Add --userns flag to support Docker daemon that enables user namespace (#533)
I got an error like this after hitting `act` command. > Error: Error response from daemon: cannot share the host's network namespace when user namespaces are enabled According to the document, when user namespaces are enabled on the Docker daemon, neither host network mode and --privileged work without --userns=host. Since `act` uses host network mode to match GitHub Actions runners, it cannot run jobs when user namespaces are enabled. So I added the flag. https://docs.docker.com/engine/security/userns-remap/#user-namespace-known-limitations Co-authored-by: Casey Lee <cplee@nektos.com>
This commit is contained in:
parent
6c118fe9ad
commit
8de7b956b7
7 changed files with 9 additions and 0 deletions
|
@ -105,6 +105,7 @@ It will save that information to `~/.actrc`, please refer to [Configuration](#co
|
||||||
-r, --reuse reuse action containers to maintain state
|
-r, --reuse reuse action containers to maintain state
|
||||||
-s, --secret stringArray secret to make available to actions with optional value (e.g. -s mysecret=foo or -s mysecret)
|
-s, --secret stringArray secret to make available to actions with optional value (e.g. -s mysecret=foo or -s mysecret)
|
||||||
--secret-file string file with list of secrets to read from (e.g. --secret-file .secrets) (default ".secrets")
|
--secret-file string file with list of secrets to read from (e.g. --secret-file .secrets) (default ".secrets")
|
||||||
|
--userns string user namespace to use
|
||||||
-v, --verbose verbose output
|
-v, --verbose verbose output
|
||||||
--version version for act
|
--version version for act
|
||||||
-w, --watch watch the contents of the local repo and run when files change
|
-w, --watch watch the contents of the local repo and run when files change
|
||||||
|
|
|
@ -25,6 +25,7 @@ type Input struct {
|
||||||
insecureSecrets bool
|
insecureSecrets bool
|
||||||
defaultBranch string
|
defaultBranch string
|
||||||
privileged bool
|
privileged bool
|
||||||
|
usernsMode string
|
||||||
}
|
}
|
||||||
|
|
||||||
func (i *Input) resolve(path string) string {
|
func (i *Input) resolve(path string) string {
|
||||||
|
|
|
@ -47,6 +47,7 @@ func Execute(ctx context.Context, version string) {
|
||||||
rootCmd.Flags().StringVarP(&input.eventPath, "eventpath", "e", "", "path to event JSON file")
|
rootCmd.Flags().StringVarP(&input.eventPath, "eventpath", "e", "", "path to event JSON file")
|
||||||
rootCmd.Flags().StringVar(&input.defaultBranch, "defaultbranch", "", "the name of the main branch")
|
rootCmd.Flags().StringVar(&input.defaultBranch, "defaultbranch", "", "the name of the main branch")
|
||||||
rootCmd.Flags().BoolVar(&input.privileged, "privileged", false, "use privileged mode")
|
rootCmd.Flags().BoolVar(&input.privileged, "privileged", false, "use privileged mode")
|
||||||
|
rootCmd.Flags().StringVar(&input.usernsMode, "userns", "", "user namespace to use")
|
||||||
rootCmd.PersistentFlags().StringVarP(&input.actor, "actor", "a", "nektos/act", "user that triggered the event")
|
rootCmd.PersistentFlags().StringVarP(&input.actor, "actor", "a", "nektos/act", "user that triggered the event")
|
||||||
rootCmd.PersistentFlags().StringVarP(&input.workflowsPath, "workflows", "W", "./.github/workflows/", "path to workflow file(s)")
|
rootCmd.PersistentFlags().StringVarP(&input.workflowsPath, "workflows", "W", "./.github/workflows/", "path to workflow file(s)")
|
||||||
rootCmd.PersistentFlags().StringVarP(&input.workdir, "directory", "C", ".", "working directory")
|
rootCmd.PersistentFlags().StringVarP(&input.workdir, "directory", "C", ".", "working directory")
|
||||||
|
@ -260,6 +261,7 @@ func newRunCommand(ctx context.Context, input *Input) func(*cobra.Command, []str
|
||||||
InsecureSecrets: input.insecureSecrets,
|
InsecureSecrets: input.insecureSecrets,
|
||||||
Platforms: input.newPlatforms(),
|
Platforms: input.newPlatforms(),
|
||||||
Privileged: input.privileged,
|
Privileged: input.privileged,
|
||||||
|
UsernsMode: input.usernsMode,
|
||||||
}
|
}
|
||||||
r, err := runner.New(config)
|
r, err := runner.New(config)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -44,6 +44,7 @@ type NewContainerInput struct {
|
||||||
Stderr io.Writer
|
Stderr io.Writer
|
||||||
NetworkMode string
|
NetworkMode string
|
||||||
Privileged bool
|
Privileged bool
|
||||||
|
UsernsMode string
|
||||||
}
|
}
|
||||||
|
|
||||||
// FileEntry is a file to copy to a container
|
// FileEntry is a file to copy to a container
|
||||||
|
@ -271,6 +272,7 @@ func (cr *containerReference) create() common.Executor {
|
||||||
Mounts: mounts,
|
Mounts: mounts,
|
||||||
NetworkMode: container.NetworkMode(input.NetworkMode),
|
NetworkMode: container.NetworkMode(input.NetworkMode),
|
||||||
Privileged: input.Privileged,
|
Privileged: input.Privileged,
|
||||||
|
UsernsMode: container.UsernsMode(input.UsernsMode),
|
||||||
}, nil, input.Name)
|
}, nil, input.Name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.WithStack(err)
|
return errors.WithStack(err)
|
||||||
|
|
|
@ -106,6 +106,7 @@ func (rc *RunContext) startJobContainer() common.Executor {
|
||||||
Stdout: logWriter,
|
Stdout: logWriter,
|
||||||
Stderr: logWriter,
|
Stderr: logWriter,
|
||||||
Privileged: rc.Config.Privileged,
|
Privileged: rc.Config.Privileged,
|
||||||
|
UsernsMode: rc.Config.UsernsMode,
|
||||||
})
|
})
|
||||||
|
|
||||||
var copyWorkspace bool
|
var copyWorkspace bool
|
||||||
|
|
|
@ -31,6 +31,7 @@ type Config struct {
|
||||||
InsecureSecrets bool // switch hiding output when printing to terminal
|
InsecureSecrets bool // switch hiding output when printing to terminal
|
||||||
Platforms map[string]string // list of platforms
|
Platforms map[string]string // list of platforms
|
||||||
Privileged bool // use privileged mode
|
Privileged bool // use privileged mode
|
||||||
|
UsernsMode string // user namespace to use
|
||||||
}
|
}
|
||||||
|
|
||||||
type runnerImpl struct {
|
type runnerImpl struct {
|
||||||
|
|
|
@ -234,6 +234,7 @@ func (sc *StepContext) newStepContainer(ctx context.Context, image string, cmd [
|
||||||
Stdout: logWriter,
|
Stdout: logWriter,
|
||||||
Stderr: logWriter,
|
Stderr: logWriter,
|
||||||
Privileged: rc.Config.Privileged,
|
Privileged: rc.Config.Privileged,
|
||||||
|
UsernsMode: rc.Config.UsernsMode,
|
||||||
})
|
})
|
||||||
return stepContainer
|
return stepContainer
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue