Add ValidVolumes
config #226
No reviewers
Labels
No Label
kind
bug
kind
build
kind/compatible
kind
dependencies
kind
docs
kind
enhancement
kind
feature
kind
help wanted
kind
proposal
kind
refactor
related
act
related
environment
related
exec
related
gitea
related
workflow
reviewed
confirmed
reviewed
duplicate
reviewed
invalid
reviewed
needs feedback
reviewed
wontfix
reviewed
workaround
No Milestone
No Assignees
4 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: gitea/act_runner#226
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "Zettat123/act_runner:valid-volumes-config"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Follow gitea/act#60, gitea/act#64
This PR adds the
valid_volumes
configuration.valid_volumes
is a sequence containing the volumes (including bind mounts) that can be mounted to the container. By default,valid_volumes
is empty, which means that no volumes can be mounted. Users can specify multiple valid volumes and glob is supported.All volumes will be allowed when using
exec
to run workflows locally.WIP: Add `ValidVolumes` configto Add `ValidVolumes` config@ -56,0 +56,4 @@
# Volumes (including bind mounts) can be mounted to containers.
# This is a sequence. If the sequence is empty, any volume can be mounted.
# Used for `jobs.<job_id>.container.volumes` or `jobs.<job_id>.services.<service_id>.volumes`
valid_volumes:
Maybe:
And show some examples.
fixed in
fc5c076c1b
But how do you deny any volumes to be mounted?
see my comment
For now, we can specify an invalid volume name to deny any volumes, like thisSince only alphanumeric characters and._-
are allowed in volume names, any volumes whose name matches!
cannot be created.In order to solve this problem completely, maybe we need a new configuration, such asDisableMounts
, if this configuration is true, any volumes or bind mounts will be disabled.Add `ValidVolumes` configto WIP: Add `ValidVolumes` configHow to use it with
act_runner exec
? When I do something likeact_runner exec --container-opts --volume=/file:/file:ro
there is error[/file:/file:ro] is not a valid volume, will be ignored
. nektos/act allows the same by default. Maybe it would be better to do the same?Hmmm was the intention to allow by default ?
Good catch. I think when using
act_runner exec
we should allow any volumes by default.In the latest commit (see
4ed768abac
), thevalid_volumes
is empty by default so no data volumes are allowed except those listed in gitea/act#60WIP: Add `ValidVolumes` configto Add `ValidVolumes` config