Checkout error in container runner #26811
-
This is the non-root user I am creating in the Docker image to run the workflow:
When I try to simply checkout the repo with the official checkout action, this error appears:
What permissions do I need to give the non-root user ? |
Beta Was this translation helpful? Give feedback.
Replies: 5 comments 1 reply
-
There are no permissions you can set inside the container image to make this work. The workspace on the runner VM is mounted to The documentation on Dockerfiles for Actions mentions the following regarding
If you use a job container you can’t adjust ownership before passing control to the container, so I’m afraid you’ll have to either run the container as root or start it manually ( |
Beta Was this translation helpful? Give feedback.
-
Yeah, that’s what I was afraid of… thank you for the clarification 🙂 |
Beta Was this translation helpful? Give feedback.
-
Just to confirm if I understood correcly, does that mean that the GiHA runtime is installing a non-root user ( |
Beta Was this translation helpful? Give feedback.
-
Not sure what you mean by “under the hood”. On a GitHub hosted runner the Actions stuff that runs on the VM ( The workspace directory in the VM is owned by the |
Beta Was this translation helpful? Give feedback.
-
Related actions/checkout#47 |
Beta Was this translation helpful? Give feedback.
There are no permissions you can set inside the container image to make this work. The workspace on the runner VM is mounted to
/__w/
when the runner starts the job container (check the “Initialize containers” step in the log). Assuming a GitHub hosted runner VM the workspace is owned by the userrunner
. So what’s happening here is that the container is running as a different non-root user and can’t write another user’s files.The documentation on Dockerfiles for Actions mentions the following regarding
USER
instructions: