networkName())
-				if err := rc.removeNetwork(rc.networkName())(ctx); err != nil {
+				if err := container.NewDockerNetworkRemoveExecutor(rc.networkName())(ctx); err != nil {
 					logger.Errorf("Error while cleaning network: %v", err)
 				}
 			}
--- a/pkg/runner/reusable_workflow.go
+++ b/pkg/runner/reusable_workflow.go
@@ -34,11 +34,10 @@ func newLocalReusableWorkflowExecutor(rc *RunContext) common.Executor {
 	// uses string format is {owner}/{repo}/.{git_platform}/workflows/{filename}@{ref}
 	uses := fmt.Sprintf("%s/%s@%s", rc.Config.PresetGitHubContext.Repository, trimmedUses, rc.Config.PresetGitHubContext.Sha)

-	remoteReusableWorkflow := newRemoteReusableWorkflowWithPlat(uses)
+	remoteReusableWorkflow := newRemoteReusableWorkflowWithPlat(rc.Config.GitHubInstance, uses)
 	if remoteReusableWorkflow == nil {
 		return common.NewErrorExecutor(fmt.Errorf("expected format {owner}/{repo}/.{git_platform}/workflows/{filename}@{ref}. Actual '%s' Input string was not in a correct format", uses))
 	}
-	remoteReusableWorkflow.URL = rc.Config.GitHubInstance

 	workflowDir := fmt.Sprintf("%s/%s", rc.ActionCacheDir(), safeFilename(uses))

@@ -54,7 +53,7 @@ func newLocalReusableWorkflowExecutor(rc *RunContext) common.Executor {
 func newRemoteReusableWorkflowExecutor(rc *RunContext) common.Executor {
 	uses := rc.Run.Job().Uses

-	remoteReusableWorkflow := newRemoteReusableWorkflowWithPlat(uses)
+	remoteReusableWorkflow := newRemoteReusableWorkflowWithPlat(rc.Config.GitHubInstance, uses)
 	if remoteReusableWorkflow == nil {
 		return common.NewErrorExecutor(fmt.Errorf("expected format {owner}/{repo}/.{git_platform}/workflows/{filename}@{ref}. Actual '%s' Input string was not in a correct format", uses))
 	}
@@ -95,8 +94,10 @@ func cloneIfRequired(rc *RunContext, remoteReusableWorkflow remoteReusableWorkfl
 			return notExists
 		},
 		func(ctx context.Context) error {
-			// Gitea has already full URL with rc.Config.GitHubInstance
-			//remoteReusableWorkflow.URL = rc.getGithubContext(ctx).ServerURL
+			// Do not change the remoteReusableWorkflow.URL, because:
+			// 	1. Gitea doesn't support specifying GithubContext.ServerURL by the GITHUB_SERVER_URL env
+			//	2. Gitea has already full URL with rc.Config.GitHubInstance when calling newRemoteReusableWorkflowWithPlat
+			// remoteReusableWorkflow.URL = rc.getGithubContext(ctx).ServerURL
 			return git.NewGitCloneExecutor(git.NewGitCloneExecutorInput{
 				URL:   remoteReusableWorkflow.CloneURL(),
 				Ref:   remoteReusableWorkflow.Ref,
@@ -163,7 +164,10 @@ func (r *remoteReusableWorkflow) FilePath() string {
 	return fmt.Sprintf("./.%s/workflows/%s", r.GitPlatform, r.Filename)
 }

-func newRemoteReusableWorkflowWithPlat(uses string) *remoteReusableWorkflow {
+// For Gitea
+// newRemoteReusableWorkflowWithPlat create a `remoteReusableWorkflow`
+// workflows from `.gitea/workflows` and `.github/workflows` are supported
+func newRemoteReusableWorkflowWithPlat(url, uses string) *remoteReusableWorkflow {
 	// GitHub docs:
 	// https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_iduses
 	r := regexp.MustCompile(`^([^/]+)/([^/]+)/\.([^/]+)/workflows/([^@]+)@(.*)$`)
@@ -177,6 +181,7 @@ func newRemoteReusableWorkflowWithPlat(uses string) *remoteReusableWorkflow {
 		GitPlatform: matches[3],
 		Filename:    matches[4],
 		Ref:         matches[5],
+		URL:         url,
 	}
 }

--- a/pkg/runner/run_context.go
+++ b/pkg/runner/run_context.go
@@ -375,7 +375,7 @@ func (rc *RunContext) startJobContainer() common.Executor {
 		return common.NewPipelineExecutor(
 			rc.pullServicesImages(rc.Config.ForcePull),
 			rc.JobContainer.Pull(rc.Config.ForcePull),
-			rc.createNetwork(networkName).IfBool(rc.Config.ContainerNetworkMode == ""), // if the value of `ContainerNetworkMode` is empty string, then will create a new network for containers.
+			container.NewDockerNetworkCreateExecutor(networkName).IfBool(!rc.IsHostEnv(ctx) && rc.Config.ContainerNetworkMode == ""), // if the value of `ContainerNetworkMode` is empty string, then will create a new network for containers.
 			rc.startServiceContainers(networkName),
 			rc.JobContainer.Create(rc.Config.ContainerCapAdd, rc.Config.ContainerCapDrop),
 			rc.JobContainer.Start(false),
@@ -392,18 +392,6 @@ func (rc *RunContext) startJobContainer() common.Executor {
 	}
 }

-func (rc *RunContext) createNetwork(name string) common.Executor {
-	return func(ctx context.Context) error {
-		return container.NewDockerNetworkCreateExecutor(name)(ctx)
-	}
-}
-
-func (rc *RunContext) removeNetwork(name string) common.Executor {
-	return func(ctx context.Context) error {
-		return container.NewDockerNetworkRemoveExecutor(name)(ctx)
-	}
-}
-
 func (rc *RunContext) execJobContainer(cmd []string, env map[string]string, user, workdir string) common.Executor {
 	return func(ctx context.Context) error {
 		return rc.JobContainer.Exec(cmd, env, user, workdir)(ctx)
@@ -512,6 +500,9 @@ func (rc *RunContext) stopServiceContainers() common.Executor {

 // ActionCacheDir is for rc
 func (rc *RunContext) ActionCacheDir() string {
+	if rc.Config.ActionCacheDir != "" {
+		return rc.Config.ActionCacheDir
+	}
 	var xdgCache string
 	var ok bool
 	if xdgCache, ok = os.LookupEnv("XDG_CACHE_HOME"); !ok || xdgCache == "" {
@@ -829,6 +820,15 @@ func (rc *RunContext) getGithubContext(ctx context.Context) *model.GithubContext
 			ghc.Token = preset.Token
 			ghc.RepositoryOwner = preset.RepositoryOwner
 			ghc.RetentionDays = preset.RetentionDays
+
+			instance := rc.Config.GitHubInstance
+			if !strings.HasPrefix(instance, "http://") &&
+				!strings.HasPrefix(instance, "https://") {
+				instance = "https://" + instance
+			}
+			ghc.ServerURL = instance
+			ghc.APIURL = instance + "/api/v1" // the version of Gitea is v1
+			ghc.GraphQLURL = ""               // Gitea doesn't support graphql
 			return ghc
 		}
 	}
@@ -862,6 +862,18 @@ func (rc *RunContext) getGithubContext(ctx context.Context) *model.GithubContext
 		ghc.APIURL = fmt.Sprintf("https://%s/api/v3", rc.Config.GitHubInstance)
 		ghc.GraphQLURL = fmt.Sprintf("https://%s/api/graphql", rc.Config.GitHubInstance)
 	}
+
+	{ // Adapt to Gitea
+		instance := rc.Config.GitHubInstance
+		if !strings.HasPrefix(instance, "http://") &&
+			!strings.HasPrefix(instance, "https://") {
+			instance = "https://" + instance
+		}
+		ghc.ServerURL = instance
+		ghc.APIURL = instance + "/api/v1" // the version of Gitea is v1
+		ghc.GraphQLURL = ""               // Gitea doesn't support graphql
+	}
+
 	// allow to be overridden by user
 	if rc.Config.Env["GITHUB_SERVER_URL"] != "" {
 		ghc.ServerURL = rc.Config.Env["GITHUB_SERVER_URL"]
--- a/pkg/runner/runner.go
+++ b/pkg/runner/runner.go
@@ -24,6 +24,7 @@ type Runner interface {
 type Config struct {
 	Actor                              string                     // the user that triggered the event
 	Workdir                            string                     // path to working directory
+	ActionCacheDir                     string                     // path used for caching action contents
 	BindWorkdir                        bool                       // bind the workdir to the job container
 	EventName                          string                     // name of event to run
 	EventPath                          string                     // path to JSON file to use for event.json in containers
@@ -64,8 +65,7 @@ type Config struct {
 	ContainerNamePrefix   string                       // the prefix of container name
 	ContainerMaxLifetime  time.Duration                // the max lifetime of job containers
 	ContainerNetworkMode  docker_container.NetworkMode // the network mode of job containers (the value of --network)
-	DefaultActionInstance string                       // Deprecated: use DefaultActionsURLs instead.
-	DefaultActionsURLs    []string                     // urls from gitea's `DEFAULT_ACTIONS_URL` config
+	DefaultActionInstance string                       // the default actions web site
 	PlatformPicker        func(labels []string) string // platform picker, it will take precedence over Platforms if isn't nil
 	JobLoggerLevel        *log.Level                   // the level of job logger
 	ValidVolumes          []string                     // only volumes (and bind mounts) in this slice can be mounted on the job container or service containers
--- a/pkg/runner/step_action_remote.go
+++ b/pkg/runner/step_action_remote.go
@@ -5,13 +5,11 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"net/http"
 	"os"
 	"path"
 	"path/filepath"
 	"regexp"
 	"strings"
-	"time"

 	gogit "github.com/go-git/go-git/v5"

@@ -20,8 +18,6 @@ import (
 	"github.com/nektos/act/pkg/model"
 )

-var detectActionClient = http.Client{Timeout: 5 * time.Second}
-
 type stepActionRemote struct {
 	Step                *model.Step
 	RunContext          *RunContext
@@ -43,14 +39,18 @@ func (sar *stepActionRemote) prepareActionExecutor() common.Executor {
 			return nil
 		}

+		// For gitea:
+		// Since actions can specify the download source via a url prefix.
+		// The prefix may contain some sensitive information that needs to be stored in secrets,
+		// so we need to interpolate the expression value for uses first.
+		sar.Step.Uses = sar.RunContext.NewExpressionEvaluator(ctx).Interpolate(ctx, sar.Step.Uses)
+
 		sar.remoteAction = newRemoteAction(sar.Step.Uses)
 		if sar.remoteAction == nil {
 			return fmt.Errorf("Expected format {org}/{repo}[/path]@ref. Actual '%s' Input string was not in a correct format", sar.Step.Uses)
 		}

 		github := sar.getGithubContext(ctx)
-		sar.remoteAction.URL = github.ServerURL
-
 		if sar.remoteAction.IsCheckout() && isLocalCheckout(github, sar.Step) && !sar.RunContext.Config.NoSkipCheckout {
 			common.Logger(ctx).Debugf("Skipping local actions/checkout because workdir was already copied")
 			return nil
@@ -63,14 +63,9 @@ func (sar *stepActionRemote) prepareActionExecutor() common.Executor {
 			}
 		}

-		cloneURL, err := sar.remoteAction.GetAvailableCloneURL(sar.RunContext.Config.DefaultActionsURLs)
-		if err != nil {
-			return fmt.Errorf("failed to get available clone url of [%s] action, error: %w", sar.Step.Uses, err)
-		}
-
 		actionDir := fmt.Sprintf("%s/%s", sar.RunContext.ActionCacheDir(), safeFilename(sar.Step.Uses))
 		gitClone := stepActionRemoteNewCloneExecutor(git.NewGitCloneExecutorInput{
-			URL:   cloneURL,
+			URL:   sar.remoteAction.CloneURL(sar.RunContext.Config.DefaultActionInstance),
 			Ref:   sar.remoteAction.Ref,
 			Dir:   actionDir,
 			Token: "", /*
@@ -225,14 +220,15 @@ type remoteAction struct {
 	Ref  string
 }

-func (ra *remoteAction) CloneURL(defaultURL string) string {
-	u := ra.URL
-	if u == "" {
-		u = defaultURL
-	}
-	if !strings.HasPrefix(u, "http://") && !strings.HasPrefix(u, "https://") {
-		u = "https://" + u
+func (ra *remoteAction) CloneURL(u string) string {
+	if ra.URL == "" {
+		if !strings.HasPrefix(u, "http://") && !strings.HasPrefix(u, "https://") {
+			u = "https://" + u
+		}
+	} else {
+		u = ra.URL
 	}
+
 	return fmt.Sprintf("%s/%s/%s", u, ra.Org, ra.Repo)
 }

@@ -243,29 +239,6 @@ func (ra *remoteAction) IsCheckout() bool {
 	return false
 }

-func (ra *remoteAction) GetAvailableCloneURL(actionURLs []string) (string, error) {
-	for _, u := range actionURLs {
-		cloneURL := ra.CloneURL(u)
-		resp, err := detectActionClient.Get(cloneURL)
-		if err != nil {
-			return "", err
-		}
-		defer resp.Body.Close()
-
-		switch resp.StatusCode {
-		case http.StatusOK:
-			return cloneURL, nil
-		case http.StatusNotFound:
-			continue
-
-		default:
-			return "", fmt.Errorf("unexpected http status code: %d", resp.StatusCode)
-		}
-	}
-
-	return "", fmt.Errorf("no available url found")
-}
-
 func newRemoteAction(action string) *remoteAction {
 	// support http(s)://host/owner/repo@v3
 	for _, schema := range []string{"https://", "http://"} {
--- a/pkg/runner/step_docker.go
+++ b/pkg/runner/step_docker.go
@@ -114,23 +114,24 @@ func (sd *stepDocker) newStepContainer(ctx context.Context, image string, cmd []

 	binds, mounts := rc.GetBindsAndMounts()
 	stepContainer := ContainerNewContainer(&container.NewContainerInput{
-		Cmd:         cmd,
-		Entrypoint:  entrypoint,
-		WorkingDir:  rc.JobContainer.ToContainerPath(rc.Config.Workdir),
-		Image:       image,
-		Username:    rc.Config.Secrets["DOCKER_USERNAME"],
-		Password:    rc.Config.Secrets["DOCKER_PASSWORD"],
-		Name:        createSimpleContainerName(rc.jobContainerName(), "STEP-"+step.ID),
-		Env:         envList,
-		Mounts:      mounts,
-		NetworkMode: fmt.Sprintf("container:%s", rc.jobContainerName()),
-		Binds:       binds,
-		Stdout:      logWriter,
-		Stderr:      logWriter,
-		Privileged:  rc.Config.Privileged,
-		UsernsMode:  rc.Config.UsernsMode,
-		Platform:    rc.Config.ContainerArchitecture,
-		AutoRemove:  rc.Config.AutoRemove,
+		Cmd:          cmd,
+		Entrypoint:   entrypoint,
+		WorkingDir:   rc.JobContainer.ToContainerPath(rc.Config.Workdir),
+		Image:        image,
+		Username:     rc.Config.Secrets["DOCKER_USERNAME"],
+		Password:     rc.Config.Secrets["DOCKER_PASSWORD"],
+		Name:         createSimpleContainerName(rc.jobContainerName(), "STEP-"+step.ID),
+		Env:          envList,
+		Mounts:       mounts,
+		NetworkMode:  fmt.Sprintf("container:%s", rc.jobContainerName()),
+		Binds:        binds,
+		Stdout:       logWriter,
+		Stderr:       logWriter,
+		Privileged:   rc.Config.Privileged,
+		UsernsMode:   rc.Config.UsernsMode,
+		Platform:     rc.Config.ContainerArchitecture,
+		AutoRemove:   rc.Config.AutoRemove,
+		ValidVolumes: rc.Config.ValidVolumes,
 	})
 	return stepContainer
 }
Author	SHA1	Message	Date
sillyguodong	cdc6d4bc6a	Support expression in `uses` (#75 ) Since actions can specify the download source via a url prefix. The prefix may contain some sensitive information that needs to be stored in secrets or variable context, so we need to interpolate the expression value for`uses` firstly. Reviewed-on: https://gitea.com/gitea/act/pulls/75 Co-authored-by: sillyguodong <gedong_1994@163.com> Co-committed-by: sillyguodong <gedong_1994@163.com>	2023-07-17 03:46:34 +00:00
Zettat123	2069b04779	Fix missed `ValidVolumes` for docker steps (#74 ) Fixes https://gitea.com/gitea/act_runner/issues/277 Thanks @ChristopherHX for finding the cause of the bug. Reviewed-on: https://gitea.com/gitea/act/pulls/74 Co-authored-by: Zettat123 <zettat123@gmail.com> Co-committed-by: Zettat123 <zettat123@gmail.com>	2023-07-11 02:08:22 +00:00
sati.ac	3813f40cba	use remoteAction.URL if not empty (#71 ) Fixes https://github.com/go-gitea/gitea/issues/25615 Reviewed-on: https://gitea.com/gitea/act/pulls/71 Co-authored-by: sati.ac <sati.ac@noreply.gitea.com> Co-committed-by: sati.ac <sati.ac@noreply.gitea.com>	2023-07-03 03:43:44 +00:00
Jason Song	eb19987893	Revert "Support for multiple default URLs for getting actions (#58 )" (#70 ) Follow https://github.com/go-gitea/gitea/pull/25581 . Reviewed-on: https://gitea.com/gitea/act/pulls/70	2023-06-30 07:45:13 +00:00
Zettat123	545802b97b	Fix the error when removing network in self-hosted mode (#69 ) Fixes https://gitea.com/gitea/act_runner/issues/255 Reviewed-on: https://gitea.com/gitea/act/pulls/69 Co-authored-by: Zettat123 <zettat123@gmail.com> Co-committed-by: Zettat123 <zettat123@gmail.com>	2023-06-28 02:27:12 +00:00
Tomasz Duda	515c2c429d	fix action cloning, set correct server_url for act_runner exec (#68 ) 1. Newest act is not able to clone action based on --default-actions-url It might be side effect of https://gitea.com/gitea/act/pulls/67. 2. Set correct server_url, api_url, graphql_url for act_runner exec Reviewed-on: https://gitea.com/gitea/act/pulls/68 Reviewed-by: Jason Song <i@wolfogre.com> Co-authored-by: Tomasz Duda <tomaszduda23@gmail.com> Co-committed-by: Tomasz Duda <tomaszduda23@gmail.com>	2023-06-20 07:36:10 +00:00
Zettat123	a165e17878	Add support for glob syntax when checking volumes (#64 ) Follow #60 Reviewed-on: https://gitea.com/gitea/act/pulls/64 Reviewed-by: Jason Song <i@wolfogre.com> Co-authored-by: Zettat123 <zettat123@gmail.com> Co-committed-by: Zettat123 <zettat123@gmail.com>	2023-06-16 05:24:01 +00:00
Zettat123	56e103b4ba	Fix the missing URL when using remote reusable workflow (#67 ) Reviewed-on: https://gitea.com/gitea/act/pulls/67 Reviewed-by: Jason Song <i@wolfogre.com> Co-authored-by: Zettat123 <zettat123@gmail.com> Co-committed-by: Zettat123 <zettat123@gmail.com>	2023-06-16 05:12:43 +00:00
Marius Zwicker	422cbdf446	Allow to override location of action cache dir (#65 ) Adds an explicit config option to specify the directory below which action contents will be cached. If left empty the previous location at `$XDG_CACHE_HOME/act` or `$HOME/.cache/act` will be used respectively. Required to resolve gitea/act_runner#235 Co-authored-by: Marius Zwicker <marius@mlba-team.de> Reviewed-on: https://gitea.com/gitea/act/pulls/65 Reviewed-by: Jason Song <i@wolfogre.com> Co-authored-by: Marius Zwicker <emzeat@noreply.gitea.com> Co-committed-by: Marius Zwicker <emzeat@noreply.gitea.com>	2023-06-16 03:41:39 +00:00