ceeb6c160c
* Support services (#42) Removed createSimpleContainerName and AutoRemove flag Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Jason Song <i@wolfogre.com> Reviewed-on: https://gitea.com/gitea/act/pulls/42 Reviewed-by: Jason Song <i@wolfogre.com> Co-authored-by: Zettat123 <zettat123@gmail.com> Co-committed-by: Zettat123 <zettat123@gmail.com> * Support services options (#45) Reviewed-on: https://gitea.com/gitea/act/pulls/45 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Zettat123 <zettat123@gmail.com> Co-committed-by: Zettat123 <zettat123@gmail.com> * Support intepolation for `env` of `services` (#47) Reviewed-on: https://gitea.com/gitea/act/pulls/47 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Zettat123 <zettat123@gmail.com> Co-committed-by: Zettat123 <zettat123@gmail.com> * Support services `credentials` (#51) If a service's image is from a container registry requires authentication, `act_runner` will need `credentials` to pull the image, see [documentation](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idcredentials). Currently, `act_runner` incorrectly uses the `credentials` of `containers` to pull services' images and the `credentials` of services won't be used, see the related code:0c1f2edb99/pkg/runner/run_context.go (L228-L269)Co-authored-by: Jason Song <i@wolfogre.com> Reviewed-on: https://gitea.com/gitea/act/pulls/51 Reviewed-by: Jason Song <i@wolfogre.com> Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Zettat123 <zettat123@gmail.com> Co-committed-by: Zettat123 <zettat123@gmail.com> * Add ContainerMaxLifetime and ContainerNetworkMode options from:b9c20dcaa4* Fix container network issue (#56) Follow: https://gitea.com/gitea/act_runner/pulls/184 Close https://gitea.com/gitea/act_runner/issues/177 - `act` create new networks only if the value of `NeedCreateNetwork` is true, and remove these networks at last. `NeedCreateNetwork` is passed by `act_runner`. 'NeedCreateNetwork' is true only if `container.network` in the configuration file of the `act_runner` is empty. - In the `docker create` phase, specify the network to which containers will connect. Because, if not specify , container will connect to `bridge` network which is created automatically by Docker. - If the network is user defined network ( the value of `container.network` is empty or `<custom-network>`. Because, the network created by `act` is also user defined network.), will also specify alias by `--network-alias`. The alias of service is `<service-id>`. So we can be access service container by `<service-id>:<port>` in the steps of job. - Won't try to `docker network connect ` network after `docker start` any more. - Because on the one hand, `docker network connect` applies only to user defined networks, if try to `docker network connect host <container-name>` will return error. - On the other hand, we just specify network in the stage of `docker create`, the same effect can be achieved. - Won't try to remove containers and networks berfore the stage of `docker start`, because the name of these containers and netwoks won't be repeat. Co-authored-by: Jason Song <i@wolfogre.com> Reviewed-on: https://gitea.com/gitea/act/pulls/56 Reviewed-by: Jason Song <i@wolfogre.com> Co-authored-by: sillyguodong <gedong_1994@163.com> Co-committed-by: sillyguodong <gedong_1994@163.com> * Check volumes (#60) This PR adds a `ValidVolumes` config. Users can specify the volumes (including bind mounts) that can be mounted to containers by this config. Options related to volumes: - [jobs.<job_id>.container.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idcontainervolumes) - [jobs.<job_id>.services.<service_id>.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idvolumes) In addition, volumes specified by `options` will also be checked. Currently, the following default volumes (seea72822b3f8/pkg/runner/run_context.go (L116-L166)) will be added to `ValidVolumes`: - `act-toolcache` - `<container-name>` and `<container-name>-env` - `/var/run/docker.sock` (We need to add a new configuration to control whether the docker daemon can be mounted) Co-authored-by: Jason Song <i@wolfogre.com> Reviewed-on: https://gitea.com/gitea/act/pulls/60 Reviewed-by: Jason Song <i@wolfogre.com> Co-authored-by: Zettat123 <zettat123@gmail.com> Co-committed-by: Zettat123 <zettat123@gmail.com> * Remove ContainerMaxLifetime; fix lint * Remove unused ValidVolumes * Remove ConnectToNetwork * Add docker stubs * Close docker clients to prevent file descriptor leaks * Fix the error when removing network in self-hosted mode (#69) Fixes https://gitea.com/gitea/act_runner/issues/255 Reviewed-on: https://gitea.com/gitea/act/pulls/69 Co-authored-by: Zettat123 <zettat123@gmail.com> Co-committed-by: Zettat123 <zettat123@gmail.com> * Move service container and network cleanup to rc.cleanUpJobContainer * Add --network flag; default to host if not using service containers or set explicitly * Correctly close executor to prevent fd leak * Revert to tail instead of full path * fix network duplication * backport networkingConfig for aliaes * don't hardcode netMode host * Convert services test to table driven tests * Add failing tests for services * Expose service container ports onto the host * Set container network mode in artifacts server test to host mode * Log container network mode when creating/starting a container * fix: Correctly handle ContainerNetworkMode * fix: missing service container network * Always remove service containers Although we usually keep containers running if the workflow errored (unless `--rm` is given) in order to facilitate debugging and we have a flag (`--reuse`) to always keep containers running in order to speed up repeated `act` invocations, I believe that these should only apply to job containers and not service containers, because changing the network settings on a service container requires re-creating it anyway. * Remove networks only if no active endpoints exist * Ensure job containers are stopped before starting a new job * fix: go build -tags WITHOUT_DOCKER --------- Co-authored-by: Zettat123 <zettat123@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Jason Song <i@wolfogre.com> Co-authored-by: sillyguodong <gedong_1994@163.com> Co-authored-by: ChristopherHX <christopher.homberger@web.de> Co-authored-by: ZauberNerd <zaubernerd@zaubernerd.de>
254 lines
10 KiB
Go
254 lines
10 KiB
Go
package runner
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
"os"
|
|
"runtime"
|
|
|
|
docker_container "github.com/docker/docker/api/types/container"
|
|
"github.com/nektos/act/pkg/common"
|
|
"github.com/nektos/act/pkg/model"
|
|
log "github.com/sirupsen/logrus"
|
|
)
|
|
|
|
// Runner provides capabilities to run GitHub actions
|
|
type Runner interface {
|
|
NewPlanExecutor(plan *model.Plan) common.Executor
|
|
}
|
|
|
|
// Config contains the config for a new runner
|
|
type Config struct {
|
|
Actor string // the user that triggered the event
|
|
Workdir string // path to working directory
|
|
ActionCacheDir string // path used for caching action contents
|
|
BindWorkdir bool // bind the workdir to the job container
|
|
EventName string // name of event to run
|
|
EventPath string // path to JSON file to use for event.json in containers
|
|
DefaultBranch string // name of the main branch for this repository
|
|
ReuseContainers bool // reuse containers to maintain state
|
|
ForcePull bool // force pulling of the image, even if already present
|
|
ForceRebuild bool // force rebuilding local docker image action
|
|
LogOutput bool // log the output from docker run
|
|
JSONLogger bool // use json or text logger
|
|
LogPrefixJobID bool // switches from the full job name to the job id
|
|
Env map[string]string // env for containers
|
|
Inputs map[string]string // manually passed action inputs
|
|
Secrets map[string]string // list of secrets
|
|
Vars map[string]string // list of vars
|
|
Token string // GitHub token
|
|
InsecureSecrets bool // switch hiding output when printing to terminal
|
|
Platforms map[string]string // list of platforms
|
|
Privileged bool // use privileged mode
|
|
UsernsMode string // user namespace to use
|
|
ContainerArchitecture string // Desired OS/architecture platform for running containers
|
|
ContainerDaemonSocket string // Path to Docker daemon socket
|
|
ContainerOptions string // Options for the job container
|
|
UseGitIgnore bool // controls if paths in .gitignore should not be copied into container, default true
|
|
GitHubInstance string // GitHub instance to use, default "github.com"
|
|
ContainerCapAdd []string // list of kernel capabilities to add to the containers
|
|
ContainerCapDrop []string // list of kernel capabilities to remove from the containers
|
|
AutoRemove bool // controls if the container is automatically removed upon workflow completion
|
|
ArtifactServerPath string // the path where the artifact server stores uploads
|
|
ArtifactServerAddr string // the address the artifact server binds to
|
|
ArtifactServerPort string // the port the artifact server binds to
|
|
NoSkipCheckout bool // do not skip actions/checkout
|
|
RemoteName string // remote name in local git repo config
|
|
ReplaceGheActionWithGithubCom []string // Use actions from GitHub Enterprise instance to GitHub
|
|
ReplaceGheActionTokenWithGithubCom string // Token of private action repo on GitHub.
|
|
Matrix map[string]map[string]bool // Matrix config to run
|
|
ContainerNetworkMode docker_container.NetworkMode // the network mode of job containers (the value of --network)
|
|
}
|
|
|
|
type caller struct {
|
|
runContext *RunContext
|
|
}
|
|
|
|
type runnerImpl struct {
|
|
config *Config
|
|
eventJSON string
|
|
caller *caller // the job calling this runner (caller of a reusable workflow)
|
|
}
|
|
|
|
// New Creates a new Runner
|
|
func New(runnerConfig *Config) (Runner, error) {
|
|
runner := &runnerImpl{
|
|
config: runnerConfig,
|
|
}
|
|
|
|
return runner.configure()
|
|
}
|
|
|
|
func (runner *runnerImpl) configure() (Runner, error) {
|
|
runner.eventJSON = "{}"
|
|
if runner.config.EventPath != "" {
|
|
log.Debugf("Reading event.json from %s", runner.config.EventPath)
|
|
eventJSONBytes, err := os.ReadFile(runner.config.EventPath)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
runner.eventJSON = string(eventJSONBytes)
|
|
} else if len(runner.config.Inputs) != 0 {
|
|
eventMap := map[string]map[string]string{
|
|
"inputs": runner.config.Inputs,
|
|
}
|
|
eventJSON, err := json.Marshal(eventMap)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
runner.eventJSON = string(eventJSON)
|
|
}
|
|
return runner, nil
|
|
}
|
|
|
|
// NewPlanExecutor ...
|
|
func (runner *runnerImpl) NewPlanExecutor(plan *model.Plan) common.Executor {
|
|
maxJobNameLen := 0
|
|
|
|
stagePipeline := make([]common.Executor, 0)
|
|
log.Debugf("Plan Stages: %v", plan.Stages)
|
|
|
|
for i := range plan.Stages {
|
|
stage := plan.Stages[i]
|
|
stagePipeline = append(stagePipeline, func(ctx context.Context) error {
|
|
pipeline := make([]common.Executor, 0)
|
|
for _, run := range stage.Runs {
|
|
log.Debugf("Stages Runs: %v", stage.Runs)
|
|
stageExecutor := make([]common.Executor, 0)
|
|
job := run.Job()
|
|
log.Debugf("Job.Name: %v", job.Name)
|
|
log.Debugf("Job.RawNeeds: %v", job.RawNeeds)
|
|
log.Debugf("Job.RawRunsOn: %v", job.RawRunsOn)
|
|
log.Debugf("Job.Env: %v", job.Env)
|
|
log.Debugf("Job.If: %v", job.If)
|
|
for step := range job.Steps {
|
|
if nil != job.Steps[step] {
|
|
log.Debugf("Job.Steps: %v", job.Steps[step].String())
|
|
}
|
|
}
|
|
log.Debugf("Job.TimeoutMinutes: %v", job.TimeoutMinutes)
|
|
log.Debugf("Job.Services: %v", job.Services)
|
|
log.Debugf("Job.Strategy: %v", job.Strategy)
|
|
log.Debugf("Job.RawContainer: %v", job.RawContainer)
|
|
log.Debugf("Job.Defaults.Run.Shell: %v", job.Defaults.Run.Shell)
|
|
log.Debugf("Job.Defaults.Run.WorkingDirectory: %v", job.Defaults.Run.WorkingDirectory)
|
|
log.Debugf("Job.Outputs: %v", job.Outputs)
|
|
log.Debugf("Job.Uses: %v", job.Uses)
|
|
log.Debugf("Job.With: %v", job.With)
|
|
// log.Debugf("Job.RawSecrets: %v", job.RawSecrets)
|
|
log.Debugf("Job.Result: %v", job.Result)
|
|
|
|
if job.Strategy != nil {
|
|
log.Debugf("Job.Strategy.FailFast: %v", job.Strategy.FailFast)
|
|
log.Debugf("Job.Strategy.MaxParallel: %v", job.Strategy.MaxParallel)
|
|
log.Debugf("Job.Strategy.FailFastString: %v", job.Strategy.FailFastString)
|
|
log.Debugf("Job.Strategy.MaxParallelString: %v", job.Strategy.MaxParallelString)
|
|
log.Debugf("Job.Strategy.RawMatrix: %v", job.Strategy.RawMatrix)
|
|
|
|
strategyRc := runner.newRunContext(ctx, run, nil)
|
|
if err := strategyRc.NewExpressionEvaluator(ctx).EvaluateYamlNode(ctx, &job.Strategy.RawMatrix); err != nil {
|
|
log.Errorf("Error while evaluating matrix: %v", err)
|
|
}
|
|
}
|
|
|
|
var matrixes []map[string]interface{}
|
|
if m, err := job.GetMatrixes(); err != nil {
|
|
log.Errorf("Error while get job's matrix: %v", err)
|
|
} else {
|
|
log.Debugf("Job Matrices: %v", m)
|
|
log.Debugf("Runner Matrices: %v", runner.config.Matrix)
|
|
matrixes = selectMatrixes(m, runner.config.Matrix)
|
|
}
|
|
log.Debugf("Final matrix after applying user inclusions '%v'", matrixes)
|
|
|
|
maxParallel := 4
|
|
if job.Strategy != nil {
|
|
maxParallel = job.Strategy.MaxParallel
|
|
}
|
|
|
|
if len(matrixes) < maxParallel {
|
|
maxParallel = len(matrixes)
|
|
}
|
|
|
|
for i, matrix := range matrixes {
|
|
matrix := matrix
|
|
rc := runner.newRunContext(ctx, run, matrix)
|
|
rc.JobName = rc.Name
|
|
if len(matrixes) > 1 {
|
|
rc.Name = fmt.Sprintf("%s-%d", rc.Name, i+1)
|
|
}
|
|
if len(rc.String()) > maxJobNameLen {
|
|
maxJobNameLen = len(rc.String())
|
|
}
|
|
stageExecutor = append(stageExecutor, func(ctx context.Context) error {
|
|
jobName := fmt.Sprintf("%-*s", maxJobNameLen, rc.String())
|
|
executor, err := rc.Executor()
|
|
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return executor(common.WithJobErrorContainer(WithJobLogger(ctx, rc.Run.JobID, jobName, rc.Config, &rc.Masks, matrix)))
|
|
})
|
|
}
|
|
pipeline = append(pipeline, common.NewParallelExecutor(maxParallel, stageExecutor...))
|
|
}
|
|
ncpu := runtime.NumCPU()
|
|
if 1 > ncpu {
|
|
ncpu = 1
|
|
}
|
|
log.Debugf("Detected CPUs: %d", ncpu)
|
|
return common.NewParallelExecutor(ncpu, pipeline...)(ctx)
|
|
})
|
|
}
|
|
|
|
return common.NewPipelineExecutor(stagePipeline...).Then(handleFailure(plan))
|
|
}
|
|
|
|
func handleFailure(plan *model.Plan) common.Executor {
|
|
return func(ctx context.Context) error {
|
|
for _, stage := range plan.Stages {
|
|
for _, run := range stage.Runs {
|
|
if run.Job().Result == "failure" {
|
|
return fmt.Errorf("Job '%s' failed", run.String())
|
|
}
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func selectMatrixes(originalMatrixes []map[string]interface{}, targetMatrixValues map[string]map[string]bool) []map[string]interface{} {
|
|
matrixes := make([]map[string]interface{}, 0)
|
|
for _, original := range originalMatrixes {
|
|
flag := true
|
|
for key, val := range original {
|
|
if allowedVals, ok := targetMatrixValues[key]; ok {
|
|
valToString := fmt.Sprintf("%v", val)
|
|
if _, ok := allowedVals[valToString]; !ok {
|
|
flag = false
|
|
}
|
|
}
|
|
}
|
|
if flag {
|
|
matrixes = append(matrixes, original)
|
|
}
|
|
}
|
|
return matrixes
|
|
}
|
|
|
|
func (runner *runnerImpl) newRunContext(ctx context.Context, run *model.Run, matrix map[string]interface{}) *RunContext {
|
|
rc := &RunContext{
|
|
Config: runner.config,
|
|
Run: run,
|
|
EventJSON: runner.eventJSON,
|
|
StepResults: make(map[string]*model.StepResult),
|
|
Matrix: matrix,
|
|
caller: runner.caller,
|
|
}
|
|
rc.ExprEval = rc.NewExpressionEvaluator(ctx)
|
|
rc.Name = rc.ExprEval.Interpolate(ctx, run.String())
|
|
|
|
return rc
|
|
}
|