From 9358a3a8903d6527767eb4f7094f1d2a6e39edee Mon Sep 17 00:00:00 2001
From: Paul Pacheco <paulpach@gmail.com>
Date: Fri, 11 Mar 2022 11:18:18 -0600
Subject: [PATCH] feat: compatibility with self-hosted runners with SELinux
 (#355)

* feat: compatibility with self-hosted runners with SELinux

When using a self-hosted runner with SELinux (fedora)
volumes need to be mounted with ":z" in order to have write access

these flags are documented [here](https://docs.docker.com/storage/bind-mounts/#configure-the-selinux-label)

* Ensure folders are created

* use if instead of short circuit

* ts convention either inline or use braces

* Fix linting

* fix linting errors

Co-authored-by: Webber Takken <webber.nl@gmail.com>
---
 src/model/docker.ts | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/src/model/docker.ts b/src/model/docker.ts
index 5d22f8a0..4b77a9a6 100644
--- a/src/model/docker.ts
+++ b/src/model/docker.ts
@@ -1,14 +1,16 @@
 import { exec } from '@actions/exec';
 import ImageTag from './image-tag';
 import ImageEnvironmentFactory from './image-environment-factory';
+import { existsSync, mkdirSync } from 'fs';
+import path from 'path';
 
 class Docker {
   static async build(buildParameters, silent = false) {
-    const { path, dockerfile, baseImage } = buildParameters;
+    const { path: buildPath, dockerfile, baseImage } = buildParameters;
     const { version, platform } = baseImage;
 
     const tag = new ImageTag({ repository: '', name: 'unity-builder', version, platform });
-    const command = `docker build ${path} \
+    const command = `docker build ${buildPath} \
       --file ${dockerfile} \
       --build-arg IMAGE=${baseImage} \
       --tag ${tag}`;
@@ -41,16 +43,22 @@ class Docker {
 
   static getBaseOsSpecificArguments(baseOs, workspace, unitySerial, runnerTemporaryPath, sshAgent): string {
     switch (baseOs) {
-      case 'linux':
+      case 'linux': {
+        const githubHome = path.join(runnerTemporaryPath, '_github_home');
+        if (!existsSync(githubHome)) mkdirSync(githubHome);
+        const githubWorkflow = path.join(runnerTemporaryPath, '_github_workflow');
+        if (!existsSync(githubWorkflow)) mkdirSync(githubWorkflow);
+
         return `--env UNITY_SERIAL \
                 --env GITHUB_WORKSPACE=/github/workspace \
                 ${sshAgent ? '--env SSH_AUTH_SOCK=/ssh-agent' : ''} \
-                --volume "/var/run/docker.sock":"/var/run/docker.sock" \
-                --volume "${runnerTemporaryPath}/_github_home":"/root" \
-                --volume "${runnerTemporaryPath}/_github_workflow":"/github/workflow" \
-                --volume "${workspace}":"/github/workspace" \
+                --volume "/var/run/docker.sock":"/var/run/docker.sock:z" \
+                --volume "${githubHome}":"/root:z" \
+                --volume "${githubWorkflow}":"/github/workflow:z" \
+                --volume "${workspace}":"/github/workspace:z" \
                 ${sshAgent ? `--volume ${sshAgent}:/ssh-agent` : ''} \
                 ${sshAgent ? '--volume /home/runner/.ssh/known_hosts:/root/.ssh/known_hosts:ro' : ''}`;
+      }
       case 'win32':
         return `--env UNITY_SERIAL="${unitySerial}" \
                 --env GITHUB_WORKSPACE=c:/github/workspace \