Light

scribemd / rootless-docker Goto Github PK

View Code? Open in Web Editor NEW

28.0 1.0 6.0 330 KB

Run Docker in Rootless Mode to Prevent Permission Errors

License: MIT License

docker permissions security github-actions-docker github-actions composite-action yaml rootless-docker conventional-commits editorconfig megalinter semver vscode python python-poetry pre-commit prettier asdf nodejs renovate

rootless-docker's Introduction

rootless-docker

Run Docker in Rootless Mode to Prevent Permission Errors

rootless-docker

GitHub-hosted (and many self-hosted) runners use rootful Docker, but the runner itself does not run as root. As described in actions/runner#434, files created by Docker containers are hence owned by root, resulting in permission errors when the runner attempts to clean up checked out repositories. This action efficiently prevents those permission errors by running Docker in rootless mode so that all files are owned by the runner user. This approach has many benefits as it is:

safer than elevating the runner to root
less brittle than changing the ownership/permissions of or deleting files
simpler than other ways of running rootless Docker
and fast (~15 seconds on GitHub-hosted runner ubuntu-22.04)

Docker's documentation discusses rootless mode in detail. If you are running a supported Linux distribution locally, you can follow the steps there to use rootless mode. If you aren't sure, you can ask Docker whether it is in rootless mode:

docker info --format "{{ .ClientInfo.Context }}"

Usage

Add the following step before your first use of Docker:

- name: Use Docker in rootless mode.
  uses: ScribeMD/[email protected]

Supported Runners

Tested on ubuntu-22.04
Probably works on ubuntu-18.04 and ubuntu-20.04
May work on future versions of Linux
Definitely doesn't work on Windows or macOS since Docker only offers rootless mode on Linux

Permissions

No permissions are required.

Changelog

Please refer to CHANGELOG.md.

rootless-docker's People

Contributors

Stargazers

Watchers

Forkers

renovate-bot 00mjk hasandoha 5l1v3r1

rootless-docker's Issues

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Pending Approval

These branches will be created by Renovate only once you click their checkbox below.

Awaiting Schedule

These updates are awaiting their schedule. Click on a checkbox to get an update now.

chore(deps): lock file maintenance

Detected dependencies

asdf

.tool-versions

node 20.11.1

python 3.12.2

poetry 1.8.2

github-actions

.github/workflows/notify-assignee.yaml

ScribeMD/slack-templates 0.6.37@bea126c3915616204196f29d27d6ab9526d61a25

.github/workflows/notify-reviewers.yaml

ScribeMD/slack-templates 0.6.37@bea126c3915616204196f29d27d6ab9526d61a25

.github/workflows/test.yaml

actions/checkout v4.1.1@b4ffde65f46336ab88eb53be808477a3936bae11

ScribeMD/pre-commit-action 0.9.127@832e026101148e0234fde20eecf91c08942ace4a

ScribeMD/slack-templates 0.6.37@bea126c3915616204196f29d27d6ab9526d61a25

ubuntu 22.04

pep621

pyproject.toml

poetry-core ==1.9.0

poetry

pyproject.toml

python ==3.12.2

commitizen ==3.18.4

pre-commit ==3.6.2

pre-commit

.pre-commit-config.yaml

ScribeMD/pre-commit-hooks 0.16.3

frnmst/md-toc 8.2.3

pre-commit/pre-commit-hooks v4.5.0

PrincetonUniversity/blocklint v0.2.4

commitizen-tools/commitizen v3.18.4

jumanjihouse/pre-commit-hooks 3.0.0

regex

.github/renovate.json

ScribeMD/.github 0.14.16

.pre-commit-config.yaml

python 3.12.2

.pre-commit-config.yaml

MegaLinter v7.7.0

.mega-linter.yaml

ScribeMD/.github 0.14.16

Check this box to trigger a request for Renovate to run again on this repository

Is the example in the README correct?

I have tried the example in the README in a workflow.

- name: Use Docker in rootless mode.
  uses: ScribeMD/rootless-docker@0

I observe the following error:

Error: Unable to resolve action ScribeMD/rootless-docker@0, unable to find version 0

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

Jobs