如何在我的自托管 github 操作运行器上启用非 docker 操作来访问 docker 创建的文件?(无根码头工人) [英] How to enable non-docker actions to access docker-created files on my self hosted github actions runner? (rootless docker)

问题描述

Github 建议以非 root 用户身份运行他们的跑步者会引起一些关于混合 docker 的问题和非 docker 操作. 这很烦人，因为它导致 checkout 操作无法运行，因为它无法访问在 docker 容器中运行的操作创建的文件.

Github recommending running their runner as a non-root user gives rise to some issues surrounding mixing docker and non-docker actions. This is quite annoying because it results in the checkout action not being able to run because it can't access the files created by actions run in docker containers.

可以通过使用无根 docker 运行操作运行程序来解决这个问题吗?

Can this be solved by running the actions runner with rootless docker?

推荐答案

这个问题可以通过以 root 运行 github actions runner 来解决，这在一定程度上降低了安全性.

This problem can be solved by running the github actions runner as root, which somewhat reduces security.

更好的解决方案是使用无根 docker:

A better solution is using rootless docker:

1. 如果您之前通过 Ubuntu 的默认存储库安装了 docker，请从系统中删除它.
2. 从 Docker 的存储库安装 docker 按照此处的指示 (我也推荐启用 cgroupsV2，如此处所述) &重启.这将为您提供下一步设置无根 docker 所需的/usr/bin 中的脚本.
3. 设置无根 docker 如此处所述.
4. 不要忘记运行以下命令，以便在您注销后 docker 仍然运行(如指南中所述)

1. Remove docker from your system if you have previously installed it through Ubuntu's default repositories.
2. install docker from Docker's repositories as directed here (I also recommend enabling cgroupsV2, as described here) & reboot. This will give you the script in /usr/bin needed to setup rootless docker in the next step.
3. setup rootless docker as described here.
4. don't forget to run the following, so docker remains running after you logout (as described in the guide)

systemctl --user enable docker
systemctl --user start docker
sudo loginctl enable-linger $(whoami)

1. 还要确保创建无根上下文 ，如上所述页.这将使您自己的 docker 命令和 github 操作运行器自动使用无根 docker.

1. Also make sure to create the rootless context as described on that same page. This will make your own docker commands and the github actions runner automatically use rootless docker.

安装自托管运行器:https://docs.github.com/en/actions/hosting-your-own-runners/adding-self-hosted-runners (如果已经安装则跳过)

install the self hosted runner: https://docs.github.com/en/actions/hosting-your-own-runners/adding-self-hosted-runners (skip if already installed)

重新(启动)动作运行器.这可以通过重新启动其 systemd 服务来完成.您的跑步者现在应该可以使用无根 docker

re(start) the actions runner. This can by done by restarting its systemd service. Your runner should now work with rootless docker

如果您在使用 buildx 的新 docker build github 操作时遇到问题，另请参阅 如何在 github 操作自托管运行器中使用无根 docker 解决错误:写入/proc/sys/net/ipv4/ping_group_range:无效参数:未知

If you're having issues with the new docker build github action using buildx, also see How to solve error with rootless docker in github actions self hosted runner: write /proc/sys/net/ipv4/ping_group_range: invalid argument: unknown

这篇关于如何在我的自托管 github 操作运行器上启用非 docker 操作来访问 docker 创建的文件?(无根码头工人)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！