Copy a file to a directory outside a GitHub Action Runner directory

I have a self-hosted GitHub Action Runner that builds a Visual Studio solution and then launches a powershell script that lives inside the repo. This script modifies some files in the repo. I would like these modified files to also be copied to a folder outside the GitHub Action Runner directory as the last step of my action within my PC (Windows 10). This is what the launched script looks like:

$scriptFile = Get-Item ".\SFDScripts\Internal\Hardcore\Hardcore.cs"
$maps = Get-ChildItem ".\SFDScripts\Internal\Hardcore\Maps\"

foreach ($map in $maps) {

    if ($map.PSIsContainer) { continue }

    # This modifies the file at {$map.FullName}
    SFDScriptInjector $scriptFile.FullName $map.FullName 

    # Then I want to copy that file to a specific directory on the device where the GitHub Action Runner runs
    Copy-Item $map.FullName "C:\Users\juans\OneDrive\Documents\Superfighters Deluxe\Maps\Custom"

I am currently getting an error at the Copy-Item $map.FullName "C:\Users\juans\OneDrive\Documents\Superfighters Deluxe\Maps\Custom" line. The error is the following

Copy-Item : Access is denied
At E:\actions-runner\_work\SFDScripts\SFDScripts\injectScriptToAllMaps.ps1:7 char:5
+     Copy-Item $map.FullName "C:\Users\juans\OneDrive\Documents\Superf ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Copy-Item], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.CopyItemCommand
Error: Process completed with exit code 1.

I also tried running the script using this run_as.ps1 script. This allows the Action to finish without errors, but the files are still not copied (I’m guessing it fails silently inside the new instance of powershell.

Here is the .yml action file at its current state.

I can’t find out how to give access to the github runner to modify external directories. So, how can I make it to copy the file to an external directory?

1 Like

Someone reported an issue about too few privileges with a self-hosted Windows runner:

How to give extra privileges to the runner over the self-hosted Windows server? · Issue #408 · actions/runner · GitHub

The runner appears to use the NT AUTHORITY\Network Service account to run PowerShell commands, which might restrict what directories you can access from within a workflow (especially since you try to copy to a place inside a user folder).

JacobWrenn suggests to run powershell "(Get-Service actions.runner.*).name" to find the name of the GitHub Actions service and then change what user account is uses to NT AUTHORITY\SYSTEM with the following command: sc config "<NAME_OF_YOUR_SERVICE>" obj= "NT AUTHORITY\SYSTEM" type= own