Usage of working-directory prevent access to outside names

A step using working-directory cannot name files outside this working-directory (chroot used behind?).
Is this the desired behavior?

reproducer: reproducer working-directory access restriction · tpetillot/ga-working-directory@3251707 · GitHub

jobs:
  unit:
    runs-on: ubuntu-latest
    steps:
      - run: mkdir -p ~/toto/test  # work
      - run: mkdir -p ~/titi/test  # doesn't work
        working-directory: ~/toto/test

1 Like

Does the ~/titi/ directory exist already? If not it’s probably failing because you’re using mkdir without -p in the second command.

Sorry, that was just an error of retranscription, problem does exist with -p.
I added a reproducer.

Hm, looking at that reproducer makes me wonder if the Actions syntax supports tilde expansion. Does it work if you write $HOME to an output or environment variable and use that? Or just to try hardcode /home/runner/, but I’d be wary of using that, because nothing in the documentation says that path is fixed.

1 Like

It does not work with $HOME, but it’s fine with /home/runner which surprise me even more.
Look like working-directory home isn’t defined as expected?

Looks like my guess that tilde expansion isn’t supported was correct. ${HOME} is definitely not going to work because the working-directory setting is evaluated by the runner, not bash.

What I was thinking of with outputs was something like this:

    steps:
      - name: Check secret presence
        id: home
        run: |
          echo "::set-output name=home::${HOME}"
      - name: Use home as working dir
        run: pwd
        working-directory: '${{ steps.home.outputs.home }}'

I’m not sure if using an environment variable (through GITHUB_ENV and the env context) would work, because there are some limitations on where you can use the env context.