Move actions path outside of workdir (#701)
* feat: add option to specify user for exec * fix: move actions to static path outside workdir Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
This commit is contained in:
Ryan (hackercat)
GitHub
parent
490039975f
commit
d794e2fe4c
4 changed files with 19 additions and 17 deletions
|
|
@ -68,7 +68,7 @@ type Container interface {
|
|||
CopyDir(destPath string, srcPath string, useGitIgnore bool) common.Executor
|
||||
Pull(forcePull bool) common.Executor
|
||||
Start(attach bool) common.Executor
|
||||
Exec(command []string, env map[string]string) common.Executor
|
||||
Exec(command []string, env map[string]string, user string) common.Executor
|
||||
UpdateFromEnv(srcPath string, env *map[string]string) common.Executor
|
||||
UpdateFromPath(env *map[string]string) common.Executor
|
||||
Remove() common.Executor
|
||||
|
|
@ -145,9 +145,7 @@ func (cr *containerReference) Copy(destPath string, files ...*FileEntry) common.
|
|||
func (cr *containerReference) CopyDir(destPath string, srcPath string, useGitIgnore bool) common.Executor {
|
||||
return common.NewPipelineExecutor(
|
||||
common.NewInfoExecutor("%sdocker cp src=%s dst=%s", logPrefix, srcPath, destPath),
|
||||
cr.connect(),
|
||||
cr.find(),
|
||||
cr.exec([]string{"mkdir", "-p", destPath}, nil),
|
||||
cr.Exec([]string{"mkdir", "-p", destPath}, nil, ""),
|
||||
cr.copyDir(destPath, srcPath, useGitIgnore),
|
||||
).IfNot(common.Dryrun)
|
||||
}
|
||||
|
|
@ -160,11 +158,12 @@ func (cr *containerReference) UpdateFromPath(env *map[string]string) common.Exec
|
|||
return cr.extractPath(env).IfNot(common.Dryrun)
|
||||
}
|
||||
|
||||
func (cr *containerReference) Exec(command []string, env map[string]string) common.Executor {
|
||||
func (cr *containerReference) Exec(command []string, env map[string]string, user string) common.Executor {
|
||||
return common.NewPipelineExecutor(
|
||||
common.NewInfoExecutor("%sdocker exec cmd=[%s] user=%s", logPrefix, strings.Join(command, " "), user),
|
||||
cr.connect(),
|
||||
cr.find(),
|
||||
cr.exec(command, env),
|
||||
cr.exec(command, env, user),
|
||||
).IfNot(common.Dryrun)
|
||||
}
|
||||
|
||||
|
|
@ -407,7 +406,7 @@ func (cr *containerReference) extractPath(env *map[string]string) common.Executo
|
|||
}
|
||||
}
|
||||
|
||||
func (cr *containerReference) exec(cmd []string, env map[string]string) common.Executor {
|
||||
func (cr *containerReference) exec(cmd []string, env map[string]string, user string) common.Executor {
|
||||
return func(ctx context.Context) error {
|
||||
logger := common.Logger(ctx)
|
||||
// Fix slashes when running on Windows
|
||||
|
|
@ -427,6 +426,7 @@ func (cr *containerReference) exec(cmd []string, env map[string]string) common.E
|
|||
}
|
||||
|
||||
idResp, err := cr.cli.ContainerExecCreate(ctx, cr.id, types.ExecConfig{
|
||||
User: user,
|
||||
Cmd: cmd,
|
||||
WorkingDir: cr.input.WorkingDir,
|
||||
Env: envList,
|
||||
|
|
|
|||
|
|
@ -19,6 +19,8 @@ import (
|
|||
"github.com/nektos/act/pkg/model"
|
||||
)
|
||||
|
||||
const ActPath string = "/var/run/act"
|
||||
|
||||
// RunContext contains info about current job
|
||||
type RunContext struct {
|
||||
Name string
|
||||
|
|
@ -77,7 +79,6 @@ func (rc *RunContext) GetBindsAndMounts() ([]string, map[string]string) {
|
|||
|
||||
mounts := map[string]string{
|
||||
"act-toolcache": "/toolcache",
|
||||
"act-actions": "/actions",
|
||||
}
|
||||
|
||||
if rc.Config.BindWorkdir {
|
||||
|
|
@ -150,8 +151,9 @@ func (rc *RunContext) startJobContainer() common.Executor {
|
|||
rc.JobContainer.Create(),
|
||||
rc.JobContainer.Start(false),
|
||||
rc.JobContainer.UpdateFromEnv("/etc/environment", &rc.Env),
|
||||
rc.JobContainer.Exec([]string{"mkdir", "-m", "0777", "-p", ActPath}, rc.Env, "root"),
|
||||
rc.JobContainer.CopyDir(copyToPath, rc.Config.Workdir+string(filepath.Separator)+".", rc.Config.UseGitIgnore).IfBool(copyWorkspace),
|
||||
rc.JobContainer.Copy("/tmp/", &container.FileEntry{
|
||||
rc.JobContainer.Copy(ActPath+"/", &container.FileEntry{
|
||||
Name: "workflow/event.json",
|
||||
Mode: 0644,
|
||||
Body: rc.EventJSON,
|
||||
|
|
@ -169,7 +171,7 @@ func (rc *RunContext) startJobContainer() common.Executor {
|
|||
}
|
||||
func (rc *RunContext) execJobContainer(cmd []string, env map[string]string) common.Executor {
|
||||
return func(ctx context.Context) error {
|
||||
return rc.JobContainer.Exec(cmd, env)(ctx)
|
||||
return rc.JobContainer.Exec(cmd, env, "")(ctx)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -488,7 +490,7 @@ type githubContext struct {
|
|||
func (rc *RunContext) getGithubContext() *githubContext {
|
||||
ghc := &githubContext{
|
||||
Event: make(map[string]interface{}),
|
||||
EventPath: "/tmp/workflow/event.json",
|
||||
EventPath: ActPath + "/workflow/event.json",
|
||||
Workflow: rc.Run.Workflow.Name,
|
||||
RunID: rc.Config.Env["GITHUB_RUN_ID"],
|
||||
RunNumber: rc.Config.Env["GITHUB_RUN_NUMBER"],
|
||||
|
|
@ -660,8 +662,8 @@ func withDefaultBranch(b string, event map[string]interface{}) map[string]interf
|
|||
func (rc *RunContext) withGithubEnv(env map[string]string) map[string]string {
|
||||
github := rc.getGithubContext()
|
||||
env["CI"] = "true"
|
||||
env["GITHUB_ENV"] = "/tmp/workflow/envs.txt"
|
||||
env["GITHUB_PATH"] = "/tmp/workflow/paths.txt"
|
||||
env["GITHUB_ENV"] = ActPath + "/workflow/envs.txt"
|
||||
env["GITHUB_PATH"] = ActPath + "/workflow/paths.txt"
|
||||
env["GITHUB_WORKFLOW"] = github.Workflow
|
||||
env["GITHUB_RUN_ID"] = github.RunID
|
||||
env["GITHUB_RUN_NUMBER"] = github.RunNumber
|
||||
|
|
|
|||
|
|
@ -316,6 +316,6 @@ func TestGetGitHubContext(t *testing.T) {
|
|||
assert.Equal(t, ghc.Repository, "nektos/act")
|
||||
assert.Equal(t, ghc.RepositoryOwner, "nektos")
|
||||
assert.Equal(t, ghc.RunnerPerflog, "/dev/null")
|
||||
assert.Equal(t, ghc.EventPath, "/tmp/workflow/event.json")
|
||||
assert.Equal(t, ghc.EventPath, ActPath+"/workflow/event.json")
|
||||
assert.Equal(t, ghc.Token, rc.Config.Secrets["GITHUB_TOKEN"])
|
||||
}
|
||||
|
|
|
|||
|
|
@ -383,13 +383,13 @@ func (sc *StepContext) getContainerActionPaths(step *model.Step, actionDir strin
|
|||
containerActionDir := "."
|
||||
if !rc.Config.BindWorkdir && step.Type() != model.StepTypeUsesActionRemote {
|
||||
actionName = getOsSafeRelativePath(actionDir, rc.Config.Workdir)
|
||||
containerActionDir = rc.Config.ContainerWorkdir() + "/_actions/" + actionName
|
||||
containerActionDir = ActPath + "/actions/" + actionName
|
||||
} else if step.Type() == model.StepTypeUsesActionRemote {
|
||||
actionName = getOsSafeRelativePath(actionDir, rc.ActionCacheDir())
|
||||
containerActionDir = rc.Config.ContainerWorkdir() + "/_actions/" + actionName
|
||||
containerActionDir = ActPath + "/actions/" + actionName
|
||||
} else if step.Type() == model.StepTypeUsesActionLocal {
|
||||
actionName = getOsSafeRelativePath(actionDir, rc.Config.Workdir)
|
||||
containerActionDir = rc.Config.ContainerWorkdir() + "/_actions/" + actionName
|
||||
containerActionDir = ActPath + "/actions/" + actionName
|
||||
}
|
||||
|
||||
if actionName == "" {
|
||||
|
|
|
|||
Loading…
Reference in a new issue