Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

/github/home in K8s mode #181

Open
klaernie opened this issue Oct 8, 2024 · 1 comment
Open

/github/home in K8s mode #181

klaernie opened this issue Oct 8, 2024 · 1 comment

Comments

@klaernie
Copy link

klaernie commented Oct 8, 2024

If I understand

runner-container-hooks/packages/k8s/src/k8s/utils.ts

Lines 18 to 68 in 73655d4

export function containerVolumes(
userMountVolumes: Mount[] = [],
jobContainer = true,
containerAction = false
): k8s.V1VolumeMount[] {
const mounts: k8s.V1VolumeMount[] = [
{
name: POD_VOLUME_NAME,
mountPath: '/__w'
}
]
const workspacePath = process.env.GITHUB_WORKSPACE as string
if (containerAction) {
const i = workspacePath.lastIndexOf('_work/')
const workspaceRelativePath = workspacePath.slice(i + '_work/'.length)
mounts.push(
{
name: POD_VOLUME_NAME,
mountPath: '/github/workspace',
subPath: workspaceRelativePath
},
{
name: POD_VOLUME_NAME,
mountPath: '/github/file_commands',
subPath: '_temp/_runner_file_commands'
},
{
name: POD_VOLUME_NAME,
mountPath: '/github/workflow',
subPath: '_temp/_github_workflow'
}
)
return mounts
}
if (!jobContainer) {
return mounts
}
mounts.push(
{
name: POD_VOLUME_NAME,
mountPath: '/__e',
subPath: 'externals'
},
{
name: POD_VOLUME_NAME,
mountPath: '/github/home',
subPath: '_temp/_github_home'
},
correctly /github/home does not get added to pods executing a docker container.

Some images however (like super-linter) expect /github/home to be existent and writable. In my specific case I found out, that when running super-linter in a k8s-mode selfhosted runner it fails to execute, since it tries to modify the user's .gitconfig (to mark /github/workspace a git safe directory), which fails since the entire homedir does not exist. I've opened super-linter/super-linter#6242 do fix this issue for super-linter, but I would expect that there are more actions out in the wild that will fail in a similar fashion.

Is there any specific reason why this volume mount is excluded?
@klaernie klaernie mentioned this issue Oct 10, 2024
Merged
10 tasks
@gbuskey
Copy link

gbuskey commented Nov 26, 2024
edited
Loading

I ran into the same issue today when deploying self-hosted k8s runners and attempting to run a docker action that created and modified a file at /github/home/<foo>.txt.

I pulled down the hooks repo and built it into a new actions-runner image with the addition of the volume mount specified for the job container here, which appeared to sort of work.

Is /github/home reserved for use by the primary job container? Would love input from the @actions/actions-launch team

The one oddity I noticed (that I still haven't fixed) is attempting to run the same docker action twice in a row causes the second to fail with an HttpError: HTTP request failed error.

Edit: turns out the HTTP failure was because the action in question was polluting the environment with a value that could not be turned into a Kubernetes secret, but the error message was hidden. Opened a PR to surface the message for future users.

gbuskey added a commit to gbuskey/runner-container-hooks that referenced this issue Nov 27, 2024
@gbuskey
feat: add /github/home to containerAction mounts actions#181
5a2288e
gbuskey added a commit to gbuskey/runner-container-hooks that referenced this issue Nov 27, 2024
@gbuskey
fix: add debug logging for failed secret creations actions#181
10da772
@gbuskey gbuskey mentioned this issue Nov 27, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@klaernie @gbuskey