About containers in self-hosted servers

I’m trying to run a self-hosted GitHub Actions runner with all actions running in a specified container. The yaml configuration is as follows:

on: [push]


      image: localhost:5000/ubuntu
    runs-on: self-hosted
    name: python test
      - name: Dump GitHub context
          GITHUB_CONTEXT: ${{ toJson(github) }}
        run: echo "$GITHUB_CONTEXT"
      - name: Dump job context
          JOB_CONTEXT: ${{ toJson(job) }}
        run: echo "$JOB_CONTEXT"
      - name: Dump steps context
          STEPS_CONTEXT: ${{ toJson(steps) }}
        run: echo "$STEPS_CONTEXT"
      - name: Dump runner context
          RUNNER_CONTEXT: ${{ toJson(runner) }}
        run: echo "$RUNNER_CONTEXT"
      - name: Dump strategy context
          STRATEGY_CONTEXT: ${{ toJson(strategy) }}
        run: echo "$STRATEGY_CONTEXT"
      - name: Dump matrix context
          MATRIX_CONTEXT: ${{ toJson(matrix) }}
        run: echo "$MATRIX_CONTEXT"
      - uses: actions/checkout@v2
      - name: Install dependencies
        run: python setup.py develop
      - name: Test with unittest
        run: python -m unittest discover tests

I’ve configured the runner with the working directory as “_work”.

The problem I find is that once I run the actions, the source code shows up in the “action-runner/_work” directory and that’s not what I want. I want the source code can only be seen in the container of the job.

I found the docker build logs as follows:


/usr/bin/docker create --name 8cd49e9a19444cdf905404ac924d84c9_localhost5000ubuntumcu_c633d6 --label 3bec0b --workdir /__w/hello-world-docker-action/hello-world-docker-action --network github_network_21b320e0d069457e916a5f1a5787a3a0 -e “HOME=/github/home” -e GITHUB_ACTIONS=true -v “/var/run/docker.sock”:"/var/run/docker.sock" -v “/home/kolmostar/github_action-playground/action-runner/_work”:"/__w" -v “/home/kolmostar/github_action-playground/action-runner/externals”:"/__e":ro -v “/home/kolmostar/github_action-playground/action-runner/_work/_temp”:"/__w/_temp" -v “/home/kolmostar/github_action-playground/action-runner/_work/_actions”:"/__w/_actions" -v “/home/kolmostar/github_action-playground/action-runner/_work/_tool”:"/__w/_tool" -v “/home/kolmostar/github_action-playground/action-runner/_work/_temp/_github_home”:"/github/home" -v “/home/kolmostar/github_action-playground/action-runner/_work/_temp/_github_workflow”:"/github/workflow" --entrypoint “tail” localhost:5000/ubuntu-mcu “-f” “/dev/null”


I can see that the runner binds mounts and that results in the files created in the container can be seen in the host machine.

Can someone help me, why does runner mount to host machine? And is there a way I can totally isolate the container of an action and the host machine?

-v "/home/runner/work":"/__w"
-v "/home/runner/work/_actions":"/__w/_actions"
-v "/home/runner/work/_temp/_github_home":"/github/home"
-v "/home/runner/work/_temp/_github_workflow":"/github/workflow"

This will volume mount the pathes from host into the container. It’s a shared volume between host and the container, anything write to this will shows in both host and inside the container.

Hi BrightRan,

Thanks for your reply!

I did not add any mount options in initializing the container. I believe these mounts are added by the Github Actions self-hosted runner automatically.

Is there a reason why self-hosted runner shares volumes with host?

More importanly, Is there a way to stop it?


@dahuokolmostar Yeah, it is a designed feature for the container job that sharing volume between host and the container. And there is no easy way to disable this behavior. Actually, this behavior will happen on all runners, not only self-hosted runners.

Maybe, you either can use script to clone the repo into somewhere outside of the GIthub.Workspace or creating container yourselves and not use the built-in job container.