How to run actions/checkout@v1 with sudo Privileges?

When we run the job, it is creating output/ and log/ folders with root Privileges. When second job starts, git clean fails to delete these two folders as “Permission denied”. Is it possible to run actions/checkout@v1 with sudo previleges so that it will clean all untracked files without fail?

Run actions/checkout@v1
Added matchers: ‘checkout-git’. Problem matchers scan action output for known warning or error strings and report these inline.
Syncing repository: my-repo
git version
git version 2.24.1
git config --get remote.origin.url
git clean -ffdx
warning: failed to remove my-repo/log/build.log: Permission denied
warning: failed to remove my-repo/output/centos.qcow2: Permission denied
warning: failed to remove my-repo/output/centos.ova: Permission denied

##[warning]Unable to run “git clean -ffdx” and “git reset --hard HEAD” successfully, delete source folder instead.
Removed matchers: ‘checkout-git’
##[error]One or more errors occurred. (One or more errors occurred. (Access to the path ‘/home/actions/actions-runner/_work/my-repo/output/centos.ova’ is denied.)) (One or more errors occurred. (Access to the path ‘/home/actions/actions-runner/_work/my-repo/log/build.log’ is denied.)) (One or more errors occurred. (Access to the path ‘/home/actions/actions-runner/_work/my-repo/output/centos.qcow2’ is denied.)) (Access to the path ‘/home/actions/actions-runner/_work/my-repo/output/centos.ova’ is denied.)
##[error]Exit code 1 returned from process: file name ‘/home/actions/actions-runner/bin/Runner.PluginHost’, arguments ‘action “GitHub.Runner.Plugins.Repository.v1_0.CheckoutTask, Runner.Plugins”’.

I have not experienced this problem myself. Did you know that there’s an actions/checkout@v2 (https://github.com/actions/checkout/releases/tag/v2.0.0)? Perhaps this new version has solved your problem?

If actions/checkout@v2 could not work, please anwser my next questions.  

Do you use self-hosted runner? If so, is your runner run as service? Which user do you use to run the service? 

It would be better if you could share the job which you use to create output/ and log/ folders for us to reproduce your issue. 

@yanjingzhu actions/checkout@v2 also giving same error:

[error]Command failed: rm -rf “/home/actions/actions-runner/_work/my-repo”
17
rm: cannot remove ‘/home/actions/actions-runner/_work/my-repo/log/ova_build.log’: Permission denied

Yes, I use self-hosted runner. I am running a script with sudo, so log and output folders are created by root. While removing also we should use sudo, otherwise it will fail. Please let me know if we have any fix/workaround.

on:
push:
paths:

  • ‘appliance-builder/**’
  • ‘base/**’
  • ‘.github/workflows/base.yml’
    jobs:
    build:
    runs-on: [self-hosted, linux]
    steps:
  • uses: actions/checkout@v1
  • name: Build base OVA file
    run: |
    cd appliance-builder/
    sudo ./bin/appliance-builder.sh 

Sorry for the delay response. I could not reproduce your issue when use my self-hosted runner in ubuntu machine.

There is my test workflow yml. Job2 could run successfully. 

sudo files.png

According to my checkout step logs , the working directory of git clean command is the default workspace. Not including the log folder. Can you enable step debug logging and share the debug logs here? 

Did you run your self-hosted runner as service? Which user account do you use ? 

i am running ./run.sh

Do I need to stop ./run.sh and 

sudo ./svc.sh start

to running it as a service?

or I need to run both? 

##[error]Command failed: rm -rf “/home/actions/actions-runner/_work/********/appliance-builder”
rm: cannot remove ‘/home/actions/actions-runner/_work/*********/appliance-builder/log/ova_build.log’: Permission denied
rm: cannot remove ‘/home/actions/actions-runner/_work/*********/appliance-builder/output/packer-centos.qcow2’: Permission denied

##[debug]Node Action run completed with exit code 1
##[debug]Finishing: Run actions/checkout@v2
Build ova file

Could you please try to stop ./run.sh , and then follow the next document to run self-hosted runner as service?

https://help.github.com/en/actions/hosting-your-own-runners/configuring-the-self-hosted-runner-application-as-a-service

Please feel free to contact me if this could not work. 

sometimes svc.sh fails with following error but run.sh works fine:

$ sudo ./svc.sh status

/etc/systemd/system/actions.runner.****.actions3.service
● actions.runner.****.actions3.service - GitHub Actions Runner (****.actions3)
Loaded: loaded (/etc/systemd/system/actions.runner.****.actions3.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2020-04-16 13:31:00 PDT; 4 days ago
Main PID: 23331 (runsvc.sh)
Tasks: 22
Memory: 30.9M
CPU: 7min 20.913s
CGroup: /system.slice/actions.runner.******.actions3.service
├─23331 /bin/bash /home/actions/actions-runner/runsvc.sh
├─23334 ./externals/node12/bin/node ./bin/RunnerService.js
└─23341 /home/actions/actions-runner/bin/Runner.Listener run --startuptype service

Apr 16 13:31:00 actions3 systemd[1]: Started GitHub Actions Runner (*****.actions3).
Apr 16 13:31:00 actions3 runsvc.sh[23331]: .path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
Apr 16 13:31:00 actions3 runsvc.sh[23331]: Starting Runner listener with startup type: service
Apr 16 13:31:00 actions3 runsvc.sh[23331]: Started listener process
Apr 16 13:31:00 actions3 runsvc.sh[23331]: Started running service
Apr 16 13:41:09 actions3 runsvc.sh[23331]: 2020-04-16 20:41:09Z: Runner connect error: Resource temporarily unavailable. Retrying until reconnected.

I am using the self-host runner also.

My solution is that I ssh to the instance and remove my repo folder inside the _work.

rm -rf ./_work/my-repo and my pipeline back to normal again.

I think the reason is that I stop the instance while the job is running before. So the cleanup part does not execute under my unexpected termination.

I hope my work can help u.

This is usually caused by running a checkout in a docker container in one job, and then running checkout again in another job, but not in a container. The files created by the checkout in the first containerized job will be owned by root, leaving the second job unable to change those files. This also happens with checkout V2