The `--device` option would do platform-dependent validation, but the
OS was not passed as an argument. When a user added the `--device` option
to the container, it would result in a "Unknown server OS" error.
* feat: CopyTarStream
Prepare for new process and thread safe action cache
* fix unused param
---------
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
* fix: try finding a socket, otherwise fail, respect user choice
* Update cmd/root.go
Co-authored-by: Jason Song <i@wolfogre.com>
* Update cmd/root.go
Co-authored-by: Jason Song <i@wolfogre.com>
---------
Co-authored-by: Jason Song <i@wolfogre.com>
act defaults network mode to "host", but when `--container-options` are
passed on the CLI, it uses the docker CLI options parser, which fills
empty values with defaults, in which case network mode is set to
"default".
Unless the user explicitly sets `--container-options="--network=xxx"`,
we should always default to "host", to keep act's behaviour.
Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
* refactor: share UpdateFromEnv logic
* Add test for GITHUB_OUTPUT
Co-authored-by: Ben Randall <veleek@gmail.com>
* Add GITHUB_STATE test
* Add test for the old broken parser
Co-authored-by: Ben Randall <veleek@gmail.com>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
The io/ioutil package has been deprecated as of Go 1.16 [1]. This commit
replaces the existing io/ioutil functions with their new definitions in
io and os packages.
[1]: https://golang.org/doc/go1.16#ioutil
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
* test: add test for networking setup in act
This test makes sure that the hostname inside of act is resolvable.
* fix: only merge existing container options
When merging parsed container options without options being
set in a job, the default docker options are returned and
will override the expected defaults by act (e.g. network mode).
This is a first attempt to mitigate this behavior and only
merge settings if something was requested on a job.
* refactor: split config merging into own function
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
* fix: support docker create arguments from container.options (#1022)
* fix processing of errors, add verbose logging, fix test
* disable linter for code copied from docker/cli
* fix all linter issues
* Add license info
* Add opts_test.go from docker/cli and required testdata
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
* refactor: ignore already closed error
This hides the `file already cloesd` error as it is
distracting in the output and does not provide any value.
* refactor: use go errors
Co-authored-by: Casey Lee <caseypl@amazon.com>
* feat: use logger from context wherever possible
Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
* feat: add step/job id and results to json logs
Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
* test: value to be masked should not be hard-coded in the action
Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
* fix: replace values following ::add-mask:: in evaluated strings
Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
* feat: [DEBUG] identifier for debug logs to distinguish them
Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
* feat: replace logger with step logger
The container gets injected a job logger, but during the time that steps
are run, we want to use the step logger.
This commit wraps pre/main/post steps in an executor that replaces the
job logger with a step logger.
Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
* feat: add pre/post stage identifier fields to json log output
Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
* feat: add job/step result status to skipped steps/jobs
Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
* feat: handle context cancelation during docker exec
To allow interrupting docker exec (which could be long running)
we process the log output in a go routine and handle
context cancelation as well as command result.
In case of context cancelation a CTRL+C is written into the docker
container. This should be enough to terminate the running
command.
To make sure we do not get stuck during cleanup, we do
set the cleanup contexts with a timeout of 5 minutes
Co-authored-by: Björn Brauer <bjoern.brauer@new-work.se>
Co-authored-by: Philipp Hinrichsen <philipp.hinrichsen@new-work.se>
* feat: handle SIGTERM signal and abort run
* test: on context cancel, abort running command
This test makes sure that whenever the act Context was canceled, the
currently running docker exec is sent a 0x03 (ctrl+c).
Co-authored-by: Björn Brauer <zaubernerd@zaubernerd.de>
* test: make sure the exec funcction handles command exit code
This test makes sure that the exec function does handle
docker command error results
Co-authored-by: Björn Brauer <bjoern.brauer@new-work.se>
Co-authored-by: Philipp Hinrichsen <philipp.hinrichsen@new-work.se>
Co-authored-by: Björn Brauer <zaubernerd@zaubernerd.de>
* refactor: remove composite action runcontext workaround
The RunContext is cloned to execute a composite action with all its
steps in a similar context. This required some workaround, since
the command handler has kept a reference to the original RunContext.
This is solved now, by replacing the docker LogWriter with a proper
scoped LogWriter.
This prepares for a simpler setup of composite actions to be able
to create and re-create the composite RunContext for pre/main/post
action steps.
* test: check env-vars for local js and docker actions
* test: test remote docker and js actions
* fix: merge github context into env when read and setup
* refacotr: simplify composite context setup
* test: use a map matcher to test input setup
* fix: restore composite log output
Since we create a new line writer, we need to log the raw_output as well.
Otherwise no output will be available from the log-writer
* fix: add RunContext JobName to fill GITHUB_JOBNAME
* test: use nektos/act-test-actions
* fix: allow masking values in composite actions
To allow masking of values from composite actions, we need
to use a custom job logger with a reference to the masked
values for the composite run context.
* refactor: keep existing logger for composite actions
To not introduce another new logger while still be able to use
the masking from the composite action, we add the masks to
the go context. To leverage that context, we also add the context
to the log entries where the valueMasker then could get the actual
mask values.
With this way to 'inject' the masked values into the logger, we do
- keep the logger
- keep the coloring
- stay away from inconsistencies due to parallel jobs
* fix: re-add removed color increase
This one should have never removed :-)
* fix: add missing ExtraPath attribute
* fix: merge run context env into composite run context env
This adds a test and fix for the parent environment. It should be
inherited by the composite environment.
* test: add missing test case
* fix: store github token next to secrets
We must not expose the secrets to composite actions, but the
`github.token` is available inside composite actions.
To provide this we store the token in the config and create it in
the GithubContext from there.
The token can be used with `github.token` but is not available as
`secrets.GITHUB_TOKEN`.
This implements the same behavior as on GitHub.
Co-authored-by: Björn Brauer <bjoern.brauer@new-work.se>
Co-authored-by: Marcus Noll <markus.noll@new-work.se>
* fixup! fix: allow masking values in composite actions
* style: use tabs instead of spaces to fix linter errors
Co-authored-by: Björn Brauer <bjoern.brauer@new-work.se>
Co-authored-by: Marcus Noll <markus.noll@new-work.se>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
* fix: copy ignored tracked files
* fix
* refactor: Extract callback to fileCollector
fix: temporary tar archive not deletable on windows
fix: `.*` in gitignore ignores all files
* Move nolint: gocyclo
* pass context as parameter
* goimport
* Add fs interface + one test
* fix lint, also test for ignored non tracked file
* fix filename
* Apply suggestions from code review
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
* fix: align other Docker executors to print action
* fix: formatting
* fix: add proper workdir support
* fix: replace script filepath after slice creation
* fix: match substring so it works for pwsh
+ rename containerPath to scriptPath to reflect what value it contains
This patch adds two new command-line flags to specify one or
more kernel capabilities to add or remove from the workflow
containers.
The command-line flag `--container-cap-add` allows for adding
specific capabilities on the workflow containers; where as,
The command-line flag `--container-cap-drop` allows for removing
specific capabilities on the workflow containers.
This was developed to specifically be able to add `SYS_PTRACE`
to a workflow I maintain. It involves using this capability to
monitor a make build, to then build a compilation database.
Signed-off-by: Joseph Benden <joe@benden.us>
ContainerExecAttach implicitly runs ContainerExecStart while attaching
to stdout/stderr.
Ref: e02bc91dcb/client/container_exec.go (L40)
Calling both can lead to a race condition as observed in #627Fixes: #627
Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
* Regression in the .golangci.yml file
* This looks like an even better fix to #451
The previous solution only prevented the `starting container process caused "exec: \"bash\"`
error when someone added an "extra" path in the workflow using `::add-path`
* Add support for >> $GITHUB_PATH
* The newRunCommand has too high cyclomatic complexity
* Add "linux/arm64" to new test
* The cyclop linter was complaining so I extracted some funcs
* Close some readers
* Fix typo
* fix: add missing composite function
* Fix regress from merging
* Keep the error messages as is
* consolidate with master
* Close the tar reader on defer
* New way to get ContainerWorkdir
* Remove arch from runner test
* Separate the UpdateFromEnv and UpdateFromPath
Co-authored-by: hackercat <me@hackerc.at>
* fix: environment variables sourcing from `/etc/environment`
* fix: move `envs.txt` & `event.json` to `/tmp/`
Since #635 `envs.txt` is not copying properly when running `act` in WSL2
Moving it to fixed location resolves that.
* Add custom docker registry authentication
Uses DOCKER_USERNAME and DOCKER_PASSWORD as secrets provided into
the act cli.
Closes#527
Co-authored-by: Björn Brauer <zaubernerd@zaubernerd.de>
* Add test to check if pull authentication is filled in
* Update debug message to be more descriptive
Co-authored-by: Ryan (hackercat) <me@hackerc.at>
Co-authored-by: Björn Brauer <zaubernerd@zaubernerd.de>
Co-authored-by: Ryan (hackercat) <me@hackerc.at>
* feat: bump `golangci-lint`, add `super-linter`, replace outdated linter
Bump `golangci-lint` version.
Add `super-linter` to lint other languages.
Go linter is disabled because it's currently broken:
https://github.com/github/super-linter/pull/370
Replacing `scopelint` with `exportloopref`: "[runner] The linter
'scopelint' is deprecated (since v1.39.0) due to: The repository of the
linter has been deprecated by the owner. Replaced by exportloopref."
Fixed formatting in `.golangci.yml`
Add addtional linters:
`misspell`: purely style, detects typos in comments
`whitespace`: detects leading and trailing whitespace
`goimports`: it's gofmt + checks unused imports
* fix: lint/fix `go` files
* fix: lint with `standardjs`
* fix: lint/fix with `markdownlint`, make template more verbose
* feat: add lint stuff to makefile
* fix: `UseGitIgnore` formatting
* fix: lint/fix `README.md`
Co-authored-by: Casey Lee <cplee@nektos.com>
* disable gitignore for actions
* feat: Add option to allow/disallow paths specified in .gitignore
Co-authored-by: Alan Birtles <alan.birtles@eu.sony.com>
- Don't set architecture, let Docker host decide it's own platform,
remove `runtime` dependency and don't show default in `--help`
- Remove most tests, we need to check only once if it works on
different platform
- Rename `DeleteImage` to `RemoveImage` to conform to existing
function in `docker` cli, added options to specify `force` and
`pruneChildren`
Commit af5140f13e introduced support for
specifying a container image platform for cross-platform image building.
Unfortunately, attempting to execute a docker command that includes the
`--platform` flag against Docker daemons using API Version 1.40 and
before results in the following error:
```
"specify container image platform" requires API version 1.41, but the Docker daemon API version is 1.40
```
To allow `act` to be used on the 19.03 Docker CE and earlier versions,
this patch simply checks the Docker daemon API version and only
specifies platform specification when the daemon API version is 1.41 or
greater.
Fixes Issue #586
* Add QEMU to run different architectures
* Update dependencies in `go.mod`
* Add `--container-architecture` flag to specify custom image architecture
Co-authored-by: Casey Lee <cplee@nektos.com>
I got an error like this after hitting `act` command.
> Error: Error response from daemon: cannot share the host's network namespace when user namespaces are enabled
According to the document, when user namespaces are enabled on the Docker daemon,
neither host network mode and --privileged work without --userns=host. Since `act`
uses host network mode to match GitHub Actions runners, it cannot run jobs when
user namespaces are enabled. So I added the flag.
https://docs.docker.com/engine/security/userns-remap/#user-namespace-known-limitations
Co-authored-by: Casey Lee <cplee@nektos.com>