harden-runner
harden-runner copied to clipboard
step-security
Fails to run with kubernetes custom github-runners
Hi I wanted to switch over to using https://github.com/actions-runner-controller/actions-runner-controller/ for custom runners but it seems the default image of it doesn't set the "$USERS" variable.
This results in this error: https://github.com/MTRNord/matrix-art/runs/5368009721?check_suite_focus=true
Any ideas how I could fix this or what is expected?
I believe the default image it uses is https://github.com/actions-runner-controller/actions-runner-controller/blob/master/runner/Dockerfile
For completion:
runner@mtrnord-runnerdeploy-5sn4p-6smqz:/$ echo $USER
runner@mtrnord-runnerdeploy-5sn4p-6smqz:/$ id
uid=1000(runner) gid=1000(runner) groups=1000(runner),27(sudo),1001(docker)
Hm seems like the bigger issue is that systemd is required for this which that image doesnt have. Which makes it crash after setting the missing env var
@MTRNord this only works on the GitHub hosted-runner as of now. Having similar features should be possible when run on K8, but it will need lot more work. Let me think more about it and get back.
Hi @MTRNord, I have added a limitations section in the readme that states that harden-runner is only supported for GitHub-hosted runner (Ubuntu VM). We do not have plans to support it for self-hosted runner as of now.
We have started work on this - here is the blog post about that: https://www.stepsecurity.io/blog/introducing-harden-runner-for-kubernetes-based-self-hosted-actions-runners
/CC @boahc077
Harden Runner is now available for Actions Runner Controller (ARC), so closing this issue.
You can read more here: https://www.stepsecurity.io/blog/secure-your-actions-runner-controller-arc-environment-using-stepsecurity https://docs.stepsecurity.io/harden-runner/how-tos/enable-runtime-security-arc