Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to enable non-docker actions to access docker-created files on my self hosted github actions runner? (rootless docker)

Tags:

github

docker

containers

github-actions

rootless

Github recommending running their runner as a non-root user gives rise to some issues surrounding mixing docker and non-docker actions. This is quite annoying because it results in the checkout action not being able to run because it can't access the files created by actions run in docker containers.

Can this be solved by running the actions runner with rootless docker?

like image 327
Frederik Baetens Avatar asked Oct 14 '22 22:10

Frederik Baetens

1 Answers

This problem can be solved by running the github actions runner as root, which somewhat reduces security.

A better solution is using rootless docker:

  1. Remove docker from your system if you have previously installed it through Ubuntu's default repositories.
  2. install docker from Docker's repositories as directed here (I also recommend enabling cgroupsV2, as described here) & reboot. This will give you the script in /usr/bin needed to setup rootless docker in the next step.
  3. setup rootless docker as described here.
  4. don't forget to run the following, so docker remains running after you logout (as described in the guide)
systemctl --user enable docker
systemctl --user start docker
sudo loginctl enable-linger $(whoami)

  1. Also make sure to create the rootless context as described on that same page. This will make your own docker commands and the github actions runner automatically use rootless docker.

  2. install the self hosted runner: https://docs.github.com/en/actions/hosting-your-own-runners/adding-self-hosted-runners (skip if already installed)

  3. Add the DOCKER_HOST env var to the .env file in the runner directory. The file might already be created by default. The line you add should look as follows (change the 1000 if your UID is not 1000):

DOCKER_HOST=unix:///run/user/1000/docker.sock
  1. re(start) the actions runner. This can by done by restarting its systemd service. Your runner should now work with rootless docker

If you're having issues with the new docker build github action using buildx, also see How to solve error with rootless docker in github actions self hosted runner: write /proc/sys/net/ipv4/ping_group_range: invalid argument: unknown

like image 85
Frederik Baetens Avatar answered Oct 18 '22 10:10

Frederik Baetens
Sign in to Comment

Related questions

"host not found in upstream ..." when using 'kubectl apply -f' but works in 'docker-compose up'
Possible buffer size limit in mpi4py Reduce()
How to run sidekiq in a separate different docker container apart from application
Docker: MySQL container bind host mysqld socket
Unsupported config option for services.networks: 'my_network'
How to count number of executed instructions of a process id including child processes
Docker : compose file is incompatible with Amazon ECS
Deploy ASP.NET Core Docker project - get a 405 error (locally in my IIS, web requests works). How to fix it?
Impact of yum install on Docker layer size
Cannot connect Wordpress on external dbgetaddrinfo failed: Name or service not known
Failed to launch Base! /app/.local-chromium/Linux-706915/chrome-linux/chrome: ... libX11.so.6
Date conversion code behaving different on different machines
VirtualBox and Vagrant stops working after Docker desktop instalation on Win10 pro
WSL2 Caddy Reverse Proxy In Docker
Unexpected bash readable test result with GitHub Actions
JRE version with jib (Docker)
Communicating between 2 flask apps in docker containers
Docker: How to solve the public key error in ubuntu while installing docker
Why is docker build taking so long to run?
Configuring AppSettings with ASP.Net Core on Azure Web App for Containers: Whither Colons?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!