Github Actions cannot write to file, permission denied (Inside the docker container)

Question

I'm using a ZAP Dockerfile image[2] to scan for vulnerabilities in the application. The following is my Github actions.

name: CI

on: [push]

jobs:
  build:

    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v1
    - name: run zap
      uses: docker://owasp/zap2docker-stable
      with:
        args: zap-baseline.py -t https://www.example.com

So basically this image has a folder called /home/zap/ and it is trying to write a file to this location. What I don't understand is why Github's actions is throwing an IOError: [Errno 13] Permission denied: for persisting inside a docker container. The container is using a zap user. Have anyone else came across similar permission issues for file writing in Github Actions?

[1] - https://github.com/sshniro/actions-test-repo/commit/3fb6cfa2c883099f300dba5383fa61c708f2a48f/checks?check_suite_id=312860807

[2] - https://github.com/zaproxy/zaproxy/blob/develop/docker/Dockerfile-stable

Answer 1

If the docker uses another user then we would get a permission issue when persisting to the local directory. The following is the configuration I used to fix this:

name: ZAP
on: push
jobs:
  scan:
    runs-on: ubuntu-latest
    container:
      image: owasp/zap2docker-stable
      options: --user root -v ${{ github.workspace }}:/zap/wrk/:rw
    steps:
      - run: pwd && ls -l
      - name: run zap baseline scan
        run: zap-baseline.py -t https://example.com -x report_xml.xml || echo 0

In here we are overriding the user via the options parameter.