Commit graph

119 commits

Author SHA1 Message Date
John OConnor
a5ceb54caf
only perform chown operation for non root users (#1250) 2022-07-08 22:39:42 +00:00
ChristopherHX
b59e6dee6d
feat: non root user container (#1202)
* feat: non root user container

* Also chown WorkingDir

* .

* .

* Update docker_run.go

* Add Test

* Update runner_test.go

* Update docker_run.go

* Apply suggestions from code review

Co-authored-by: R <me@hackerc.at>

* remove cruft from master merge

Co-authored-by: R <me@hackerc.at>
Co-authored-by: Casey Lee <cplee@nektos.com>
Co-authored-by: Casey Lee <caseypl@amazon.com>
2022-06-20 15:47:39 -07:00
Björn Brauer
4391a10d5a
Improve logging (#1171)
* feat: use logger from context wherever possible

Co-authored-by: Markus Wolf <markus.wolf@new-work.se>

* feat: add step/job id and results to json logs

Co-authored-by: Markus Wolf <markus.wolf@new-work.se>

* test: value to be masked should not be hard-coded in the action

Co-authored-by: Markus Wolf <markus.wolf@new-work.se>

* fix: replace values following ::add-mask:: in evaluated strings

Co-authored-by: Markus Wolf <markus.wolf@new-work.se>

* feat: [DEBUG] identifier for debug logs to distinguish them

Co-authored-by: Markus Wolf <markus.wolf@new-work.se>

* feat: replace logger with step logger

The container gets injected a job logger, but during the time that steps
are run, we want to use the step logger.
This commit wraps pre/main/post steps in an executor that replaces the
job logger with a step logger.

Co-authored-by: Markus Wolf <markus.wolf@new-work.se>

* feat: add pre/post stage identifier fields to json log output

Co-authored-by: Markus Wolf <markus.wolf@new-work.se>

* feat: add job/step result status to skipped steps/jobs

Co-authored-by: Markus Wolf <markus.wolf@new-work.se>

Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2022-06-17 15:55:21 +00:00
R
2aa0699aec
refactor: remove github.com/pkg/errors dependency (#1077)
* refactor: split out common/git

* refactor: move git options to separate func

* refactor: remove github.com/pkg/errors dependency

* fix(golangci-lint): forbid github.com/pkg/errors

* style: fix typo

* style: fix typo

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2022-06-10 21:16:42 +00:00
Markus Wolf
4ef50eeae7
feat: handle context cancelation during docker exec (#1170)
* feat: handle context cancelation during docker exec

To allow interrupting docker exec (which could be long running)
we process the log output in a go routine and handle
context cancelation as well as command result.

In case of context cancelation a CTRL+C is written into the docker
container. This should be enough to terminate the running
command.

To make sure we do not get stuck during cleanup, we do
set the cleanup contexts with a timeout of 5 minutes

Co-authored-by: Björn Brauer <bjoern.brauer@new-work.se>
Co-authored-by: Philipp Hinrichsen <philipp.hinrichsen@new-work.se>

* feat: handle SIGTERM signal and abort run

* test: on context cancel, abort running command

This test makes sure that whenever the act Context was canceled, the
currently running docker exec is sent a 0x03 (ctrl+c).

Co-authored-by: Björn Brauer <zaubernerd@zaubernerd.de>

* test: make sure the exec funcction handles command exit code

This test makes sure that the exec function does handle
docker command error results

Co-authored-by: Björn Brauer <bjoern.brauer@new-work.se>
Co-authored-by: Philipp Hinrichsen <philipp.hinrichsen@new-work.se>
Co-authored-by: Björn Brauer <zaubernerd@zaubernerd.de>
2022-05-24 14:52:25 +00:00
ChristopherHX
562265bb29
fix: panic while running DRYRUN with local actions (#1141)
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2022-05-11 19:14:45 +00:00
Markus Wolf
e360811570
refactor: remove composite action runcontext workaround (#1085)
* refactor: remove composite action runcontext workaround

The RunContext is cloned to execute a composite action with all its
steps in a similar context. This required some workaround, since
the command handler has kept a reference to the original RunContext.

This is solved now, by replacing the docker LogWriter with a proper
scoped LogWriter.

This prepares for a simpler setup of composite actions to be able
to create and re-create the composite RunContext for pre/main/post
action steps.

* test: check env-vars for local js and docker actions

* test: test remote docker and js actions

* fix: merge github context into env when read and setup

* refacotr: simplify composite context setup

* test: use a map matcher to test input setup

* fix: restore composite log output

Since we create a new line writer, we need to log the raw_output as well.
Otherwise no output will be available from the log-writer

* fix: add RunContext JobName to fill GITHUB_JOBNAME

* test: use nektos/act-test-actions

* fix: allow masking values in composite actions

To allow masking of values from composite actions, we need
to use a custom job logger with a reference to the masked
values for the composite run context.

* refactor: keep existing logger for composite actions

To not introduce another new logger while still be able to use
the masking from the composite action, we add the masks to
the go context. To leverage that context, we also add the context
to the log entries where the valueMasker then could get the actual
mask values.

With this way to 'inject' the masked values into the logger, we do
- keep the logger
- keep the coloring
- stay away from inconsistencies due to parallel jobs

* fix: re-add removed color increase

This one should have never removed :-)

* fix: add missing ExtraPath attribute

* fix: merge run context env into composite run context env

This adds a test and fix for the parent environment. It should be
inherited by the composite environment.

* test: add missing test case

* fix: store github token next to secrets

We must not expose the secrets to composite actions, but the
`github.token` is available inside composite actions.
To provide this we store the token in the config and create it in
the GithubContext from there.

The token can be used with `github.token` but is not available as
`secrets.GITHUB_TOKEN`.

This implements the same behavior as on GitHub.

Co-authored-by: Björn Brauer <bjoern.brauer@new-work.se>
Co-authored-by: Marcus Noll <markus.noll@new-work.se>

* fixup! fix: allow masking values in composite actions

* style: use tabs instead of spaces to fix linter errors

Co-authored-by: Björn Brauer <bjoern.brauer@new-work.se>
Co-authored-by: Marcus Noll <markus.noll@new-work.se>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2022-05-11 19:06:05 +00:00
ChristopherHX
c27e079407
fix: copy ignored tracked files (#1074)
* fix: copy ignored tracked files

* fix

* refactor: Extract callback to fileCollector

fix: temporary tar archive not deletable on windows
fix: `.*` in gitignore ignores all files

* Move nolint: gocyclo

* pass context as parameter

* goimport

* Add fs interface + one test

* fix lint, also test for ignored non tracked file

* fix filename

* Apply suggestions from code review

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2022-04-04 15:27:00 +00:00
Ryan
24422bf4e4
fix: don't overwrite with empty cmd/entrypoint (#1076)
Co-authored-by: ChristopherHX <christopher.homberger@web.de>

Signed-off-by: Ryan <me@hackerc.at>

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2022-03-29 18:00:52 +00:00
Ryan
5d7027dc3f
feat: add bug-report flag (#1056)
* feat: add bug-report flag

* fix: use docker host CPU count

* feat: add config files to bug-report

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2022-03-22 19:26:10 +00:00
Josh Soref
c802064975
fix: docker cp of dangling symlink (#943) (#948)
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2022-01-27 16:53:26 +00:00
Ryan
558081242c
feat: add node16 support (#922)
* feat: add node16 support

Signed-off-by: hackercat <me@hackerc.at>

* feat: bump images to node16

Signed-off-by: hackercat <me@hackerc.at>

* lint(editorconfig): ignore *.md due to mixed style

Signed-off-by: hackercat <me@hackerc.at>

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2021-12-22 19:34:18 +00:00
Ryan
9be6a58c0e
ci: replace superlinter with megalinter (#923)
* ci: replace superlinter with megalinter

Signed-off-by: hackercat <me@hackerc.at>

* fix: apply lint recommendations

Signed-off-by: hackercat <me@hackerc.at>
2021-12-22 09:29:43 -08:00
Björn Brauer
b910a42edf
Docker auth (#891)
* feat: read docker credentials from local docker config

* fix: url.Parse requires protocol

Co-authored-by: Björn Brauer <zaubernerd@zaubernerd.de>

* fix: docker decides by the existence of . or : if...

... the image is in a custom registry or not.

Co-authored-by: Björn Brauer <zaubernerd@zaubernerd.de>

* fix: make docker hostname detection more robust

* test: mock docker config for getImagePullOptions test

By default github actions have a docker config set with a token to pull
images from docker hub.

Co-authored-by: Markus Wolf <markus.wolf@new-work.se>

Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
2021-11-27 18:21:32 +00:00
Ryan
96cf907c5e
Fix regex for GITHUB_ENV parsing (#893)
* fix: correct env pattern regex

GitHub Actions allows for envvars to contain

Signed-off-by: hackercat <me@hackerc.at>

* format: format and typo fix

Signed-off-by: hackercat <me@hackerc.at>

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2021-11-19 17:36:50 +00:00
Ryan
ec34eb9532
fix: use docker lib for image ref parsing (#877)
Signed-off-by: hackercat <me@hackerc.at>
2021-11-13 19:35:45 +00:00
Josh Soref
7c73531008
Fixes (#856)
* fix: avoid triggering %!/(MISSING) for docker output

* fix: suppress --platform for empty platform

Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
2021-11-03 11:47:09 -07:00
ChristopherHX
83a28d9512
Close docker client (#789)
* Close docker client!

* Fix nil dereference

* Update run_context.go

* Bump

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2021-10-24 16:50:43 +00:00
Ryan
6c60af7677
fix: rewrite how image env is merged (#828)
* fix: rewrite how image env is merged

* test: add test for extractFromImageEnv
2021-09-27 19:01:14 +00:00
Ryan
c2c8b525f8
Add reading environment from Docker image (#771)
* fix: read envvars from image definition

* fix: add test

* fix: sort slices

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2021-09-26 16:37:53 +00:00
Marcin Falkowski
9126f15aa2
support for container option: --hostname (#809) 2021-09-10 05:03:40 +00:00
Ryan
bea32d5651
Add proper support for working-directory & fix command builder (#772)
* fix: align other Docker executors to print action

* fix: formatting

* fix: add proper workdir support

* fix: replace script filepath after slice creation

* fix: match substring so it works for pwsh

+ rename containerPath to scriptPath to reflect what value it contains
2021-08-10 19:40:20 +00:00
ChristopherHX
0ff204b615
Read localaction's from container (#719)
Fix localaction tests (missing checkout)

Co-authored-by: Ryan (hackercat) <me@hackerc.at>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2021-08-03 17:39:56 +00:00
Ryan (hackercat)
a9fe038347
Update images, fix extrapath (#723)
* fix: typo

* fix: remove debug for git references

it generates a massive amount of logs

* feat: read values from env

allows to test act on GHA when it's not a main repo

* fix: merge extrapath with PATH

* fix(tests): add additional shells for testing

* fix(image): update images

pin node to major version only, current node version: 12.22.1
replace most images with `node:12-buster-slim` to prevent
errors on macOS runner due to DockerHub pull limit
replace ocaml image

Co-authored-by: Casey Lee <cplee@nektos.com>
2021-06-10 23:12:05 +00:00
Joseph Benden
6b4d359737
Add support for container kernel capabilities (#716)
This patch adds two new command-line flags to specify one or
more kernel capabilities to add or remove from the workflow
containers.

The command-line flag `--container-cap-add` allows for adding
specific capabilities on the workflow containers; where as,

The command-line flag `--container-cap-drop` allows for removing
specific capabilities on the workflow containers.

This was developed to specifically be able to add `SYS_PTRACE`
to a workflow I maintain. It involves using this capability to
monitor a make build, to then build a compilation database.

Signed-off-by: Joseph Benden <joe@benden.us>
2021-06-04 16:06:59 +00:00
Björn Brauer
8a9167da82
fix: avoid race condition by not running exec/start twice (#702)
ContainerExecAttach implicitly runs ContainerExecStart while attaching
to stdout/stderr.
Ref: e02bc91dcb/client/container_exec.go (L40)

Calling both can lead to a race condition as observed in #627

Fixes: #627

Co-authored-by: Markus Wolf <markus.wolf@new-work.se>

Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
2021-05-25 12:35:52 +00:00
Ryan (hackercat)
d794e2fe4c
Move actions path outside of workdir (#701)
* feat: add option to specify user for exec

* fix: move actions to static path outside workdir

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2021-05-24 17:09:03 +00:00
Josh Soref
29ea8cfc4e
Fix: GITHUB_PATH should prepend (#690)
* GITHUB_PATH is prepend

https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions#adding-a-system-path

* Check for replacing system binaries

Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
2021-05-18 13:22:39 +00:00
Ryan (hackercat)
f571290b25
refactor: remove gotest.tools (#688)
* refactor: remove `gotest.tools`

* remove all references to `gotest.tools` and replace it with
  `github.com/stretchr/testify` which was originally used for tests
* bump `golangci-lint` version
* add `depguard` and `importas` to prevent import of unwanted packages
* add custom schema and information about config since
  schemastore.org has broken schema for `golangci-lint` config

* fix: handle more error cases
2021-05-17 23:14:49 -07:00
Torbjørn Vatn
92eec3a526
$GITHUB_PATH support (#566)
* Regression in the .golangci.yml file

* This looks like an even better fix to #451

The previous solution only prevented the `starting container process caused "exec: \"bash\"`
error when someone added an "extra" path in the workflow using `::add-path`

* Add support for >> $GITHUB_PATH

* The newRunCommand has too high cyclomatic complexity

* Add "linux/arm64" to new test

* The cyclop linter was complaining so I extracted some funcs

* Close some readers

* Fix typo

* fix: add missing composite function

* Fix regress from merging

* Keep the error messages as is

* consolidate with master

* Close the tar reader on defer

* New way to get ContainerWorkdir

* Remove arch from runner test

* Separate the UpdateFromEnv and UpdateFromPath

Co-authored-by: hackercat <me@hackerc.at>
2021-05-06 13:30:12 +00:00
Ryan (hackercat)
8153dc92e5
Fix environment variables and move envs.txt/event.json to fixed location (#667)
* fix: environment variables sourcing from `/etc/environment`

* fix: move `envs.txt` & `event.json` to `/tmp/`

Since #635 `envs.txt` is not copying properly when running `act` in WSL2
Moving it to fixed location resolves that.
2021-05-05 23:11:43 +00:00
Markus Wolf
710a3ac94c
Add custom docker registry authentication (#665)
* Add custom docker registry authentication

Uses DOCKER_USERNAME and DOCKER_PASSWORD as secrets provided into
the act cli.

Closes #527

Co-authored-by: Björn Brauer <zaubernerd@zaubernerd.de>

* Add test to check if pull authentication is filled in

* Update debug message to be more descriptive

Co-authored-by: Ryan (hackercat) <me@hackerc.at>

Co-authored-by: Björn Brauer <zaubernerd@zaubernerd.de>
Co-authored-by: Ryan (hackercat) <me@hackerc.at>
2021-05-05 09:37:17 -07:00
Ryan (hackercat)
cec63488f3
Add super-linter + fix lint issues (#650)
* feat: bump `golangci-lint`, add `super-linter`, replace outdated linter

Bump `golangci-lint` version.
Add `super-linter` to lint other languages.
Go linter is disabled because it's currently broken:
https://github.com/github/super-linter/pull/370
Replacing `scopelint` with `exportloopref`: "[runner] The linter
'scopelint' is deprecated (since v1.39.0) due to: The repository of the
linter has been deprecated by the owner.  Replaced by exportloopref."
Fixed formatting in `.golangci.yml`
Add addtional linters:
  `misspell`: purely style, detects typos in comments
  `whitespace`: detects leading and trailing whitespace
  `goimports`: it's gofmt + checks unused imports

* fix: lint/fix `go` files

* fix: lint with `standardjs`

* fix: lint/fix with `markdownlint`, make template more verbose

* feat: add lint stuff to makefile

* fix: `UseGitIgnore` formatting

* fix: lint/fix `README.md`

Co-authored-by: Casey Lee <cplee@nektos.com>
2021-05-03 09:52:03 -07:00
Ryan (hackercat)
7ae9916de0
Add option to allow files/directories in .gitignore to be copied to container (#537)
* disable gitignore for actions

* feat: Add option to allow/disallow paths specified in .gitignore

Co-authored-by: Alan Birtles <alan.birtles@eu.sony.com>
2021-05-03 07:37:20 -07:00
Ryan (hackercat)
f32babb51d
fix: reworked container architecture (#619)
- Don't set architecture, let Docker host decide it's own platform,
  remove `runtime` dependency and don't show default in `--help`
- Remove most tests, we need to check only once if it works on
  different platform
- Rename `DeleteImage` to `RemoveImage` to conform to existing
  function in `docker` cli, added options to specify `force` and
  `pruneChildren`
2021-05-02 08:15:13 -07:00
Jay Pipes
d67e282f68
use container image platform only on docker 1.41+ (#591)
Commit af5140f13e introduced support for
specifying a container image platform for cross-platform image building.

Unfortunately, attempting to execute a docker command that includes the
`--platform` flag against Docker daemons using API Version 1.40 and
before results in the following error:

```
"specify container image platform" requires API version 1.41, but the Docker daemon API version is 1.40
```

To allow `act` to be used on the 19.03 Docker CE and earlier versions,
this patch simply checks the Docker daemon API version and only
specifies platform specification when the daemon API version is 1.41 or
greater.

Fixes Issue #586
2021-03-30 10:10:42 -07:00
hackercat
6c258cf40d
Add option to run custom architecture (container platform) (#525)
* Add QEMU to run different architectures

* Update dependencies in `go.mod`

* Add `--container-architecture` flag to specify custom image architecture

Co-authored-by: Casey Lee <cplee@nektos.com>
2021-03-28 21:08:40 -07:00
Hibariya
8de7b956b7
Add --userns flag to support Docker daemon that enables user namespace (#533)
I got an error like this after hitting `act` command.

> Error: Error response from daemon: cannot share the host's network namespace when user namespaces are enabled

According to the document, when user namespaces are enabled on the Docker daemon,
neither host network mode and --privileged work without --userns=host. Since `act`
uses host network mode to match GitHub Actions runners, it cannot run jobs when
user namespaces are enabled. So I added the flag.

https://docs.docker.com/engine/security/userns-remap/#user-namespace-known-limitations

Co-authored-by: Casey Lee <cplee@nektos.com>
2021-02-27 08:31:25 -08:00
KADOTA, Kyohei
e6fcfed458
Format sources with gofmt (#472)
Co-authored-by: Casey Lee <cplee@nektos.com>
2021-01-14 21:37:38 -08:00
Cat™
760daebf5d
Fix slashes when running on Windows (#461) 2021-01-11 22:41:35 -08:00
Torbjørn Vatn
15eaa15a0e
GitHub env file support (#426)
* Upgrade to the official golangci-lint action and fix some issues it found

* Update deps

* Remove a shadow warning

* Initialize the splitPattern only once

* Initial attempt at supporting $GITHUB_ENV

Needs some polishing and tests

* Now it's actually working

* Replace golang.org/x/crypto/ssh/terminal with golang.org/x/term

* Disable the issue-228 test again

* The linter is picky

* Discovered that the workflow/envs.txt had to exist in certain cases

* Fix small linter issue
2021-01-11 22:39:43 -08:00
Lyle Underwood
3d9b82515c
Remove confusing message about symlinks (#381) 2020-10-06 10:02:37 -07:00
Bar Weiss
04456ad234
Fix copyDir to normalize file paths in tar archive (#360) 2020-09-15 07:00:15 -07:00
whywaita
24bdb024bf
add flag of privileged mode 2020-08-02 05:21:49 +09:00
Stan Wohlwend
d4e41a90a2
Fix container volumes being reused sometimes (#283) 2020-06-18 08:21:55 -07:00
Josh Soref
2097a3c017
Spelling (#240)
* spelling: cartesian

* spelling: deferring

* spelling: marshal
2020-05-18 09:53:42 -07:00
Sven Dowideit
6196436f70
extract the docker NewClientWithOpts, and add connectionhelper for DOCKER_HOST set to ssh://remote (#207)
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>

Co-authored-by: Casey Lee <cplee@nektos.com>
2020-05-03 21:15:42 -07:00
Casey Lee
c44b71c996
fix: ignore symlink errors 2020-04-22 23:48:25 -07:00
Casey Lee
8c290994c1
fix: #182 - support symlinks in workspace 2020-04-22 23:24:31 -07:00
Casey Lee
6c4e7b9fde
fix: 168 include error message from docker SDK 2020-04-22 23:04:28 -07:00
Máximo Cuadros
f6e37a8d67
*: update go-git import (#194) 2020-04-16 16:24:30 -07:00
Aidan Steele
bf3824cc10
Improved gitignore handling (#163) 2020-03-18 06:55:39 -07:00
Casey Lee
3baf626aa4
add file info to files cp into container 2020-03-13 23:21:25 -07:00
Casey Lee
7f88f81bf6
fix #50 - exclude anything in .gitignore from being copied into the job volume 2020-03-09 18:32:48 -07:00
Casey Lee
16520bb277
fix #122 - support actions/checkout for repos other the one for this workflow (#143) 2020-03-09 17:45:42 -07:00
Casey Lee
143676fcfb
fix #141 - use host network to match GitHub Actions runners (#142) 2020-03-09 17:43:24 -07:00
Casey Lee
5b90c8a44d
remove super verbose log statement 2020-02-24 17:58:34 -08:00
Casey Lee
1121f6e132
run with copy of workingdir 2020-02-24 17:48:21 -08:00
Casey Lee
8f5918942d
move action cache to volume 2020-02-24 16:38:49 -08:00
Casey Lee
88041afb87
cache dir for remote actions 2020-02-23 22:34:48 -08:00
Casey Lee
94591c58d7
local actions done 2020-02-23 16:36:44 -08:00
Casey Lee
ac1bd0893e
shared container for job 2020-02-23 15:02:01 -08:00
Casey Lee
01876438c2
shared container for job 2020-02-23 15:01:25 -08:00
Casey Lee
73559207c7
initial support for expressons
Signed-off-by: Casey Lee <cplee@nektos.com>
2020-02-20 21:05:59 -05:00
Casey Lee
f7252cbcf9
add commands support
Signed-off-by: Casey Lee <cplee@nektos.com>
2020-02-20 21:05:42 -05:00
Casey Lee
033168228b
cleanup logging
Signed-off-by: Casey Lee <cplee@nektos.com>
2020-02-20 21:05:40 -05:00
Casey Lee
0582306861
unit tests
Signed-off-by: Casey Lee <cplee@nektos.com>
2020-02-20 21:05:31 -05:00
Casey Lee
532af98aef
successfully able to run simple workflows
Signed-off-by: Casey Lee <cplee@nektos.com>
2020-02-20 21:05:25 -05:00
Casey Lee
8c49ba0cec
initial load of yaml working 2020-02-04 16:38:41 -08:00