Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Copilot Lvl 3
Message 1 of 4

About containers in self-hosted servers

Solved! Go to Solution.

I'm trying to run a self-hosted GitHub Actions runner with all actions running in a specified container. The yaml configuration is as follows:

 

on: [push]

jobs:

  python_test:
    container:
      image: localhost:5000/ubuntu
    runs-on: self-hosted
    name: python test
    steps:
      - name: Dump GitHub context
        env:
          GITHUB_CONTEXT: ${{ toJson(github) }}
        run: echo "$GITHUB_CONTEXT"
      - name: Dump job context
        env:
          JOB_CONTEXT: ${{ toJson(job) }}
        run: echo "$JOB_CONTEXT"
      - name: Dump steps context
        env:
          STEPS_CONTEXT: ${{ toJson(steps) }}
        run: echo "$STEPS_CONTEXT"
      - name: Dump runner context
        env:
          RUNNER_CONTEXT: ${{ toJson(runner) }}
        run: echo "$RUNNER_CONTEXT"
      - name: Dump strategy context
        env:
          STRATEGY_CONTEXT: ${{ toJson(strategy) }}
        run: echo "$STRATEGY_CONTEXT"
      - name: Dump matrix context
        env:
          MATRIX_CONTEXT: ${{ toJson(matrix) }}
        run: echo "$MATRIX_CONTEXT"
      - uses: actions/checkout@v2
      - name: Install dependencies
        run: python setup.py develop
      - name: Test with unittest
        run: python -m unittest discover tests

 

 

I've configured the runner with the working directory as "_work".

 

The problem I find is that once I run the actions, the source code shows up in the "action-runner/_work" directory and that's not what I want. I want the source code can only be seen in the container of the job.

 

I found the docker build logs as follows:

"""

/usr/bin/docker create --name 8cd49e9a19444cdf905404ac924d84c9_localhost5000ubuntumcu_c633d6 --label 3bec0b --workdir /__w/hello-world-docker-action/hello-world-docker-action --network github_network_21b320e0d069457e916a5f1a5787a3a0 -e "HOME=/github/home" -e GITHUB_ACTIONS=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/kolmostar/github_action-playground/action-runner/_work":"/__w" -v "/home/kolmostar/github_action-playground/action-runner/externals":"/__e":ro -v "/home/kolmostar/github_action-playground/action-runner/_work/_temp":"/__w/_temp" -v "/home/kolmostar/github_action-playground/action-runner/_work/_actions":"/__w/_actions" -v "/home/kolmostar/github_action-playground/action-runner/_work/_tool":"/__w/_tool" -v "/home/kolmostar/github_action-playground/action-runner/_work/_temp/_github_home":"/github/home" -v "/home/kolmostar/github_action-playground/action-runner/_work/_temp/_github_workflow":"/github/workflow" --entrypoint "tail" localhost:5000/ubuntu-mcu "-f" "/dev/null"
"""

I can see that the runner binds mounts and that results in the files created in the container can be seen in the host machine.

 

Can someone help me, why does runner mount to host machine? And is there a way I can totally isolate the container of an action and the host machine?

3 Replies
Highlighted
GitHub Partner
Message 2 of 4

Re: About containers in self-hosted servers

-v "/home/runner/work":"/__w"
-v "/home/runner/work/_actions":"/__w/_actions"
-v "/home/runner/work/_temp/_github_home":"/github/home"
-v "/home/runner/work/_temp/_github_workflow":"/github/workflow"

This will volume mount the pathes from host into the container. It's a shared volume between host and the container, anything write to this will shows in both host and inside the container.

Copilot Lvl 3
Message 3 of 4

Re: About containers in self-hosted servers

Hi BrightRan,

 

Thanks for your reply!

 

I did not add any mount options in initializing the container. I believe these mounts are added by the Github Actions self-hosted runner automatically.

 

Is there a reason why self-hosted runner shares volumes with host?

More importanly, Is there a way to stop it?

 

Cheers

 

 

Highlighted
Solution
GitHub Partner
Message 4 of 4

Re: About containers in self-hosted servers

@DaHuoKolmostar Yeah, it is a designed feature for the container job that sharing volume between host and the container. And there is no easy way to disable this behavior. Actually, this behavior will happen on all runners, not only self-hosted runners.

Maybe, you either can use script to clone the repo into somewhere outside of the GIthub.Workspace or creating container yourselves and not use the built-in job container.