Docker run -v inside container

mattvb91 · November 28, 2020, 6:49pm

Hey everyone,

im trying to do a “docker run -v” with a volume inside a container but the mounted directory seems to come back empty.

name: CI

on:
  push:
  pull_request:

jobs:
  build:
    runs-on: ubuntu-latest
    container: 
      image: lambci/lambda:build-nodejs12.x

    steps:
      - uses: actions/checkout@v2

      # Runs a set of commands using the runners shell
      - name: Build
        run: |
          pwd
          ls -lah $GITHUB_WORKSPACE/lambda/hooks
          docker run -v "$GITHUB_WORKSPACE/lambda/hooks":/var/task bash ls -lah /var/task

The last ls -lah executed with the bash image just returns an empty directory whereas the first ls -lah $GITHUB_WORKSPACE/lambda/hooks shows all the files existing.

Is it possible to mount again inside a running container?

airtower-luna · November 28, 2020, 7:29pm

For job containers the Docker control socket is mounted from the runner VM into the container, so the volume paths need to be paths as on the runner. In particular, I’ve encountered the workspace paths being different (also via volume mounts into the job container). From the snippet above I’m not sure how the paths would need to look to work, but that’s a likely reason.

mattvb91 · November 29, 2020, 8:38am

@airtower-luna thanks for the suggestion. Any chance you have some links to more reading? Im afraid ive exhausted all my search terms.

The closest i’ve gotten to finding something is this: https://github.com/GoogleCloudPlatform/cloud-builders/issues/372#issuecomment-531311995

volumes:
  - name: 'vol1'
    path: '/persistent_volume'

But I think the -name path: syntax has been deprecated on github actions

airtower-luna · November 29, 2020, 12:10pm

That has never been Github Actions syntax as far as I know, the stuff in that repository is for Google Cloud Build, which looks a bit similar because it’s YAML, too.

The point I was trying to make is that your job runs in a container (the lambci/lambda:build-nodejs12.x one). The paths inside that container are not going to be the same as on the ubuntu-latest runner VM.

GITHUB_WORKSPACE is an example I specifically had trouble with while uploading SARIF for the security tab. The github/codeql-action/upload-sarif action needs to make any absolute paths in the file to be uploaded relative (so any issues found can be assigned to files in the repository). By default it assumes the base path for the repository is $GITHUB_WORKSPACE. That works nicely if you build directly on the runner VM. In a job container the workspace is mounted to /__w/, and the repository will be below that. I ended up using the container workdir instead to fix the problem.

If you want to see what is mounted where in your job container, check the “Initialize containers” step near the start of your workflow. You’ll notice that the Docker command to create the job container includes this:

-v "/var/run/docker.sock":"/var/run/docker.sock"

This means any Docker command in the container will talk to the Docker daemon on the runner VM. So any path for volume mounts will be interpreted from the runner VM, not inside your container.

mattvb91 · November 29, 2020, 12:10pm

@airtower-luna thank you!! Put me on the right path.

I managed to get working now after looking at the -v options and attempted to mount a new volume there:

    container: 
      image: lambci/lambda:build-nodejs12.x
      options: -v /volume_mount:/volume_mount

and then later after checking out the repo I

          cp -R /__w/my_dir /volume_mount

Now inside the next container I can finally see the contents. Still a bit rough on the edges but at least its a start.

Thanks again!