gitea/act_runner
61
106
Fork 79
Code Issues 136 Pull Requests 9 Actions Releases 21 Activity

Add ValidVolumes config #226

Merged
wolfogre merged 11 commits from Zettat123/act_runner:valid-volumes-config into main 2023-06-16 06:07:50 +00:00
Conversation 5 Commits 11 Files Changed 6 +73 -75
Zettat123 commented 2023-06-04 13:03:46 +00:00
Member
Copy Link

Follow gitea/act#60, gitea/act#64

This PR adds the valid_volumes configuration. valid_volumes is a sequence containing the volumes (including bind mounts) that can be mounted to the container. By default, valid_volumes is empty, which means that no volumes can be mounted. Users can specify multiple valid volumes and glob is supported.

All volumes will be allowed when using exec to run workflows locally.

Follow https://gitea.com/gitea/act/pulls/60, https://gitea.com/gitea/act/pulls/64 This PR adds the `valid_volumes` configuration. `valid_volumes` is a sequence containing the volumes (including bind mounts) that can be mounted to the container. By default, `valid_volumes` is empty, which means that no volumes can be mounted. Users can specify multiple valid volumes and [glob](https://github.com/gobwas/glob) is supported. All volumes will be allowed when using `exec` to run workflows locally.
Zettat123 added 1 commit 2023-06-04 13:03:48 +00:00
add ValidVolumes Config
Some checks failed
checks / check and test (pull_request) Failing after 49s
Details
8c40ed2098
Zettat123 added 1 commit 2023-06-06 05:15:37 +00:00
Merge branch 'main' into valid-volumes-config
All checks were successful
checks / check and test (pull_request) Successful in 42s
Details
37ce48e3ab
Zettat123 added 1 commit 2023-06-06 05:50:55 +00:00
update comment
All checks were successful
checks / check and test (pull_request) Successful in 40s
Details
a895e8ebd2
Zettat123 changed title from WIP: Add `ValidVolumes` config to Add `ValidVolumes` config 2023-06-06 06:00:49 +00:00
wolfogre reviewed 2023-06-06 06:57:19 +00:00
internal/pkg/config/config.example.yaml Outdated
@ -56,0 +56,4 @@
# Volumes (including bind mounts) can be mounted to containers.
# This is a sequence. If the sequence is empty, any volume can be mounted.
# Used for `jobs.<job_id>.container.volumes` or `jobs.<job_id>.services.<service_id>.volumes`
valid_volumes:
wolfogre commented 2023-06-06 06:57:19 +00:00
Owner
Copy Link

Maybe:

-  valid_volumes:
+  valid_volumes: []

And show some examples.

Maybe: ```diff - valid_volumes: + valid_volumes: [] ``` And show some examples.
👍 1
Zettat123 commented 2023-06-06 07:23:36 +00:00
Author
Member
Copy Link

fixed in fc5c076c1b

fixed in fc5c076c1bfc7229dd5bcf4106a3bb5879aca851
Zettat123 marked this conversation as resolved
Zettat123 added 1 commit 2023-06-06 07:10:40 +00:00
improve valid_volumes instruction
All checks were successful
checks / check and test (pull_request) Successful in 40s
Details
fc5c076c1b
wolfogre approved these changes 2023-06-06 08:18:30 +00:00
Dismissed
lunny approved these changes 2023-06-08 03:55:56 +00:00
Dismissed
lunny commented 2023-06-08 03:56:37 +00:00
Owner
Copy Link

But how do you deny any volumes to be mounted?

But how do you deny any volumes to be mounted?
👍 2
lunny dismissed lunny’s review 2023-06-08 03:56:56 +00:00
Reason:

see my comment

wolfogre dismissed wolfogre’s review 2023-06-08 04:33:13 +00:00
Zettat123 commented 2023-06-08 04:33:33 +00:00
Author
Member
Copy Link

But how do you deny any volumes to be mounted?

For now, we can specify an invalid volume name to deny any volumes, like this

valid_volumes:
  - '!'

Since only alphanumeric characters and ._- are allowed in volume names, any volumes whose name matches ! cannot be created.

In order to solve this problem completely, maybe we need a new configuration, such as DisableMounts, if this configuration is true, any volumes or bind mounts will be disabled.

> But how do you deny any volumes to be mounted? ~~For now, we can specify an invalid volume name to deny any volumes, like this~~ ``` valid_volumes: - '!' ``` ~~Since only alphanumeric characters and `._-` are allowed in volume names, any volumes whose name matches `!` cannot be created.~~ ~~In order to solve this problem completely, maybe we need a new configuration, such as `DisableMounts`, if this configuration is true, any volumes or bind mounts will be disabled.~~
Zettat123 added 1 commit 2023-06-08 06:13:11 +00:00
add comment for denying any volumes
All checks were successful
checks / check and test (pull_request) Successful in 40s
Details
a47e0841a6
wolfogre approved these changes 2023-06-09 01:51:04 +00:00
wolfogre added 1 commit 2023-06-09 01:51:18 +00:00
Merge branch 'main' into valid-volumes-config
All checks were successful
checks / check and test (pull_request) Successful in 41s
Details
5502c5b9fb
Zettat123 changed title from Add `ValidVolumes` config to WIP: Add `ValidVolumes` config 2023-06-09 06:58:11 +00:00
Zettat123 added 1 commit 2023-06-09 10:25:59 +00:00
improve config instruction
All checks were successful
checks / check and test (pull_request) Successful in 57s
Details
4ed768abac
tomaszduda23 commented 2023-06-10 17:21:10 +00:00
Contributor
Copy Link

How to use it with act_runner exec? When I do something like act_runner exec --container-opts --volume=/file:/file:ro there is error [/file:/file:ro] is not a valid volume, will be ignored. nektos/act allows the same by default. Maybe it would be better to do the same?

How to use it with `act_runner exec`? When I do something like `act_runner exec --container-opts --volume=/file:/file:ro` there is error `[/file:/file:ro] is not a valid volume, will be ignored`. nektos/act allows the same by default. Maybe it would be better to do the same?
tomaszduda23 commented 2023-06-10 17:24:33 +00:00
Contributor
Copy Link

But how do you deny any volumes to be mounted?

For now, we can specify an invalid volume name to deny any volumes, like this

valid_volumes:
  - '!'

Hmmm was the intention to allow by default ?

> > But how do you deny any volumes to be mounted? > > ~~For now, we can specify an invalid volume name to deny any volumes, like this~~ > ``` > valid_volumes: > - '!' > ``` Hmmm was the intention to allow by default ?
Zettat123 commented 2023-06-12 01:56:17 +00:00
Author
Member
Copy Link

How to use it with act_runner exec? When I do something like act_runner exec --container-opts --volume=/file:/file:ro there is error [/file:/file:ro] is not a valid volume, will be ignored. nektos/act allows the same by default. Maybe it would be better to do the same?

Good catch. I think when using act_runner exec we should allow any volumes by default.

Hmmm was the intention to allow by default ?

In the latest commit (see 4ed768abac), the valid_volumes is empty by default so no data volumes are allowed except those listed in gitea/act#60

> How to use it with `act_runner exec`? When I do something like `act_runner exec --container-opts --volume=/file:/file:ro` there is error `[/file:/file:ro] is not a valid volume, will be ignored`. nektos/act allows the same by default. Maybe it would be better to do the same? Good catch. I think when using `act_runner exec` we should allow any volumes by default. > Hmmm was the intention to allow by default ? In the latest commit (see 4ed768abacbb9e5e5a97b03061b8c3218bd95113), the `valid_volumes` is empty by default so no data volumes are allowed except those listed in https://gitea.com/gitea/act/pulls/60
Zettat123 added 1 commit 2023-06-13 02:44:33 +00:00
fix exec
All checks were successful
checks / check and test (pull_request) Successful in 56s
Details
50b18cb98e
Zettat123 added 1 commit 2023-06-16 05:34:08 +00:00
Merge branch 'main' into valid-volumes-config
All checks were successful
checks / check and test (pull_request) Successful in 54s
Details
0a71026b2c
Zettat123 added 1 commit 2023-06-16 05:46:36 +00:00
upgrade act
All checks were successful
checks / check and test (pull_request) Successful in 1m17s
Details
2a3586312d
Zettat123 changed title from WIP: Add `ValidVolumes` config to Add `ValidVolumes` config 2023-06-16 05:48:37 +00:00
Zettat123 added 1 commit 2023-06-16 06:00:39 +00:00
fix act version
All checks were successful
checks / check and test (pull_request) Successful in 1m18s
Details
5c36400a43
wolfogre merged commit ec38401097 into main 2023-06-16 06:07:50 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
wolfogre
Labels
Clear labels   
kind
bug
Something is not working

  
kind
build

  
kind/compatible
  
kind
dependencies

  
kind
docs

  
kind
enhancement
New feature

  
kind
feature

  
kind
help wanted
Need some help

  
kind
proposal

  
kind
refactor

  
related
act
Related to act.

  
related
environment
Related to the environment.

  
related
exec

  
related
gitea
Related to Gitea.

  
related
workflow
Related to the workflow file or actions scripts.

  
reviewed
confirmed
confirmed issue

  
reviewed
duplicate
This issue or pull request already exists

  
reviewed
invalid
Something is wrong

  
reviewed
needs feedback

  
reviewed
wontfix
This won't be fixed

  
reviewed
workaround

No Label
kind
bug
kind
build
kind/compatible
kind
dependencies
kind
docs
kind
enhancement
kind
feature
kind
help wanted
kind
proposal
kind
refactor
related
act
related
environment
related
exec
related
gitea
related
workflow
reviewed
confirmed
reviewed
duplicate
reviewed
invalid
reviewed
needs feedback
reviewed
wontfix
reviewed
workaround
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
4 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: gitea/act_runner#226
No description provided.
Delete Branch "Zettat123/act_runner:valid-volumes-config"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?