[Actions] Files changed in container action are now owned by root

I have a container based action which modifies files.  If I add a step before the job which lists the files, they are owned by runner:docker.  I then run the container based action, which runs as root per the documentation, and after if I list the files again they are now owned by root:root.

Here is an example run: https://github.com/pkgjs/gh-pages/commit/3feecee3d2f359f4e7eed766c5770e62a5c41200/checks

So the issue here is that the goal of this aciton is to be able to compose it with other actions which might do the actual GitHub Pages build.  But if you run a step after that container runs you cannot modify the files anymore.  I tried changing the permissions inside the container, I tried changing them back after, neither worked.

My end goal is a user of this action to be able to do something like:

on: push
name: Create GH Pages
jobs:
  createGhPages:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@master
    - name: Create GH Pages
      uses: pkgjs/gh-pages
      with:
        nojekyll: true
        repo: my/repo
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    - name: Build site
      run: echo "<html><body><h1>Hello World</h1>" > gh-pages/index.html
    - name: Commit gh-pages
      uses: pkgjs/gh-pages
      with:
        commit: gh-pages build from ${github.sha}
        repo: my/repo
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Notice the middle step which writes files into the gh-pages folder.  In the current version of the action this is not possiable due to a write permissions error.

Is there something I am doing wrong?   It seems reasonable to me that modifying files inside a container job should not render them unsable to consecutive jobs.

1 Like

I’m not sure what might be going wrong here. I’ve built a similar Action that generates documentation to be published to GitHub Pages. Subsequent Actions don’t have a problem taking the docs generated by my Action to publish them to GitHub Pages.

Have you tested it with a real Action rather than a run command?

I have the same problem. I’m using a docker action to download some file and then i want to move this files with a native command.

I asked the GitHub support and they said:

> The Linux and MacOS virtual machines all run with a password less sudo so you can execute any command as sudo if you need to. We’ve asked the team to update our public documentation to reflect this.

This means you can/must use sudo in native commands.