Unfriendly error message Error: EACCES: permission denied, open '/__w/_temp/_runner_file_commands/save_state_e59de318-2ebd-4430-adee-f74fc8e00eb1'

[JasonGross]

When running this action with container: coqorg/coq:dev, I see

/usr/bin/docker exec  d2f4cc80928d9913b66a607fd95b3abc47ed3b5a78234ed06151b3bcd6260342 sh -c "cat /etc/*release | grep ^ID"
node:internal/fs/sync:78
  return binding.openSync(
                 ^

Error: EACCES: permission denied, open '/__w/_temp/_runner_file_commands/save_state_e59de318-2ebd-4430-adee-f74fc8e00eb1'
    at Object.open (node:internal/fs/sync:78:18)
    at Object.openSync (node:fs:565:17)
    at Object.writeFileSync (node:fs:2288:35)
    at Object.appendFileSync (node:fs:2350:6)
    at Object.issueFileCommand (/__w/_actions/actions/checkout/v4/dist/index.js:2967:8)
    at Object.saveState (/__w/_actions/actions/checkout/v4/dist/index.js:2884:31)
    at 8647 (/__w/_actions/actions/checkout/v4/dist/index.js:2343:10)
    at __nccwpck_require__ (/__w/_actions/actions/checkout/v4/dist/index.js:18273:43)
    at 2565 (/__w/_actions/actions/checkout/v4/dist/index.js:146:34)
    at __nccwpck_require__ (/__w/_actions/actions/checkout/v4/dist/index.js:18273:43) {
  errno: -13,
  code: 'EACCES',
  syscall: 'open',
  path: '/__w/_temp/_runner_file_commands/save_state_e59de318-2ebd-4430-adee-f74fc8e00eb1'
}

Node.js v20.8.1

This is a pretty unfriendly error message, and I have no idea what command I have to run to fix this issue. I presume I have to do sudo chmod -R a=u on some directory, but which one?

[JasonGross]

And it seems like this message is incorrect, even? Unless EACCES is an extremely poor error message for "file does not exist". When I ls -la /__w/_temp/_runner_file_commands, I get

drwxrwxrwx 2 1001 127 4096 Dec 25 10:37 .
drwxrwxrwx 5 1001 127 4096 Dec 25 10:37 ..
-rw-rw-rw- 1 1001 127    0 Dec 25 10:37 add_path_a0d0b7b0-7280-4add-8a14-d14072cacb2d
-rw-r--r-- 1 1001 127    0 Dec 25 10:37 add_path_f55f9ad0-e8c3-4b43-84cb-d0bf9d0618c4
-rw-rw-rw- 1 1001 127    0 Dec 25 10:37 save_state_a0d0b7b0-7280-4add-8a14-d14072cacb2d
-rw-r--r-- 1 1001 127    0 Dec 25 10:37 save_state_f55f9ad0-e8c3-4b43-84cb-d0bf9d0618c4
-rw-rw-rw- 1 1001 127    0 Dec 25 10:37 set_env_a0d0b7b0-7280-4add-8a14-d14072cacb2d
-rw-r--r-- 1 1001 127    0 Dec 25 10:37 set_env_f55f9ad0-e8c3-4b43-84cb-d0bf9d0618c4
-rw-rw-rw- 1 1001 127    0 Dec 25 10:37 set_output_a0d0b7b0-7280-4add-8a14-d14072cacb2d
-rw-r--r-- 1 1001 127    0 Dec 25 10:37 set_output_f55f9ad0-e8c3-4b43-84cb-d0bf9d0618c4
-rw-rw-rw- 1 1001 127    0 Dec 25 10:37 step_summary_a0d0b7b0-7280-4add-8a14-d14072cacb2d
-rw-r--r-- 1 1001 127    0 Dec 25 10:37 step_summary_f55f9ad0-e8c3-4b43-84cb-d0bf9d0618c4

[JasonGross]

I am becoming more convinced that this may be a bug with the checkout action. Is it fundamentally incompatible with containers where the current user/group ids do not match those of standard github runners?

[JasonGross]

Possibly a duplicate of https://github.com/actions/checkout/issues/956 ?

[thirtytwobits]

I started seeing this issue in my project's actions:

https://github.com/OpenCyphal/nunavut/actions/runs/9306090562/job/25614627575?pr=333

I was originally using checkout@v3 and just tried upgrading to v4 but the result is the same.

[gdubicki]

I started to get it in some of my runs on self-hoster GitHub Actions runners...

When using checkout@v3 I got:

Run actions/checkout@v3
Run '/home/runner/k8s/index.js'
  
node:internal/fs/utils:347
    throw err;
    ^
Error: EACCES: permission denied, open '/__w/_temp/_runner_file_commands/save_state_3b579ece-41e2-4dcb-a60d-3cadf1460a4c'
    at Object.openSync (node:fs:590:3)
    at Object.writeFileSync (node:fs:2202:35)
    at Object.appendFileSync (node:fs:2264:6)
    at Object.issueFileCommand (/__w/_actions/actions/checkout/v3/dist/index.js:2950:8)
    at Object.saveState (/__w/_actions/actions/checkout/v3/dist/index.js:2867:31)
    at Object.8647 (/__w/_actions/actions/checkout/v3/dist/index.js:2326:10)
    at __nccwpck_require__ (/__w/_actions/actions/checkout/v3/dist/index.js:18256:43)
    at Object.2565 (/__w/_actions/actions/checkout/v3/dist/index.js:146:34)
    at __nccwpck_require__ (/__w/_actions/actions/checkout/v3/dist/index.js:18256:43)
    at Object.9210 (/__w/_actions/actions/checkout/v3/dist/index.js:1141:36) ***
  errno: -13,
  syscall: 'open',
  code: 'EACCES',
  path: '/__w/_temp/_runner_file_commands/save_state_3b579ece-41e2-4dcb-a60d-3cadf1460a4c'
***

...and with checkout@v4:

Run actions/checkout@v4
Run '/home/runner/k8s/index.js'
node:fs:2346
    return binding.writeFileUtf8(
                   ^

Error: EACCES: permission denied, open '/__w/_temp/_runner_file_commands/save_state_5145f54a-a3ae-4722-972f-ce70373e4338'
    at Object.writeFileSync (node:fs:2346:20)
    at Object.appendFileSync (node:fs:2427:6)
    at Object.issueFileCommand (/__w/_actions/actions/checkout/v4/dist/index.js:3035:8)
    at Object.saveState (/__w/_actions/actions/checkout/v4/dist/index.js:2952:31)
    at 4866 (/__w/_actions/actions/checkout/v4/dist/index.js:2403:10)
    at __nccwpck_require__ (/__w/_actions/actions/checkout/v4/dist/index.js:38169:43)
    at 2565 (/__w/_actions/actions/checkout/v4/dist/index.js:151:34)
    at __nccwpck_require__ (/__w/_actions/actions/checkout/v4/dist/index.js:38169:43)
    at 9210 (/__w/_actions/actions/checkout/v4/dist/index.js:1173:36)
    at __nccwpck_require__ (/__w/_actions/actions/checkout/v4/dist/index.js:38169:43) ***
  errno: -13,
  code: 'EACCES',
  syscall: 'open',
  path: '/__w/_temp/_runner_file_commands/save_state_5145f54a-a3ae-4722-972f-ce70373e4338'
***

Node.js v20.13.1
Error: Error: failed to run script step: command terminated with non-zero exit code: error executing command [sh -e /__w/_temp/f432f6f0-27fb-11ef-b9df-611ce5790bbd.sh], exit code 1
Error: Process completed with exit code 1.
Error: Executing the custom container implementation failed. Please contact your self hosted runner administrator.

[darostegui]

I found this while doing some research and I'm curious if this solves your problem with checkout:

  - uses: actions/checkout@v4
    with:
      clean: false
      set-safe-directory: false

Cheers!

[pmabres]

I found this while doing some research and I'm curious if this solves your problem with checkout:

  - uses: actions/checkout@v4
    with:
      clean: false
      set-safe-directory: false

Cheers!

Not working in my case

[adityamaru]

I'm seeing this on one of my self hosted runners too. Was there any resolution or fix to this?

[maceip]

+1

[akash-nt]

If you are pulling any container image you may need to use root user

Basically,

container:
      image: public.ecr.aws/emr-serverless/spark/emr-7.3.0:latest

Becomes

container:
      image: public.ecr.aws/emr-serverless/spark/emr-7.3.0:latest
      options: --user root

This worked for me..

[ringin31]

@gdubicki

[gdubicki]

@gdubicki

I haven't seen this issue in a while now.

[es50678]

Just got this issue running the checkout action. here's our workflow file:

jobs:
  API_TESTS:
    name: API Tests
    runs-on: custom-A
    container:
      image: cypress/browsers:22.12.0
      options: --user 1001
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Configure AWS Credentials
        id: configure-aws
        uses: aws-actions/configure-aws-credentials@v4
        with:....

fails on the checkout action

[cpboyd]

The options: --user root didn't work for me, but it does from the docker CLI.

I had to use options: --user 0 instead.

Does anyone know why the user didn't resolve in GitHub Actions? Is there another place to open a bug for that, since the docs indicate it should work with Docker options: https://docs.github.com/en/actions/writing-workflows/choosing-where-your-workflow-runs/running-jobs-in-a-container#setting-container-resource-options