I am attemtping to create a docker container action after reading this tutorial.

On local, I have the following Dockerfile:

### Draws from https://github.com/kurron/docker-snowsql/blob/b1b16ff88b36f9df58f692a69642e84f353c2d46/Dockerfile ###
FROM ubuntu:18.04
RUN apt-get update && apt-get --assume-yes install -y curl
Create non-root user
RUN groupadd --system snowflake --gid 444 && 

useradd --uid 444 --system --gid snowflake --home-dir /home/snowflake --create-home --shell /sbin/nologin --comment "Docker image user" snowflake && 

chown -R snowflake:snowflake /home/snowflake
default to being in the user's home directory
WORKDIR /home/snowflake
ENV LC_ALL=C.UTF-8

ENV LANG=C.UTF-8

ENV VERSION 1.2.9

ENV SNOWSQL_DEST /usr/local/bin

ENV SNOWSQL_LOGIN_SHELL /home/snowflake/.bashrc
grab the installation script
RUN curl -O https://sfc-repo.snowflakecomputing.com/snowsql/bootstrap/1.2/linux_x86_64/snowsql-1.2.9-linux_x86_64.bash
Install the tool
Add unzip first, avoid error
RUN apt-get install -y unzip vim

RUN bash snowsql-1.2.9-linux_x86_64.bash
Switch to the non-root user
USER snowflake
Run the SnowSQL client once, allowing it to auto-upgrade to the latest version.
See https://docs.snowflake.com/en/user-guide/snowsql-install-config.html#label-understanding-auto-upgrades
RUN snowsql -v
ENTRYPOINT ["snowsql"]
CMD ["-v"]

I am able to build this image no problem on local. But when I attempt to create my first action after reading the tutorial, I get a permissions error.

Not sure which info is relevant, but here’s my action.yml:

# action.yml
name: 'ssql'

description: 'Get data using snowsql and save in a volume for rscripts to use'

permissions:
runs:

using: 'docker'

image: 'Dockerfile'

My .github/workflows/main.yml:

on: [push]
jobs:

ssql_job:

runs-on: ubuntu-latest

name: Build ssql image

steps:

# To use this repository's private action,

# you must check out the repository

- name: Checkout

uses: actions/checkout

- name: Build ssql container action

uses: ./ssql # Use an action in the ssql directory.

id: build_ssql

When I push and then navigate to the repos Actions tab, I see the workflow failing to build the image starting at what looks like line 34 RUN snowsql -v. This is right after I switch to the non root user on the previous line USER snowflake.

Output of Actions ‘building docker image’ step:

...
  ... lots of out put above here with no issues...
Step 12/16 : RUN bash snowsql-1.2.9-linux_x86_64.bash

---> Running in 49610102b20a

Installing SnowSQL, Snowflake CLI.

Updating /home/snowflake/.bashrc to have /usr/local/bin in PATH

Open a new terminal session to make the updated PATH take effect.

Congratulations! Follow the steps to connect to Snowflake DB.



Open a new terminal window.


Execute the following command to test your connection:

snowsql -a <account_name> -u <login_name>
Enter your password when prompted. Enter !quit to quit the connection.


Add your connection information to the ~/.snowsql/config file:

accountname = <account_name>

username = <login_name>

password = <password>


Execute the following command to connect to Snowflake:
snowsql


See the Snowflake documentation <https://docs.snowflake.net/manuals/user-guide/snowsql.html> for more information.

Removing intermediate container 49610102b20a

---> 97c036ab2e56

Step 13/16 : USER snowflake

---> Running in a1dabc3f5987

Removing intermediate container a1dabc3f5987

---> d9b3e02e91d1

Step 14/16 : RUN snowsql -v

---> Running in 2f4408b885b6

Failed to initialize log. No logging is enabled: [Errno 13] Permission denied: '/home/snowsql_rt.log_bootstrap'

Installing version: 1.2.17

Version: 1.2.17

Removing intermediate container 2f4408b885b6

---> 2fec45cbd941

Step 15/16 : ENTRYPOINT ["snowsql"]

---> Running in 22b5f31d93a4

Removing intermediate container 22b5f31d93a4

---> e83252b18739

Step 16/16 : CMD ["-v"]

---> Running in 3aacaebe01b1

Removing intermediate container 3aacaebe01b1

---> eb2bc127305c

Successfully built eb2bc127305c

Successfully tagged 48c8ce:c8416ac1d920510b4e017a749d9e3c7c

/usr/bin/docker run --name c8cec8416ac1d920510b4e017a749d9e3c7c_d9c332 --label 48c8ce --workdir /github/workspace --rm -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/ds-pipeline-cohort-cumrevenue/ds-pipeline-cohort-cumrevenue":"/github/workspace" 48c8ce:c8416ac1d920510b4e017a749d9e3c7c

Traceback (most recent call last):

File "snowflake/cli/bootstrap/bootstrap.py", line 1109, in <module>

File "click/core.py", line 722, in call

File "click/core.py", line 697, in main

File "click/core.py", line 895, in invoke

File "click/core.py", line 535, in invoke

File "snowflake/cli/bootstrap/bootstrap.py", line 319, in run

File "os.py", line 220, in makedirs

PermissionError: [Errno 13] Permission denied: '/github/home/.snowsql'

[8] Failed to execute script bootstrap

Why am I able to build this image on local but not when attempting to create a new github docker container action? How can I overcome this permissions error while building with Github actions?