如何在我的自托管github动作运行器上启用非docker动作访问docker创建的文件?(无根码头工人) [英] How to enable non-docker actions to access docker-created files on my self hosted github actions runner? (rootless docker)

问题描述

Github建议以非root用户身份运行其运行程序会引起一些围绕混合的问题docker和非docker操作.这很烦人，因为它导致checkout操作无法运行，因为它无法访问由docker容器中运行的操作创建的文件.

Github recommending running their runner as a non-root user gives rise to some issues surrounding mixing docker and non-docker actions. This is quite annoying because it results in the checkout action not being able to run because it can't access the files created by actions run in docker containers.

可以通过使用无根docker运行action运行程序来解决此问题吗?

Can this be solved by running the actions runner with rootless docker?

推荐答案

可以通过以root身份运行github动作运行器来解决此问题，这在一定程度上降低了安全性.

This problem can be solved by running the github actions runner as root, which somewhat reduces security.

更好的解决方案是使用无根泊坞窗:

A better solution is using rootless docker:

1. 如果您先前已经通过Ubuntu的默认存储库安装了docker，请从系统中删除它.
2. 从Docker的存储库中安装Docker 如此处指示(我也建议启用cgroupsV2，如此处所述)&重启.这将为您提供/usr/bin中的脚本，以在下一步中设置无根docker.
3. 设置无根docker 如此处所述.
4. 别忘了运行以下命令，因此docker在注销后仍保持运行状态(如指南中所述)

1. Remove docker from your system if you have previously installed it through Ubuntu's default repositories.
2. install docker from Docker's repositories as directed here (I also recommend enabling cgroupsV2, as described here) & reboot. This will give you the script in /usr/bin needed to setup rootless docker in the next step.
3. setup rootless docker as described here.
4. don't forget to run the following, so docker remains running after you logout (as described in the guide)

systemctl --user enable docker
systemctl --user start docker
sudo loginctl enable-linger $(whoami)

1. 还要确保创建无根上下文与此相同页.这将使您自己的泊坞窗命令和github动作运行器自动使用无根泊坞窗.

1. Also make sure to create the rootless context as described on that same page. This will make your own docker commands and the github actions runner automatically use rootless docker.

安装自托管运行程序:

install the self hosted runner: https://docs.github.com/en/actions/hosting-your-own-runners/adding-self-hosted-runners (skip if already installed)

重新(启动)动作运行器.这可以通过重新启动其systemd服务来完成.您的跑步者现在应该与无根码头工人一起工作

re(start) the actions runner. This can by done by restarting its systemd service. Your runner should now work with rootless docker

如果您在使用buildx进行新的docker build github操作时遇到问题，另请参见

If you're having issues with the new docker build github action using buildx, also see How to solve error with rootless docker in github actions self hosted runner: write /proc/sys/net/ipv4/ping_group_range: invalid argument: unknown

这篇关于如何在我的自托管github动作运行器上启用非docker动作访问docker创建的文件?(无根码头工人)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！