unity-builder
unity-builder copied to clipboard
game-ci
UPM authentication and runAsHostUser on self-hosted linux runner
Bug description
I created a self-hosted Linux runner for GitHub, to build my unity app. When I set the unity-builder runAsHosteUser to true authentication to UPM Server fails:
An error occurred while resolving packages:
Project has invalid dependencies:
com.neobird.bootstrap: Request [GET <my verdaccio package>] failed because it lacks valid authentication credentials
How to reproduce
Install Linux runner like described on: https://game.ci/docs/self-hosting/host-provisioning/ubuntu-setup
Use these two steps:
- name: Setup UPM Authentication
timeout-minutes: 10
run: |
mkdir ${{ runner.temp }}/_github_home
cd ${{ runner.temp }}/_github_home
echo "[npmAuth.\"my verdaccio url"]" >> .upmconfig.toml
echo "alwaysAuth = true" >> .upmconfig.toml
echo "token = \"${{ secrets.NPM_AUTH_TOKEN }}\"" >> .upmconfig.toml
and
- name: Unity Build (${{ matrix.targetPlatform }}, ${{ matrix.buildProfile }}, ${{ matrix.unityVersion }})
uses: game-ci/unity-builder@v4
timeout-minutes: 60
env:
UNITY_SERIAL: ${{ secrets.UNITY_SERIAL }}
UNITY_EMAIL: ${{ secrets.UNITY_EMAIL }}
UNITY_PASSWORD: ${{ secrets.UNITY_PASSWORD }}
with:
runAsHostUser: ${{ matrix.runAsHostUser }}
versioning: Semantic
dockerWorkspacePath: /github/workspace
unityVersion: ${{ matrix.unityVersion }}
targetPlatform: ${{ matrix.targetPlatform }}
buildMethod: NeoBird.Build.BuildScript
customParameters: '-buildProfile ${{ matrix.buildProfile }
matrix.runAsHostUser of course is true.
Expected behavior
UPM packages should be resolved.
Maybe it's because of step Setup, UPM Authentication does not run as HostUser. Thx for your help.
Here is something you might try to resolve your authentication issue with UPM. (Note: I did not try this).
When using runAsHostUser: true on a self-hosted Linux runner, the problem might be from the .upmconfig.toml file not being accessible or correctly configured for the host user.
-
Adjust UPM Authentication Setup: Place the
.upmconfig.tomlin the host user's home directory:- name: Setup UPM Authentication timeout-minutes: 10 run: | mkdir -p $HOME/.upmconfig echo "[npmAuth.\"<your verdaccio url>\"]" >> $HOME/.upmconfig/.upmconfig.toml echo "alwaysAuth = true" >> $HOME/.upmconfig/.upmconfig.toml echo "token = \"${{ secrets.NPM_AUTH_TOKEN }}\"" >> $HOME/.upmconfig/.upmconfig.toml -
Ensure Permissions: Ensure the file has the correct permissions for the host user:
- name: Set Permissions for UPM Config run: | chown -R $(whoami) $HOME/.upmconfig -
Use the Correct User: Ensure the Unity build step runs as the correct user:
- name: Unity Build uses: game-ci/unity-builder@v4 timeout-minutes: 60 env: UNITY_SERIAL: ${{ secrets.UNITY_SERIAL }} UNITY_EMAIL: ${{ secrets.UNITY_EMAIL }} UNITY_PASSWORD: ${{ secrets.UNITY_PASSWORD }} with: runAsHostUser: true versioning: Semantic dockerWorkspacePath: /github/workspace unityVersion: ${{ matrix.unityVersion }} targetPlatform: ${{ matrix.targetPlatform }} buildMethod: NeoBird.Build.BuildScript customParameters: '-buildProfile ${{ matrix.buildProfile }}'
The UPM configuration file is documented here: https://docs.unity3d.com/Manual/upm-config.html
Hi @GabLeRoux, I'm working on the same issue as @eberleinNeobird and I've tried to apply your suggestions.
I've checked the logs and the docker container is being correctly run with the RUN_AS_HOST_USER=true flag.
The Setup UPM Authentication step now also creates the .upmconfig.toml file inside host user home directory, as it should, and the file permissions appear correct.
Unfortunately the Unity instance inside the docker container still doesn't seem to be able to locate it. Unity doesn't log where it's looking for this configuration file and wether or not it's found anything either.
Is there a way to mount additional directories to the docker container or at least pass an additional environment variable? Ideally without needing to configure custom docker images.
Is there a way to mount additional directories to the docker container or at least pass an additional environment variable? Ideally without needing to configure custom docker images.
I'm not exactly sure how this can be achieved with github-actions. I think the most important thing here is to figure out where Unity reads .upmconfig.toml and confirm it has access to it. According to https://docs.unity3d.com/Manual/upm-config.html It should be $HOME/.upmconfig.
Maybe a way to investigate this would be to fork the game-ci/unity-builder action, update the scripts and run the action with custom commands within the docker image to print what the container has access to.
If the container can't see $HOME/.upmconfig, we'll need to figure out how it can see it.
I don't have much information on that either.
Alright, so I've had some time to look at this issue again and I've managed to make it work for our case. I've forked the action and added the following command line flag to the docker command created by the action:
--env UPM_USER_CONFIG_FILE=/root/.upmconfig.toml
UPM_USER_CONFIG_FILE is an enviroment variable that tells Unity explicitly where to look for the config file.
Curiously this the same location where I would have expected Unity to look for the file anyway. This is essentially also the same location where the template in the docs puts the config file, e.g,: mkdir -p ${{ runner.temp }}/_github_home.
I'm still not fully sure what the root cause is and if this is something that could be added to the action upstream.
When running as host user, the docker entrypoint fix the permissions with the user:group of the project folder. So the .upmconfig.toml should live in /home/user. When runAsHostUser is false, the container run as root and worked fine.
https://github.com/game-ci/unity-builder/blob/83c85328dd491a4268b41f1aae9de279e1fe7be5/dist/platforms/ubuntu/entrypoint.sh#L56
For my use case It was enough to set runAsHostUser to false and fix the permissions manually with docker. Kind of hacky but works. It would be nice to support UPM_USER_CONFIG_FILE env var.
- name: Fix permissions
shell: bash
if: always()
run: |
echo "Fixing permissions for $GITHUB_WORKSPACE"
docker run --rm -v $GITHUB_WORKSPACE:/app alpine:3.21.0 sh -c "chown -R 1002 /app"
