Commit graph

184 commits

Author SHA1 Message Date
Joseph Benden
6b4d359737
Add support for container kernel capabilities (#716)
This patch adds two new command-line flags to specify one or
more kernel capabilities to add or remove from the workflow
containers.

The command-line flag `--container-cap-add` allows for adding
specific capabilities on the workflow containers; where as,

The command-line flag `--container-cap-drop` allows for removing
specific capabilities on the workflow containers.

This was developed to specifically be able to add `SYS_PTRACE`
to a workflow I maintain. It involves using this capability to
monitor a make build, to then build a compilation database.

Signed-off-by: Joseph Benden <joe@benden.us>
2021-06-04 16:06:59 +00:00
Björn Brauer
8a9167da82
fix: avoid race condition by not running exec/start twice (#702)
ContainerExecAttach implicitly runs ContainerExecStart while attaching
to stdout/stderr.
Ref: e02bc91dcb/client/container_exec.go (L40)

Calling both can lead to a race condition as observed in #627

Fixes: #627

Co-authored-by: Markus Wolf <markus.wolf@new-work.se>

Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
2021-05-25 12:35:52 +00:00
Ryan (hackercat)
d794e2fe4c
Move actions path outside of workdir (#701)
* feat: add option to specify user for exec

* fix: move actions to static path outside workdir

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2021-05-24 17:09:03 +00:00
Ryan (hackercat)
799098b0e6
feat: add option for custom socket path (#698) 2021-05-23 14:43:09 +00:00
Björn Brauer
60b9606fc6
fix: use github auth token for pulling a repository (#693)
Co-Authored-By: Markus Wolf <markus.wolf@new-work.se>

Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
2021-05-19 13:40:28 +00:00
Josh Soref
29ea8cfc4e
Fix: GITHUB_PATH should prepend (#690)
* GITHUB_PATH is prepend

https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions#adding-a-system-path

* Check for replacing system binaries

Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
2021-05-18 13:22:39 +00:00
Markus Wolf
38f6dfb49a
fix: use auth when fetching (same as with cloning) (#687)
Co-authored-by: Björn Brauer <bjoern.brauer@new-work.se>

Co-authored-by: Björn Brauer <bjoern.brauer@new-work.se>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2021-05-18 06:25:07 +00:00
Ryan (hackercat)
f571290b25
refactor: remove gotest.tools (#688)
* refactor: remove `gotest.tools`

* remove all references to `gotest.tools` and replace it with
  `github.com/stretchr/testify` which was originally used for tests
* bump `golangci-lint` version
* add `depguard` and `importas` to prevent import of unwanted packages
* add custom schema and information about config since
  schemastore.org has broken schema for `golangci-lint` config

* fix: handle more error cases
2021-05-17 23:14:49 -07:00
Markus Wolf
3db50376aa
fix: hide masked value (#668)
* fix: hide masked value

The ::add-mask:: command output logs the value to be masked.
This does expose critical information which should be hidden from
the output.

* Add test to not output secret in add-mask command

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2021-05-15 21:11:16 +00:00
Justin Grote
ef0da2ab9e
Hotfix: Skip Checkout Regression (#680)
* Fix: Skip Checkout Regression

* Fix test name

* Add newline to end of checkout push test

* Restore .gitignore from node12 test. Todo: Restore that file after the test

* Format workflow

* Test: Fix path slash direction for windows relative source path

* Add explicit nil test for newRemoteAction

* Regress .secrets during tests

Co-authored-by: Ryan (hackercat) <me@hackerc.at>
2021-05-10 15:12:57 +00:00
Ryan (hackercat)
aa68181f6b
refactor: return more errors, add more tests (#679)
adding more tests
returns same message for short SHA format like GitHub Actions
refactor error checking
add more errors :)
2021-05-08 03:29:03 +00:00
Josh Soref
a144e71a1b
Add various GitHub environment variables (#604)
* define GITHUB_ACTION_PATH #603

* Add more environment variables

* Add job name

Note: the job name gets a suffix for matrix builds, but this is not part of the env var

* fix: remove unnecessary variables

* feat: add `RepositoryOwner`

credit: @KnisterPeter

* feat: add test for `getGithubContext()`

Co-authored-by: Ryan (hackercat) <me@hackerc.at>
2021-05-06 20:02:29 +00:00
Markus Wolf
a07cb440c2
Write git clone progress only if terminal is a TTY (#670) 2021-05-06 06:55:23 -07:00
Torbjørn Vatn
92eec3a526
$GITHUB_PATH support (#566)
* Regression in the .golangci.yml file

* This looks like an even better fix to #451

The previous solution only prevented the `starting container process caused "exec: \"bash\"`
error when someone added an "extra" path in the workflow using `::add-path`

* Add support for >> $GITHUB_PATH

* The newRunCommand has too high cyclomatic complexity

* Add "linux/arm64" to new test

* The cyclop linter was complaining so I extracted some funcs

* Close some readers

* Fix typo

* fix: add missing composite function

* Fix regress from merging

* Keep the error messages as is

* consolidate with master

* Close the tar reader on defer

* New way to get ContainerWorkdir

* Remove arch from runner test

* Separate the UpdateFromEnv and UpdateFromPath

Co-authored-by: hackercat <me@hackerc.at>
2021-05-06 13:30:12 +00:00
Ryan (hackercat)
8153dc92e5
Fix environment variables and move envs.txt/event.json to fixed location (#667)
* fix: environment variables sourcing from `/etc/environment`

* fix: move `envs.txt` & `event.json` to `/tmp/`

Since #635 `envs.txt` is not copying properly when running `act` in WSL2
Moving it to fixed location resolves that.
2021-05-05 23:11:43 +00:00
Renstrom
aba4fec0ee
Fixes #598 (#628)
* Potentially solved merge conflict

* Update pkg/model/planner.go

Based on feedback

Co-authored-by: Ryan (hackercat) <me@hackerc.at>

* Fixed compilation error

* added missed test

* Fixed spelling error to work with lint error

Co-authored-by: Ryan (hackercat) <me@hackerc.at>
Co-authored-by: Casey Lee <cplee@nektos.com>
2021-05-05 13:04:03 -07:00
Björn Brauer
0c4374ec41
GitHub Enterprise support (#658)
* Add option to specify custom GitHub instance

* Use correct GHE API endpoint URLs

Co-authored-by: Markus Wolf <knister.peter@shadowrun-clan.de>

* Extract slug from GitHub Enterprise URLs

Co-authored-by: Markus Wolf <knister.peter@shadowrun-clan.de>

* Use GITHUB_TOKEN for clone authenticate if provided

This change will allow use authentication for cloning actions
from private repositories or github enterprise instances.

Co-Authored-By: Markus Wolf <knister.peter@shadowrun-clan.de>

* Add section about using act on GitHub Enterprise to README

Co-authored-by: Markus Wolf <knister.peter@shadowrun-clan.de>

* Set GitHubInstance in runnerConfig in runner_test

Co-authored-by: Markus Wolf <knister.peter@shadowrun-clan.de>

Co-authored-by: hackercat <me@hackerc.at>
Co-authored-by: Markus Wolf <knister.peter@shadowrun-clan.de>
2021-05-05 09:42:34 -07:00
Markus Wolf
710a3ac94c
Add custom docker registry authentication (#665)
* Add custom docker registry authentication

Uses DOCKER_USERNAME and DOCKER_PASSWORD as secrets provided into
the act cli.

Closes #527

Co-authored-by: Björn Brauer <zaubernerd@zaubernerd.de>

* Add test to check if pull authentication is filled in

* Update debug message to be more descriptive

Co-authored-by: Ryan (hackercat) <me@hackerc.at>

Co-authored-by: Björn Brauer <zaubernerd@zaubernerd.de>
Co-authored-by: Ryan (hackercat) <me@hackerc.at>
2021-05-05 09:37:17 -07:00
Justin Grote
616d7fcaeb
Remove pwsh -login and add Pwsh test (#660)
* Remove pwsh -login and add Pwsh test

* Add Shell Command Test for coverage

* 🧪 Move PWSH Platform definition to inline test, it can always be expanded out later

Reference: https://github.com/nektos/act/pull/660#discussion_r626171728

* Test MacOS Build for transient failure

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2021-05-05 05:57:33 +00:00
Justin Grote
0f049426f6
Separate Container Workdir from host Workdir (#635)
* Separate Container Workdir from Host Workdir

* Add delegated component to MacOS Test

* Lint: Remove leading newline

* Fix trailing path issue
2021-05-04 14:50:35 -07:00
Josh Soref
020d6a6083
Composite action (#608)
* Refactor maybeCopyToActionDir

* Use maybeCopyToActionDir for model.ActionRunsUsingComposite
2021-05-03 14:57:46 -07:00
Ryan (hackercat)
cec63488f3
Add super-linter + fix lint issues (#650)
* feat: bump `golangci-lint`, add `super-linter`, replace outdated linter

Bump `golangci-lint` version.
Add `super-linter` to lint other languages.
Go linter is disabled because it's currently broken:
https://github.com/github/super-linter/pull/370
Replacing `scopelint` with `exportloopref`: "[runner] The linter
'scopelint' is deprecated (since v1.39.0) due to: The repository of the
linter has been deprecated by the owner.  Replaced by exportloopref."
Fixed formatting in `.golangci.yml`
Add addtional linters:
  `misspell`: purely style, detects typos in comments
  `whitespace`: detects leading and trailing whitespace
  `goimports`: it's gofmt + checks unused imports

* fix: lint/fix `go` files

* fix: lint with `standardjs`

* fix: lint/fix with `markdownlint`, make template more verbose

* feat: add lint stuff to makefile

* fix: `UseGitIgnore` formatting

* fix: lint/fix `README.md`

Co-authored-by: Casey Lee <cplee@nektos.com>
2021-05-03 09:52:03 -07:00
Renstrom
3db3d416e3
Fixes Issue #597 (#637)
* feat:(Changed order of events, to prevent enviroment to run before if statement is run

* changed issue597 to issue-597

* Added test for linux/amd64
2021-05-03 09:51:48 -07:00
Josh Soref
cc3e7aeaf2
GitHub Event Path #542 (#605)
Co-authored-by: Casey Lee <cplee@nektos.com>
2021-05-03 08:02:26 -07:00
Ryan (hackercat)
806bc4d999
refactor: NewWorkflowPlanner (#648)
feat: add flag `--no-recurse` to disable recursion when reading workflows from directories
feat: added more tests to `TestPlanner`, renamed `TestJobFileInfo` to more appropriate name `WorkflowPlanTest`
style: changed error message to lowercase, added single quotes for better visibility

Co-authored-by: Casey Lee <cplee@nektos.com>
2021-05-03 07:57:24 -07:00
Ryan (hackercat)
7ae9916de0
Add option to allow files/directories in .gitignore to be copied to container (#537)
* disable gitignore for actions

* feat: Add option to allow/disallow paths specified in .gitignore

Co-authored-by: Alan Birtles <alan.birtles@eu.sony.com>
2021-05-03 07:37:20 -07:00
Robert Stupp
ea7503bc25
Prefer go-git to find the reference name (#633)
Walking the directory tree underneath `.git/refs` is not reliable, as it usually does not
return tags, especially for freshly cloned repos and/or tags fetched from a remote.

The go-git library provides an iterator over all git references.

This approach prefers a reference (tag, branch) from go-git, if found. If none is found,
it falls back to the previous implementation.
2021-05-03 07:32:00 -07:00
Ryan (hackercat)
f32babb51d
fix: reworked container architecture (#619)
- Don't set architecture, let Docker host decide it's own platform,
  remove `runtime` dependency and don't show default in `--help`
- Remove most tests, we need to check only once if it works on
  different platform
- Rename `DeleteImage` to `RemoveImage` to conform to existing
  function in `docker` cli, added options to specify `force` and
  `pruneChildren`
2021-05-02 08:15:13 -07:00
KADOTA, Kyohei
010e459e95
Clean the repository cache if it is in incomplete state (#595) 2021-04-06 06:43:02 -07:00
hackercat
4125812a63
Refactor .actrc locations and default image survey (#600)
* refactor: move survey/cfgs into own funcs, read XDG base dirs for config

Moved actrc locations to own func since it can be reused.
Moved survey part to own func due to high cyclomatic complexity.
Added XDG config dir to config locations.
Replaced using HOME envvar with go-homedir module since it's already
an indirect dependency and handles home directories better
for each GOOS.

* refactor: use `go-homedir`, check if XDG var is not empty
2021-04-05 08:51:13 -07:00
Mark DeLillo
b9a7bc6202
Add support for composite actions (#514)
* Add support for composite actions

* Fix to make more complex composite actions work

* Fix to make more complex composite actions work

* Let's validate the steps in the composite steps to fail on uses and run's without shell, like the real world

* Add support for composite actions

* Add workflow to test composite actions

* Log instead of panicing when output is mismatched

* Merge maps so environment variables are not lost

* Remove Debug

* Correect merge error

* Remove invalid composite tests.

* Fix composite test

Co-authored-by: Casey Lee <cplee@nektos.com>
Co-authored-by: monkers <mikem@msquaredconsulting.co.uk>
Co-authored-by: Mike Moncrieffe <69815687+mikemonkers@users.noreply.github.com>
2021-04-02 13:40:44 -07:00
hackercat
94d736a602
fix: fail workflow if the job name is invalid (#596) 2021-04-02 07:01:45 -07:00
hackercat
5044ec6c43
fix: remove HOME env var (#594) 2021-04-01 14:01:01 -07:00
hackercat
25779af4bf
fix: return error if both run:/uses: keys are used (#593)
fixes https://github.com/nektos/act/issues/536
2021-04-01 11:36:41 -07:00
Josh Soref
5752a03dcd
Support running commands in repositories without action.yaml (#293)
* Comment for public function

* Add git describe fallback

* spelling: github

* Set initial branch to satisfy tests for modern git

* Clarify -even- if

* Go 1.16

* Support running commands in repositories without action.yaml

Support runnings commands with only a Docker file

Co-authored-by: Casey Lee <cplee@nektos.com>
2021-03-30 12:26:25 -07:00
Jay Pipes
d67e282f68
use container image platform only on docker 1.41+ (#591)
Commit af5140f13e introduced support for
specifying a container image platform for cross-platform image building.

Unfortunately, attempting to execute a docker command that includes the
`--platform` flag against Docker daemons using API Version 1.40 and
before results in the following error:

```
"specify container image platform" requires API version 1.41, but the Docker daemon API version is 1.40
```

To allow `act` to be used on the 19.03 Docker CE and earlier versions,
this patch simply checks the Docker daemon API version and only
specifies platform specification when the daemon API version is 1.41 or
greater.

Fixes Issue #586
2021-03-30 10:10:42 -07:00
Justin Grote
957b8ad76d
Update Shell Tasks to match ScriptHandlerHelpers (#575)
* Update Shell Tasks to match ScriptHandlerHelpers
Code: https://github.com/actions/runner/blob/main/src/Runner.Worker/Handlers/ScriptHandlerHelpers.cs

Docs: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#using-a-specific-shell

Fixes #467

* 🩹 Remove old ps1 handler

* ♻️ gocritix fix

* 🐛 Powershell command must be a single entry to docker API
Fixes #467

* Remove Act Temp

* Remove additional Act Directories

* remove hard-coded workdir

Co-authored-by: Casey Lee <cplee@nektos.com>
2021-03-29 10:06:51 -07:00
hackercat
29b3d43988
fix: hardcode ubuntu-latest for ImageOS envvar (#579)
Hardcode current `ubuntu-latest` since we have no way to check that 'on the fly'
2021-03-28 21:46:09 -07:00
hackercat
f3b53d8eca
fix: pass sc.Env through common.Logger to hide secrets (#578)
Currently all secrets are exposed when running with `--verbose`/`-v` option
2021-03-28 21:45:07 -07:00
hackercat
b438b836ea
fix: invoke login shells to source /etc/environment (#570) 2021-03-28 21:35:01 -07:00
rockandska
6cde8f64dc
use project dir instead of /github/workspace (#567) 2021-03-28 21:32:45 -07:00
hackercat
6c258cf40d
Add option to run custom architecture (container platform) (#525)
* Add QEMU to run different architectures

* Update dependencies in `go.mod`

* Add `--container-architecture` flag to specify custom image architecture

Co-authored-by: Casey Lee <cplee@nektos.com>
2021-03-28 21:08:40 -07:00
hackercat
41b03b581c
fix: add ImageOS env var based on running platform (#571) 2021-03-17 17:14:08 -07:00
hackercat
09679f0156
Update test workflows and improve expression_test.go/run_context_test.go (#560)
* fix: give case insensitive secret more meanigful name

* refactor: use `string` in generating `env:` and `steps:` for workflows

Smaller text generation is much better to read with normal strings than
raw string literals.

* feat: sort keys for `env:` so it's always in specific order

* fix: update test workflows
2021-03-12 16:25:10 -08:00
hackercat
eb2774275f
Fix tests on Windows (#562)
* fix: replace `\` with `/` in git ref to fix `git_test.go` on windows

Paths on Windows use backslash (`\`) as directory separator and this breaks `TestGitFindRef()`.
Replacing `\` with `/` in git ref fixes that issue.

* fix: replace `gopkg.in/godo.v2/glob` with std library `path/filepath`

`github.com/go-godo/godo` lib has been last updated in 2016 and it also
depends on another outdated lib `github.com/MichaelTJones/walk` with
last update in 2016. This also fixes `permission_denied` errors on
Windows (and perhaps Linux in some specific cases). I'm not aware of
any performance improvement or drawback because of that change.
2021-03-12 16:23:03 -08:00
Hibariya
8de7b956b7
Add --userns flag to support Docker daemon that enables user namespace (#533)
I got an error like this after hitting `act` command.

> Error: Error response from daemon: cannot share the host's network namespace when user namespaces are enabled

According to the document, when user namespaces are enabled on the Docker daemon,
neither host network mode and --privileged work without --userns=host. Since `act`
uses host network mode to match GitHub Actions runners, it cannot run jobs when
user namespaces are enabled. So I added the flag.

https://docs.docker.com/engine/security/userns-remap/#user-namespace-known-limitations

Co-authored-by: Casey Lee <cplee@nektos.com>
2021-02-27 08:31:25 -08:00
Horimatsu Takuya
6c118fe9ad
#534 feat: step continues when continue-on-error is ture (#544)
* feat: step continues when continue-on-error is ture

* fix: typo, logging and make bool continuable

Co-authored-by: Casey Lee <cplee@nektos.com>
2021-02-25 08:55:07 -08:00
Shin Uozumi
14c06ee5e4
enable to resolve commit hash in uses (#530)
Co-authored-by: sinozu <sinozu@users.noreply.github.com>
Co-authored-by: Casey Lee <cplee@nektos.com>
2021-02-23 09:50:28 -08:00
hackercat
34dc2dc15c
Update Docker images (#524) 2021-02-23 09:49:24 -08:00
Kamil Domański
475a6aa1d0
properly parse arguments to Docker container steps (#539) 2021-02-23 09:47:06 -08:00