mirror of
https://github.com/game-ci/unity-builder.git
synced 2025-07-04 12:25:19 -04:00
feat: work with rootless docker (#362)
Running docker currently mounts the docker.sock file into the container.
This was introduced in 2ab738c083 but
there is no explanation provided.
The docker.sock file is only needed if we want to run docker inside the container
to create other images or start other containers.
I searched through the code and I did not find any such use.
In particular, on fedora this gives permission denied because docker.sock
is owned by root and the container runs under an unprivileged user.
One has to change the permissions of docker.sock
(which is actually a link to /run/podman/podman.sock) to be writeable by the user.
If we don't need to use docker inside the containers, then we can remove this file,
thus we can run this GitHub action as an unprivileged user out of the box.
This commit is contained in:
Paul Pacheco
GitHub
parent
1ae498bcf1
commit
9440c54d51
BIN
dist/index.js
generated
vendored
BIN
dist/index.js
generated
vendored
Binary file not shown.
BIN
dist/index.js.map
generated
vendored
BIN
dist/index.js.map
generated
vendored
Binary file not shown.
@ -52,7 +52,6 @@ class Docker {
|
|||||||
return `--env UNITY_SERIAL \
|
return `--env UNITY_SERIAL \
|
||||||
--env GITHUB_WORKSPACE=/github/workspace \
|
--env GITHUB_WORKSPACE=/github/workspace \
|
||||||
${sshAgent ? '--env SSH_AUTH_SOCK=/ssh-agent' : ''} \
|
${sshAgent ? '--env SSH_AUTH_SOCK=/ssh-agent' : ''} \
|
||||||
--volume "/var/run/docker.sock":"/var/run/docker.sock" \
|
|
||||||
--volume "${githubHome}":"/root:z" \
|
--volume "${githubHome}":"/root:z" \
|
||||||
--volume "${githubWorkflow}":"/github/workflow:z" \
|
--volume "${githubWorkflow}":"/github/workflow:z" \
|
||||||
--volume "${workspace}":"/github/workspace:z" \
|
--volume "${workspace}":"/github/workspace:z" \
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user