Docker permissions issue when running pipeline #52

Closed
opened 2023-03-15 20:53:15 +00:00 by Matt0009 · 8 comments

Running this script from the blog post about gitea actions

pipeline.yml:

# .gitea/workflows/build.yaml
name: Gitea Actions Demo
run-name: ${{ github.actor }} is testing out Gitea Actions 🚀
on: [push]
jobs:
  Explore-Gitea-Actions:
    runs-on: ubuntu-latest
    steps:
      - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
      - run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by Gitea!"
      - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
      - name: Check out repository code
        uses: actions/checkout@v3
      - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
      - run: echo "🖥️ The workflow is now ready to test your code on the runner."
      - name: List files in the repository
        run: |
          ls ${{ github.workspace }}
      - run: echo "🍏 This job's status is ${{ job.status }}."

Log:

time="2023-03-15T20:52:02Z" level=info msg="workflow prepared" buildID=6
[Gitea Actions Demo/Explore-Gitea-Actions] [DEBUG] evaluating expression 'success()'
[Gitea Actions Demo/Explore-Gitea-Actions] [DEBUG] expression 'success()' evaluated to 'true'
[Gitea Actions Demo/Explore-Gitea-Actions] 🚀  Start image=node:16-bullseye
[Gitea Actions Demo/Explore-Gitea-Actions]   🐳  docker pull image=node:16-bullseye platform= username= forcePull=false
[Gitea Actions Demo/Explore-Gitea-Actions] [DEBUG]   🐳  docker pull node:16-bullseye
[Gitea Actions Demo/Explore-Gitea-Actions] [DEBUG] Image exists? true
[Gitea Actions Demo/Explore-Gitea-Actions]   🐳  docker create image=node:16-bullseye platform= entrypoint=["/bin/sleep" "3600"] cmd=[]
[Gitea Actions Demo/Explore-Gitea-Actions] [DEBUG] Common container.Config ==> &{Hostname: Domainname: User: AttachStdin:false AttachStdout:false AttachStderr:false ExposedPorts:map[] Tty:true OpenStdin:false StdinOnce:false Env:[RUNNER_TOOL_CACHE=/opt/hostedtoolcache RUNNER_OS=Linux RUNNER_ARCH=amd64 RUNNER_TEMP=/tmp] Cmd:[] Healthcheck:<nil> ArgsEscaped:false Image:node:16-bullseye Volumes:map[] WorkingDir:/mnt/c/Users/Matt/downloads/act_runner Entrypoint:[] NetworkDisabled:false MacAddress: OnBuild:[] Labels:map[] StopSignal: StopTimeout:<nil> Shell:[]}
[Gitea Actions Demo/Explore-Gitea-Actions] [DEBUG] Common container.HostConfig ==> &{Binds:[/var/run/docker.sock:/var/run/docker.sock] ContainerIDFile: LogConfig:{Type: Config:map[]} NetworkMode:bridge PortBindings:map[] RestartPolicy:{Name: MaximumRetryCount:0} AutoRemove:true VolumeDriver: VolumesFrom:[] CapAdd:[] CapDrop:[] CgroupnsMode: DNS:[] DNSOptions:[] DNSSearch:[] ExtraHosts:[] GroupAdd:[] IpcMode: Cgroup: Links:[] OomScoreAdj:0 PidMode: Privileged:false PublishAllPorts:false ReadonlyRootfs:false SecurityOpt:[] StorageOpt:map[] Tmpfs:map[] UTSMode: UsernsMode: ShmSize:0 Sysctls:map[] Runtime: ConsoleSize:[0 0] Isolation: Resources:{CPUShares:0 Memory:0 NanoCPUs:0 CgroupParent: BlkioWeight:0 BlkioWeightDevice:[] BlkioDeviceReadBps:[] BlkioDeviceWriteBps:[] BlkioDeviceReadIOps:[] BlkioDeviceWriteIOps:[] CPUPeriod:0 CPUQuota:0 CPURealtimePeriod:0 CPURealtimeRuntime:0 CpusetCpus: CpusetMems: Devices:[] DeviceCgroupRules:[] DeviceRequests:[] KernelMemory:0 KernelMemoryTCP:0 MemoryReservation:0 MemorySwap:0 MemorySwappiness:<nil> OomKillDisable:<nil> PidsLimit:<nil> Ulimits:[] CPUCount:0 CPUPercent:0 IOMaximumIOps:0 IOMaximumBandwidth:0} Mounts:[{Type:volume Source:act-toolcache Target:/toolcache ReadOnly:false Consistency: BindOptions:<nil> VolumeOptions:<nil> TmpfsOptions:<nil>} {Type:volume Source:GITEA-ACTIONS-TASK-6_WORKFLOW-Gitea-Actions-Demo_JOB-Explore-Gitea-Actions-env Target:/var/run/act ReadOnly:false Consistency: BindOptions:<nil> VolumeOptions:<nil> TmpfsOptions:<nil>} {Type:volume Source:GITEA-ACTIONS-TASK-6_WORKFLOW-Gitea-Actions-Demo_JOB-Explore-Gitea-Actions Target:/mnt/c/Users/Matt/downloads/act_runner ReadOnly:false Consistency: BindOptions:<nil> VolumeOptions:<nil> TmpfsOptions:<nil>}] MaskedPaths:[] ReadonlyPaths:[] Init:<nil>}
time="2023-03-15T20:52:03Z" level=info msg="Cleaning up container for job Explore-Gitea-Actions"
time="2023-03-15T20:52:03Z" level=error msg="execute task: failed to create container: 'Error response from daemon: container create: statfs /var/run/docker.sock: permission denied'" func=Poll
Running this script from the blog post about gitea actions pipeline.yml: ``` # .gitea/workflows/build.yaml name: Gitea Actions Demo run-name: ${{ github.actor }} is testing out Gitea Actions 🚀 on: [push] jobs: Explore-Gitea-Actions: runs-on: ubuntu-latest steps: - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." - run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by Gitea!" - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." - name: Check out repository code uses: actions/checkout@v3 - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner." - run: echo "🖥️ The workflow is now ready to test your code on the runner." - name: List files in the repository run: | ls ${{ github.workspace }} - run: echo "🍏 This job's status is ${{ job.status }}." ``` Log: ``` time="2023-03-15T20:52:02Z" level=info msg="workflow prepared" buildID=6 [Gitea Actions Demo/Explore-Gitea-Actions] [DEBUG] evaluating expression 'success()' [Gitea Actions Demo/Explore-Gitea-Actions] [DEBUG] expression 'success()' evaluated to 'true' [Gitea Actions Demo/Explore-Gitea-Actions] 🚀 Start image=node:16-bullseye [Gitea Actions Demo/Explore-Gitea-Actions] 🐳 docker pull image=node:16-bullseye platform= username= forcePull=false [Gitea Actions Demo/Explore-Gitea-Actions] [DEBUG] 🐳 docker pull node:16-bullseye [Gitea Actions Demo/Explore-Gitea-Actions] [DEBUG] Image exists? true [Gitea Actions Demo/Explore-Gitea-Actions] 🐳 docker create image=node:16-bullseye platform= entrypoint=["/bin/sleep" "3600"] cmd=[] [Gitea Actions Demo/Explore-Gitea-Actions] [DEBUG] Common container.Config ==> &{Hostname: Domainname: User: AttachStdin:false AttachStdout:false AttachStderr:false ExposedPorts:map[] Tty:true OpenStdin:false StdinOnce:false Env:[RUNNER_TOOL_CACHE=/opt/hostedtoolcache RUNNER_OS=Linux RUNNER_ARCH=amd64 RUNNER_TEMP=/tmp] Cmd:[] Healthcheck:<nil> ArgsEscaped:false Image:node:16-bullseye Volumes:map[] WorkingDir:/mnt/c/Users/Matt/downloads/act_runner Entrypoint:[] NetworkDisabled:false MacAddress: OnBuild:[] Labels:map[] StopSignal: StopTimeout:<nil> Shell:[]} [Gitea Actions Demo/Explore-Gitea-Actions] [DEBUG] Common container.HostConfig ==> &{Binds:[/var/run/docker.sock:/var/run/docker.sock] ContainerIDFile: LogConfig:{Type: Config:map[]} NetworkMode:bridge PortBindings:map[] RestartPolicy:{Name: MaximumRetryCount:0} AutoRemove:true VolumeDriver: VolumesFrom:[] CapAdd:[] CapDrop:[] CgroupnsMode: DNS:[] DNSOptions:[] DNSSearch:[] ExtraHosts:[] GroupAdd:[] IpcMode: Cgroup: Links:[] OomScoreAdj:0 PidMode: Privileged:false PublishAllPorts:false ReadonlyRootfs:false SecurityOpt:[] StorageOpt:map[] Tmpfs:map[] UTSMode: UsernsMode: ShmSize:0 Sysctls:map[] Runtime: ConsoleSize:[0 0] Isolation: Resources:{CPUShares:0 Memory:0 NanoCPUs:0 CgroupParent: BlkioWeight:0 BlkioWeightDevice:[] BlkioDeviceReadBps:[] BlkioDeviceWriteBps:[] BlkioDeviceReadIOps:[] BlkioDeviceWriteIOps:[] CPUPeriod:0 CPUQuota:0 CPURealtimePeriod:0 CPURealtimeRuntime:0 CpusetCpus: CpusetMems: Devices:[] DeviceCgroupRules:[] DeviceRequests:[] KernelMemory:0 KernelMemoryTCP:0 MemoryReservation:0 MemorySwap:0 MemorySwappiness:<nil> OomKillDisable:<nil> PidsLimit:<nil> Ulimits:[] CPUCount:0 CPUPercent:0 IOMaximumIOps:0 IOMaximumBandwidth:0} Mounts:[{Type:volume Source:act-toolcache Target:/toolcache ReadOnly:false Consistency: BindOptions:<nil> VolumeOptions:<nil> TmpfsOptions:<nil>} {Type:volume Source:GITEA-ACTIONS-TASK-6_WORKFLOW-Gitea-Actions-Demo_JOB-Explore-Gitea-Actions-env Target:/var/run/act ReadOnly:false Consistency: BindOptions:<nil> VolumeOptions:<nil> TmpfsOptions:<nil>} {Type:volume Source:GITEA-ACTIONS-TASK-6_WORKFLOW-Gitea-Actions-Demo_JOB-Explore-Gitea-Actions Target:/mnt/c/Users/Matt/downloads/act_runner ReadOnly:false Consistency: BindOptions:<nil> VolumeOptions:<nil> TmpfsOptions:<nil>}] MaskedPaths:[] ReadonlyPaths:[] Init:<nil>} time="2023-03-15T20:52:03Z" level=info msg="Cleaning up container for job Explore-Gitea-Actions" time="2023-03-15T20:52:03Z" level=error msg="execute task: failed to create container: 'Error response from daemon: container create: statfs /var/run/docker.sock: permission denied'" func=Poll ```

Are you running with WSL or plain Windows?

Are you running with WSL or plain Windows?
Author

Plain windows currently, should I be in wsl?

Plain windows currently, should I be in wsl?

Plain windows currently, should I be in wsl?

oh no, I was just asking for debugging sake.

Either should be fine, but the runner is looking for the docker socket using a linux path, which clearly is a bug.

A workaround could be to use to manually set the label on your runner to self-hosted so that the runner doesn't try to use docker when builds are passed to it. In your yaml you'll need to change runs-on: ubuntu-latest to runs-on: self-hosted in that case. A caveat is that you probably will need to have nodejs installed on your machine as well.

General warnings: This will mean your builds are not containerized meaning they will run as the same windows user that is running the act_runner binary. Be aware of this, and only run pipelines you trust.

Going to keep this open to work through the windows stuff myself as well.

> Plain windows currently, should I be in wsl? oh no, I was just asking for debugging sake. Either should be fine, but the runner is looking for the docker socket using a linux path, which clearly is a bug. A workaround could be to use to manually set the label on your runner to `self-hosted` so that the runner doesn't try to use docker when builds are passed to it. In your yaml you'll need to change `runs-on: ubuntu-latest` to `runs-on: self-hosted` in that case. A caveat is that you probably will need to have nodejs installed on your machine as well. General warnings: This will mean your builds are not containerized meaning they will run as the same windows user that is running the act_runner binary. Be aware of this, and only run pipelines you trust. Going to keep this open to work through the windows stuff myself as well.
Author

Workaround got me further setting to self-hosted (I do have node installed)

It got into the second step this time:

echo "? The job was automatically triggered by a ${{ github.event_name }} event."
5s
1
/bin/bash: C:UsersMatt.cacheactb636e0a5cc1fe8a7act/workflow/0: No such file or directory

Could be just how it outputted but it looks like that path is missing some of the slashes

The directory C:\Users\Matt\.cache\act\<hash>\workflow does exist on my machine until it's cleaned up when the task fails

Should I create a separate issue for this?

Workaround got me further setting to self-hosted (I do have node installed) It got into the second step this time: ``` echo "? The job was automatically triggered by a ${{ github.event_name }} event." 5s 1 /bin/bash: C:UsersMatt.cacheactb636e0a5cc1fe8a7act/workflow/0: No such file or directory ``` Could be just how it outputted but it looks like that path is missing some of the slashes The directory `C:\Users\Matt\.cache\act\<hash>\workflow` does exist on my machine until it's cleaned up when the task fails Should I create a separate issue for this?
Member

This issue might help.
When running self-hosted runner on Windows, the default shell need to be specified as powershell.


jobs:
  Job-Name:
    runs-on: self-hosted
    defaults:
      run:
        shell: powershell
    steps:
      - run: echo "Hello world!"

This [issue](https://github.com/nektos/act/issues/1608) might help. When running `self-hosted` runner on Windows, the default shell need to be specified as `powershell`. ``` jobs: Job-Name: runs-on: self-hosted defaults: run: shell: powershell steps: - run: echo "Hello world!" ```
wolfogre added the
reviewed
needs feedback
label 2023-04-04 03:53:36 +00:00

I have a similar issue using act_runner under windows host with a windows container. Could not get the runner to execute '- run: ...'. The paths its using are linux paths which fails in Windows containers.

Trying the workaround in previous comment (self-hosted with powershell), it did not work because the runner tries to pull a linux-based container "node:16-bullseye" which is not available for windows container. I could not figure out why it pulls the node container. When switching to linux-based containers it does pull the image but fails to execute the powershell.

I could execute 'echo "Hello world!"' under windows host with linux container without powershell. But this configuration is not useful for my build environment based on Windows with Visual Studio.

Would be great if self-hosted would work under windows host (with windows containers).

I have a similar issue using act_runner under windows host with a windows container. Could not get the runner to execute '- run: ...'. The paths its using are linux paths which fails in Windows containers. Trying the workaround in previous comment (self-hosted with powershell), it did not work because the runner tries to pull a linux-based container "node:16-bullseye" which is not available for windows container. I could not figure out why it pulls the node container. When switching to linux-based containers it does pull the image but fails to execute the powershell. I could execute 'echo "Hello world!"' under windows host with linux container without powershell. But this configuration is not useful for my build environment based on Windows with Visual Studio. Would be great if self-hosted would work under windows host (with windows containers).
Member

I have a similar issue using act_runner under windows host with a windows container.

Sorry, act_runner doesn't support Windows containers so far. If you want to run a job in Windows environment, you need to register a runner with host label like windows:host and run the runner on a Windows host or vm, and the job's runs-on should also be specified as windows. In host mode, runner will run all the steps of the job on the host directly and docker won't be used.

If there is anything unclear, please feel free to comment.

> I have a similar issue using act_runner under windows host with a windows container. Sorry, `act_runner` doesn't support Windows containers so far. If you want to run a job in Windows environment, you need to register a runner with `host` label like `windows:host` and run the runner on a Windows host or vm, and the job's `runs-on` should also be specified as `windows`. In `host` mode, runner will run all the steps of the job on the host directly and docker won't be used. If there is anything unclear, please feel free to comment.

I configured the runner as you commented before editing (via my emails) and it works. Thanks :-)

Sorry, act_runner doesn't support Windows containers so far. If you want to run a job in Windows environment, you need to register a runner with self-hosted label and run the runner on a Windows host or vm, and the job's runs-on should also be specified as self-hosted. In self-hosted mode, runner will run all the steps of the job on the host directly and docker won't be used.

I configured the runner as you commented before editing (via my emails) and it works. Thanks :-) > Sorry, `act_runner` doesn't support Windows containers so far. If you want to run a job in Windows environment, you need to register a runner with `self-hosted` label and run the runner on a Windows host or vm, and the job's runs-on should also be specified as `self-hosted`. In self-hosted mode, runner will run all the steps of the job on the host directly and docker won't be used.
wolfogre removed the
reviewed
needs feedback
label 2023-04-19 03:18:27 +00:00
Sign in to join this conversation.
No Milestone
No Assignees
4 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: gitea/act_runner#52
No description provided.