act
act copied to clipboard
nektos
Support running an action as a non-root user
Act version
act version 0.2.26
Feature description
Some things simply fail if you try to run them as root.
In my case I am installing Linuxbrew, to manage some additional software dependencies and it fails because it refuses to install when run as the root user.
[pre-commit checks/pre-commit-checks] ⭐ Run Install Linuxbrew
[pre-commit checks/pre-commit-checks] 🐳 docker exec cmd=[bash --noprofile --norc -e -o pipefail /var/run/act/workflow/3] user= workdir=
| Warning: Running in non-interactive mode because `$CI` is set.
| ==> Checking for `sudo` access (which may request your password)...
| Don't run this as root!
[pre-commit checks/pre-commit-checks] ❌ Failure - Install Linuxbrew
[pre-commit checks/pre-commit-checks] exit with `FAILURE`: 1
It would be nice if the containers had another user, called something like runner or nonpriv that could be used for a single action somehow when required.
I also ran into this, and here is my recipe, still a bit of a WIP trying to reach installation of ktlint, and the if [ .. ] here is because I use act -r -j ... locally
- name: Set up Homebrew (Linux)
if: ${{ matrix.os == 'ubuntu-22.04' }}
shell: bash
env:
LB_USERNAME: linuxbrew
run: |
if [ ! -f /home/$LB_USERNAME/.linuxbrew/bin/brew ]; then
rm -rf /home/$LB_USERNAME/
deluser $LB_USERNAME
adduser --disabled-password --gecos "" $LB_USERNAME
wget -c https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh
# https://stackoverflow.com/questions/72435188/how-to-install-brew-using-a-shallow-clone
sed -i 's:"git" "fetch":"git" "fetch" "--depth" "1":' install.sh
sed -i '/"update" "--force"/d' install.sh
mv install.sh /tmp
chmod a+r /tmp/install.sh
echo "export HOMEBREW_NO_AUTO_UPDATE=1" >> /home/$LB_USERNAME/.profile
su -l $LB_USERNAME -c "CI=1 USER=$LB_USERNAME bash /tmp/install.sh"
echo "eval \"\$(/home/$LB_USERNAME/.linuxbrew/bin/brew shellenv)\"" >> /home/$LB_USERNAME/.profile
fi
chmod a+x /home/$LB_USERNAME/.linuxbrew/bin/brew
chmod a+x /home/$LB_USERNAME/.linuxbrew/Homebrew/bin/brew
su -l $LB_USERNAME -c 'brew tap holgerbrandl/tap https://github.com/holgerbrandl/homebrew-tap'
su -l $LB_USERNAME -c 'time brew install ktlint kscript'
eval "$(/home/$LB_USERNAME/.linuxbrew/bin/brew shellenv)"
which ktlint kscript
Can anyone confirm if this is still a problem? Non root user container support should be available in the current version.
You now need to choose a non root user container:
act -P ubuntu-latest=ghcr.io/catthehacker/ubuntu:runner-latest
Change ubuntu-latest to the runs-on value you specified.
I see the "runner" images are documented at https://github.com/catthehacker/docker_images , but not at https://github.com/nektos/act/blob/master/IMAGES.md and IMO the root/non-root distinction is worth mentioning at https://github.com/nektos/act/blob/master/README.md#runners
It installs fine but the brew command is not available afterwards:
Run Main Set up Homebrew
[Update Wiki API Documentation/update-wiki-api-docs] 🐳 docker cp src=/home/stan/.cache/act/Homebrew-actions-setup-homebrew@master/ dst=/var/run/act/actions/Homebrew-actions-setup-homebrew@master/
[Update Wiki API Documentation/update-wiki-api-docs] 🐳 docker exec cmd=[node /var/run/act/actions/Homebrew-actions-setup-homebrew@master/setup-homebrew/main.mjs] user= workdir=
| [command]/bin/bash /run/act/actions/Homebrew-actions-setup-homebrew@master/setup-homebrew/main.sh false false auto false false
| Could not find 'brew' command in PATH or standard locations.
[Update Wiki API Documentation/update-wiki-api-docs] ❗ ::error::The process '/bin/bash' failed with exit code 1
[Update Wiki API Documentation/update-wiki-api-docs] ❌ Failure - Main Set up Homebrew
[Update Wiki API Documentation/update-wiki-api-docs] exitcode '1': failure
I would expect that setup actions would install tools like brew and not assert that these has been preinstalled.