gitea/act
43
19
Fork 25
Code Issues 5 Pull Requests 3 Actions Releases 26 Activity

Check volumes #60

Merged
wolfogre merged 4 commits from Zettat123/act:check-volumes into main 2023-06-05 09:22:01 +00:00
Conversation 0 Commits 4 Files Changed 4 +96 -14
Zettat123 commented 2023-06-01 10:22:05 +00:00
Member
Copy Link

This PR adds a ValidVolumes config. Users can specify the volumes (including bind mounts) that can be mounted to containers by this config.

Options related to volumes:

In addition, volumes specified by options will also be checked.

Currently, the following default volumes (see

pkg/runner/run_context.go Lines 116 to 166 in a72822b3f8
// Returns the binds and mounts for the container, resolving paths as appopriate
func (rc *RunContext) GetBindsAndMounts() ([]string, map[string]string) {
name := rc.jobContainerName()
if rc.Config.ContainerDaemonSocket == "" {
rc.Config.ContainerDaemonSocket = "/var/run/docker.sock"
}
binds := []string{}
if rc.Config.ContainerDaemonSocket != "-" {
daemonPath := getDockerDaemonSocketMountPath(rc.Config.ContainerDaemonSocket)
binds = append(binds, fmt.Sprintf("%s:%s", daemonPath, "/var/run/docker.sock"))
}
ext := container.LinuxContainerEnvironmentExtensions{}
mounts := map[string]string{
"act-toolcache": "/toolcache",
name + "-env": ext.GetActPath(),
}
if job := rc.Run.Job(); job != nil {
if container := job.Container(); container != nil {
for _, v := range container.Volumes {
if !strings.Contains(v, ":") || filepath.IsAbs(v) {
// Bind anonymous volume or host file.
binds = append(binds, v)
} else {
// Mount existing volume.
paths := strings.SplitN(v, ":", 2)
mounts[paths[0]] = paths[1]
}
}
}
}
if rc.Config.BindWorkdir {
bindModifiers := ""
if runtime.GOOS == "darwin" {
bindModifiers = ":delegated"
}
if selinux.GetEnabled() {
bindModifiers = ":z"
}
binds = append(binds, fmt.Sprintf("%s:%s%s", rc.Config.Workdir, ext.ToContainerPath(rc.Config.Workdir), bindModifiers))
} else {
mounts[name] = ext.ToContainerPath(rc.Config.Workdir)
}
return binds, mounts
}
) will be added to ValidVolumes:

  • act-toolcache
  • <container-name> and <container-name>-env
  • /var/run/docker.sock (We need to add a new configuration to control whether the docker daemon can be mounted)
This PR adds a `ValidVolumes` config. Users can specify the volumes (including bind mounts) that can be mounted to containers by this config. Options related to volumes: - [jobs.<job_id>.container.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idcontainervolumes) - [jobs.<job_id>.services.<service_id>.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idvolumes) In addition, volumes specified by `options` will also be checked. Currently, the following default volumes (see https://gitea.com/gitea/act/src/commit/a72822b3f83d3e68ffc697101b713b7badf57e2f/pkg/runner/run_context.go#L116-L166) will be added to `ValidVolumes`: - `act-toolcache` - `<container-name>` and `<container-name>-env` - `/var/run/docker.sock` (We need to add a new configuration to control whether the docker daemon can be mounted)
Zettat123 added 1 commit 2023-06-01 10:22:07 +00:00
add sanitizeConfig
All checks were successful
checks / check and test (pull_request) Successful in 47s
Details
2e0a9d661e
Zettat123 added 1 commit 2023-06-02 01:55:09 +00:00
add logs
All checks were successful
checks / check and test (pull_request) Successful in 29s
Details
a49da126e9
Zettat123 added 1 commit 2023-06-02 10:03:28 +00:00
whitelist
All checks were successful
checks / check and test (pull_request) Successful in 28s
Details
52a41e4fbe
Zettat123 changed title from WIP: Check volumes to Check volumes 2023-06-02 10:20:23 +00:00
wolfogre approved these changes 2023-06-05 09:18:58 +00:00
wolfogre added 1 commit 2023-06-05 09:19:13 +00:00
Merge branch 'main' into check-volumes
All checks were successful
checks / check and test (pull_request) Successful in 30s
Details
5be131e551
wolfogre merged commit 92b4d73376 into main 2023-06-05 09:22:01 +00:00
wolfogre referenced this issue from a commit 2023-06-05 09:22:03 +00:00
Check volumes (#60)
Zettat123 deleted branch check-volumes 2023-06-08 09:11:45 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
wolfogre
Labels
Clear labels   
duplicate

This issue or pull request already exists

  
help wanted

Need some help

  
invalid

Something is wrong

  
kind
bug
Something is not working

  
kind
enhancement
New feature

  
kind
feature

  
kind
question
More information is needed

  
proposal

   
wontfix

This won't be fixed

No Label
duplicate
help wanted
invalid
kind
bug
kind
enhancement
kind
feature
kind
question
proposal
wontfix
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: gitea/act#60
No description provided.
Delete Branch "Zettat123/act:check-volumes"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?