docker-nixpkgs icon indicating copy to clipboard operation
docker-nixpkgs copied to clipboard

Published 20 hours ago verified publisher icon nix-community

Image errors for GitHub Actions

Open infinisil opened this issue 3 years ago • 7 comments

Trying to use these images in GitHub Actions gives an error, see e.g. https://github.com/Infinisil/github-actions-docker/runs/1271863329:

 /usr/bin/docker exec  de645264c246e9831bfdda7ede83a62ed2d14583037ddb6b317acabd8fdfb1fa sh -c "cat /etc/*release | grep ^ID"
OCI runtime exec failed: exec failed: container_linux.go:370: starting container process caused: no such file or directory: unknown

This has already been reported in https://github.com/actions/checkout/issues/334, but it doesn't really have anything to do with the checkout action (that's just the first action that tries to run the container).

Most likely it's some file missing in the image, but the error really doesn't help a lot to figure out which file.

A possible way to figure this out is to do a long-winded bisection with e.g. an alpine image, because that one works, and the image contents can be inspected with https://stackoverflow.com/a/53481010. So by incrementally copying files from that image to the docker-nixpkgs one, it should start working at some point.

infinisil avatar Oct 18 '20 19:10 infinisil 

$ drun nixpkgs/nix:nixos-unstable sh -c "cat /etc/*release | grep ^ID"
sh: grep: command not found
cat: '/etc/*release': No such file or directory

The nix image is fairly minimal right now but it could be extended.

zimbatm avatar Oct 19 '20 20:10 zimbatm

It's a bit misleading, but the error happens before the command is actually started and has nothing to do with either grep or /etc/*release.

For https://github.com/niteoweb/nix-docker-base, which uses the same nixpkgs Docker builders as this repo, both grep and /etc/os-release exist:

docker run -it niteo/nixpkgs-nixos-20.03:925ae0dee63cf2c59533a6258340812e5643428a sh -c "cat /etc/*release | grep ^ID"
ID=nix

Yet on GitHub Actions, it fails in the very same way: https://github.com/Infinisil/github-actions-docker/runs/1271712451?check_suite_focus=true

infinisil avatar Oct 19 '20 20:10 infinisil

It's possible that GitHub Actions sets a custom entry point for the container. That would explain the error. To test that I would create an image with tons of wrappers in /bin that echo $0. And then symlink /bin to /usr/bin.

zimbatm avatar Oct 20 '20 09:10 zimbatm

Looks like somebody figured it out! https://github.com/actions/checkout/issues/334#issuecomment-713845806 With nixpkgs' Docker builders, these dynamic libraries could be added relatively easily, though this will sacrifice a bit of purity. I'll certainly give that a try soonish

infinisil avatar Oct 21 '20 23:10 infinisil

Was able to fix it for https://github.com/niteoweb/nix-docker-base with https://github.com/niteoweb/nix-docker-base/commit/0a5ceed0441a32b25a33b6904a47e007231b58c6, turns out it's a bit different for Nix. See also https://github.com/actions/checkout/issues/334#issuecomment-716068696. Feel free to reuse this fix for docker-nixpkgs.

infinisil avatar Oct 24 '20 23:10 infinisil

I am a bit torn. It allows running programs that didn't go through patchelf, which is both a bad and good thing. Depending if the binary was packaged by Nix or not.

I do a similar trick in the devcontainer image because VSCode injects their own binary as well: https://github.com/nix-community/docker-nixpkgs/blob/a720d8ee4f8665b3a4516d1453a09446bf8f3e9c/images/devcontainer/default.nix#L98-L99

zimbatm avatar Oct 25 '20 13:10 zimbatm

hi, could we do this for other images? I would love to use the nixpkgs nix-unstable image in our CI, instead of devcontainer.

sandangel avatar Jan 19 '23 06:01 sandangel