GitHub Actions ignores/overrides Docker container's entrypoint

Question

I'm trying to port a GitLab Pipeline to GitHub Actions, where we use Docker containers to provide the runtime environment. In GitLab, we simply use a line image: $DOCKER_TAG. The images are built by ourselves, which use a script as the entry point ENTRYPOINT ["/run.sh"]. The script sets up environment (e.g., by sourcing the setvars.sh script for the Intel compilers and calling ulimit -s unlimited, etc.) and calls exec "$@" at the end. For GitHub, I am using

container:
  image: ${{ matrix.DOCKER_TAG }}

However, the commands to be run later cannot find the needed binaries. Looking at the log, it appears that the container was created with --entrypoint "tail", causing the run.sh script to be ignored. I tried adding options: --entrypoint '/run.sh' in the Workflow YAML file, but it did not get reflected in how the container was created and the command still failed.

I may be missing something obvious, though I checked both the documentation and Google. Is there any way to use the entrypoint provided by the image without creating a Docker container action?

UPDATE Two more things I tried:

1. Specifying the /run.sh script as Custom shell: shell: '/run.sh {0}', but got an error

Error: Second path fragment must not be a drive or UNC name. (Parameter 'expression')

2. Using Docker container action or specifying a Docker image to use for a job step. But in both cases the Docker image has to be hard coded (or built fresh every time). Trying to use input arguments like

# Docker container action
image: docker://${{ inputs.docker_tag }}

or

# Job step
- uses: docker://${{ matrix.DOCKER_TAG }}
  with:
    args: ./.github/actions/build/build.sh

will both get an error

Unrecognized named-value: 'inputs'. Located at position 1 within expression: inputs.docker_tag

Answer 1

When you pass a image to a job, it will execute the steps defined in your job inside this container. Your container image only provides the environment in which your steps will be executed. You lose control of the entrypoint and arguments.

If you only want to run your container as a single step you could do something like this instead:

jobs:
  my-job:
    runs-on: ubuntu-latest
    steps:
      - uses: docker://myimage:latest

or if you want to overwrite it:

    steps:
      - uses: docker://myimage:latest
        with:
          entrypoint: /run.sh
          args: --help

Answer 2

I've settled along the lines below. Not ideal/DRY, as the run.sh entrypoint script has to be duplicated from the Docker container and kept up to date. Also, the upload-artifact GitHub Actions does not preserve executable bits, so have to zip everything in a tar file.

jobs:
  build:
    container:
      image: XX/compiler:${{ matrix.DOCKER_TAG }}
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - run: ./.github/scripts/run.sh ./.github/scripts/build.sh
      - uses: actions/upload-artifact@v2
        with:
          name: build-artifact
          path: 'build-*.tar.bz2'
          retention-days: 7
    strategy:
      fail-fast: false
      matrix:
        DOCKER_TAG: [gcc, nvhpc, intel]
        include:
          - DOCKER_TAG: gcc
            FC: gfortran
          - DOCKER_TAG: nvhpc
            FC: nvfortran
          - DOCKER_TAG: intel
            FC: ifort