From 9440c54d5191f8e22598a4aaf9c2cc954434688e Mon Sep 17 00:00:00 2001 From: Paul Pacheco Date: Sat, 26 Mar 2022 20:05:15 -0500 Subject: [PATCH] feat: work with rootless docker (#362) Running docker currently mounts the docker.sock file into the container. This was introduced in 2ab738c08389696888fa13b09fb29d02932a00b3 but there is no explanation provided. The docker.sock file is only needed if we want to run docker inside the container to create other images or start other containers. I searched through the code and I did not find any such use. In particular, on fedora this gives permission denied because docker.sock is owned by root and the container runs under an unprivileged user. One has to change the permissions of docker.sock (which is actually a link to /run/podman/podman.sock) to be writeable by the user. If we don't need to use docker inside the containers, then we can remove this file, thus we can run this GitHub action as an unprivileged user out of the box. --- dist/index.js | Bin 21813655 -> 21813582 bytes dist/index.js.map | Bin 16166389 -> 16166305 bytes src/model/docker.ts | 1 - 3 files changed, 1 deletion(-) diff --git a/dist/index.js b/dist/index.js index 9b56ec3872e30ca2fa6a445c5a1e11af696fc9dc..3d2b843642c805893120924d95f1adfac7dd2e74 100644 GIT binary patch delta 1422 zcmWmEMN}0407TLAKY~&MDrEwqBCQ|@N~4Hf*qxY&-J+t{*x21IUf;W8N3qSay9LggAfvA8W1fwEC z5Q<8uj4*^F0+EP9G-42oDyWJ$R6{(fqXufC7HXpo>Y^U%qX8Ns0gccYP0$q0&>St$ z60Oi0ZO|6&&>kJo5uMN(iRgl^=!Wj-fu2Z0FC?Qk`k*iRp+5#-AO>MDhF~a$VK_!0 z1tT#Eqmha+7>hKF!+1=NxJ9c0vc40U6U@!JzKXPyY2XP38aRf(k z499T-Cvgg=aRz6Ri*q=S3%H0&xQr{fifg!z8@P#ExQ#owi+i|_2Y84_c#J1_if4F^ z7kG(Rc#SuBi+6aB5BP{r_>3?3if{OiANYx1_>DjKi+>ZNlMU%mjEaepM=@2*l)Oql z#ayvaEEOxoTFI~2D7K27Qa~xF6jJOJ2gOlwQk<2-N)e@~QcNkXlu%q0SH(>!skkep zl+sEW#X~8pcq(3sx8kGtDt?N;Qcfwa1So+@1tmxcRw^nXN~lsvsjP%4;Yx%OsYEH! bN{kY#R8gubaY{8MUa79sFywG0hJ?ibKzJ>Q delta 1471 zcmZwHXH*UV6o>KCOH!#wWk(S$y_J=uk`iT;y&{|BrR*Kq+1X_8QTE<@@4ffV&VK&i zefT~1oO{mwde3EKTBT)XS`AM&+hWK{@G>UFnvABzcw=0z4&6JNeEKk416}{OPD?i# zoYI_o8}g=PCm4_eIbn`mut08D!V1>N0~^@F4!X?;d*p`$9N~llD2PHRj3OwCVsJ)r zlzhv#u%hvEXH9x zCSW2aVKP!N1yeB%(=h`xF$-y!jX9W$d6-Dea1e)Z7)Njv$8a1ca1y6*8fS18=Wreu za1obq8CP%>*Ki#-a1*z18+ULQ_i!H%@DPvi7*FsN&+r^C@Di`^8gK9x@9-WUkcE%< zgwObbulR=V$i@%+#4r5DAN-w=onV#<#h~O+aw_IZF2zF0tyn5ninWqQu~BRlJ0-7@ zPqA0>D-MdI;-nN%3Mz$^!b%aPs8URER*EYn6c@!+DXElF+?3Kv8O2@kP&^ec#ak(> z_$WrjSMgK)m2ygXrGipXsiXubm6brHiV~z$Rf3feB~+=VgeldPa3w;ip+qV*m0C)a N5^c7hS7H{^Dh>bu diff --git a/dist/index.js.map b/dist/index.js.map index 078f1658c41ed056319dd87fa3c9e770da8b4a2f..6d6ac1dc962b93d8a186a1d5b9b8035de6a037a7 100644 GIT binary patch delta 982 zcmWmB=UWW`9ERabMx5--va%J)9`)LL@4YwKdrSDmv4vxky=4^&89BCW${yKU-#tFu zf5DxWlI$6U=(rG9kiU zqYTQT9Q+Z0@~D77R74Oep)#tVDypG6YM>@+p*DgM0-+A-q8{p_0UDwa8lwrCq8XZ_ z1zMsNTB8lxq8-|!13ID;I-?7^q8qxS2YR9xdZQ2eq96KW00v?Z24e_@Vi<;F1VS+q zqc9p{Fc#x59uqJTlQ0=mFcs4<9WyW!voITT5Qe!3$2`o(0vIB&5R35tX)%^yDVAY5 zR$wJoArh;x25aHMI;_VAY{VvP#ujYFHbh}Nc3>xVVK??*FZN+S4&WdT;V_OM8b@&q z$8iED5rbHq!fBjA9O7{n=WregxPXhegv&_86}WK~*Ki#-a1*z18+VX|ySRt@cz}m^ zgvWS-r$|N$p5ZxO;3Zz+HQwMY-r+q`@c|$437_!=U-1p!@dH2c3%~IPe`B5Qw9wRl DE$k)! delta 1084 zcmZw6S9A^r0D#eB6G{=IH4}R!Mw^;3YR}k3P_@Ns)M(9CD^{%FxA)$q6?+toEu~r# zyJoG>dUw5hxaWKLR;Q+9dBd)QwF7CvK{*0<))mMYC>9o6AtAX?P$0Q#aA0m!T0&I2 z?33doBomp*LRPX7M0RrU0XfOVhvX&?c?l*T`6)m_KH_5vQJ5kWr5ME% z<0C^hPpuR_s#k1y?8u?veTMap=^Gn1LZU-!Mu)y{1nQj)35|)u};EYEhdyL{gV})TaTT(~w3qrU^}HMsr%wl2){) z4N^4&FX%#7x)DuxdeDBU#{rVoATM}Gz|kU_*Sm>~>h7{mFRSVr&- zBN@eL#_%oQF_v+RX95$M#P|HbWPao)rVz(erZJrv%p{&!%w`UAnMVTiS-?U9EMhTB zSjsY%vx1eZVl``6%R1JxfsJfpGh5ioHny{ao$TUgcC&|H_?5jRvXA{7;2?)M%n^=q zjN|;q2~Ki~-$~*$XE@6_&U1l_Tq2o2xXcy)