* refactor: remove docker reference filter
* make it work
* solve logic failure
* Another mistake
* another one
* revert signature of ImageExistsLocally
It is better to keep two return values
This commit adds a new `LoadDockerAuthConfigs` function, which loads all
registry auths that are configured on the host and sends them with the build
command to the docker daemon.
This is needed in case act builds a docker action and the images referenced in
that docker action are located on private registries or otherwise require
authentication (e.g. to get a higher rate limit).
The code is adapted from how the docker cli works:
257ff41304/cli/command/image/build.go (L323-L332)
Co-authored-by: Markus Wolf <mail@markus-wolf.de>
Co-authored-by: Markus Wolf <mail@markus-wolf.de>
* refactor: share UpdateFromEnv logic
* Add test for GITHUB_OUTPUT
Co-authored-by: Ben Randall <veleek@gmail.com>
* Add GITHUB_STATE test
* Add test for the old broken parser
Co-authored-by: Ben Randall <veleek@gmail.com>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
The io/ioutil package has been deprecated as of Go 1.16 [1]. This commit
replaces the existing io/ioutil functions with their new definitions in
io and os packages.
[1]: https://golang.org/doc/go1.16#ioutil
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
* test: add test for networking setup in act
This test makes sure that the hostname inside of act is resolvable.
* fix: only merge existing container options
When merging parsed container options without options being
set in a job, the default docker options are returned and
will override the expected defaults by act (e.g. network mode).
This is a first attempt to mitigate this behavior and only
merge settings if something was requested on a job.
* refactor: split config merging into own function
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
* fix: support docker create arguments from container.options (#1022)
* fix processing of errors, add verbose logging, fix test
* disable linter for code copied from docker/cli
* fix all linter issues
* Add license info
* Add opts_test.go from docker/cli and required testdata
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
* refactor: ignore already closed error
This hides the `file already cloesd` error as it is
distracting in the output and does not provide any value.
* refactor: use go errors
Co-authored-by: Casey Lee <caseypl@amazon.com>
* walk submodule path instead of dir name
* use file path instead of relative path
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
* feat: use logger from context wherever possible
Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
* feat: add step/job id and results to json logs
Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
* test: value to be masked should not be hard-coded in the action
Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
* fix: replace values following ::add-mask:: in evaluated strings
Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
* feat: [DEBUG] identifier for debug logs to distinguish them
Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
* feat: replace logger with step logger
The container gets injected a job logger, but during the time that steps
are run, we want to use the step logger.
This commit wraps pre/main/post steps in an executor that replaces the
job logger with a step logger.
Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
* feat: add pre/post stage identifier fields to json log output
Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
* feat: add job/step result status to skipped steps/jobs
Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
* feat: handle context cancelation during docker exec
To allow interrupting docker exec (which could be long running)
we process the log output in a go routine and handle
context cancelation as well as command result.
In case of context cancelation a CTRL+C is written into the docker
container. This should be enough to terminate the running
command.
To make sure we do not get stuck during cleanup, we do
set the cleanup contexts with a timeout of 5 minutes
Co-authored-by: Björn Brauer <bjoern.brauer@new-work.se>
Co-authored-by: Philipp Hinrichsen <philipp.hinrichsen@new-work.se>
* feat: handle SIGTERM signal and abort run
* test: on context cancel, abort running command
This test makes sure that whenever the act Context was canceled, the
currently running docker exec is sent a 0x03 (ctrl+c).
Co-authored-by: Björn Brauer <zaubernerd@zaubernerd.de>
* test: make sure the exec funcction handles command exit code
This test makes sure that the exec function does handle
docker command error results
Co-authored-by: Björn Brauer <bjoern.brauer@new-work.se>
Co-authored-by: Philipp Hinrichsen <philipp.hinrichsen@new-work.se>
Co-authored-by: Björn Brauer <zaubernerd@zaubernerd.de>
* refactor: remove composite action runcontext workaround
The RunContext is cloned to execute a composite action with all its
steps in a similar context. This required some workaround, since
the command handler has kept a reference to the original RunContext.
This is solved now, by replacing the docker LogWriter with a proper
scoped LogWriter.
This prepares for a simpler setup of composite actions to be able
to create and re-create the composite RunContext for pre/main/post
action steps.
* test: check env-vars for local js and docker actions
* test: test remote docker and js actions
* fix: merge github context into env when read and setup
* refacotr: simplify composite context setup
* test: use a map matcher to test input setup
* fix: restore composite log output
Since we create a new line writer, we need to log the raw_output as well.
Otherwise no output will be available from the log-writer
* fix: add RunContext JobName to fill GITHUB_JOBNAME
* test: use nektos/act-test-actions
* fix: allow masking values in composite actions
To allow masking of values from composite actions, we need
to use a custom job logger with a reference to the masked
values for the composite run context.
* refactor: keep existing logger for composite actions
To not introduce another new logger while still be able to use
the masking from the composite action, we add the masks to
the go context. To leverage that context, we also add the context
to the log entries where the valueMasker then could get the actual
mask values.
With this way to 'inject' the masked values into the logger, we do
- keep the logger
- keep the coloring
- stay away from inconsistencies due to parallel jobs
* fix: re-add removed color increase
This one should have never removed :-)
* fix: add missing ExtraPath attribute
* fix: merge run context env into composite run context env
This adds a test and fix for the parent environment. It should be
inherited by the composite environment.
* test: add missing test case
* fix: store github token next to secrets
We must not expose the secrets to composite actions, but the
`github.token` is available inside composite actions.
To provide this we store the token in the config and create it in
the GithubContext from there.
The token can be used with `github.token` but is not available as
`secrets.GITHUB_TOKEN`.
This implements the same behavior as on GitHub.
Co-authored-by: Björn Brauer <bjoern.brauer@new-work.se>
Co-authored-by: Marcus Noll <markus.noll@new-work.se>
* fixup! fix: allow masking values in composite actions
* style: use tabs instead of spaces to fix linter errors
Co-authored-by: Björn Brauer <bjoern.brauer@new-work.se>
Co-authored-by: Marcus Noll <markus.noll@new-work.se>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
* fix: copy ignored tracked files
* fix
* refactor: Extract callback to fileCollector
fix: temporary tar archive not deletable on windows
fix: `.*` in gitignore ignores all files
* Move nolint: gocyclo
* pass context as parameter
* goimport
* Add fs interface + one test
* fix lint, also test for ignored non tracked file
* fix filename
* Apply suggestions from code review
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
* feat: read docker credentials from local docker config
* fix: url.Parse requires protocol
Co-authored-by: Björn Brauer <zaubernerd@zaubernerd.de>
* fix: docker decides by the existence of . or : if...
... the image is in a custom registry or not.
Co-authored-by: Björn Brauer <zaubernerd@zaubernerd.de>
* fix: make docker hostname detection more robust
* test: mock docker config for getImagePullOptions test
By default github actions have a docker config set with a token to pull
images from docker hub.
Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
* fix: align other Docker executors to print action
* fix: formatting
* fix: add proper workdir support
* fix: replace script filepath after slice creation
* fix: match substring so it works for pwsh
+ rename containerPath to scriptPath to reflect what value it contains
* fix: typo
* fix: remove debug for git references
it generates a massive amount of logs
* feat: read values from env
allows to test act on GHA when it's not a main repo
* fix: merge extrapath with PATH
* fix(tests): add additional shells for testing
* fix(image): update images
pin node to major version only, current node version: 12.22.1
replace most images with `node:12-buster-slim` to prevent
errors on macOS runner due to DockerHub pull limit
replace ocaml image
Co-authored-by: Casey Lee <cplee@nektos.com>
This patch adds two new command-line flags to specify one or
more kernel capabilities to add or remove from the workflow
containers.
The command-line flag `--container-cap-add` allows for adding
specific capabilities on the workflow containers; where as,
The command-line flag `--container-cap-drop` allows for removing
specific capabilities on the workflow containers.
This was developed to specifically be able to add `SYS_PTRACE`
to a workflow I maintain. It involves using this capability to
monitor a make build, to then build a compilation database.
Signed-off-by: Joseph Benden <joe@benden.us>
ContainerExecAttach implicitly runs ContainerExecStart while attaching
to stdout/stderr.
Ref: e02bc91dcb/client/container_exec.go (L40)
Calling both can lead to a race condition as observed in #627Fixes: #627
Co-authored-by: Markus Wolf <markus.wolf@new-work.se>
Co-authored-by: Markus Wolf <markus.wolf@new-work.se>