2020-02-07 06:17:58 +00:00
package runner
import (
2022-12-09 11:16:15 +00:00
"archive/tar"
"bufio"
2023-03-12 13:26:24 +00:00
"bytes"
2020-02-07 06:17:58 +00:00
"context"
2022-11-16 21:29:45 +00:00
"crypto/rand"
2023-02-03 19:54:19 +00:00
"crypto/sha256"
2023-03-12 13:26:24 +00:00
_ "embed"
2022-11-16 21:29:45 +00:00
"encoding/hex"
2020-02-14 08:41:20 +00:00
"encoding/json"
2022-11-16 21:29:45 +00:00
"errors"
2020-02-07 06:17:58 +00:00
"fmt"
2022-12-09 11:16:15 +00:00
"io"
2020-02-07 06:17:58 +00:00
"os"
2020-02-23 23:01:25 +00:00
"path/filepath"
2020-02-07 06:17:58 +00:00
"regexp"
2020-02-24 18:56:49 +00:00
"runtime"
2020-02-07 06:17:58 +00:00
"strings"
2023-03-12 13:26:24 +00:00
"text/template"
2021-11-26 05:18:31 +00:00
2023-11-14 22:02:37 +00:00
docker "github.com/docker/docker/api/types"
Add support for service containers (#1949)
* Support services (#42)
Removed createSimpleContainerName and AutoRemove flag
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/42
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services options (#45)
Reviewed-on: https://gitea.com/gitea/act/pulls/45
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support intepolation for `env` of `services` (#47)
Reviewed-on: https://gitea.com/gitea/act/pulls/47
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services `credentials` (#51)
If a service's image is from a container registry requires authentication, `act_runner` will need `credentials` to pull the image, see [documentation](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idcredentials).
Currently, `act_runner` incorrectly uses the `credentials` of `containers` to pull services' images and the `credentials` of services won't be used, see the related code: https://gitea.com/gitea/act/src/commit/0c1f2edb996a87ee17dcf3cfa7259c04be02abd7/pkg/runner/run_context.go#L228-L269
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/51
Reviewed-by: Jason Song <i@wolfogre.com>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Add ContainerMaxLifetime and ContainerNetworkMode options
from: https://gitea.com/gitea/act/commit/b9c20dcaa43899cb3bb327619d447248303170e0
* Fix container network issue (#56)
Follow: https://gitea.com/gitea/act_runner/pulls/184
Close https://gitea.com/gitea/act_runner/issues/177
- `act` create new networks only if the value of `NeedCreateNetwork` is true, and remove these networks at last. `NeedCreateNetwork` is passed by `act_runner`. 'NeedCreateNetwork' is true only if `container.network` in the configuration file of the `act_runner` is empty.
- In the `docker create` phase, specify the network to which containers will connect. Because, if not specify , container will connect to `bridge` network which is created automatically by Docker.
- If the network is user defined network ( the value of `container.network` is empty or `<custom-network>`. Because, the network created by `act` is also user defined network.), will also specify alias by `--network-alias`. The alias of service is `<service-id>`. So we can be access service container by `<service-id>:<port>` in the steps of job.
- Won't try to `docker network connect ` network after `docker start` any more.
- Because on the one hand, `docker network connect` applies only to user defined networks, if try to `docker network connect host <container-name>` will return error.
- On the other hand, we just specify network in the stage of `docker create`, the same effect can be achieved.
- Won't try to remove containers and networks berfore the stage of `docker start`, because the name of these containers and netwoks won't be repeat.
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/56
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>
* Check volumes (#60)
This PR adds a `ValidVolumes` config. Users can specify the volumes (including bind mounts) that can be mounted to containers by this config.
Options related to volumes:
- [jobs.<job_id>.container.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idcontainervolumes)
- [jobs.<job_id>.services.<service_id>.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idvolumes)
In addition, volumes specified by `options` will also be checked.
Currently, the following default volumes (see https://gitea.com/gitea/act/src/commit/a72822b3f83d3e68ffc697101b713b7badf57e2f/pkg/runner/run_context.go#L116-L166) will be added to `ValidVolumes`:
- `act-toolcache`
- `<container-name>` and `<container-name>-env`
- `/var/run/docker.sock` (We need to add a new configuration to control whether the docker daemon can be mounted)
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/60
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Remove ContainerMaxLifetime; fix lint
* Remove unused ValidVolumes
* Remove ConnectToNetwork
* Add docker stubs
* Close docker clients to prevent file descriptor leaks
* Fix the error when removing network in self-hosted mode (#69)
Fixes https://gitea.com/gitea/act_runner/issues/255
Reviewed-on: https://gitea.com/gitea/act/pulls/69
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Move service container and network cleanup to rc.cleanUpJobContainer
* Add --network flag; default to host if not using service containers or set explicitly
* Correctly close executor to prevent fd leak
* Revert to tail instead of full path
* fix network duplication
* backport networkingConfig for aliaes
* don't hardcode netMode host
* Convert services test to table driven tests
* Add failing tests for services
* Expose service container ports onto the host
* Set container network mode in artifacts server test to host mode
* Log container network mode when creating/starting a container
* fix: Correctly handle ContainerNetworkMode
* fix: missing service container network
* Always remove service containers
Although we usually keep containers running if the workflow errored
(unless `--rm` is given) in order to facilitate debugging and we have
a flag (`--reuse`) to always keep containers running in order to speed
up repeated `act` invocations, I believe that these should only apply
to job containers and not service containers, because changing the
network settings on a service container requires re-creating it anyway.
* Remove networks only if no active endpoints exist
* Ensure job containers are stopped before starting a new job
* fix: go build -tags WITHOUT_DOCKER
---------
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: ZauberNerd <zaubernerd@zaubernerd.de>
2023-10-19 09:24:52 +00:00
"github.com/docker/go-connections/nat"
2020-02-07 06:17:58 +00:00
"github.com/nektos/act/pkg/common"
2021-03-29 04:08:40 +00:00
"github.com/nektos/act/pkg/container"
2022-05-24 13:36:06 +00:00
"github.com/nektos/act/pkg/exprparser"
2020-02-07 06:17:58 +00:00
"github.com/nektos/act/pkg/model"
Add support for service containers (#1949)
* Support services (#42)
Removed createSimpleContainerName and AutoRemove flag
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/42
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services options (#45)
Reviewed-on: https://gitea.com/gitea/act/pulls/45
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support intepolation for `env` of `services` (#47)
Reviewed-on: https://gitea.com/gitea/act/pulls/47
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services `credentials` (#51)
If a service's image is from a container registry requires authentication, `act_runner` will need `credentials` to pull the image, see [documentation](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idcredentials).
Currently, `act_runner` incorrectly uses the `credentials` of `containers` to pull services' images and the `credentials` of services won't be used, see the related code: https://gitea.com/gitea/act/src/commit/0c1f2edb996a87ee17dcf3cfa7259c04be02abd7/pkg/runner/run_context.go#L228-L269
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/51
Reviewed-by: Jason Song <i@wolfogre.com>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Add ContainerMaxLifetime and ContainerNetworkMode options
from: https://gitea.com/gitea/act/commit/b9c20dcaa43899cb3bb327619d447248303170e0
* Fix container network issue (#56)
Follow: https://gitea.com/gitea/act_runner/pulls/184
Close https://gitea.com/gitea/act_runner/issues/177
- `act` create new networks only if the value of `NeedCreateNetwork` is true, and remove these networks at last. `NeedCreateNetwork` is passed by `act_runner`. 'NeedCreateNetwork' is true only if `container.network` in the configuration file of the `act_runner` is empty.
- In the `docker create` phase, specify the network to which containers will connect. Because, if not specify , container will connect to `bridge` network which is created automatically by Docker.
- If the network is user defined network ( the value of `container.network` is empty or `<custom-network>`. Because, the network created by `act` is also user defined network.), will also specify alias by `--network-alias`. The alias of service is `<service-id>`. So we can be access service container by `<service-id>:<port>` in the steps of job.
- Won't try to `docker network connect ` network after `docker start` any more.
- Because on the one hand, `docker network connect` applies only to user defined networks, if try to `docker network connect host <container-name>` will return error.
- On the other hand, we just specify network in the stage of `docker create`, the same effect can be achieved.
- Won't try to remove containers and networks berfore the stage of `docker start`, because the name of these containers and netwoks won't be repeat.
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/56
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>
* Check volumes (#60)
This PR adds a `ValidVolumes` config. Users can specify the volumes (including bind mounts) that can be mounted to containers by this config.
Options related to volumes:
- [jobs.<job_id>.container.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idcontainervolumes)
- [jobs.<job_id>.services.<service_id>.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idvolumes)
In addition, volumes specified by `options` will also be checked.
Currently, the following default volumes (see https://gitea.com/gitea/act/src/commit/a72822b3f83d3e68ffc697101b713b7badf57e2f/pkg/runner/run_context.go#L116-L166) will be added to `ValidVolumes`:
- `act-toolcache`
- `<container-name>` and `<container-name>-env`
- `/var/run/docker.sock` (We need to add a new configuration to control whether the docker daemon can be mounted)
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/60
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Remove ContainerMaxLifetime; fix lint
* Remove unused ValidVolumes
* Remove ConnectToNetwork
* Add docker stubs
* Close docker clients to prevent file descriptor leaks
* Fix the error when removing network in self-hosted mode (#69)
Fixes https://gitea.com/gitea/act_runner/issues/255
Reviewed-on: https://gitea.com/gitea/act/pulls/69
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Move service container and network cleanup to rc.cleanUpJobContainer
* Add --network flag; default to host if not using service containers or set explicitly
* Correctly close executor to prevent fd leak
* Revert to tail instead of full path
* fix network duplication
* backport networkingConfig for aliaes
* don't hardcode netMode host
* Convert services test to table driven tests
* Add failing tests for services
* Expose service container ports onto the host
* Set container network mode in artifacts server test to host mode
* Log container network mode when creating/starting a container
* fix: Correctly handle ContainerNetworkMode
* fix: missing service container network
* Always remove service containers
Although we usually keep containers running if the workflow errored
(unless `--rm` is given) in order to facilitate debugging and we have
a flag (`--reuse`) to always keep containers running in order to speed
up repeated `act` invocations, I believe that these should only apply
to job containers and not service containers, because changing the
network settings on a service container requires re-creating it anyway.
* Remove networks only if no active endpoints exist
* Ensure job containers are stopped before starting a new job
* fix: go build -tags WITHOUT_DOCKER
---------
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: ZauberNerd <zaubernerd@zaubernerd.de>
2023-10-19 09:24:52 +00:00
"github.com/opencontainers/selinux/go-selinux"
2020-02-07 06:17:58 +00:00
)
// RunContext contains info about current job
type RunContext struct {
2022-11-16 21:29:45 +00:00
Name string
Config * Config
Matrix map [ string ] interface { }
Run * model . Run
EventJSON string
Env map [ string ] string
2023-02-04 13:35:13 +00:00
GlobalEnv map [ string ] string // to pass env changes of GITHUB_ENV and set-env correctly, due to dirty Env field
2022-11-16 21:29:45 +00:00
ExtraPath [ ] string
CurrentStep string
StepResults map [ string ] * model . StepResult
2022-12-15 17:08:31 +00:00
IntraActionState map [ string ] map [ string ] string
2022-11-16 21:29:45 +00:00
ExprEval ExpressionEvaluator
JobContainer container . ExecutionsEnvironment
2023-04-19 03:23:28 +00:00
ServiceContainers [ ] container . ExecutionsEnvironment
2022-11-16 21:29:45 +00:00
OutputMappings map [ MappableOutput ] MappableOutput
JobName string
ActionPath string
Parent * RunContext
Masks [ ] string
cleanUpJobContainer common . Executor
2022-12-15 16:45:22 +00:00
caller * caller // job calling this RunContext (reusable workflows)
2022-03-02 08:29:34 +00:00
}
func ( rc * RunContext ) AddMask ( mask string ) {
rc . Masks = append ( rc . Masks , mask )
2021-12-22 19:19:50 +00:00
}
2021-04-02 20:40:44 +00:00
type MappableOutput struct {
StepID string
OutputName string
2020-02-14 08:41:20 +00:00
}
2020-02-27 07:29:43 +00:00
func ( rc * RunContext ) String ( ) string {
2022-12-15 16:45:22 +00:00
name := fmt . Sprintf ( "%s/%s" , rc . Run . Workflow . Name , rc . Name )
if rc . caller != nil {
// prefix the reusable workflow with the caller job
// this is required to create unique container names
2023-11-12 17:21:41 +00:00
name = fmt . Sprintf ( "%s/%s" , rc . caller . runContext . Name , name )
2022-12-15 16:45:22 +00:00
}
return name
2020-02-27 07:29:43 +00:00
}
2020-02-07 06:17:58 +00:00
// GetEnv returns the env for the context
func ( rc * RunContext ) GetEnv ( ) map [ string ] string {
if rc . Env == nil {
2022-11-16 21:29:45 +00:00
rc . Env = map [ string ] string { }
if rc . Run != nil && rc . Run . Workflow != nil && rc . Config != nil {
job := rc . Run . Job ( )
if job != nil {
rc . Env = mergeMaps ( rc . Run . Workflow . Env , job . Environment ( ) , rc . Config . Env )
}
}
2020-02-07 06:17:58 +00:00
}
2020-11-18 15:14:34 +00:00
rc . Env [ "ACT" ] = "true"
2023-06-13 03:46:26 +00:00
if ! rc . Config . NoSkipCheckout {
rc . Env [ "ACT_SKIP_CHECKOUT" ] = "true"
}
2020-02-07 06:17:58 +00:00
return rc . Env
}
2020-02-23 23:01:25 +00:00
func ( rc * RunContext ) jobContainerName ( ) string {
2022-11-24 06:45:32 +00:00
return createSimpleContainerName ( rc . Config . ContainerNamePrefix , "WORKFLOW-" + rc . Run . Workflow . Name , "JOB-" + rc . Name )
2020-02-07 06:17:58 +00:00
}
Fix container network issue (#56)
Follow: https://gitea.com/gitea/act_runner/pulls/184
Close https://gitea.com/gitea/act_runner/issues/177
#### changes:
- `act` create new networks only if the value of `NeedCreateNetwork` is true, and remove these networks at last. `NeedCreateNetwork` is passed by `act_runner`. 'NeedCreateNetwork' is true only if `container.network` in the configuration file of the `act_runner` is empty.
- In the `docker create` phase, specify the network to which containers will connect. Because, if not specify , container will connect to `bridge` network which is created automatically by Docker.
- If the network is user defined network ( the value of `container.network` is empty or `<custom-network>`. Because, the network created by `act` is also user defined network.), will also specify alias by `--network-alias`. The alias of service is `<service-id>`. So we can be access service container by `<service-id>:<port>` in the steps of job.
- Won't try to `docker network connect ` network after `docker start` any more.
- Because on the one hand, `docker network connect` applies only to user defined networks, if try to `docker network connect host <container-name>` will return error.
- On the other hand, we just specify network in the stage of `docker create`, the same effect can be achieved.
- Won't try to remove containers and networks berfore the stage of `docker start`, because the name of these containers and netwoks won't be repeat.
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/56
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>
2023-05-16 06:03:55 +00:00
// networkName return the name of the network which will be created by `act` automatically for job,
Add support for service containers (#1949)
* Support services (#42)
Removed createSimpleContainerName and AutoRemove flag
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/42
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services options (#45)
Reviewed-on: https://gitea.com/gitea/act/pulls/45
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support intepolation for `env` of `services` (#47)
Reviewed-on: https://gitea.com/gitea/act/pulls/47
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services `credentials` (#51)
If a service's image is from a container registry requires authentication, `act_runner` will need `credentials` to pull the image, see [documentation](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idcredentials).
Currently, `act_runner` incorrectly uses the `credentials` of `containers` to pull services' images and the `credentials` of services won't be used, see the related code: https://gitea.com/gitea/act/src/commit/0c1f2edb996a87ee17dcf3cfa7259c04be02abd7/pkg/runner/run_context.go#L228-L269
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/51
Reviewed-by: Jason Song <i@wolfogre.com>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Add ContainerMaxLifetime and ContainerNetworkMode options
from: https://gitea.com/gitea/act/commit/b9c20dcaa43899cb3bb327619d447248303170e0
* Fix container network issue (#56)
Follow: https://gitea.com/gitea/act_runner/pulls/184
Close https://gitea.com/gitea/act_runner/issues/177
- `act` create new networks only if the value of `NeedCreateNetwork` is true, and remove these networks at last. `NeedCreateNetwork` is passed by `act_runner`. 'NeedCreateNetwork' is true only if `container.network` in the configuration file of the `act_runner` is empty.
- In the `docker create` phase, specify the network to which containers will connect. Because, if not specify , container will connect to `bridge` network which is created automatically by Docker.
- If the network is user defined network ( the value of `container.network` is empty or `<custom-network>`. Because, the network created by `act` is also user defined network.), will also specify alias by `--network-alias`. The alias of service is `<service-id>`. So we can be access service container by `<service-id>:<port>` in the steps of job.
- Won't try to `docker network connect ` network after `docker start` any more.
- Because on the one hand, `docker network connect` applies only to user defined networks, if try to `docker network connect host <container-name>` will return error.
- On the other hand, we just specify network in the stage of `docker create`, the same effect can be achieved.
- Won't try to remove containers and networks berfore the stage of `docker start`, because the name of these containers and netwoks won't be repeat.
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/56
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>
* Check volumes (#60)
This PR adds a `ValidVolumes` config. Users can specify the volumes (including bind mounts) that can be mounted to containers by this config.
Options related to volumes:
- [jobs.<job_id>.container.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idcontainervolumes)
- [jobs.<job_id>.services.<service_id>.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idvolumes)
In addition, volumes specified by `options` will also be checked.
Currently, the following default volumes (see https://gitea.com/gitea/act/src/commit/a72822b3f83d3e68ffc697101b713b7badf57e2f/pkg/runner/run_context.go#L116-L166) will be added to `ValidVolumes`:
- `act-toolcache`
- `<container-name>` and `<container-name>-env`
- `/var/run/docker.sock` (We need to add a new configuration to control whether the docker daemon can be mounted)
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/60
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Remove ContainerMaxLifetime; fix lint
* Remove unused ValidVolumes
* Remove ConnectToNetwork
* Add docker stubs
* Close docker clients to prevent file descriptor leaks
* Fix the error when removing network in self-hosted mode (#69)
Fixes https://gitea.com/gitea/act_runner/issues/255
Reviewed-on: https://gitea.com/gitea/act/pulls/69
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Move service container and network cleanup to rc.cleanUpJobContainer
* Add --network flag; default to host if not using service containers or set explicitly
* Correctly close executor to prevent fd leak
* Revert to tail instead of full path
* fix network duplication
* backport networkingConfig for aliaes
* don't hardcode netMode host
* Convert services test to table driven tests
* Add failing tests for services
* Expose service container ports onto the host
* Set container network mode in artifacts server test to host mode
* Log container network mode when creating/starting a container
* fix: Correctly handle ContainerNetworkMode
* fix: missing service container network
* Always remove service containers
Although we usually keep containers running if the workflow errored
(unless `--rm` is given) in order to facilitate debugging and we have
a flag (`--reuse`) to always keep containers running in order to speed
up repeated `act` invocations, I believe that these should only apply
to job containers and not service containers, because changing the
network settings on a service container requires re-creating it anyway.
* Remove networks only if no active endpoints exist
* Ensure job containers are stopped before starting a new job
* fix: go build -tags WITHOUT_DOCKER
---------
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: ZauberNerd <zaubernerd@zaubernerd.de>
2023-10-19 09:24:52 +00:00
func ( rc * RunContext ) networkName ( ) ( string , bool ) {
2023-11-14 22:02:37 +00:00
if len ( rc . Run . Job ( ) . Services ) > 0 || rc . Config . ContainerNetworkMode == "" {
Add support for service containers (#1949)
* Support services (#42)
Removed createSimpleContainerName and AutoRemove flag
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/42
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services options (#45)
Reviewed-on: https://gitea.com/gitea/act/pulls/45
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support intepolation for `env` of `services` (#47)
Reviewed-on: https://gitea.com/gitea/act/pulls/47
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services `credentials` (#51)
If a service's image is from a container registry requires authentication, `act_runner` will need `credentials` to pull the image, see [documentation](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idcredentials).
Currently, `act_runner` incorrectly uses the `credentials` of `containers` to pull services' images and the `credentials` of services won't be used, see the related code: https://gitea.com/gitea/act/src/commit/0c1f2edb996a87ee17dcf3cfa7259c04be02abd7/pkg/runner/run_context.go#L228-L269
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/51
Reviewed-by: Jason Song <i@wolfogre.com>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Add ContainerMaxLifetime and ContainerNetworkMode options
from: https://gitea.com/gitea/act/commit/b9c20dcaa43899cb3bb327619d447248303170e0
* Fix container network issue (#56)
Follow: https://gitea.com/gitea/act_runner/pulls/184
Close https://gitea.com/gitea/act_runner/issues/177
- `act` create new networks only if the value of `NeedCreateNetwork` is true, and remove these networks at last. `NeedCreateNetwork` is passed by `act_runner`. 'NeedCreateNetwork' is true only if `container.network` in the configuration file of the `act_runner` is empty.
- In the `docker create` phase, specify the network to which containers will connect. Because, if not specify , container will connect to `bridge` network which is created automatically by Docker.
- If the network is user defined network ( the value of `container.network` is empty or `<custom-network>`. Because, the network created by `act` is also user defined network.), will also specify alias by `--network-alias`. The alias of service is `<service-id>`. So we can be access service container by `<service-id>:<port>` in the steps of job.
- Won't try to `docker network connect ` network after `docker start` any more.
- Because on the one hand, `docker network connect` applies only to user defined networks, if try to `docker network connect host <container-name>` will return error.
- On the other hand, we just specify network in the stage of `docker create`, the same effect can be achieved.
- Won't try to remove containers and networks berfore the stage of `docker start`, because the name of these containers and netwoks won't be repeat.
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/56
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>
* Check volumes (#60)
This PR adds a `ValidVolumes` config. Users can specify the volumes (including bind mounts) that can be mounted to containers by this config.
Options related to volumes:
- [jobs.<job_id>.container.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idcontainervolumes)
- [jobs.<job_id>.services.<service_id>.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idvolumes)
In addition, volumes specified by `options` will also be checked.
Currently, the following default volumes (see https://gitea.com/gitea/act/src/commit/a72822b3f83d3e68ffc697101b713b7badf57e2f/pkg/runner/run_context.go#L116-L166) will be added to `ValidVolumes`:
- `act-toolcache`
- `<container-name>` and `<container-name>-env`
- `/var/run/docker.sock` (We need to add a new configuration to control whether the docker daemon can be mounted)
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/60
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Remove ContainerMaxLifetime; fix lint
* Remove unused ValidVolumes
* Remove ConnectToNetwork
* Add docker stubs
* Close docker clients to prevent file descriptor leaks
* Fix the error when removing network in self-hosted mode (#69)
Fixes https://gitea.com/gitea/act_runner/issues/255
Reviewed-on: https://gitea.com/gitea/act/pulls/69
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Move service container and network cleanup to rc.cleanUpJobContainer
* Add --network flag; default to host if not using service containers or set explicitly
* Correctly close executor to prevent fd leak
* Revert to tail instead of full path
* fix network duplication
* backport networkingConfig for aliaes
* don't hardcode netMode host
* Convert services test to table driven tests
* Add failing tests for services
* Expose service container ports onto the host
* Set container network mode in artifacts server test to host mode
* Log container network mode when creating/starting a container
* fix: Correctly handle ContainerNetworkMode
* fix: missing service container network
* Always remove service containers
Although we usually keep containers running if the workflow errored
(unless `--rm` is given) in order to facilitate debugging and we have
a flag (`--reuse`) to always keep containers running in order to speed
up repeated `act` invocations, I believe that these should only apply
to job containers and not service containers, because changing the
network settings on a service container requires re-creating it anyway.
* Remove networks only if no active endpoints exist
* Ensure job containers are stopped before starting a new job
* fix: go build -tags WITHOUT_DOCKER
---------
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: ZauberNerd <zaubernerd@zaubernerd.de>
2023-10-19 09:24:52 +00:00
return fmt . Sprintf ( "%s-%s-network" , rc . jobContainerName ( ) , rc . Run . JobID ) , true
}
return string ( rc . Config . ContainerNetworkMode ) , false
Fix container network issue (#56)
Follow: https://gitea.com/gitea/act_runner/pulls/184
Close https://gitea.com/gitea/act_runner/issues/177
#### changes:
- `act` create new networks only if the value of `NeedCreateNetwork` is true, and remove these networks at last. `NeedCreateNetwork` is passed by `act_runner`. 'NeedCreateNetwork' is true only if `container.network` in the configuration file of the `act_runner` is empty.
- In the `docker create` phase, specify the network to which containers will connect. Because, if not specify , container will connect to `bridge` network which is created automatically by Docker.
- If the network is user defined network ( the value of `container.network` is empty or `<custom-network>`. Because, the network created by `act` is also user defined network.), will also specify alias by `--network-alias`. The alias of service is `<service-id>`. So we can be access service container by `<service-id>:<port>` in the steps of job.
- Won't try to `docker network connect ` network after `docker start` any more.
- Because on the one hand, `docker network connect` applies only to user defined networks, if try to `docker network connect host <container-name>` will return error.
- On the other hand, we just specify network in the stage of `docker create`, the same effect can be achieved.
- Won't try to remove containers and networks berfore the stage of `docker start`, because the name of these containers and netwoks won't be repeat.
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/56
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>
2023-05-16 06:03:55 +00:00
}
2023-04-25 16:31:17 +00:00
func getDockerDaemonSocketMountPath ( daemonPath string ) string {
if protoIndex := strings . Index ( daemonPath , "://" ) ; protoIndex != - 1 {
scheme := daemonPath [ : protoIndex ]
if strings . EqualFold ( scheme , "npipe" ) {
// linux container mount on windows, use the default socket path of the VM / wsl2
return "/var/run/docker.sock"
} else if strings . EqualFold ( scheme , "unix" ) {
return daemonPath [ protoIndex + 3 : ]
} else if strings . IndexFunc ( scheme , func ( r rune ) bool {
return ( r < 'a' || r > 'z' ) && ( r < 'A' || r > 'Z' )
} ) == - 1 {
// unknown protocol use default
return "/var/run/docker.sock"
}
}
return daemonPath
}
2021-05-04 21:50:35 +00:00
// Returns the binds and mounts for the container, resolving paths as appopriate
func ( rc * RunContext ) GetBindsAndMounts ( ) ( [ ] string , map [ string ] string ) {
name := rc . jobContainerName ( )
2021-05-23 14:43:09 +00:00
if rc . Config . ContainerDaemonSocket == "" {
rc . Config . ContainerDaemonSocket = "/var/run/docker.sock"
}
2023-04-25 16:31:17 +00:00
binds := [ ] string { }
if rc . Config . ContainerDaemonSocket != "-" {
daemonPath := getDockerDaemonSocketMountPath ( rc . Config . ContainerDaemonSocket )
binds = append ( binds , fmt . Sprintf ( "%s:%s" , daemonPath , "/var/run/docker.sock" ) )
2021-05-04 21:50:35 +00:00
}
2022-11-16 21:29:45 +00:00
ext := container . LinuxContainerEnvironmentExtensions { }
2021-05-04 21:50:35 +00:00
mounts := map [ string ] string {
2024-01-30 22:43:52 +00:00
"act-toolcache" : "/opt/hostedtoolcache" ,
2022-11-16 21:29:45 +00:00
name + "-env" : ext . GetActPath ( ) ,
2021-05-04 21:50:35 +00:00
}
2022-04-04 18:01:13 +00:00
if job := rc . Run . Job ( ) ; job != nil {
if container := job . Container ( ) ; container != nil {
for _ , v := range container . Volumes {
if ! strings . Contains ( v , ":" ) || filepath . IsAbs ( v ) {
// Bind anonymous volume or host file.
binds = append ( binds , v )
} else {
// Mount existing volume.
paths := strings . SplitN ( v , ":" , 2 )
mounts [ paths [ 0 ] ] = paths [ 1 ]
}
}
}
}
2021-05-04 21:50:35 +00:00
if rc . Config . BindWorkdir {
bindModifiers := ""
if runtime . GOOS == "darwin" {
bindModifiers = ":delegated"
}
2021-11-26 05:18:31 +00:00
if selinux . GetEnabled ( ) {
bindModifiers = ":z"
}
2022-11-16 21:29:45 +00:00
binds = append ( binds , fmt . Sprintf ( "%s:%s%s" , rc . Config . Workdir , ext . ToContainerPath ( rc . Config . Workdir ) , bindModifiers ) )
2021-05-04 21:50:35 +00:00
} else {
2022-11-16 21:29:45 +00:00
mounts [ name ] = ext . ToContainerPath ( rc . Config . Workdir )
2021-05-04 21:50:35 +00:00
}
2023-06-05 09:21:59 +00:00
// For Gitea
// add some default binds and mounts to ValidVolumes
rc . Config . ValidVolumes = append ( rc . Config . ValidVolumes , "act-toolcache" )
rc . Config . ValidVolumes = append ( rc . Config . ValidVolumes , name )
rc . Config . ValidVolumes = append ( rc . Config . ValidVolumes , name + "-env" )
// TODO: add a new configuration to control whether the docker daemon can be mounted
rc . Config . ValidVolumes = append ( rc . Config . ValidVolumes , getDockerDaemonSocketMountPath ( rc . Config . ContainerDaemonSocket ) )
2021-05-04 21:50:35 +00:00
return binds , mounts
}
2023-03-12 13:26:24 +00:00
//go:embed lxc-helpers-lib.sh
var lxcHelpersLib string
//go:embed lxc-helpers.sh
var lxcHelpers string
var startTemplate = template . Must ( template . New ( "start" ) . Parse ( ` # ! / bin / bash - e
2023-11-11 10:21:05 +00:00
exec 5 < > / tmp / forgejo - runner - lxc . lock ; flock -- timeout 21600 5
2023-11-10 20:45:14 +00:00
LXC_CONTAINER_CONFIG = "{{.Config}}"
2023-03-12 13:26:24 +00:00
LXC_CONTAINER_RELEASE = "{{.Release}}"
2023-11-10 20:45:14 +00:00
source $ ( dirname $ 0 ) / lxc - helpers - lib . sh
2023-03-12 13:26:24 +00:00
function template_act ( ) {
echo $ ( lxc_template_release ) - act
}
function install_nodejs ( ) {
local name = "$1"
local script = / usr / local / bin / lxc - helpers - install - node . sh
cat > $ ( lxc_root $ name ) / $ script << ' EOF '
# ! / bin / sh - e
# https : //github.com/nodesource/distributions#debinstall
export DEBIAN_FRONTEND = noninteractive
apt - get install - qq - y ca - certificates curl gnupg git
mkdir - p / etc / apt / keyrings
curl - fsSL https : //deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
NODE_MAJOR = 20
echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | tee / etc / apt / sources . list . d / nodesource . list
apt - get update - qq
apt - get install - qq - y nodejs
EOF
lxc_container_run_script $ name $ script
}
function build_template_act ( ) {
local name = "$(template_act)"
if lxc_exists $ name ; then
return
fi
lxc_build_template $ ( lxc_template_release ) $ name
lxc_container_start $ name
install_nodejs $ name
lxc_container_stop $ name
}
lxc_prepare_environment
2023-11-10 20:45:14 +00:00
LXC_CONTAINER_CONFIG = "" build_template_act
2023-03-12 13:26:24 +00:00
lxc_build_template $ ( template_act ) "{{.Name}}"
lxc_container_mount "{{.Name}}" "{{ .Root }}"
lxc_container_start "{{.Name}}"
` ) )
var stopTemplate = template . Must ( template . New ( "stop" ) . Parse ( ` # ! / bin / bash
source $ ( dirname $ 0 ) / lxc - helpers - lib . sh
lxc_container_destroy "{{.Name}}"
` ) )
2023-11-09 02:36:09 +00:00
func ( rc * RunContext ) stopHostEnvironment ( ctx context . Context ) error {
logger := common . Logger ( ctx )
logger . Debugf ( "stopHostEnvironment" )
var stopScript bytes . Buffer
if err := stopTemplate . Execute ( & stopScript , struct {
Name string
Root string
} {
Name : rc . JobContainer . GetName ( ) ,
Root : rc . JobContainer . GetRoot ( ) ,
} ) ; err != nil {
return err
2023-03-12 13:26:24 +00:00
}
2023-11-09 02:36:09 +00:00
return common . NewPipelineExecutor (
rc . JobContainer . Copy ( rc . JobContainer . GetActPath ( ) + "/" , & container . FileEntry {
Name : "workflow/stop-lxc.sh" ,
Mode : 0755 ,
Body : stopScript . String ( ) ,
} ) ,
rc . JobContainer . Exec ( [ ] string { rc . JobContainer . GetActPath ( ) + "/workflow/stop-lxc.sh" } , map [ string ] string { } , "root" , "/tmp" ) ,
) ( ctx )
2023-03-12 13:26:24 +00:00
}
2022-11-16 21:29:45 +00:00
func ( rc * RunContext ) startHostEnvironment ( ) common . Executor {
return func ( ctx context . Context ) error {
logger := common . Logger ( ctx )
rawLogger := logger . WithField ( "raw_output" , true )
logWriter := common . NewLineWriter ( rc . commandHandler ( ctx ) , func ( s string ) bool {
if rc . Config . LogOutput {
rawLogger . Infof ( "%s" , s )
} else {
rawLogger . Debugf ( "%s" , s )
}
return true
} )
cacheDir := rc . ActionCacheDir ( )
randBytes := make ( [ ] byte , 8 )
_ , _ = rand . Read ( randBytes )
2023-03-12 13:26:24 +00:00
randName := hex . EncodeToString ( randBytes )
miscpath := filepath . Join ( cacheDir , randName )
2022-11-16 21:29:45 +00:00
actPath := filepath . Join ( miscpath , "act" )
2023-02-16 15:34:51 +00:00
if err := os . MkdirAll ( actPath , 0 o777 ) ; err != nil {
2022-11-16 21:29:45 +00:00
return err
}
path := filepath . Join ( miscpath , "hostexecutor" )
2023-02-16 15:34:51 +00:00
if err := os . MkdirAll ( path , 0 o777 ) ; err != nil {
2022-11-16 21:29:45 +00:00
return err
}
runnerTmp := filepath . Join ( miscpath , "tmp" )
2023-02-16 15:34:51 +00:00
if err := os . MkdirAll ( runnerTmp , 0 o777 ) ; err != nil {
2022-11-16 21:29:45 +00:00
return err
}
toolCache := filepath . Join ( cacheDir , "tool_cache" )
rc . JobContainer = & container . HostEnvironment {
2023-03-12 13:26:24 +00:00
Name : randName ,
Root : miscpath ,
2022-11-16 21:29:45 +00:00
Path : path ,
TmpDir : runnerTmp ,
ToolCache : toolCache ,
Workdir : rc . Config . Workdir ,
ActPath : actPath ,
CleanUp : func ( ) {
os . RemoveAll ( miscpath )
} ,
StdOut : logWriter ,
2023-11-09 02:36:09 +00:00
LXC : rc . IsLXCHostEnv ( ctx ) ,
2022-11-16 21:29:45 +00:00
}
rc . cleanUpJobContainer = rc . JobContainer . Remove ( )
2022-12-19 14:58:55 +00:00
for k , v := range rc . JobContainer . GetRunnerContext ( ctx ) {
if v , ok := v . ( string ) ; ok {
rc . Env [ fmt . Sprintf ( "RUNNER_%s" , strings . ToUpper ( k ) ) ] = v
}
}
2022-11-16 21:29:45 +00:00
for _ , env := range os . Environ ( ) {
2023-02-16 15:16:46 +00:00
if k , v , ok := strings . Cut ( env , "=" ) ; ok {
// don't override
if _ , ok := rc . Env [ k ] ; ! ok {
rc . Env [ k ] = v
}
2022-11-16 21:29:45 +00:00
}
}
2023-11-09 02:36:09 +00:00
executors := make ( [ ] common . Executor , 0 , 10 )
2023-11-10 20:45:14 +00:00
isLXCHost , LXCTemplate , LXCRelease , LXCConfig := rc . GetLXCInfo ( ctx )
if isLXCHost {
var startScript bytes . Buffer
if err := startTemplate . Execute ( & startScript , struct {
Name string
Template string
Release string
Config string
Repo string
Root string
TmpDir string
Script string
} {
Name : rc . JobContainer . GetName ( ) ,
Template : LXCTemplate ,
Release : LXCRelease ,
Config : LXCConfig ,
Repo : "" , // step.Environment["CI_REPO"],
Root : rc . JobContainer . GetRoot ( ) ,
TmpDir : runnerTmp ,
Script : "" , // "commands-" + step.Name,
} ) ; err != nil {
return err
}
2023-11-09 02:36:09 +00:00
executors = append ( executors ,
rc . JobContainer . Copy ( rc . JobContainer . GetActPath ( ) + "/" , & container . FileEntry {
Name : "workflow/lxc-helpers-lib.sh" ,
Mode : 0755 ,
Body : lxcHelpersLib ,
} ) ,
rc . JobContainer . Copy ( rc . JobContainer . GetActPath ( ) + "/" , & container . FileEntry {
Name : "workflow/lxc-helpers.sh" ,
Mode : 0755 ,
Body : lxcHelpers ,
} ) ,
rc . JobContainer . Copy ( rc . JobContainer . GetActPath ( ) + "/" , & container . FileEntry {
Name : "workflow/start-lxc.sh" ,
Mode : 0755 ,
Body : startScript . String ( ) ,
} ) ,
rc . JobContainer . Exec ( [ ] string { rc . JobContainer . GetActPath ( ) + "/workflow/start-lxc.sh" } , map [ string ] string { } , "root" , "/tmp" ) ,
)
}
executors = append ( executors , rc . JobContainer . Copy ( rc . JobContainer . GetActPath ( ) + "/" , & container . FileEntry {
Name : "workflow/event.json" ,
Mode : 0 o644 ,
Body : rc . EventJSON ,
} , & container . FileEntry {
Name : "workflow/envs.txt" ,
Mode : 0 o666 ,
Body : "" ,
} ) )
return common . NewPipelineExecutor ( executors ... ) ( ctx )
2022-11-16 21:29:45 +00:00
}
}
Add support for service containers (#1949)
* Support services (#42)
Removed createSimpleContainerName and AutoRemove flag
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/42
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services options (#45)
Reviewed-on: https://gitea.com/gitea/act/pulls/45
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support intepolation for `env` of `services` (#47)
Reviewed-on: https://gitea.com/gitea/act/pulls/47
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services `credentials` (#51)
If a service's image is from a container registry requires authentication, `act_runner` will need `credentials` to pull the image, see [documentation](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idcredentials).
Currently, `act_runner` incorrectly uses the `credentials` of `containers` to pull services' images and the `credentials` of services won't be used, see the related code: https://gitea.com/gitea/act/src/commit/0c1f2edb996a87ee17dcf3cfa7259c04be02abd7/pkg/runner/run_context.go#L228-L269
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/51
Reviewed-by: Jason Song <i@wolfogre.com>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Add ContainerMaxLifetime and ContainerNetworkMode options
from: https://gitea.com/gitea/act/commit/b9c20dcaa43899cb3bb327619d447248303170e0
* Fix container network issue (#56)
Follow: https://gitea.com/gitea/act_runner/pulls/184
Close https://gitea.com/gitea/act_runner/issues/177
- `act` create new networks only if the value of `NeedCreateNetwork` is true, and remove these networks at last. `NeedCreateNetwork` is passed by `act_runner`. 'NeedCreateNetwork' is true only if `container.network` in the configuration file of the `act_runner` is empty.
- In the `docker create` phase, specify the network to which containers will connect. Because, if not specify , container will connect to `bridge` network which is created automatically by Docker.
- If the network is user defined network ( the value of `container.network` is empty or `<custom-network>`. Because, the network created by `act` is also user defined network.), will also specify alias by `--network-alias`. The alias of service is `<service-id>`. So we can be access service container by `<service-id>:<port>` in the steps of job.
- Won't try to `docker network connect ` network after `docker start` any more.
- Because on the one hand, `docker network connect` applies only to user defined networks, if try to `docker network connect host <container-name>` will return error.
- On the other hand, we just specify network in the stage of `docker create`, the same effect can be achieved.
- Won't try to remove containers and networks berfore the stage of `docker start`, because the name of these containers and netwoks won't be repeat.
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/56
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>
* Check volumes (#60)
This PR adds a `ValidVolumes` config. Users can specify the volumes (including bind mounts) that can be mounted to containers by this config.
Options related to volumes:
- [jobs.<job_id>.container.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idcontainervolumes)
- [jobs.<job_id>.services.<service_id>.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idvolumes)
In addition, volumes specified by `options` will also be checked.
Currently, the following default volumes (see https://gitea.com/gitea/act/src/commit/a72822b3f83d3e68ffc697101b713b7badf57e2f/pkg/runner/run_context.go#L116-L166) will be added to `ValidVolumes`:
- `act-toolcache`
- `<container-name>` and `<container-name>-env`
- `/var/run/docker.sock` (We need to add a new configuration to control whether the docker daemon can be mounted)
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/60
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Remove ContainerMaxLifetime; fix lint
* Remove unused ValidVolumes
* Remove ConnectToNetwork
* Add docker stubs
* Close docker clients to prevent file descriptor leaks
* Fix the error when removing network in self-hosted mode (#69)
Fixes https://gitea.com/gitea/act_runner/issues/255
Reviewed-on: https://gitea.com/gitea/act/pulls/69
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Move service container and network cleanup to rc.cleanUpJobContainer
* Add --network flag; default to host if not using service containers or set explicitly
* Correctly close executor to prevent fd leak
* Revert to tail instead of full path
* fix network duplication
* backport networkingConfig for aliaes
* don't hardcode netMode host
* Convert services test to table driven tests
* Add failing tests for services
* Expose service container ports onto the host
* Set container network mode in artifacts server test to host mode
* Log container network mode when creating/starting a container
* fix: Correctly handle ContainerNetworkMode
* fix: missing service container network
* Always remove service containers
Although we usually keep containers running if the workflow errored
(unless `--rm` is given) in order to facilitate debugging and we have
a flag (`--reuse`) to always keep containers running in order to speed
up repeated `act` invocations, I believe that these should only apply
to job containers and not service containers, because changing the
network settings on a service container requires re-creating it anyway.
* Remove networks only if no active endpoints exist
* Ensure job containers are stopped before starting a new job
* fix: go build -tags WITHOUT_DOCKER
---------
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: ZauberNerd <zaubernerd@zaubernerd.de>
2023-10-19 09:24:52 +00:00
//nolint:gocyclo
2020-02-23 23:01:25 +00:00
func ( rc * RunContext ) startJobContainer ( ) common . Executor {
return func ( ctx context . Context ) error {
2022-06-17 15:55:21 +00:00
logger := common . Logger ( ctx )
image := rc . platformImage ( ctx )
rawLogger := logger . WithField ( "raw_output" , true )
2020-02-24 20:48:12 +00:00
logWriter := common . NewLineWriter ( rc . commandHandler ( ctx ) , func ( s string ) bool {
2020-02-23 23:01:25 +00:00
if rc . Config . LogOutput {
2020-06-24 14:05:05 +00:00
rawLogger . Infof ( "%s" , s )
2020-02-23 23:01:25 +00:00
} else {
2020-06-24 14:05:05 +00:00
rawLogger . Debugf ( "%s" , s )
2020-02-23 23:01:25 +00:00
}
2020-02-24 20:48:12 +00:00
return true
2020-02-23 23:01:25 +00:00
} )
2022-06-17 15:55:21 +00:00
username , password , err := rc . handleCredentials ( ctx )
2021-11-27 18:05:56 +00:00
if err != nil {
return fmt . Errorf ( "failed to handle credentials: %s" , err )
}
2022-06-17 15:55:21 +00:00
logger . Infof ( "\U0001f680 Start image=%s" , image )
2020-02-23 23:01:25 +00:00
name := rc . jobContainerName ( )
2023-06-06 00:21:31 +00:00
// For gitea, to support --volumes-from <container_name_or_id> in options.
// We need to set the container name to the environment variable.
rc . Env [ "JOB_CONTAINER_NAME" ] = name
2020-02-23 23:01:25 +00:00
2020-02-24 18:56:49 +00:00
envList := make ( [ ] string , 0 )
2020-02-25 16:52:05 +00:00
envList = append ( envList , fmt . Sprintf ( "%s=%s" , "RUNNER_TOOL_CACHE" , "/opt/hostedtoolcache" ) )
2020-04-23 06:57:36 +00:00
envList = append ( envList , fmt . Sprintf ( "%s=%s" , "RUNNER_OS" , "Linux" ) )
2022-08-29 15:39:31 +00:00
envList = append ( envList , fmt . Sprintf ( "%s=%s" , "RUNNER_ARCH" , container . RunnerArch ( ctx ) ) )
2020-04-23 15:18:36 +00:00
envList = append ( envList , fmt . Sprintf ( "%s=%s" , "RUNNER_TEMP" , "/tmp" ) )
2022-12-06 10:36:39 +00:00
envList = append ( envList , fmt . Sprintf ( "%s=%s" , "LANG" , "C.UTF-8" ) ) // Use same locale as GitHub Actions
2020-02-24 18:56:49 +00:00
2022-11-16 21:29:45 +00:00
ext := container . LinuxContainerEnvironmentExtensions { }
2021-05-04 21:50:35 +00:00
binds , mounts := rc . GetBindsAndMounts ( )
2020-02-25 01:48:21 +00:00
Fix container network issue (#56)
Follow: https://gitea.com/gitea/act_runner/pulls/184
Close https://gitea.com/gitea/act_runner/issues/177
#### changes:
- `act` create new networks only if the value of `NeedCreateNetwork` is true, and remove these networks at last. `NeedCreateNetwork` is passed by `act_runner`. 'NeedCreateNetwork' is true only if `container.network` in the configuration file of the `act_runner` is empty.
- In the `docker create` phase, specify the network to which containers will connect. Because, if not specify , container will connect to `bridge` network which is created automatically by Docker.
- If the network is user defined network ( the value of `container.network` is empty or `<custom-network>`. Because, the network created by `act` is also user defined network.), will also specify alias by `--network-alias`. The alias of service is `<service-id>`. So we can be access service container by `<service-id>:<port>` in the steps of job.
- Won't try to `docker network connect ` network after `docker start` any more.
- Because on the one hand, `docker network connect` applies only to user defined networks, if try to `docker network connect host <container-name>` will return error.
- On the other hand, we just specify network in the stage of `docker create`, the same effect can be achieved.
- Won't try to remove containers and networks berfore the stage of `docker start`, because the name of these containers and netwoks won't be repeat.
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/56
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>
2023-05-16 06:03:55 +00:00
// specify the network to which the container will connect when `docker create` stage. (like execute command line: docker create --network <networkName> <image>)
networkName := string ( rc . Config . ContainerNetworkMode )
2024-02-17 04:28:10 +00:00
var createAndDeleteNetwork bool
Fix container network issue (#56)
Follow: https://gitea.com/gitea/act_runner/pulls/184
Close https://gitea.com/gitea/act_runner/issues/177
#### changes:
- `act` create new networks only if the value of `NeedCreateNetwork` is true, and remove these networks at last. `NeedCreateNetwork` is passed by `act_runner`. 'NeedCreateNetwork' is true only if `container.network` in the configuration file of the `act_runner` is empty.
- In the `docker create` phase, specify the network to which containers will connect. Because, if not specify , container will connect to `bridge` network which is created automatically by Docker.
- If the network is user defined network ( the value of `container.network` is empty or `<custom-network>`. Because, the network created by `act` is also user defined network.), will also specify alias by `--network-alias`. The alias of service is `<service-id>`. So we can be access service container by `<service-id>:<port>` in the steps of job.
- Won't try to `docker network connect ` network after `docker start` any more.
- Because on the one hand, `docker network connect` applies only to user defined networks, if try to `docker network connect host <container-name>` will return error.
- On the other hand, we just specify network in the stage of `docker create`, the same effect can be achieved.
- Won't try to remove containers and networks berfore the stage of `docker start`, because the name of these containers and netwoks won't be repeat.
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/56
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>
2023-05-16 06:03:55 +00:00
if networkName == "" {
// if networkName is empty string, will create a new network for the containers.
// and it will be removed after at last.
2024-02-17 04:28:10 +00:00
networkName , createAndDeleteNetwork = rc . networkName ( )
Fix container network issue (#56)
Follow: https://gitea.com/gitea/act_runner/pulls/184
Close https://gitea.com/gitea/act_runner/issues/177
#### changes:
- `act` create new networks only if the value of `NeedCreateNetwork` is true, and remove these networks at last. `NeedCreateNetwork` is passed by `act_runner`. 'NeedCreateNetwork' is true only if `container.network` in the configuration file of the `act_runner` is empty.
- In the `docker create` phase, specify the network to which containers will connect. Because, if not specify , container will connect to `bridge` network which is created automatically by Docker.
- If the network is user defined network ( the value of `container.network` is empty or `<custom-network>`. Because, the network created by `act` is also user defined network.), will also specify alias by `--network-alias`. The alias of service is `<service-id>`. So we can be access service container by `<service-id>:<port>` in the steps of job.
- Won't try to `docker network connect ` network after `docker start` any more.
- Because on the one hand, `docker network connect` applies only to user defined networks, if try to `docker network connect host <container-name>` will return error.
- On the other hand, we just specify network in the stage of `docker create`, the same effect can be achieved.
- Won't try to remove containers and networks berfore the stage of `docker start`, because the name of these containers and netwoks won't be repeat.
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/56
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>
2023-05-16 06:03:55 +00:00
}
2023-04-19 03:23:28 +00:00
// add service containers
Add support for service containers (#1949)
* Support services (#42)
Removed createSimpleContainerName and AutoRemove flag
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/42
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services options (#45)
Reviewed-on: https://gitea.com/gitea/act/pulls/45
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support intepolation for `env` of `services` (#47)
Reviewed-on: https://gitea.com/gitea/act/pulls/47
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services `credentials` (#51)
If a service's image is from a container registry requires authentication, `act_runner` will need `credentials` to pull the image, see [documentation](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idcredentials).
Currently, `act_runner` incorrectly uses the `credentials` of `containers` to pull services' images and the `credentials` of services won't be used, see the related code: https://gitea.com/gitea/act/src/commit/0c1f2edb996a87ee17dcf3cfa7259c04be02abd7/pkg/runner/run_context.go#L228-L269
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/51
Reviewed-by: Jason Song <i@wolfogre.com>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Add ContainerMaxLifetime and ContainerNetworkMode options
from: https://gitea.com/gitea/act/commit/b9c20dcaa43899cb3bb327619d447248303170e0
* Fix container network issue (#56)
Follow: https://gitea.com/gitea/act_runner/pulls/184
Close https://gitea.com/gitea/act_runner/issues/177
- `act` create new networks only if the value of `NeedCreateNetwork` is true, and remove these networks at last. `NeedCreateNetwork` is passed by `act_runner`. 'NeedCreateNetwork' is true only if `container.network` in the configuration file of the `act_runner` is empty.
- In the `docker create` phase, specify the network to which containers will connect. Because, if not specify , container will connect to `bridge` network which is created automatically by Docker.
- If the network is user defined network ( the value of `container.network` is empty or `<custom-network>`. Because, the network created by `act` is also user defined network.), will also specify alias by `--network-alias`. The alias of service is `<service-id>`. So we can be access service container by `<service-id>:<port>` in the steps of job.
- Won't try to `docker network connect ` network after `docker start` any more.
- Because on the one hand, `docker network connect` applies only to user defined networks, if try to `docker network connect host <container-name>` will return error.
- On the other hand, we just specify network in the stage of `docker create`, the same effect can be achieved.
- Won't try to remove containers and networks berfore the stage of `docker start`, because the name of these containers and netwoks won't be repeat.
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/56
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>
* Check volumes (#60)
This PR adds a `ValidVolumes` config. Users can specify the volumes (including bind mounts) that can be mounted to containers by this config.
Options related to volumes:
- [jobs.<job_id>.container.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idcontainervolumes)
- [jobs.<job_id>.services.<service_id>.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idvolumes)
In addition, volumes specified by `options` will also be checked.
Currently, the following default volumes (see https://gitea.com/gitea/act/src/commit/a72822b3f83d3e68ffc697101b713b7badf57e2f/pkg/runner/run_context.go#L116-L166) will be added to `ValidVolumes`:
- `act-toolcache`
- `<container-name>` and `<container-name>-env`
- `/var/run/docker.sock` (We need to add a new configuration to control whether the docker daemon can be mounted)
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/60
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Remove ContainerMaxLifetime; fix lint
* Remove unused ValidVolumes
* Remove ConnectToNetwork
* Add docker stubs
* Close docker clients to prevent file descriptor leaks
* Fix the error when removing network in self-hosted mode (#69)
Fixes https://gitea.com/gitea/act_runner/issues/255
Reviewed-on: https://gitea.com/gitea/act/pulls/69
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Move service container and network cleanup to rc.cleanUpJobContainer
* Add --network flag; default to host if not using service containers or set explicitly
* Correctly close executor to prevent fd leak
* Revert to tail instead of full path
* fix network duplication
* backport networkingConfig for aliaes
* don't hardcode netMode host
* Convert services test to table driven tests
* Add failing tests for services
* Expose service container ports onto the host
* Set container network mode in artifacts server test to host mode
* Log container network mode when creating/starting a container
* fix: Correctly handle ContainerNetworkMode
* fix: missing service container network
* Always remove service containers
Although we usually keep containers running if the workflow errored
(unless `--rm` is given) in order to facilitate debugging and we have
a flag (`--reuse`) to always keep containers running in order to speed
up repeated `act` invocations, I believe that these should only apply
to job containers and not service containers, because changing the
network settings on a service container requires re-creating it anyway.
* Remove networks only if no active endpoints exist
* Ensure job containers are stopped before starting a new job
* fix: go build -tags WITHOUT_DOCKER
---------
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: ZauberNerd <zaubernerd@zaubernerd.de>
2023-10-19 09:24:52 +00:00
for serviceID , spec := range rc . Run . Job ( ) . Services {
2023-04-23 06:55:17 +00:00
// interpolate env
2023-04-20 08:24:31 +00:00
interpolatedEnvs := make ( map [ string ] string , len ( spec . Env ) )
2023-04-19 03:23:28 +00:00
for k , v := range spec . Env {
2023-04-20 08:24:31 +00:00
interpolatedEnvs [ k ] = rc . ExprEval . Interpolate ( ctx , v )
}
envs := make ( [ ] string , 0 , len ( interpolatedEnvs ) )
for k , v := range interpolatedEnvs {
envs = append ( envs , fmt . Sprintf ( "%s=%s" , k , v ) )
2023-04-19 03:23:28 +00:00
}
2023-04-23 06:55:17 +00:00
interpolatedCmd := make ( [ ] string , 0 , len ( spec . Cmd ) )
for _ , v := range spec . Cmd {
interpolatedCmd = append ( interpolatedCmd , rc . ExprEval . Interpolate ( ctx , v ) )
}
2024-02-17 04:28:10 +00:00
Add support for service containers (#1949)
* Support services (#42)
Removed createSimpleContainerName and AutoRemove flag
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/42
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services options (#45)
Reviewed-on: https://gitea.com/gitea/act/pulls/45
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support intepolation for `env` of `services` (#47)
Reviewed-on: https://gitea.com/gitea/act/pulls/47
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services `credentials` (#51)
If a service's image is from a container registry requires authentication, `act_runner` will need `credentials` to pull the image, see [documentation](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idcredentials).
Currently, `act_runner` incorrectly uses the `credentials` of `containers` to pull services' images and the `credentials` of services won't be used, see the related code: https://gitea.com/gitea/act/src/commit/0c1f2edb996a87ee17dcf3cfa7259c04be02abd7/pkg/runner/run_context.go#L228-L269
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/51
Reviewed-by: Jason Song <i@wolfogre.com>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Add ContainerMaxLifetime and ContainerNetworkMode options
from: https://gitea.com/gitea/act/commit/b9c20dcaa43899cb3bb327619d447248303170e0
* Fix container network issue (#56)
Follow: https://gitea.com/gitea/act_runner/pulls/184
Close https://gitea.com/gitea/act_runner/issues/177
- `act` create new networks only if the value of `NeedCreateNetwork` is true, and remove these networks at last. `NeedCreateNetwork` is passed by `act_runner`. 'NeedCreateNetwork' is true only if `container.network` in the configuration file of the `act_runner` is empty.
- In the `docker create` phase, specify the network to which containers will connect. Because, if not specify , container will connect to `bridge` network which is created automatically by Docker.
- If the network is user defined network ( the value of `container.network` is empty or `<custom-network>`. Because, the network created by `act` is also user defined network.), will also specify alias by `--network-alias`. The alias of service is `<service-id>`. So we can be access service container by `<service-id>:<port>` in the steps of job.
- Won't try to `docker network connect ` network after `docker start` any more.
- Because on the one hand, `docker network connect` applies only to user defined networks, if try to `docker network connect host <container-name>` will return error.
- On the other hand, we just specify network in the stage of `docker create`, the same effect can be achieved.
- Won't try to remove containers and networks berfore the stage of `docker start`, because the name of these containers and netwoks won't be repeat.
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/56
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>
* Check volumes (#60)
This PR adds a `ValidVolumes` config. Users can specify the volumes (including bind mounts) that can be mounted to containers by this config.
Options related to volumes:
- [jobs.<job_id>.container.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idcontainervolumes)
- [jobs.<job_id>.services.<service_id>.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idvolumes)
In addition, volumes specified by `options` will also be checked.
Currently, the following default volumes (see https://gitea.com/gitea/act/src/commit/a72822b3f83d3e68ffc697101b713b7badf57e2f/pkg/runner/run_context.go#L116-L166) will be added to `ValidVolumes`:
- `act-toolcache`
- `<container-name>` and `<container-name>-env`
- `/var/run/docker.sock` (We need to add a new configuration to control whether the docker daemon can be mounted)
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/60
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Remove ContainerMaxLifetime; fix lint
* Remove unused ValidVolumes
* Remove ConnectToNetwork
* Add docker stubs
* Close docker clients to prevent file descriptor leaks
* Fix the error when removing network in self-hosted mode (#69)
Fixes https://gitea.com/gitea/act_runner/issues/255
Reviewed-on: https://gitea.com/gitea/act/pulls/69
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Move service container and network cleanup to rc.cleanUpJobContainer
* Add --network flag; default to host if not using service containers or set explicitly
* Correctly close executor to prevent fd leak
* Revert to tail instead of full path
* fix network duplication
* backport networkingConfig for aliaes
* don't hardcode netMode host
* Convert services test to table driven tests
* Add failing tests for services
* Expose service container ports onto the host
* Set container network mode in artifacts server test to host mode
* Log container network mode when creating/starting a container
* fix: Correctly handle ContainerNetworkMode
* fix: missing service container network
* Always remove service containers
Although we usually keep containers running if the workflow errored
(unless `--rm` is given) in order to facilitate debugging and we have
a flag (`--reuse`) to always keep containers running in order to speed
up repeated `act` invocations, I believe that these should only apply
to job containers and not service containers, because changing the
network settings on a service container requires re-creating it anyway.
* Remove networks only if no active endpoints exist
* Ensure job containers are stopped before starting a new job
* fix: go build -tags WITHOUT_DOCKER
---------
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: ZauberNerd <zaubernerd@zaubernerd.de>
2023-10-19 09:24:52 +00:00
username , password , err = rc . handleServiceCredentials ( ctx , spec . Credentials )
if err != nil {
return fmt . Errorf ( "failed to handle service %s credentials: %w" , serviceID , err )
}
2023-11-12 18:30:21 +00:00
interpolatedVolumes := make ( [ ] string , 0 , len ( spec . Volumes ) )
for _ , volume := range spec . Volumes {
interpolatedVolumes = append ( interpolatedVolumes , rc . ExprEval . Interpolate ( ctx , volume ) )
}
serviceBinds , serviceMounts := rc . GetServiceBindsAndMounts ( interpolatedVolumes )
interpolatedPorts := make ( [ ] string , 0 , len ( spec . Ports ) )
for _ , port := range spec . Ports {
interpolatedPorts = append ( interpolatedPorts , rc . ExprEval . Interpolate ( ctx , port ) )
}
exposedPorts , portBindings , err := nat . ParsePortSpecs ( interpolatedPorts )
2023-04-25 06:45:39 +00:00
if err != nil {
Add support for service containers (#1949)
* Support services (#42)
Removed createSimpleContainerName and AutoRemove flag
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/42
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services options (#45)
Reviewed-on: https://gitea.com/gitea/act/pulls/45
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support intepolation for `env` of `services` (#47)
Reviewed-on: https://gitea.com/gitea/act/pulls/47
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services `credentials` (#51)
If a service's image is from a container registry requires authentication, `act_runner` will need `credentials` to pull the image, see [documentation](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idcredentials).
Currently, `act_runner` incorrectly uses the `credentials` of `containers` to pull services' images and the `credentials` of services won't be used, see the related code: https://gitea.com/gitea/act/src/commit/0c1f2edb996a87ee17dcf3cfa7259c04be02abd7/pkg/runner/run_context.go#L228-L269
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/51
Reviewed-by: Jason Song <i@wolfogre.com>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Add ContainerMaxLifetime and ContainerNetworkMode options
from: https://gitea.com/gitea/act/commit/b9c20dcaa43899cb3bb327619d447248303170e0
* Fix container network issue (#56)
Follow: https://gitea.com/gitea/act_runner/pulls/184
Close https://gitea.com/gitea/act_runner/issues/177
- `act` create new networks only if the value of `NeedCreateNetwork` is true, and remove these networks at last. `NeedCreateNetwork` is passed by `act_runner`. 'NeedCreateNetwork' is true only if `container.network` in the configuration file of the `act_runner` is empty.
- In the `docker create` phase, specify the network to which containers will connect. Because, if not specify , container will connect to `bridge` network which is created automatically by Docker.
- If the network is user defined network ( the value of `container.network` is empty or `<custom-network>`. Because, the network created by `act` is also user defined network.), will also specify alias by `--network-alias`. The alias of service is `<service-id>`. So we can be access service container by `<service-id>:<port>` in the steps of job.
- Won't try to `docker network connect ` network after `docker start` any more.
- Because on the one hand, `docker network connect` applies only to user defined networks, if try to `docker network connect host <container-name>` will return error.
- On the other hand, we just specify network in the stage of `docker create`, the same effect can be achieved.
- Won't try to remove containers and networks berfore the stage of `docker start`, because the name of these containers and netwoks won't be repeat.
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/56
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>
* Check volumes (#60)
This PR adds a `ValidVolumes` config. Users can specify the volumes (including bind mounts) that can be mounted to containers by this config.
Options related to volumes:
- [jobs.<job_id>.container.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idcontainervolumes)
- [jobs.<job_id>.services.<service_id>.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idvolumes)
In addition, volumes specified by `options` will also be checked.
Currently, the following default volumes (see https://gitea.com/gitea/act/src/commit/a72822b3f83d3e68ffc697101b713b7badf57e2f/pkg/runner/run_context.go#L116-L166) will be added to `ValidVolumes`:
- `act-toolcache`
- `<container-name>` and `<container-name>-env`
- `/var/run/docker.sock` (We need to add a new configuration to control whether the docker daemon can be mounted)
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/60
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Remove ContainerMaxLifetime; fix lint
* Remove unused ValidVolumes
* Remove ConnectToNetwork
* Add docker stubs
* Close docker clients to prevent file descriptor leaks
* Fix the error when removing network in self-hosted mode (#69)
Fixes https://gitea.com/gitea/act_runner/issues/255
Reviewed-on: https://gitea.com/gitea/act/pulls/69
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Move service container and network cleanup to rc.cleanUpJobContainer
* Add --network flag; default to host if not using service containers or set explicitly
* Correctly close executor to prevent fd leak
* Revert to tail instead of full path
* fix network duplication
* backport networkingConfig for aliaes
* don't hardcode netMode host
* Convert services test to table driven tests
* Add failing tests for services
* Expose service container ports onto the host
* Set container network mode in artifacts server test to host mode
* Log container network mode when creating/starting a container
* fix: Correctly handle ContainerNetworkMode
* fix: missing service container network
* Always remove service containers
Although we usually keep containers running if the workflow errored
(unless `--rm` is given) in order to facilitate debugging and we have
a flag (`--reuse`) to always keep containers running in order to speed
up repeated `act` invocations, I believe that these should only apply
to job containers and not service containers, because changing the
network settings on a service container requires re-creating it anyway.
* Remove networks only if no active endpoints exist
* Ensure job containers are stopped before starting a new job
* fix: go build -tags WITHOUT_DOCKER
---------
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: ZauberNerd <zaubernerd@zaubernerd.de>
2023-10-19 09:24:52 +00:00
return fmt . Errorf ( "failed to parse service %s ports: %w" , serviceID , err )
2023-04-25 06:45:39 +00:00
}
Add support for service containers (#1949)
* Support services (#42)
Removed createSimpleContainerName and AutoRemove flag
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/42
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services options (#45)
Reviewed-on: https://gitea.com/gitea/act/pulls/45
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support intepolation for `env` of `services` (#47)
Reviewed-on: https://gitea.com/gitea/act/pulls/47
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services `credentials` (#51)
If a service's image is from a container registry requires authentication, `act_runner` will need `credentials` to pull the image, see [documentation](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idcredentials).
Currently, `act_runner` incorrectly uses the `credentials` of `containers` to pull services' images and the `credentials` of services won't be used, see the related code: https://gitea.com/gitea/act/src/commit/0c1f2edb996a87ee17dcf3cfa7259c04be02abd7/pkg/runner/run_context.go#L228-L269
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/51
Reviewed-by: Jason Song <i@wolfogre.com>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Add ContainerMaxLifetime and ContainerNetworkMode options
from: https://gitea.com/gitea/act/commit/b9c20dcaa43899cb3bb327619d447248303170e0
* Fix container network issue (#56)
Follow: https://gitea.com/gitea/act_runner/pulls/184
Close https://gitea.com/gitea/act_runner/issues/177
- `act` create new networks only if the value of `NeedCreateNetwork` is true, and remove these networks at last. `NeedCreateNetwork` is passed by `act_runner`. 'NeedCreateNetwork' is true only if `container.network` in the configuration file of the `act_runner` is empty.
- In the `docker create` phase, specify the network to which containers will connect. Because, if not specify , container will connect to `bridge` network which is created automatically by Docker.
- If the network is user defined network ( the value of `container.network` is empty or `<custom-network>`. Because, the network created by `act` is also user defined network.), will also specify alias by `--network-alias`. The alias of service is `<service-id>`. So we can be access service container by `<service-id>:<port>` in the steps of job.
- Won't try to `docker network connect ` network after `docker start` any more.
- Because on the one hand, `docker network connect` applies only to user defined networks, if try to `docker network connect host <container-name>` will return error.
- On the other hand, we just specify network in the stage of `docker create`, the same effect can be achieved.
- Won't try to remove containers and networks berfore the stage of `docker start`, because the name of these containers and netwoks won't be repeat.
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/56
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>
* Check volumes (#60)
This PR adds a `ValidVolumes` config. Users can specify the volumes (including bind mounts) that can be mounted to containers by this config.
Options related to volumes:
- [jobs.<job_id>.container.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idcontainervolumes)
- [jobs.<job_id>.services.<service_id>.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idvolumes)
In addition, volumes specified by `options` will also be checked.
Currently, the following default volumes (see https://gitea.com/gitea/act/src/commit/a72822b3f83d3e68ffc697101b713b7badf57e2f/pkg/runner/run_context.go#L116-L166) will be added to `ValidVolumes`:
- `act-toolcache`
- `<container-name>` and `<container-name>-env`
- `/var/run/docker.sock` (We need to add a new configuration to control whether the docker daemon can be mounted)
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/60
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Remove ContainerMaxLifetime; fix lint
* Remove unused ValidVolumes
* Remove ConnectToNetwork
* Add docker stubs
* Close docker clients to prevent file descriptor leaks
* Fix the error when removing network in self-hosted mode (#69)
Fixes https://gitea.com/gitea/act_runner/issues/255
Reviewed-on: https://gitea.com/gitea/act/pulls/69
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Move service container and network cleanup to rc.cleanUpJobContainer
* Add --network flag; default to host if not using service containers or set explicitly
* Correctly close executor to prevent fd leak
* Revert to tail instead of full path
* fix network duplication
* backport networkingConfig for aliaes
* don't hardcode netMode host
* Convert services test to table driven tests
* Add failing tests for services
* Expose service container ports onto the host
* Set container network mode in artifacts server test to host mode
* Log container network mode when creating/starting a container
* fix: Correctly handle ContainerNetworkMode
* fix: missing service container network
* Always remove service containers
Although we usually keep containers running if the workflow errored
(unless `--rm` is given) in order to facilitate debugging and we have
a flag (`--reuse`) to always keep containers running in order to speed
up repeated `act` invocations, I believe that these should only apply
to job containers and not service containers, because changing the
network settings on a service container requires re-creating it anyway.
* Remove networks only if no active endpoints exist
* Ensure job containers are stopped before starting a new job
* fix: go build -tags WITHOUT_DOCKER
---------
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: ZauberNerd <zaubernerd@zaubernerd.de>
2023-10-19 09:24:52 +00:00
serviceContainerName := createContainerName ( rc . jobContainerName ( ) , serviceID )
2023-04-19 03:23:28 +00:00
c := container . NewContainer ( & container . NewContainerInput {
2023-06-05 09:21:59 +00:00
Name : serviceContainerName ,
WorkingDir : ext . ToContainerPath ( rc . Config . Workdir ) ,
2023-11-12 18:30:21 +00:00
Image : rc . ExprEval . Interpolate ( ctx , spec . Image ) ,
2023-06-05 09:21:59 +00:00
Username : username ,
Password : password ,
Cmd : interpolatedCmd ,
Env : envs ,
Mounts : serviceMounts ,
Binds : serviceBinds ,
2023-04-19 03:23:28 +00:00
Stdout : logWriter ,
Stderr : logWriter ,
Privileged : rc . Config . Privileged ,
UsernsMode : rc . Config . UsernsMode ,
Platform : rc . Config . ContainerArchitecture ,
AutoRemove : rc . Config . AutoRemove ,
2023-11-12 18:30:21 +00:00
Options : rc . ExprEval . Interpolate ( ctx , spec . Options ) ,
Fix container network issue (#56)
Follow: https://gitea.com/gitea/act_runner/pulls/184
Close https://gitea.com/gitea/act_runner/issues/177
#### changes:
- `act` create new networks only if the value of `NeedCreateNetwork` is true, and remove these networks at last. `NeedCreateNetwork` is passed by `act_runner`. 'NeedCreateNetwork' is true only if `container.network` in the configuration file of the `act_runner` is empty.
- In the `docker create` phase, specify the network to which containers will connect. Because, if not specify , container will connect to `bridge` network which is created automatically by Docker.
- If the network is user defined network ( the value of `container.network` is empty or `<custom-network>`. Because, the network created by `act` is also user defined network.), will also specify alias by `--network-alias`. The alias of service is `<service-id>`. So we can be access service container by `<service-id>:<port>` in the steps of job.
- Won't try to `docker network connect ` network after `docker start` any more.
- Because on the one hand, `docker network connect` applies only to user defined networks, if try to `docker network connect host <container-name>` will return error.
- On the other hand, we just specify network in the stage of `docker create`, the same effect can be achieved.
- Won't try to remove containers and networks berfore the stage of `docker start`, because the name of these containers and netwoks won't be repeat.
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/56
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>
2023-05-16 06:03:55 +00:00
NetworkMode : networkName ,
Add support for service containers (#1949)
* Support services (#42)
Removed createSimpleContainerName and AutoRemove flag
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/42
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services options (#45)
Reviewed-on: https://gitea.com/gitea/act/pulls/45
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support intepolation for `env` of `services` (#47)
Reviewed-on: https://gitea.com/gitea/act/pulls/47
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services `credentials` (#51)
If a service's image is from a container registry requires authentication, `act_runner` will need `credentials` to pull the image, see [documentation](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idcredentials).
Currently, `act_runner` incorrectly uses the `credentials` of `containers` to pull services' images and the `credentials` of services won't be used, see the related code: https://gitea.com/gitea/act/src/commit/0c1f2edb996a87ee17dcf3cfa7259c04be02abd7/pkg/runner/run_context.go#L228-L269
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/51
Reviewed-by: Jason Song <i@wolfogre.com>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Add ContainerMaxLifetime and ContainerNetworkMode options
from: https://gitea.com/gitea/act/commit/b9c20dcaa43899cb3bb327619d447248303170e0
* Fix container network issue (#56)
Follow: https://gitea.com/gitea/act_runner/pulls/184
Close https://gitea.com/gitea/act_runner/issues/177
- `act` create new networks only if the value of `NeedCreateNetwork` is true, and remove these networks at last. `NeedCreateNetwork` is passed by `act_runner`. 'NeedCreateNetwork' is true only if `container.network` in the configuration file of the `act_runner` is empty.
- In the `docker create` phase, specify the network to which containers will connect. Because, if not specify , container will connect to `bridge` network which is created automatically by Docker.
- If the network is user defined network ( the value of `container.network` is empty or `<custom-network>`. Because, the network created by `act` is also user defined network.), will also specify alias by `--network-alias`. The alias of service is `<service-id>`. So we can be access service container by `<service-id>:<port>` in the steps of job.
- Won't try to `docker network connect ` network after `docker start` any more.
- Because on the one hand, `docker network connect` applies only to user defined networks, if try to `docker network connect host <container-name>` will return error.
- On the other hand, we just specify network in the stage of `docker create`, the same effect can be achieved.
- Won't try to remove containers and networks berfore the stage of `docker start`, because the name of these containers and netwoks won't be repeat.
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/56
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>
* Check volumes (#60)
This PR adds a `ValidVolumes` config. Users can specify the volumes (including bind mounts) that can be mounted to containers by this config.
Options related to volumes:
- [jobs.<job_id>.container.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idcontainervolumes)
- [jobs.<job_id>.services.<service_id>.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idvolumes)
In addition, volumes specified by `options` will also be checked.
Currently, the following default volumes (see https://gitea.com/gitea/act/src/commit/a72822b3f83d3e68ffc697101b713b7badf57e2f/pkg/runner/run_context.go#L116-L166) will be added to `ValidVolumes`:
- `act-toolcache`
- `<container-name>` and `<container-name>-env`
- `/var/run/docker.sock` (We need to add a new configuration to control whether the docker daemon can be mounted)
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/60
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Remove ContainerMaxLifetime; fix lint
* Remove unused ValidVolumes
* Remove ConnectToNetwork
* Add docker stubs
* Close docker clients to prevent file descriptor leaks
* Fix the error when removing network in self-hosted mode (#69)
Fixes https://gitea.com/gitea/act_runner/issues/255
Reviewed-on: https://gitea.com/gitea/act/pulls/69
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Move service container and network cleanup to rc.cleanUpJobContainer
* Add --network flag; default to host if not using service containers or set explicitly
* Correctly close executor to prevent fd leak
* Revert to tail instead of full path
* fix network duplication
* backport networkingConfig for aliaes
* don't hardcode netMode host
* Convert services test to table driven tests
* Add failing tests for services
* Expose service container ports onto the host
* Set container network mode in artifacts server test to host mode
* Log container network mode when creating/starting a container
* fix: Correctly handle ContainerNetworkMode
* fix: missing service container network
* Always remove service containers
Although we usually keep containers running if the workflow errored
(unless `--rm` is given) in order to facilitate debugging and we have
a flag (`--reuse`) to always keep containers running in order to speed
up repeated `act` invocations, I believe that these should only apply
to job containers and not service containers, because changing the
network settings on a service container requires re-creating it anyway.
* Remove networks only if no active endpoints exist
* Ensure job containers are stopped before starting a new job
* fix: go build -tags WITHOUT_DOCKER
---------
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: ZauberNerd <zaubernerd@zaubernerd.de>
2023-10-19 09:24:52 +00:00
NetworkAliases : [ ] string { serviceID } ,
ExposedPorts : exposedPorts ,
PortBindings : portBindings ,
2023-06-05 09:21:59 +00:00
ValidVolumes : rc . Config . ValidVolumes ,
2023-04-19 03:23:28 +00:00
} )
rc . ServiceContainers = append ( rc . ServiceContainers , c )
}
2022-11-16 21:29:45 +00:00
rc . cleanUpJobContainer = func ( ctx context . Context ) error {
Add support for service containers (#1949)
* Support services (#42)
Removed createSimpleContainerName and AutoRemove flag
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/42
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services options (#45)
Reviewed-on: https://gitea.com/gitea/act/pulls/45
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support intepolation for `env` of `services` (#47)
Reviewed-on: https://gitea.com/gitea/act/pulls/47
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services `credentials` (#51)
If a service's image is from a container registry requires authentication, `act_runner` will need `credentials` to pull the image, see [documentation](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idcredentials).
Currently, `act_runner` incorrectly uses the `credentials` of `containers` to pull services' images and the `credentials` of services won't be used, see the related code: https://gitea.com/gitea/act/src/commit/0c1f2edb996a87ee17dcf3cfa7259c04be02abd7/pkg/runner/run_context.go#L228-L269
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/51
Reviewed-by: Jason Song <i@wolfogre.com>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Add ContainerMaxLifetime and ContainerNetworkMode options
from: https://gitea.com/gitea/act/commit/b9c20dcaa43899cb3bb327619d447248303170e0
* Fix container network issue (#56)
Follow: https://gitea.com/gitea/act_runner/pulls/184
Close https://gitea.com/gitea/act_runner/issues/177
- `act` create new networks only if the value of `NeedCreateNetwork` is true, and remove these networks at last. `NeedCreateNetwork` is passed by `act_runner`. 'NeedCreateNetwork' is true only if `container.network` in the configuration file of the `act_runner` is empty.
- In the `docker create` phase, specify the network to which containers will connect. Because, if not specify , container will connect to `bridge` network which is created automatically by Docker.
- If the network is user defined network ( the value of `container.network` is empty or `<custom-network>`. Because, the network created by `act` is also user defined network.), will also specify alias by `--network-alias`. The alias of service is `<service-id>`. So we can be access service container by `<service-id>:<port>` in the steps of job.
- Won't try to `docker network connect ` network after `docker start` any more.
- Because on the one hand, `docker network connect` applies only to user defined networks, if try to `docker network connect host <container-name>` will return error.
- On the other hand, we just specify network in the stage of `docker create`, the same effect can be achieved.
- Won't try to remove containers and networks berfore the stage of `docker start`, because the name of these containers and netwoks won't be repeat.
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/56
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>
* Check volumes (#60)
This PR adds a `ValidVolumes` config. Users can specify the volumes (including bind mounts) that can be mounted to containers by this config.
Options related to volumes:
- [jobs.<job_id>.container.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idcontainervolumes)
- [jobs.<job_id>.services.<service_id>.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idvolumes)
In addition, volumes specified by `options` will also be checked.
Currently, the following default volumes (see https://gitea.com/gitea/act/src/commit/a72822b3f83d3e68ffc697101b713b7badf57e2f/pkg/runner/run_context.go#L116-L166) will be added to `ValidVolumes`:
- `act-toolcache`
- `<container-name>` and `<container-name>-env`
- `/var/run/docker.sock` (We need to add a new configuration to control whether the docker daemon can be mounted)
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/60
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Remove ContainerMaxLifetime; fix lint
* Remove unused ValidVolumes
* Remove ConnectToNetwork
* Add docker stubs
* Close docker clients to prevent file descriptor leaks
* Fix the error when removing network in self-hosted mode (#69)
Fixes https://gitea.com/gitea/act_runner/issues/255
Reviewed-on: https://gitea.com/gitea/act/pulls/69
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Move service container and network cleanup to rc.cleanUpJobContainer
* Add --network flag; default to host if not using service containers or set explicitly
* Correctly close executor to prevent fd leak
* Revert to tail instead of full path
* fix network duplication
* backport networkingConfig for aliaes
* don't hardcode netMode host
* Convert services test to table driven tests
* Add failing tests for services
* Expose service container ports onto the host
* Set container network mode in artifacts server test to host mode
* Log container network mode when creating/starting a container
* fix: Correctly handle ContainerNetworkMode
* fix: missing service container network
* Always remove service containers
Although we usually keep containers running if the workflow errored
(unless `--rm` is given) in order to facilitate debugging and we have
a flag (`--reuse`) to always keep containers running in order to speed
up repeated `act` invocations, I believe that these should only apply
to job containers and not service containers, because changing the
network settings on a service container requires re-creating it anyway.
* Remove networks only if no active endpoints exist
* Ensure job containers are stopped before starting a new job
* fix: go build -tags WITHOUT_DOCKER
---------
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: ZauberNerd <zaubernerd@zaubernerd.de>
2023-10-19 09:24:52 +00:00
reuseJobContainer := func ( ctx context . Context ) bool {
return rc . Config . ReuseContainers
}
if rc . JobContainer != nil {
return rc . JobContainer . Remove ( ) . IfNot ( reuseJobContainer ) .
Then ( container . NewDockerVolumeRemoveExecutor ( rc . jobContainerName ( ) , false ) ) . IfNot ( reuseJobContainer ) .
Then ( container . NewDockerVolumeRemoveExecutor ( rc . jobContainerName ( ) + "-env" , false ) ) . IfNot ( reuseJobContainer ) .
Then ( func ( ctx context . Context ) error {
if len ( rc . ServiceContainers ) > 0 {
logger . Infof ( "Cleaning up services for job %s" , rc . JobName )
if err := rc . stopServiceContainers ( ) ( ctx ) ; err != nil {
logger . Errorf ( "Error while cleaning services: %v" , err )
}
if createAndDeleteNetwork {
// clean network if it has been created by act
// if using service containers
// it means that the network to which containers are connecting is created by `act_runner`,
// so, we should remove the network at last.
logger . Infof ( "Cleaning up network for job %s, and network name is: %s" , rc . JobName , networkName )
if err := container . NewDockerNetworkRemoveExecutor ( networkName ) ( ctx ) ; err != nil {
logger . Errorf ( "Error while cleaning network: %v" , err )
}
}
}
return nil
} ) ( ctx )
2022-11-16 21:29:45 +00:00
}
return nil
}
2020-02-23 23:01:25 +00:00
rc . JobContainer = container . NewContainer ( & container . NewContainerInput {
Fix container network issue (#56)
Follow: https://gitea.com/gitea/act_runner/pulls/184
Close https://gitea.com/gitea/act_runner/issues/177
#### changes:
- `act` create new networks only if the value of `NeedCreateNetwork` is true, and remove these networks at last. `NeedCreateNetwork` is passed by `act_runner`. 'NeedCreateNetwork' is true only if `container.network` in the configuration file of the `act_runner` is empty.
- In the `docker create` phase, specify the network to which containers will connect. Because, if not specify , container will connect to `bridge` network which is created automatically by Docker.
- If the network is user defined network ( the value of `container.network` is empty or `<custom-network>`. Because, the network created by `act` is also user defined network.), will also specify alias by `--network-alias`. The alias of service is `<service-id>`. So we can be access service container by `<service-id>:<port>` in the steps of job.
- Won't try to `docker network connect ` network after `docker start` any more.
- Because on the one hand, `docker network connect` applies only to user defined networks, if try to `docker network connect host <container-name>` will return error.
- On the other hand, we just specify network in the stage of `docker create`, the same effect can be achieved.
- Won't try to remove containers and networks berfore the stage of `docker start`, because the name of these containers and netwoks won't be repeat.
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/56
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>
2023-05-16 06:03:55 +00:00
Cmd : nil ,
Add support for service containers (#1949)
* Support services (#42)
Removed createSimpleContainerName and AutoRemove flag
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/42
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services options (#45)
Reviewed-on: https://gitea.com/gitea/act/pulls/45
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support intepolation for `env` of `services` (#47)
Reviewed-on: https://gitea.com/gitea/act/pulls/47
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services `credentials` (#51)
If a service's image is from a container registry requires authentication, `act_runner` will need `credentials` to pull the image, see [documentation](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idcredentials).
Currently, `act_runner` incorrectly uses the `credentials` of `containers` to pull services' images and the `credentials` of services won't be used, see the related code: https://gitea.com/gitea/act/src/commit/0c1f2edb996a87ee17dcf3cfa7259c04be02abd7/pkg/runner/run_context.go#L228-L269
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/51
Reviewed-by: Jason Song <i@wolfogre.com>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Add ContainerMaxLifetime and ContainerNetworkMode options
from: https://gitea.com/gitea/act/commit/b9c20dcaa43899cb3bb327619d447248303170e0
* Fix container network issue (#56)
Follow: https://gitea.com/gitea/act_runner/pulls/184
Close https://gitea.com/gitea/act_runner/issues/177
- `act` create new networks only if the value of `NeedCreateNetwork` is true, and remove these networks at last. `NeedCreateNetwork` is passed by `act_runner`. 'NeedCreateNetwork' is true only if `container.network` in the configuration file of the `act_runner` is empty.
- In the `docker create` phase, specify the network to which containers will connect. Because, if not specify , container will connect to `bridge` network which is created automatically by Docker.
- If the network is user defined network ( the value of `container.network` is empty or `<custom-network>`. Because, the network created by `act` is also user defined network.), will also specify alias by `--network-alias`. The alias of service is `<service-id>`. So we can be access service container by `<service-id>:<port>` in the steps of job.
- Won't try to `docker network connect ` network after `docker start` any more.
- Because on the one hand, `docker network connect` applies only to user defined networks, if try to `docker network connect host <container-name>` will return error.
- On the other hand, we just specify network in the stage of `docker create`, the same effect can be achieved.
- Won't try to remove containers and networks berfore the stage of `docker start`, because the name of these containers and netwoks won't be repeat.
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/56
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>
* Check volumes (#60)
This PR adds a `ValidVolumes` config. Users can specify the volumes (including bind mounts) that can be mounted to containers by this config.
Options related to volumes:
- [jobs.<job_id>.container.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idcontainervolumes)
- [jobs.<job_id>.services.<service_id>.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idvolumes)
In addition, volumes specified by `options` will also be checked.
Currently, the following default volumes (see https://gitea.com/gitea/act/src/commit/a72822b3f83d3e68ffc697101b713b7badf57e2f/pkg/runner/run_context.go#L116-L166) will be added to `ValidVolumes`:
- `act-toolcache`
- `<container-name>` and `<container-name>-env`
- `/var/run/docker.sock` (We need to add a new configuration to control whether the docker daemon can be mounted)
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/60
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Remove ContainerMaxLifetime; fix lint
* Remove unused ValidVolumes
* Remove ConnectToNetwork
* Add docker stubs
* Close docker clients to prevent file descriptor leaks
* Fix the error when removing network in self-hosted mode (#69)
Fixes https://gitea.com/gitea/act_runner/issues/255
Reviewed-on: https://gitea.com/gitea/act/pulls/69
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Move service container and network cleanup to rc.cleanUpJobContainer
* Add --network flag; default to host if not using service containers or set explicitly
* Correctly close executor to prevent fd leak
* Revert to tail instead of full path
* fix network duplication
* backport networkingConfig for aliaes
* don't hardcode netMode host
* Convert services test to table driven tests
* Add failing tests for services
* Expose service container ports onto the host
* Set container network mode in artifacts server test to host mode
* Log container network mode when creating/starting a container
* fix: Correctly handle ContainerNetworkMode
* fix: missing service container network
* Always remove service containers
Although we usually keep containers running if the workflow errored
(unless `--rm` is given) in order to facilitate debugging and we have
a flag (`--reuse`) to always keep containers running in order to speed
up repeated `act` invocations, I believe that these should only apply
to job containers and not service containers, because changing the
network settings on a service container requires re-creating it anyway.
* Remove networks only if no active endpoints exist
* Ensure job containers are stopped before starting a new job
* fix: go build -tags WITHOUT_DOCKER
---------
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: ZauberNerd <zaubernerd@zaubernerd.de>
2023-10-19 09:24:52 +00:00
Entrypoint : [ ] string { "tail" , "-f" , "/dev/null" } ,
Fix container network issue (#56)
Follow: https://gitea.com/gitea/act_runner/pulls/184
Close https://gitea.com/gitea/act_runner/issues/177
#### changes:
- `act` create new networks only if the value of `NeedCreateNetwork` is true, and remove these networks at last. `NeedCreateNetwork` is passed by `act_runner`. 'NeedCreateNetwork' is true only if `container.network` in the configuration file of the `act_runner` is empty.
- In the `docker create` phase, specify the network to which containers will connect. Because, if not specify , container will connect to `bridge` network which is created automatically by Docker.
- If the network is user defined network ( the value of `container.network` is empty or `<custom-network>`. Because, the network created by `act` is also user defined network.), will also specify alias by `--network-alias`. The alias of service is `<service-id>`. So we can be access service container by `<service-id>:<port>` in the steps of job.
- Won't try to `docker network connect ` network after `docker start` any more.
- Because on the one hand, `docker network connect` applies only to user defined networks, if try to `docker network connect host <container-name>` will return error.
- On the other hand, we just specify network in the stage of `docker create`, the same effect can be achieved.
- Won't try to remove containers and networks berfore the stage of `docker start`, because the name of these containers and netwoks won't be repeat.
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/56
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>
2023-05-16 06:03:55 +00:00
WorkingDir : ext . ToContainerPath ( rc . Config . Workdir ) ,
Image : image ,
Username : username ,
Password : password ,
Name : name ,
Env : envList ,
Mounts : mounts ,
2024-03-24 10:56:42 +00:00
NetworkMode : networkName ,
Fix container network issue (#56)
Follow: https://gitea.com/gitea/act_runner/pulls/184
Close https://gitea.com/gitea/act_runner/issues/177
#### changes:
- `act` create new networks only if the value of `NeedCreateNetwork` is true, and remove these networks at last. `NeedCreateNetwork` is passed by `act_runner`. 'NeedCreateNetwork' is true only if `container.network` in the configuration file of the `act_runner` is empty.
- In the `docker create` phase, specify the network to which containers will connect. Because, if not specify , container will connect to `bridge` network which is created automatically by Docker.
- If the network is user defined network ( the value of `container.network` is empty or `<custom-network>`. Because, the network created by `act` is also user defined network.), will also specify alias by `--network-alias`. The alias of service is `<service-id>`. So we can be access service container by `<service-id>:<port>` in the steps of job.
- Won't try to `docker network connect ` network after `docker start` any more.
- Because on the one hand, `docker network connect` applies only to user defined networks, if try to `docker network connect host <container-name>` will return error.
- On the other hand, we just specify network in the stage of `docker create`, the same effect can be achieved.
- Won't try to remove containers and networks berfore the stage of `docker start`, because the name of these containers and netwoks won't be repeat.
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/56
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>
2023-05-16 06:03:55 +00:00
NetworkAliases : [ ] string { rc . Name } ,
Binds : binds ,
Stdout : logWriter ,
Stderr : logWriter ,
Privileged : rc . Config . Privileged ,
UsernsMode : rc . Config . UsernsMode ,
Platform : rc . Config . ContainerArchitecture ,
Options : rc . options ( ctx ) ,
AutoRemove : rc . Config . AutoRemove ,
2023-06-05 09:21:59 +00:00
ValidVolumes : rc . Config . ValidVolumes ,
2020-02-23 23:01:25 +00:00
} )
2022-11-16 21:29:45 +00:00
if rc . JobContainer == nil {
return errors . New ( "Failed to create job container" )
}
2020-02-23 23:01:25 +00:00
2023-11-14 22:02:37 +00:00
networkConfig := docker . NetworkCreate {
Driver : "bridge" ,
Scope : "local" ,
EnableIPv6 : rc . Config . ContainerNetworkEnableIPv6 ,
}
2020-02-23 23:01:25 +00:00
return common . NewPipelineExecutor (
2023-04-19 03:23:28 +00:00
rc . pullServicesImages ( rc . Config . ForcePull ) ,
2020-02-23 23:01:25 +00:00
rc . JobContainer . Pull ( rc . Config . ForcePull ) ,
2020-06-18 15:21:55 +00:00
rc . stopJobContainer ( ) ,
2023-11-14 22:02:37 +00:00
container . NewDockerNetworkCreateExecutor ( networkName , & networkConfig ) . IfBool ( ! rc . IsHostEnv ( ctx ) && rc . Config . ContainerNetworkMode == "" ) , // if the value of `ContainerNetworkMode` is empty string, then will create a new network for containers.
2023-04-19 03:23:28 +00:00
rc . startServiceContainers ( networkName ) ,
2021-06-04 16:06:59 +00:00
rc . JobContainer . Create ( rc . Config . ContainerCapAdd , rc . Config . ContainerCapDrop ) ,
2020-02-23 23:01:25 +00:00
rc . JobContainer . Start ( false ) ,
2022-11-16 21:29:45 +00:00
rc . JobContainer . Copy ( rc . JobContainer . GetActPath ( ) + "/" , & container . FileEntry {
2020-02-23 23:01:25 +00:00
Name : "workflow/event.json" ,
2023-02-16 15:34:51 +00:00
Mode : 0 o644 ,
2020-02-23 23:01:25 +00:00
Body : rc . EventJSON ,
2021-01-12 06:39:43 +00:00
} , & container . FileEntry {
Name : "workflow/envs.txt" ,
2023-02-16 15:34:51 +00:00
Mode : 0 o666 ,
2021-05-06 13:30:12 +00:00
Body : "" ,
2020-02-23 23:01:25 +00:00
} ) ,
) ( ctx )
}
}
2021-08-10 19:40:20 +00:00
func ( rc * RunContext ) execJobContainer ( cmd [ ] string , env map [ string ] string , user , workdir string ) common . Executor {
2020-02-23 23:01:25 +00:00
return func ( ctx context . Context ) error {
2021-08-10 19:40:20 +00:00
return rc . JobContainer . Exec ( cmd , env , user , workdir ) ( ctx )
2020-02-23 23:01:25 +00:00
}
}
2020-06-18 15:21:55 +00:00
2023-02-04 13:35:13 +00:00
func ( rc * RunContext ) ApplyExtraPath ( ctx context . Context , env * map [ string ] string ) {
2022-12-09 11:16:15 +00:00
if rc . ExtraPath != nil && len ( rc . ExtraPath ) > 0 {
path := rc . JobContainer . GetPathVariableName ( )
2023-04-18 18:09:57 +00:00
if rc . JobContainer . IsEnvironmentCaseInsensitive ( ) {
// On windows system Path and PATH could also be in the map
for k := range * env {
if strings . EqualFold ( path , k ) {
path = k
break
}
}
}
2022-12-09 11:16:15 +00:00
if ( * env ) [ path ] == "" {
2023-02-04 13:35:13 +00:00
cenv := map [ string ] string { }
var cpath string
if err := rc . JobContainer . UpdateFromImageEnv ( & cenv ) ( ctx ) ; err == nil {
if p , ok := cenv [ path ] ; ok {
cpath = p
}
}
if len ( cpath ) == 0 {
cpath = rc . JobContainer . DefaultPathVariable ( )
}
( * env ) [ path ] = cpath
2022-12-09 11:16:15 +00:00
}
( * env ) [ path ] = rc . JobContainer . JoinPathVariable ( append ( rc . ExtraPath , ( * env ) [ path ] ) ... )
}
}
func ( rc * RunContext ) UpdateExtraPath ( ctx context . Context , githubEnvPath string ) error {
if common . Dryrun ( ctx ) {
return nil
}
pathTar , err := rc . JobContainer . GetContainerArchive ( ctx , githubEnvPath )
if err != nil {
return err
}
defer pathTar . Close ( )
reader := tar . NewReader ( pathTar )
_ , err = reader . Next ( )
if err != nil && err != io . EOF {
return err
}
s := bufio . NewScanner ( reader )
for s . Scan ( ) {
line := s . Text ( )
if len ( line ) > 0 {
rc . addPath ( ctx , line )
}
}
return nil
}
Add support for service containers (#1949)
* Support services (#42)
Removed createSimpleContainerName and AutoRemove flag
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/42
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services options (#45)
Reviewed-on: https://gitea.com/gitea/act/pulls/45
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support intepolation for `env` of `services` (#47)
Reviewed-on: https://gitea.com/gitea/act/pulls/47
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services `credentials` (#51)
If a service's image is from a container registry requires authentication, `act_runner` will need `credentials` to pull the image, see [documentation](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idcredentials).
Currently, `act_runner` incorrectly uses the `credentials` of `containers` to pull services' images and the `credentials` of services won't be used, see the related code: https://gitea.com/gitea/act/src/commit/0c1f2edb996a87ee17dcf3cfa7259c04be02abd7/pkg/runner/run_context.go#L228-L269
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/51
Reviewed-by: Jason Song <i@wolfogre.com>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Add ContainerMaxLifetime and ContainerNetworkMode options
from: https://gitea.com/gitea/act/commit/b9c20dcaa43899cb3bb327619d447248303170e0
* Fix container network issue (#56)
Follow: https://gitea.com/gitea/act_runner/pulls/184
Close https://gitea.com/gitea/act_runner/issues/177
- `act` create new networks only if the value of `NeedCreateNetwork` is true, and remove these networks at last. `NeedCreateNetwork` is passed by `act_runner`. 'NeedCreateNetwork' is true only if `container.network` in the configuration file of the `act_runner` is empty.
- In the `docker create` phase, specify the network to which containers will connect. Because, if not specify , container will connect to `bridge` network which is created automatically by Docker.
- If the network is user defined network ( the value of `container.network` is empty or `<custom-network>`. Because, the network created by `act` is also user defined network.), will also specify alias by `--network-alias`. The alias of service is `<service-id>`. So we can be access service container by `<service-id>:<port>` in the steps of job.
- Won't try to `docker network connect ` network after `docker start` any more.
- Because on the one hand, `docker network connect` applies only to user defined networks, if try to `docker network connect host <container-name>` will return error.
- On the other hand, we just specify network in the stage of `docker create`, the same effect can be achieved.
- Won't try to remove containers and networks berfore the stage of `docker start`, because the name of these containers and netwoks won't be repeat.
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/56
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>
* Check volumes (#60)
This PR adds a `ValidVolumes` config. Users can specify the volumes (including bind mounts) that can be mounted to containers by this config.
Options related to volumes:
- [jobs.<job_id>.container.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idcontainervolumes)
- [jobs.<job_id>.services.<service_id>.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idvolumes)
In addition, volumes specified by `options` will also be checked.
Currently, the following default volumes (see https://gitea.com/gitea/act/src/commit/a72822b3f83d3e68ffc697101b713b7badf57e2f/pkg/runner/run_context.go#L116-L166) will be added to `ValidVolumes`:
- `act-toolcache`
- `<container-name>` and `<container-name>-env`
- `/var/run/docker.sock` (We need to add a new configuration to control whether the docker daemon can be mounted)
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/60
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Remove ContainerMaxLifetime; fix lint
* Remove unused ValidVolumes
* Remove ConnectToNetwork
* Add docker stubs
* Close docker clients to prevent file descriptor leaks
* Fix the error when removing network in self-hosted mode (#69)
Fixes https://gitea.com/gitea/act_runner/issues/255
Reviewed-on: https://gitea.com/gitea/act/pulls/69
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Move service container and network cleanup to rc.cleanUpJobContainer
* Add --network flag; default to host if not using service containers or set explicitly
* Correctly close executor to prevent fd leak
* Revert to tail instead of full path
* fix network duplication
* backport networkingConfig for aliaes
* don't hardcode netMode host
* Convert services test to table driven tests
* Add failing tests for services
* Expose service container ports onto the host
* Set container network mode in artifacts server test to host mode
* Log container network mode when creating/starting a container
* fix: Correctly handle ContainerNetworkMode
* fix: missing service container network
* Always remove service containers
Although we usually keep containers running if the workflow errored
(unless `--rm` is given) in order to facilitate debugging and we have
a flag (`--reuse`) to always keep containers running in order to speed
up repeated `act` invocations, I believe that these should only apply
to job containers and not service containers, because changing the
network settings on a service container requires re-creating it anyway.
* Remove networks only if no active endpoints exist
* Ensure job containers are stopped before starting a new job
* fix: go build -tags WITHOUT_DOCKER
---------
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: ZauberNerd <zaubernerd@zaubernerd.de>
2023-10-19 09:24:52 +00:00
// stopJobContainer removes the job container (if it exists) and its volume (if it exists)
2020-02-23 23:01:25 +00:00
func ( rc * RunContext ) stopJobContainer ( ) common . Executor {
return func ( ctx context . Context ) error {
Add support for service containers (#1949)
* Support services (#42)
Removed createSimpleContainerName and AutoRemove flag
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/42
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services options (#45)
Reviewed-on: https://gitea.com/gitea/act/pulls/45
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support intepolation for `env` of `services` (#47)
Reviewed-on: https://gitea.com/gitea/act/pulls/47
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services `credentials` (#51)
If a service's image is from a container registry requires authentication, `act_runner` will need `credentials` to pull the image, see [documentation](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idcredentials).
Currently, `act_runner` incorrectly uses the `credentials` of `containers` to pull services' images and the `credentials` of services won't be used, see the related code: https://gitea.com/gitea/act/src/commit/0c1f2edb996a87ee17dcf3cfa7259c04be02abd7/pkg/runner/run_context.go#L228-L269
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/51
Reviewed-by: Jason Song <i@wolfogre.com>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Add ContainerMaxLifetime and ContainerNetworkMode options
from: https://gitea.com/gitea/act/commit/b9c20dcaa43899cb3bb327619d447248303170e0
* Fix container network issue (#56)
Follow: https://gitea.com/gitea/act_runner/pulls/184
Close https://gitea.com/gitea/act_runner/issues/177
- `act` create new networks only if the value of `NeedCreateNetwork` is true, and remove these networks at last. `NeedCreateNetwork` is passed by `act_runner`. 'NeedCreateNetwork' is true only if `container.network` in the configuration file of the `act_runner` is empty.
- In the `docker create` phase, specify the network to which containers will connect. Because, if not specify , container will connect to `bridge` network which is created automatically by Docker.
- If the network is user defined network ( the value of `container.network` is empty or `<custom-network>`. Because, the network created by `act` is also user defined network.), will also specify alias by `--network-alias`. The alias of service is `<service-id>`. So we can be access service container by `<service-id>:<port>` in the steps of job.
- Won't try to `docker network connect ` network after `docker start` any more.
- Because on the one hand, `docker network connect` applies only to user defined networks, if try to `docker network connect host <container-name>` will return error.
- On the other hand, we just specify network in the stage of `docker create`, the same effect can be achieved.
- Won't try to remove containers and networks berfore the stage of `docker start`, because the name of these containers and netwoks won't be repeat.
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/56
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>
* Check volumes (#60)
This PR adds a `ValidVolumes` config. Users can specify the volumes (including bind mounts) that can be mounted to containers by this config.
Options related to volumes:
- [jobs.<job_id>.container.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idcontainervolumes)
- [jobs.<job_id>.services.<service_id>.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idvolumes)
In addition, volumes specified by `options` will also be checked.
Currently, the following default volumes (see https://gitea.com/gitea/act/src/commit/a72822b3f83d3e68ffc697101b713b7badf57e2f/pkg/runner/run_context.go#L116-L166) will be added to `ValidVolumes`:
- `act-toolcache`
- `<container-name>` and `<container-name>-env`
- `/var/run/docker.sock` (We need to add a new configuration to control whether the docker daemon can be mounted)
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/60
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Remove ContainerMaxLifetime; fix lint
* Remove unused ValidVolumes
* Remove ConnectToNetwork
* Add docker stubs
* Close docker clients to prevent file descriptor leaks
* Fix the error when removing network in self-hosted mode (#69)
Fixes https://gitea.com/gitea/act_runner/issues/255
Reviewed-on: https://gitea.com/gitea/act/pulls/69
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Move service container and network cleanup to rc.cleanUpJobContainer
* Add --network flag; default to host if not using service containers or set explicitly
* Correctly close executor to prevent fd leak
* Revert to tail instead of full path
* fix network duplication
* backport networkingConfig for aliaes
* don't hardcode netMode host
* Convert services test to table driven tests
* Add failing tests for services
* Expose service container ports onto the host
* Set container network mode in artifacts server test to host mode
* Log container network mode when creating/starting a container
* fix: Correctly handle ContainerNetworkMode
* fix: missing service container network
* Always remove service containers
Although we usually keep containers running if the workflow errored
(unless `--rm` is given) in order to facilitate debugging and we have
a flag (`--reuse`) to always keep containers running in order to speed
up repeated `act` invocations, I believe that these should only apply
to job containers and not service containers, because changing the
network settings on a service container requires re-creating it anyway.
* Remove networks only if no active endpoints exist
* Ensure job containers are stopped before starting a new job
* fix: go build -tags WITHOUT_DOCKER
---------
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: ZauberNerd <zaubernerd@zaubernerd.de>
2023-10-19 09:24:52 +00:00
if rc . cleanUpJobContainer != nil {
2022-11-16 21:29:45 +00:00
return rc . cleanUpJobContainer ( ctx )
2020-02-23 23:01:25 +00:00
}
return nil
}
}
2023-04-19 03:23:28 +00:00
func ( rc * RunContext ) pullServicesImages ( forcePull bool ) common . Executor {
return func ( ctx context . Context ) error {
execs := [ ] common . Executor { }
for _ , c := range rc . ServiceContainers {
execs = append ( execs , c . Pull ( forcePull ) )
}
return common . NewParallelExecutor ( len ( execs ) , execs ... ) ( ctx )
}
}
Add support for service containers (#1949)
* Support services (#42)
Removed createSimpleContainerName and AutoRemove flag
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/42
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services options (#45)
Reviewed-on: https://gitea.com/gitea/act/pulls/45
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support intepolation for `env` of `services` (#47)
Reviewed-on: https://gitea.com/gitea/act/pulls/47
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services `credentials` (#51)
If a service's image is from a container registry requires authentication, `act_runner` will need `credentials` to pull the image, see [documentation](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idcredentials).
Currently, `act_runner` incorrectly uses the `credentials` of `containers` to pull services' images and the `credentials` of services won't be used, see the related code: https://gitea.com/gitea/act/src/commit/0c1f2edb996a87ee17dcf3cfa7259c04be02abd7/pkg/runner/run_context.go#L228-L269
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/51
Reviewed-by: Jason Song <i@wolfogre.com>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Add ContainerMaxLifetime and ContainerNetworkMode options
from: https://gitea.com/gitea/act/commit/b9c20dcaa43899cb3bb327619d447248303170e0
* Fix container network issue (#56)
Follow: https://gitea.com/gitea/act_runner/pulls/184
Close https://gitea.com/gitea/act_runner/issues/177
- `act` create new networks only if the value of `NeedCreateNetwork` is true, and remove these networks at last. `NeedCreateNetwork` is passed by `act_runner`. 'NeedCreateNetwork' is true only if `container.network` in the configuration file of the `act_runner` is empty.
- In the `docker create` phase, specify the network to which containers will connect. Because, if not specify , container will connect to `bridge` network which is created automatically by Docker.
- If the network is user defined network ( the value of `container.network` is empty or `<custom-network>`. Because, the network created by `act` is also user defined network.), will also specify alias by `--network-alias`. The alias of service is `<service-id>`. So we can be access service container by `<service-id>:<port>` in the steps of job.
- Won't try to `docker network connect ` network after `docker start` any more.
- Because on the one hand, `docker network connect` applies only to user defined networks, if try to `docker network connect host <container-name>` will return error.
- On the other hand, we just specify network in the stage of `docker create`, the same effect can be achieved.
- Won't try to remove containers and networks berfore the stage of `docker start`, because the name of these containers and netwoks won't be repeat.
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/56
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>
* Check volumes (#60)
This PR adds a `ValidVolumes` config. Users can specify the volumes (including bind mounts) that can be mounted to containers by this config.
Options related to volumes:
- [jobs.<job_id>.container.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idcontainervolumes)
- [jobs.<job_id>.services.<service_id>.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idvolumes)
In addition, volumes specified by `options` will also be checked.
Currently, the following default volumes (see https://gitea.com/gitea/act/src/commit/a72822b3f83d3e68ffc697101b713b7badf57e2f/pkg/runner/run_context.go#L116-L166) will be added to `ValidVolumes`:
- `act-toolcache`
- `<container-name>` and `<container-name>-env`
- `/var/run/docker.sock` (We need to add a new configuration to control whether the docker daemon can be mounted)
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/60
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Remove ContainerMaxLifetime; fix lint
* Remove unused ValidVolumes
* Remove ConnectToNetwork
* Add docker stubs
* Close docker clients to prevent file descriptor leaks
* Fix the error when removing network in self-hosted mode (#69)
Fixes https://gitea.com/gitea/act_runner/issues/255
Reviewed-on: https://gitea.com/gitea/act/pulls/69
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Move service container and network cleanup to rc.cleanUpJobContainer
* Add --network flag; default to host if not using service containers or set explicitly
* Correctly close executor to prevent fd leak
* Revert to tail instead of full path
* fix network duplication
* backport networkingConfig for aliaes
* don't hardcode netMode host
* Convert services test to table driven tests
* Add failing tests for services
* Expose service container ports onto the host
* Set container network mode in artifacts server test to host mode
* Log container network mode when creating/starting a container
* fix: Correctly handle ContainerNetworkMode
* fix: missing service container network
* Always remove service containers
Although we usually keep containers running if the workflow errored
(unless `--rm` is given) in order to facilitate debugging and we have
a flag (`--reuse`) to always keep containers running in order to speed
up repeated `act` invocations, I believe that these should only apply
to job containers and not service containers, because changing the
network settings on a service container requires re-creating it anyway.
* Remove networks only if no active endpoints exist
* Ensure job containers are stopped before starting a new job
* fix: go build -tags WITHOUT_DOCKER
---------
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: ZauberNerd <zaubernerd@zaubernerd.de>
2023-10-19 09:24:52 +00:00
func ( rc * RunContext ) startServiceContainers ( _ string ) common . Executor {
2023-04-19 03:23:28 +00:00
return func ( ctx context . Context ) error {
execs := [ ] common . Executor { }
for _ , c := range rc . ServiceContainers {
execs = append ( execs , common . NewPipelineExecutor (
c . Pull ( false ) ,
c . Create ( rc . Config . ContainerCapAdd , rc . Config . ContainerCapDrop ) ,
c . Start ( false ) ,
) )
}
return common . NewParallelExecutor ( len ( execs ) , execs ... ) ( ctx )
}
}
func ( rc * RunContext ) stopServiceContainers ( ) common . Executor {
return func ( ctx context . Context ) error {
execs := [ ] common . Executor { }
for _ , c := range rc . ServiceContainers {
Add support for service containers (#1949)
* Support services (#42)
Removed createSimpleContainerName and AutoRemove flag
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/42
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services options (#45)
Reviewed-on: https://gitea.com/gitea/act/pulls/45
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support intepolation for `env` of `services` (#47)
Reviewed-on: https://gitea.com/gitea/act/pulls/47
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Support services `credentials` (#51)
If a service's image is from a container registry requires authentication, `act_runner` will need `credentials` to pull the image, see [documentation](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idcredentials).
Currently, `act_runner` incorrectly uses the `credentials` of `containers` to pull services' images and the `credentials` of services won't be used, see the related code: https://gitea.com/gitea/act/src/commit/0c1f2edb996a87ee17dcf3cfa7259c04be02abd7/pkg/runner/run_context.go#L228-L269
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/51
Reviewed-by: Jason Song <i@wolfogre.com>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Add ContainerMaxLifetime and ContainerNetworkMode options
from: https://gitea.com/gitea/act/commit/b9c20dcaa43899cb3bb327619d447248303170e0
* Fix container network issue (#56)
Follow: https://gitea.com/gitea/act_runner/pulls/184
Close https://gitea.com/gitea/act_runner/issues/177
- `act` create new networks only if the value of `NeedCreateNetwork` is true, and remove these networks at last. `NeedCreateNetwork` is passed by `act_runner`. 'NeedCreateNetwork' is true only if `container.network` in the configuration file of the `act_runner` is empty.
- In the `docker create` phase, specify the network to which containers will connect. Because, if not specify , container will connect to `bridge` network which is created automatically by Docker.
- If the network is user defined network ( the value of `container.network` is empty or `<custom-network>`. Because, the network created by `act` is also user defined network.), will also specify alias by `--network-alias`. The alias of service is `<service-id>`. So we can be access service container by `<service-id>:<port>` in the steps of job.
- Won't try to `docker network connect ` network after `docker start` any more.
- Because on the one hand, `docker network connect` applies only to user defined networks, if try to `docker network connect host <container-name>` will return error.
- On the other hand, we just specify network in the stage of `docker create`, the same effect can be achieved.
- Won't try to remove containers and networks berfore the stage of `docker start`, because the name of these containers and netwoks won't be repeat.
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/56
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-committed-by: sillyguodong <gedong_1994@163.com>
* Check volumes (#60)
This PR adds a `ValidVolumes` config. Users can specify the volumes (including bind mounts) that can be mounted to containers by this config.
Options related to volumes:
- [jobs.<job_id>.container.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idcontainervolumes)
- [jobs.<job_id>.services.<service_id>.volumes](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idservicesservice_idvolumes)
In addition, volumes specified by `options` will also be checked.
Currently, the following default volumes (see https://gitea.com/gitea/act/src/commit/a72822b3f83d3e68ffc697101b713b7badf57e2f/pkg/runner/run_context.go#L116-L166) will be added to `ValidVolumes`:
- `act-toolcache`
- `<container-name>` and `<container-name>-env`
- `/var/run/docker.sock` (We need to add a new configuration to control whether the docker daemon can be mounted)
Co-authored-by: Jason Song <i@wolfogre.com>
Reviewed-on: https://gitea.com/gitea/act/pulls/60
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Remove ContainerMaxLifetime; fix lint
* Remove unused ValidVolumes
* Remove ConnectToNetwork
* Add docker stubs
* Close docker clients to prevent file descriptor leaks
* Fix the error when removing network in self-hosted mode (#69)
Fixes https://gitea.com/gitea/act_runner/issues/255
Reviewed-on: https://gitea.com/gitea/act/pulls/69
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-committed-by: Zettat123 <zettat123@gmail.com>
* Move service container and network cleanup to rc.cleanUpJobContainer
* Add --network flag; default to host if not using service containers or set explicitly
* Correctly close executor to prevent fd leak
* Revert to tail instead of full path
* fix network duplication
* backport networkingConfig for aliaes
* don't hardcode netMode host
* Convert services test to table driven tests
* Add failing tests for services
* Expose service container ports onto the host
* Set container network mode in artifacts server test to host mode
* Log container network mode when creating/starting a container
* fix: Correctly handle ContainerNetworkMode
* fix: missing service container network
* Always remove service containers
Although we usually keep containers running if the workflow errored
(unless `--rm` is given) in order to facilitate debugging and we have
a flag (`--reuse`) to always keep containers running in order to speed
up repeated `act` invocations, I believe that these should only apply
to job containers and not service containers, because changing the
network settings on a service container requires re-creating it anyway.
* Remove networks only if no active endpoints exist
* Ensure job containers are stopped before starting a new job
* fix: go build -tags WITHOUT_DOCKER
---------
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: sillyguodong <gedong_1994@163.com>
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: ZauberNerd <zaubernerd@zaubernerd.de>
2023-10-19 09:24:52 +00:00
execs = append ( execs , c . Remove ( ) . Finally ( c . Close ( ) ) )
2023-04-19 03:23:28 +00:00
}
return common . NewParallelExecutor ( len ( execs ) , execs ... ) ( ctx )
}
}
2021-05-04 21:50:35 +00:00
// Prepare the mounts and binds for the worker
2020-02-24 18:56:49 +00:00
// ActionCacheDir is for rc
func ( rc * RunContext ) ActionCacheDir ( ) string {
2023-06-16 03:41:39 +00:00
if rc . Config . ActionCacheDir != "" {
return rc . Config . ActionCacheDir
}
2020-02-24 06:34:48 +00:00
var xdgCache string
var ok bool
2021-04-05 15:51:13 +00:00
if xdgCache , ok = os . LookupEnv ( "XDG_CACHE_HOME" ) ; ! ok || xdgCache == "" {
2023-03-31 13:08:46 +00:00
if home , err := os . UserHomeDir ( ) ; err == nil {
2021-04-05 15:51:13 +00:00
xdgCache = filepath . Join ( home , ".cache" )
} else if xdgCache , err = filepath . Abs ( "." ) ; err != nil {
2023-04-18 14:17:36 +00:00
// It's almost impossible to get here, so the temp dir is a good fallback
xdgCache = os . TempDir ( )
2020-02-24 06:34:48 +00:00
}
}
return filepath . Join ( xdgCache , "act" )
}
2021-11-24 15:49:08 +00:00
// Interpolate outputs after a job is done
func ( rc * RunContext ) interpolateOutputs ( ) common . Executor {
return func ( ctx context . Context ) error {
2022-06-17 15:55:21 +00:00
ee := rc . NewExpressionEvaluator ( ctx )
2021-11-24 15:49:08 +00:00
for k , v := range rc . Run . Job ( ) . Outputs {
2022-06-17 15:55:21 +00:00
interpolated := ee . Interpolate ( ctx , v )
2021-11-24 15:49:08 +00:00
if v != interpolated {
rc . Run . Job ( ) . Outputs [ k ] = interpolated
}
}
return nil
}
}
2022-02-08 17:22:41 +00:00
func ( rc * RunContext ) startContainer ( ) common . Executor {
2022-11-16 21:29:45 +00:00
return func ( ctx context . Context ) error {
2023-03-14 14:07:31 +00:00
if rc . IsHostEnv ( ctx ) {
2022-11-16 21:29:45 +00:00
return rc . startHostEnvironment ( ) ( ctx )
}
return rc . startJobContainer ( ) ( ctx )
}
2022-02-08 17:22:41 +00:00
}
2020-02-27 07:29:43 +00:00
2023-11-09 02:36:09 +00:00
func ( rc * RunContext ) IsBareHostEnv ( ctx context . Context ) bool {
2023-05-03 17:49:17 +00:00
platform := rc . runsOnImage ( ctx )
image := rc . containerImage ( ctx )
return image == "" && strings . EqualFold ( platform , "-self-hosted" )
2023-03-14 14:07:31 +00:00
}
2023-11-10 20:45:14 +00:00
const lxcPrefix = "lxc:"
2023-11-09 02:36:09 +00:00
func ( rc * RunContext ) IsLXCHostEnv ( ctx context . Context ) bool {
platform := rc . runsOnImage ( ctx )
2023-11-10 20:45:14 +00:00
return strings . HasPrefix ( platform , lxcPrefix )
}
func ( rc * RunContext ) GetLXCInfo ( ctx context . Context ) ( isLXC bool , template , release , config string ) {
platform := rc . runsOnImage ( ctx )
if ! strings . HasPrefix ( platform , lxcPrefix ) {
return
}
isLXC = true
s := strings . SplitN ( strings . TrimPrefix ( platform , lxcPrefix ) , ":" , 3 )
template = s [ 0 ]
if len ( s ) > 1 {
release = s [ 1 ]
}
if len ( s ) > 2 {
config = s [ 2 ]
}
return
2023-11-09 02:36:09 +00:00
}
func ( rc * RunContext ) IsHostEnv ( ctx context . Context ) bool {
return rc . IsBareHostEnv ( ctx ) || rc . IsLXCHostEnv ( ctx )
}
2022-02-08 17:22:41 +00:00
func ( rc * RunContext ) stopContainer ( ) common . Executor {
2023-03-12 13:26:24 +00:00
return func ( ctx context . Context ) error {
2023-11-09 02:36:09 +00:00
if rc . IsLXCHostEnv ( ctx ) {
return rc . stopHostEnvironment ( ctx )
2023-03-12 13:26:24 +00:00
}
return rc . stopJobContainer ( ) ( ctx )
}
2022-02-08 17:22:41 +00:00
}
2020-02-07 06:17:58 +00:00
2022-02-08 17:22:41 +00:00
func ( rc * RunContext ) closeContainer ( ) common . Executor {
return func ( ctx context . Context ) error {
if rc . JobContainer != nil {
2023-11-09 02:36:09 +00:00
if rc . IsLXCHostEnv ( ctx ) {
return rc . stopHostEnvironment ( ctx )
2023-03-12 13:26:24 +00:00
}
2022-02-08 17:22:41 +00:00
return rc . JobContainer . Close ( ) ( ctx )
2020-02-10 23:27:05 +00:00
}
2022-02-08 17:22:41 +00:00
return nil
2020-02-23 23:01:25 +00:00
}
2022-02-08 17:22:41 +00:00
}
2021-12-08 20:57:42 +00:00
2022-02-08 17:22:41 +00:00
func ( rc * RunContext ) matrix ( ) map [ string ] interface { } {
return rc . Matrix
}
2021-12-08 20:57:42 +00:00
2022-02-08 17:22:41 +00:00
func ( rc * RunContext ) result ( result string ) {
rc . Run . Job ( ) . Result = result
}
2020-02-17 18:11:16 +00:00
2022-02-08 17:22:41 +00:00
func ( rc * RunContext ) steps ( ) [ ] * model . Step {
return rc . Run . Job ( ) . Steps
}
// Executor returns a pipeline executor for all the steps in the job
2023-07-11 04:27:43 +00:00
func ( rc * RunContext ) Executor ( ) ( common . Executor , error ) {
2022-12-15 16:45:22 +00:00
var executor common . Executor
2023-03-12 13:26:24 +00:00
jobType , err := rc . Run . Job ( ) . Type ( )
2022-12-15 16:45:22 +00:00
2023-07-11 04:27:43 +00:00
switch jobType {
2022-12-15 16:45:22 +00:00
case model . JobTypeDefault :
executor = newJobExecutor ( rc , & stepFactoryImpl { } , rc )
case model . JobTypeReusableWorkflowLocal :
executor = newLocalReusableWorkflowExecutor ( rc )
case model . JobTypeReusableWorkflowRemote :
executor = newRemoteReusableWorkflowExecutor ( rc )
2023-07-11 04:27:43 +00:00
case model . JobTypeInvalid :
return nil , err
2022-12-15 16:45:22 +00:00
}
2022-02-25 18:39:50 +00:00
return func ( ctx context . Context ) error {
2022-12-15 16:45:22 +00:00
res , err := rc . isEnabled ( ctx )
2022-02-25 18:39:50 +00:00
if err != nil {
return err
}
2022-12-15 16:45:22 +00:00
if res {
return executor ( ctx )
2022-02-25 18:39:50 +00:00
}
return nil
2023-07-11 04:27:43 +00:00
} , nil
2020-02-23 23:01:25 +00:00
}
2020-02-17 18:11:16 +00:00
2023-05-03 17:49:17 +00:00
func ( rc * RunContext ) containerImage ( ctx context . Context ) string {
2020-03-16 21:58:10 +00:00
job := rc . Run . Job ( )
c := job . Container ( )
if c != nil {
2022-06-17 15:55:21 +00:00
return rc . ExprEval . Interpolate ( ctx , c . Image )
2020-03-16 21:58:10 +00:00
}
2023-05-03 17:49:17 +00:00
return ""
}
func ( rc * RunContext ) runsOnImage ( ctx context . Context ) string {
2023-12-16 23:04:54 +00:00
if rc . Run . Job ( ) . RunsOn ( ) == nil {
2022-06-17 15:55:21 +00:00
common . Logger ( ctx ) . Errorf ( "'runs-on' key not defined in %s" , rc . String ( ) )
2021-01-21 14:02:48 +00:00
}
2024-02-17 04:28:10 +00:00
runsOn := rc . Run . Job ( ) . RunsOn ( )
2022-11-22 08:39:19 +00:00
for i , v := range runsOn {
runsOn [ i ] = rc . ExprEval . Interpolate ( ctx , v )
}
if pick := rc . Config . PlatformPicker ; pick != nil {
if image := pick ( runsOn ) ; image != "" {
return image
}
}
2023-11-12 17:40:06 +00:00
for _ , platformName := range rc . runsOnPlatformNames ( ctx ) {
image := rc . Config . Platforms [ strings . ToLower ( platformName ) ]
2020-03-16 21:58:10 +00:00
if image != "" {
return image
}
}
return ""
}
2023-11-12 17:40:06 +00:00
func ( rc * RunContext ) runsOnPlatformNames ( ctx context . Context ) [ ] string {
2023-05-03 17:49:17 +00:00
job := rc . Run . Job ( )
2021-01-21 14:02:48 +00:00
if job . RunsOn ( ) == nil {
2023-11-12 17:40:06 +00:00
return [ ] string { }
2021-01-21 14:02:48 +00:00
}
2023-11-12 17:40:06 +00:00
if err := rc . ExprEval . EvaluateYamlNode ( ctx , & job . RawRunsOn ) ; err != nil {
common . Logger ( ctx ) . Errorf ( "Error while evaluating runs-on: %v" , err )
return [ ] string { }
2020-03-16 21:58:10 +00:00
}
2023-11-12 17:40:06 +00:00
return job . RunsOn ( )
2020-03-16 21:58:10 +00:00
}
2023-05-03 17:49:17 +00:00
func ( rc * RunContext ) platformImage ( ctx context . Context ) string {
if containerImage := rc . containerImage ( ctx ) ; containerImage != "" {
return containerImage
}
return rc . runsOnImage ( ctx )
}
2023-09-12 13:35:25 +00:00
func ( rc * RunContext ) options ( ctx context . Context ) string {
2021-09-10 05:03:40 +00:00
job := rc . Run . Job ( )
c := job . Container ( )
2023-09-12 13:35:25 +00:00
if c != nil {
2024-03-04 02:56:52 +00:00
return rc . Config . ContainerOptions + " " + rc . ExprEval . Interpolate ( ctx , c . Options )
2021-09-10 05:03:40 +00:00
}
2023-09-12 13:35:25 +00:00
return rc . Config . ContainerOptions
2021-09-10 05:03:40 +00:00
}
2022-02-25 18:39:50 +00:00
func ( rc * RunContext ) isEnabled ( ctx context . Context ) ( bool , error ) {
2020-02-23 23:01:25 +00:00
job := rc . Run . Job ( )
2020-05-04 19:18:13 +00:00
l := common . Logger ( ctx )
2023-07-11 04:27:43 +00:00
runJob , runJobErr := EvalBool ( ctx , rc . ExprEval , job . If . Value , exprparser . DefaultStatusCheckSuccess )
jobType , jobTypeErr := job . Type ( )
if runJobErr != nil {
return false , fmt . Errorf ( " \u274C Error in if-expression: \"if: %s\" (%s)" , job . If . Value , runJobErr )
}
if jobType == model . JobTypeInvalid {
return false , jobTypeErr
2020-11-17 17:31:05 +00:00
}
2023-07-11 04:27:43 +00:00
2020-11-17 17:31:05 +00:00
if ! runJob {
2022-06-17 15:55:21 +00:00
l . WithField ( "jobResult" , "skipped" ) . Debugf ( "Skipping job '%s' due to '%s'" , job . Name , job . If . Value )
2022-02-25 18:39:50 +00:00
return false , nil
2020-02-23 23:01:25 +00:00
}
2020-02-21 03:43:20 +00:00
2023-11-12 20:01:32 +00:00
if jobType != model . JobTypeDefault {
return true , nil
}
2022-06-17 15:55:21 +00:00
img := rc . platformImage ( ctx )
2020-03-16 21:58:10 +00:00
if img == "" {
2023-11-12 17:40:06 +00:00
for _ , platformName := range rc . runsOnPlatformNames ( ctx ) {
2021-09-13 23:14:41 +00:00
l . Infof ( "\U0001F6A7 Skipping unsupported platform -- Try running with `-P %+v=...`" , platformName )
2020-12-08 18:13:07 +00:00
}
2022-02-25 18:39:50 +00:00
return false , nil
2020-02-17 18:11:16 +00:00
}
2022-02-25 18:39:50 +00:00
return true , nil
2020-02-17 18:11:16 +00:00
}
2020-02-07 06:17:58 +00:00
func mergeMaps ( maps ... map [ string ] string ) map [ string ] string {
rtnMap := make ( map [ string ] string )
for _ , m := range maps {
for k , v := range m {
rtnMap [ k ] = v
}
}
return rtnMap
}
2022-11-24 06:45:32 +00:00
// deprecated: use createSimpleContainerName
2020-02-23 23:01:25 +00:00
func createContainerName ( parts ... string ) string {
2023-02-03 19:54:19 +00:00
name := strings . Join ( parts , "-" )
2020-02-23 23:01:25 +00:00
pattern := regexp . MustCompile ( "[^a-zA-Z0-9]" )
2023-02-03 19:54:19 +00:00
name = pattern . ReplaceAllString ( name , "-" )
name = strings . ReplaceAll ( name , "--" , "-" )
hash := sha256 . Sum256 ( [ ] byte ( name ) )
// SHA256 is 64 hex characters. So trim name to 63 characters to make room for the hash and separator
trimmedName := strings . Trim ( trimToLen ( name , 63 ) , "-" )
return fmt . Sprintf ( "%s-%x" , trimmedName , hash )
2020-02-07 06:17:58 +00:00
}
2022-11-24 06:45:32 +00:00
func createSimpleContainerName ( parts ... string ) string {
pattern := regexp . MustCompile ( "[^a-zA-Z0-9-]" )
name := make ( [ ] string , 0 , len ( parts ) )
for _ , v := range parts {
v = pattern . ReplaceAllString ( v , "-" )
v = strings . Trim ( v , "-" )
for strings . Contains ( v , "--" ) {
v = strings . ReplaceAll ( v , "--" , "-" )
}
if v != "" {
name = append ( name , v )
}
}
return strings . Join ( name , "_" )
}
2020-02-07 06:17:58 +00:00
func trimToLen ( s string , l int ) string {
2020-02-21 03:43:20 +00:00
if l < 0 {
l = 0
}
2020-02-07 06:17:58 +00:00
if len ( s ) > l {
return s [ : l ]
}
return s
}
2020-02-14 08:41:20 +00:00
2021-12-22 19:52:09 +00:00
func ( rc * RunContext ) getJobContext ( ) * model . JobContext {
2020-02-14 08:41:20 +00:00
jobStatus := "success"
for _ , stepStatus := range rc . StepResults {
2021-12-22 19:52:09 +00:00
if stepStatus . Conclusion == model . StepStatusFailure {
2020-02-14 08:41:20 +00:00
jobStatus = "failure"
break
}
}
2021-12-22 19:52:09 +00:00
return & model . JobContext {
2020-02-14 08:41:20 +00:00
Status : jobStatus ,
}
}
2021-12-22 19:52:09 +00:00
func ( rc * RunContext ) getStepsContext ( ) map [ string ] * model . StepResult {
2020-02-14 08:41:20 +00:00
return rc . StepResults
}
2022-06-17 15:55:21 +00:00
func ( rc * RunContext ) getGithubContext ( ctx context . Context ) * model . GithubContext {
logger := common . Logger ( ctx )
2021-12-22 19:52:09 +00:00
ghc := & model . GithubContext {
2021-05-06 20:02:29 +00:00
Event : make ( map [ string ] interface { } ) ,
Workflow : rc . Run . Workflow . Name ,
RunID : rc . Config . Env [ "GITHUB_RUN_ID" ] ,
RunNumber : rc . Config . Env [ "GITHUB_RUN_NUMBER" ] ,
Actor : rc . Config . Actor ,
EventName : rc . Config . EventName ,
Action : rc . CurrentStep ,
2022-05-11 19:06:05 +00:00
Token : rc . Config . Token ,
2023-02-27 19:10:31 +00:00
Job : rc . Run . JobID ,
2021-12-22 19:19:50 +00:00
ActionPath : rc . ActionPath ,
2023-10-03 23:13:05 +00:00
ActionRepository : rc . Env [ "GITHUB_ACTION_REPOSITORY" ] ,
ActionRef : rc . Env [ "GITHUB_ACTION_REF" ] ,
2021-05-06 20:02:29 +00:00
RepositoryOwner : rc . Config . Env [ "GITHUB_REPOSITORY_OWNER" ] ,
RetentionDays : rc . Config . Env [ "GITHUB_RETENTION_DAYS" ] ,
RunnerPerflog : rc . Config . Env [ "RUNNER_PERFLOG" ] ,
RunnerTrackingID : rc . Config . Env [ "RUNNER_TRACKING_ID" ] ,
2023-02-03 19:35:49 +00:00
Repository : rc . Config . Env [ "GITHUB_REPOSITORY" ] ,
Ref : rc . Config . Env [ "GITHUB_REF" ] ,
Sha : rc . Config . Env [ "SHA_REF" ] ,
RefName : rc . Config . Env [ "GITHUB_REF_NAME" ] ,
RefType : rc . Config . Env [ "GITHUB_REF_TYPE" ] ,
BaseRef : rc . Config . Env [ "GITHUB_BASE_REF" ] ,
HeadRef : rc . Config . Env [ "GITHUB_HEAD_REF" ] ,
Workspace : rc . Config . Env [ "GITHUB_WORKSPACE" ] ,
2020-03-06 22:17:57 +00:00
}
2022-11-16 21:29:45 +00:00
if rc . JobContainer != nil {
ghc . EventPath = rc . JobContainer . GetActPath ( ) + "/workflow/event.json"
ghc . Workspace = rc . JobContainer . ToContainerPath ( rc . Config . Workdir )
}
2021-05-05 23:11:43 +00:00
2021-05-06 20:02:29 +00:00
if ghc . RunID == "" {
ghc . RunID = "1"
2020-09-22 21:13:29 +00:00
}
2021-05-05 23:11:43 +00:00
2021-05-06 20:02:29 +00:00
if ghc . RunNumber == "" {
ghc . RunNumber = "1"
2020-09-22 21:13:29 +00:00
}
2021-05-05 23:11:43 +00:00
2021-05-06 20:02:29 +00:00
if ghc . RetentionDays == "" {
ghc . RetentionDays = "0"
}
if ghc . RunnerPerflog == "" {
ghc . RunnerPerflog = "/dev/null"
2020-02-14 08:41:20 +00:00
}
2020-05-12 07:14:56 +00:00
// Backwards compatibility for configs that require
// a default rather than being run as a cmd
if ghc . Actor == "" {
ghc . Actor = "nektos/act"
}
2023-03-16 03:45:29 +00:00
{ // Adapt to Gitea
if preset := rc . Config . PresetGitHubContext ; preset != nil {
ghc . Event = preset . Event
ghc . RunID = preset . RunID
ghc . RunNumber = preset . RunNumber
ghc . Actor = preset . Actor
ghc . Repository = preset . Repository
ghc . EventName = preset . EventName
ghc . Sha = preset . Sha
ghc . Ref = preset . Ref
ghc . RefName = preset . RefName
ghc . RefType = preset . RefType
ghc . HeadRef = preset . HeadRef
ghc . BaseRef = preset . BaseRef
ghc . Token = preset . Token
ghc . RepositoryOwner = preset . RepositoryOwner
ghc . RetentionDays = preset . RetentionDays
2023-06-16 05:12:43 +00:00
instance := rc . Config . GitHubInstance
if ! strings . HasPrefix ( instance , "http://" ) &&
! strings . HasPrefix ( instance , "https://" ) {
instance = "https://" + instance
}
ghc . ServerURL = instance
ghc . APIURL = instance + "/api/v1" // the version of Gitea is v1
ghc . GraphQLURL = "" // Gitea doesn't support graphql
2023-03-16 03:45:29 +00:00
return ghc
2021-05-06 20:02:29 +00:00
}
2020-02-14 08:41:20 +00:00
}
2020-05-04 19:18:13 +00:00
if rc . EventJSON != "" {
2023-02-03 19:35:49 +00:00
err := json . Unmarshal ( [ ] byte ( rc . EventJSON ) , & ghc . Event )
2020-05-04 19:18:13 +00:00
if err != nil {
2022-06-17 15:55:21 +00:00
logger . Errorf ( "Unable to Unmarshal event '%s': %v" , rc . EventJSON , err )
2020-05-04 19:18:13 +00:00
}
2020-02-14 08:41:20 +00:00
}
2020-03-06 22:17:57 +00:00
2023-02-03 19:35:49 +00:00
ghc . SetBaseAndHeadRef ( )
repoPath := rc . Config . Workdir
ghc . SetRepositoryAndOwner ( ctx , rc . Config . GitHubInstance , rc . Config . RemoteName , repoPath )
if ghc . Ref == "" {
ghc . SetRef ( ctx , rc . Config . DefaultBranch , repoPath )
2020-03-06 22:17:57 +00:00
}
2023-02-03 19:35:49 +00:00
if ghc . Sha == "" {
ghc . SetSha ( ctx , repoPath )
2022-05-08 14:23:19 +00:00
}
2023-02-03 19:35:49 +00:00
ghc . SetRefTypeAndName ( )
2023-04-13 13:09:28 +00:00
// defaults
ghc . ServerURL = "https://github.com"
ghc . APIURL = "https://api.github.com"
ghc . GraphQLURL = "https://api.github.com/graphql"
// per GHES
if rc . Config . GitHubInstance != "github.com" {
ghc . ServerURL = fmt . Sprintf ( "https://%s" , rc . Config . GitHubInstance )
ghc . APIURL = fmt . Sprintf ( "https://%s/api/v3" , rc . Config . GitHubInstance )
ghc . GraphQLURL = fmt . Sprintf ( "https://%s/api/graphql" , rc . Config . GitHubInstance )
}
2023-06-20 07:36:10 +00:00
{ // Adapt to Gitea
instance := rc . Config . GitHubInstance
if ! strings . HasPrefix ( instance , "http://" ) &&
! strings . HasPrefix ( instance , "https://" ) {
instance = "https://" + instance
}
ghc . ServerURL = instance
ghc . APIURL = instance + "/api/v1" // the version of Gitea is v1
ghc . GraphQLURL = "" // Gitea doesn't support graphql
}
2023-04-13 13:09:28 +00:00
// allow to be overridden by user
if rc . Config . Env [ "GITHUB_SERVER_URL" ] != "" {
ghc . ServerURL = rc . Config . Env [ "GITHUB_SERVER_URL" ]
}
if rc . Config . Env [ "GITHUB_API_URL" ] != "" {
2023-04-13 14:09:29 +00:00
ghc . APIURL = rc . Config . Env [ "GITHUB_API_URL" ]
2023-04-13 13:09:28 +00:00
}
if rc . Config . Env [ "GITHUB_GRAPHQL_URL" ] != "" {
2023-04-13 14:09:29 +00:00
ghc . GraphQLURL = rc . Config . Env [ "GITHUB_GRAPHQL_URL" ]
2023-04-13 13:09:28 +00:00
}
2020-02-14 08:41:20 +00:00
return ghc
}
2021-12-22 19:52:09 +00:00
func isLocalCheckout ( ghc * model . GithubContext , step * model . Step ) bool {
2021-05-10 15:12:57 +00:00
if step . Type ( ) == model . StepTypeInvalid {
2021-05-04 21:50:35 +00:00
// This will be errored out by the executor later, we need this here to avoid a null panic though
return false
}
2020-03-10 00:45:42 +00:00
if step . Type ( ) != model . StepTypeUsesActionRemote {
return false
}
remoteAction := newRemoteAction ( step . Uses )
2021-05-10 15:12:57 +00:00
if remoteAction == nil {
// IsCheckout() will nil panic if we dont bail out early
return false
}
2020-03-10 00:45:42 +00:00
if ! remoteAction . IsCheckout ( ) {
return false
}
if repository , ok := step . With [ "repository" ] ; ok && repository != ghc . Repository {
return false
}
if repository , ok := step . With [ "ref" ] ; ok && repository != ghc . Ref {
return false
}
return true
}
2020-03-06 22:17:57 +00:00
func nestedMapLookup ( m map [ string ] interface { } , ks ... string ) ( rval interface { } ) {
var ok bool
if len ( ks ) == 0 { // degenerate input
return nil
}
if rval , ok = m [ ks [ 0 ] ] ; ! ok {
return nil
} else if len ( ks ) == 1 { // we've reached the final key
return rval
} else if m , ok = rval . ( map [ string ] interface { } ) ; ! ok {
return nil
} else { // 1+ more keys
return nestedMapLookup ( m , ks [ 1 : ] ... )
}
}
2022-10-06 21:58:16 +00:00
func ( rc * RunContext ) withGithubEnv ( ctx context . Context , github * model . GithubContext , env map [ string ] string ) map [ string ] string {
2020-09-28 15:22:42 +00:00
env [ "CI" ] = "true"
2020-02-14 08:41:20 +00:00
env [ "GITHUB_WORKFLOW" ] = github . Workflow
env [ "GITHUB_RUN_ID" ] = github . RunID
env [ "GITHUB_RUN_NUMBER" ] = github . RunNumber
env [ "GITHUB_ACTION" ] = github . Action
2021-12-22 19:19:50 +00:00
env [ "GITHUB_ACTION_PATH" ] = github . ActionPath
env [ "GITHUB_ACTION_REPOSITORY" ] = github . ActionRepository
env [ "GITHUB_ACTION_REF" ] = github . ActionRef
2020-02-24 18:56:49 +00:00
env [ "GITHUB_ACTIONS" ] = "true"
2020-02-14 08:41:20 +00:00
env [ "GITHUB_ACTOR" ] = github . Actor
env [ "GITHUB_REPOSITORY" ] = github . Repository
env [ "GITHUB_EVENT_NAME" ] = github . EventName
env [ "GITHUB_EVENT_PATH" ] = github . EventPath
env [ "GITHUB_WORKSPACE" ] = github . Workspace
env [ "GITHUB_SHA" ] = github . Sha
env [ "GITHUB_REF" ] = github . Ref
2022-05-08 14:23:19 +00:00
env [ "GITHUB_REF_NAME" ] = github . RefName
env [ "GITHUB_REF_TYPE" ] = github . RefType
2024-03-11 10:46:38 +00:00
env [ "GITHUB_TOKEN" ] = github . Token
2023-02-27 19:10:31 +00:00
env [ "GITHUB_JOB" ] = github . Job
2021-05-06 20:02:29 +00:00
env [ "GITHUB_REPOSITORY_OWNER" ] = github . RepositoryOwner
env [ "GITHUB_RETENTION_DAYS" ] = github . RetentionDays
env [ "RUNNER_PERFLOG" ] = github . RunnerPerflog
env [ "RUNNER_TRACKING_ID" ] = github . RunnerTrackingID
2023-02-03 19:35:49 +00:00
env [ "GITHUB_BASE_REF" ] = github . BaseRef
env [ "GITHUB_HEAD_REF" ] = github . HeadRef
2023-04-13 13:09:28 +00:00
env [ "GITHUB_SERVER_URL" ] = github . ServerURL
env [ "GITHUB_API_URL" ] = github . APIURL
env [ "GITHUB_GRAPHQL_URL" ] = github . GraphQLURL
2023-02-03 19:35:49 +00:00
2023-03-16 03:45:29 +00:00
{ // Adapt to Gitea
instance := rc . Config . GitHubInstance
if ! strings . HasPrefix ( instance , "http://" ) &&
! strings . HasPrefix ( instance , "https://" ) {
instance = "https://" + instance
2022-11-16 10:00:45 +00:00
}
2023-05-04 09:45:53 +00:00
env [ "GITHUB_SERVER_URL" ] = instance
env [ "GITHUB_API_URL" ] = instance + "/api/v1" // the version of Gitea is v1
env [ "GITHUB_GRAPHQL_URL" ] = "" // Gitea doesn't support graphql
2021-05-05 16:42:34 +00:00
}
2021-03-18 00:14:08 +00:00
2021-11-10 17:57:22 +00:00
if rc . Config . ArtifactServerPath != "" {
setActionRuntimeVars ( rc , env )
}
2023-11-12 17:40:06 +00:00
for _ , platformName := range rc . runsOnPlatformNames ( ctx ) {
2023-08-09 12:41:12 +00:00
if platformName != "" {
if platformName == "ubuntu-latest" {
// hardcode current ubuntu-latest since we have no way to check that 'on the fly'
env [ "ImageOS" ] = "ubuntu20"
} else {
platformName = strings . SplitN ( strings . Replace ( platformName , ` - ` , ` ` , 1 ) , ` . ` , 2 ) [ 0 ]
env [ "ImageOS" ] = platformName
2021-03-18 00:14:08 +00:00
}
}
}
2020-02-14 08:41:20 +00:00
return env
}
2020-03-10 00:45:42 +00:00
2021-11-10 17:57:22 +00:00
func setActionRuntimeVars ( rc * RunContext , env map [ string ] string ) {
actionsRuntimeURL := os . Getenv ( "ACTIONS_RUNTIME_URL" )
if actionsRuntimeURL == "" {
2023-01-16 14:12:20 +00:00
actionsRuntimeURL = fmt . Sprintf ( "http://%s:%s/" , rc . Config . ArtifactServerAddr , rc . Config . ArtifactServerPort )
2021-11-10 17:57:22 +00:00
}
env [ "ACTIONS_RUNTIME_URL" ] = actionsRuntimeURL
actionsRuntimeToken := os . Getenv ( "ACTIONS_RUNTIME_TOKEN" )
if actionsRuntimeToken == "" {
actionsRuntimeToken = "token"
}
env [ "ACTIONS_RUNTIME_TOKEN" ] = actionsRuntimeToken
}
2023-07-11 00:12:12 +00:00
func ( rc * RunContext ) handleCredentials ( ctx context . Context ) ( string , string , error ) {
2021-11-27 18:05:56 +00:00
// TODO: remove below 2 lines when we can release act with breaking changes
2023-07-11 00:12:12 +00:00
username := rc . Config . Secrets [ "DOCKER_USERNAME" ]
password := rc . Config . Secrets [ "DOCKER_PASSWORD" ]
2021-11-27 18:05:56 +00:00
container := rc . Run . Job ( ) . Container ( )
if container == nil || container . Credentials == nil {
2023-07-11 00:12:12 +00:00
return username , password , nil
2021-11-27 18:05:56 +00:00
}
if container . Credentials != nil && len ( container . Credentials ) != 2 {
2023-07-11 00:12:12 +00:00
err := fmt . Errorf ( "invalid property count for key 'credentials:'" )
return "" , "" , err
2021-11-27 18:05:56 +00:00
}
2022-06-17 15:55:21 +00:00
ee := rc . NewExpressionEvaluator ( ctx )
if username = ee . Interpolate ( ctx , container . Credentials [ "username" ] ) ; username == "" {
2023-07-11 00:12:12 +00:00
err := fmt . Errorf ( "failed to interpolate container.credentials.username" )
return "" , "" , err
2021-11-27 18:05:56 +00:00
}
2022-06-17 15:55:21 +00:00
if password = ee . Interpolate ( ctx , container . Credentials [ "password" ] ) ; password == "" {
2023-07-11 00:12:12 +00:00
err := fmt . Errorf ( "failed to interpolate container.credentials.password" )
return "" , "" , err
2021-11-27 18:05:56 +00:00
}
if container . Credentials [ "username" ] == "" || container . Credentials [ "password" ] == "" {
2023-07-11 00:12:12 +00:00
err := fmt . Errorf ( "container.credentials cannot be empty" )
return "" , "" , err
2021-11-27 18:05:56 +00:00
}
2023-07-11 00:12:12 +00:00
return username , password , nil
2021-11-27 18:05:56 +00:00
}
2023-04-25 06:45:39 +00:00
func ( rc * RunContext ) handleServiceCredentials ( ctx context . Context , creds map [ string ] string ) ( username , password string , err error ) {
if creds == nil {
return
}
if len ( creds ) != 2 {
err = fmt . Errorf ( "invalid property count for key 'credentials:'" )
return
}
ee := rc . NewExpressionEvaluator ( ctx )
if username = ee . Interpolate ( ctx , creds [ "username" ] ) ; username == "" {
err = fmt . Errorf ( "failed to interpolate credentials.username" )
return
}
if password = ee . Interpolate ( ctx , creds [ "password" ] ) ; password == "" {
err = fmt . Errorf ( "failed to interpolate credentials.password" )
return
}
return
}
2023-06-05 09:21:59 +00:00
// GetServiceBindsAndMounts returns the binds and mounts for the service container, resolving paths as appopriate
func ( rc * RunContext ) GetServiceBindsAndMounts ( svcVolumes [ ] string ) ( [ ] string , map [ string ] string ) {
if rc . Config . ContainerDaemonSocket == "" {
rc . Config . ContainerDaemonSocket = "/var/run/docker.sock"
}
binds := [ ] string { }
if rc . Config . ContainerDaemonSocket != "-" {
daemonPath := getDockerDaemonSocketMountPath ( rc . Config . ContainerDaemonSocket )
binds = append ( binds , fmt . Sprintf ( "%s:%s" , daemonPath , "/var/run/docker.sock" ) )
}
mounts := map [ string ] string { }
for _ , v := range svcVolumes {
if ! strings . Contains ( v , ":" ) || filepath . IsAbs ( v ) {
// Bind anonymous volume or host file.
binds = append ( binds , v )
} else {
// Mount existing volume.
paths := strings . SplitN ( v , ":" , 2 )
mounts [ paths [ 0 ] ] = paths [ 1 ]
}
}
return binds , mounts
}