feat: compatibility with self-hosted runners with SELinux (#355)

* feat: compatibility with self-hosted runners with SELinux When using a self-hosted runner with SELinux (fedora) volumes need to be mounted with ":z" in order to have write access these flags are documented [here](https://docs.docker.com/storage/bind-mounts/#configure-the-selinux-label) * Ensure folders are created * use if instead of short circuit * ts convention either inline or use braces * Fix linting * fix linting errors Co-authored-by: Webber Takken <webber.nl@gmail.com>
2025-07-04 12:25:19 -04:00 · 2022-03-11 11:18:18 -06:00 · 2022-03-11 11:18:18 -06:00 · 9358a3a890
commit 9358a3a890
parent d975f3b80f
1 changed files with 15 additions and 7 deletions
--- a/src/model/docker.ts
+++ b/src/model/docker.ts
@ -1,14 +1,16 @@
 import { exec } from '@actions/exec';
 import ImageTag from './image-tag';
 import ImageEnvironmentFactory from './image-environment-factory';
+import { existsSync, mkdirSync } from 'fs';
+import path from 'path';

 class Docker {
  static async build(buildParameters, silent = false) {
-    const { path, dockerfile, baseImage } = buildParameters;
+    const { path: buildPath, dockerfile, baseImage } = buildParameters;
    const { version, platform } = baseImage;

    const tag = new ImageTag({ repository: '', name: 'unity-builder', version, platform });
-    const command = `docker build ${path} \
+    const command = `docker build ${buildPath} \
      --file ${dockerfile} \
      --build-arg IMAGE=${baseImage} \
      --tag ${tag}`;
@ -41,16 +43,22 @@ class Docker {

  static getBaseOsSpecificArguments(baseOs, workspace, unitySerial, runnerTemporaryPath, sshAgent): string {
    switch (baseOs) {
-      case 'linux':
+      case 'linux': {
+        const githubHome = path.join(runnerTemporaryPath, '_github_home');
+        if (!existsSync(githubHome)) mkdirSync(githubHome);
+        const githubWorkflow = path.join(runnerTemporaryPath, '_github_workflow');
+        if (!existsSync(githubWorkflow)) mkdirSync(githubWorkflow);
+
        return `--env UNITY_SERIAL \
                --env GITHUB_WORKSPACE=/github/workspace \
                ${sshAgent ? '--env SSH_AUTH_SOCK=/ssh-agent' : ''} \
-                --volume "/var/run/docker.sock":"/var/run/docker.sock" \
-                --volume "${runnerTemporaryPath}/_github_home":"/root" \
-                --volume "${runnerTemporaryPath}/_github_workflow":"/github/workflow" \
-                --volume "${workspace}":"/github/workspace" \
+                --volume "/var/run/docker.sock":"/var/run/docker.sock:z" \
+                --volume "${githubHome}":"/root:z" \
+                --volume "${githubWorkflow}":"/github/workflow:z" \
+                --volume "${workspace}":"/github/workspace:z" \
                ${sshAgent ? `--volume ${sshAgent}:/ssh-agent` : ''} \
                ${sshAgent ? '--volume /home/runner/.ssh/known_hosts:/root/.ssh/known_hosts:ro' : ''}`;
+      }
      case 'win32':
        return `--env UNITY_SERIAL="${unitySerial}" \
                --env GITHUB_WORKSPACE=c:/github/workspace \