semantic-release-action
semantic-release-action copied to clipboard
codfish
v2 causes permission issues on self hosted runners
When upgrading from v1 to v2, running this action on self-hosted runners causes the cloned repo on the runner to be owned by root, causing subsequent runs of the same workflow to fail, due to not having enough permissions to access the repo on the runner.
On initial runs of a workflow containing this action, the repo is checked out, owned by the user the runner is installed in. This action then modifies the repo to be owned by root. The next time the same workflow is ran, it is not able to checkout the repo, due to not having enough permission to modify the cloned repo on the runner.
This is confirmed by sshing into the runner itself, and checking the permissions of the cloned repo
hey @shawnyu5, you figure out what the issue was? At first glance I can't see that this action would be the cause of the problem here, did you try removing this action from the workflow to test that it works well without it?
by the way, I've used and seen others use this action on self-hosted runners, so if for some odd reason this is the cause, can you share your actual usage of the step as well?
The workflow I used checked out the repo, and only ran this action. I read an issue on the GitHub runner repo that said to install the runner as root. Though this permission issue only occurs when we upgraded to V2 of the action. The issue does not come up in V1.
https://github.com/actions/runner/issues/434
Here is the workflow file that was ran:
name: Semantic release
on:
push:
branches:
- main
- alpha
pull_request:
branches:
- main
- alpha
jobs:
generate_release:
runs-on:
- self-hosted
- Linux
steps:
- uses: actions/checkout@v3
- run: sudo chmod -R ugo+rwX .
- uses: codfish/semantic-release-action@v2
env:
GITHUB_TOKEN: ${{ secrets.SYNCED_GH_SEMANTIC_RELEASE_TOKEN }}