From ad9cb43c31d5b0a2d841da3139dd4163d4435ac9 Mon Sep 17 00:00:00 2001 From: vvanouytsel-trendminer Date: Mon, 10 Nov 2025 15:01:40 +0100 Subject: [PATCH] feat: check if required binaries are present (#272) * feat: check if required binaries are present Previously the necessary binaries were copied over using the runner container. This lead to issues in case your main container was using the musl libc implementation. Instead of copying over any binaries, the initContainer now checks if the required binaries are present in the main container. * feat: get rid of the init container * fix: add _runner_file_commands * fix: do not fail if _runner_file_commands does not exist It seems that for container actions this directory does not exist. --- packages/k8s/README.md | 1 + packages/k8s/src/hooks/run-container-step.ts | 4 +-- packages/k8s/src/k8s/index.ts | 27 -------------------- packages/k8s/src/k8s/utils.ts | 2 +- 4 files changed, 4 insertions(+), 30 deletions(-) diff --git a/packages/k8s/README.md b/packages/k8s/README.md index 608cb56..ecc893b 100644 --- a/packages/k8s/README.md +++ b/packages/k8s/README.md @@ -41,3 +41,4 @@ rules: - Container actions will not have access to the services network or job container network - Docker [create options](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idcontaineroptions) are not supported - Container actions will have to specify the entrypoint, since the default entrypoint will be overridden to run the commands from the workflow. +- Container actions need to have the following binaries in their container image: `sh`, `env`, `tail`. diff --git a/packages/k8s/src/hooks/run-container-step.ts b/packages/k8s/src/hooks/run-container-step.ts index 2235d9a..1786a38 100644 --- a/packages/k8s/src/hooks/run-container-step.ts +++ b/packages/k8s/src/hooks/run-container-step.ts @@ -104,7 +104,7 @@ export async function runContainerStep( try { core.debug(`Executing container step script in pod ${podName}`) return await execPodStep( - ['/__e/sh', '-e', containerPath], + ['sh', '-e', containerPath], pod.metadata.name, JOB_CONTAINER_NAME ) @@ -133,7 +133,7 @@ function createContainerSpec( podContainer.name = JOB_CONTAINER_NAME podContainer.image = container.image podContainer.workingDir = '/__w' - podContainer.command = ['/__e/tail'] + podContainer.command = ['tail'] podContainer.args = DEFAULT_CONTAINER_ENTRY_POINT_ARGS podContainer.volumeMounts = CONTAINER_VOLUMES diff --git a/packages/k8s/src/k8s/index.ts b/packages/k8s/src/k8s/index.ts index babf4c4..c0fd250 100644 --- a/packages/k8s/src/k8s/index.ts +++ b/packages/k8s/src/k8s/index.ts @@ -169,33 +169,6 @@ export async function createContainerStepPod( appPod.spec = new k8s.V1PodSpec() appPod.spec.containers = [container] - appPod.spec.initContainers = [ - { - name: 'fs-init', - image: - process.env.ACTIONS_RUNNER_IMAGE || - 'ghcr.io/actions/actions-runner:latest', - command: [ - 'bash', - '-c', - `sudo cp $(which sh) /mnt/externals/sh \ - && sudo cp $(which tail) /mnt/externals/tail \ - && sudo cp $(which env) /mnt/externals/env \ - && sudo chmod -R 777 /mnt/externals` - ], - securityContext: { - runAsGroup: 1001, - runAsUser: 1001, - privileged: true - }, - volumeMounts: [ - { - name: EXTERNALS_VOLUME_NAME, - mountPath: '/mnt/externals' - } - ] - } - ] appPod.spec.restartPolicy = 'Never' diff --git a/packages/k8s/src/k8s/utils.ts b/packages/k8s/src/k8s/utils.ts index 04779ad..a391d64 100644 --- a/packages/k8s/src/k8s/utils.ts +++ b/packages/k8s/src/k8s/utils.ts @@ -102,7 +102,7 @@ export function writeContainerStepScript( rm "$0" # remove script after running mv /__w/_temp/_github_home /github/home && \ mv /__w/_temp/_github_workflow /github/workflow && \ -mv /__w/_temp/_runner_file_commands /github/file_commands && \ +mv /__w/_temp/_runner_file_commands /github/file_commands || true && \ mv /__w/${parts.join('/')}/ /github/workspace && \ cd /github/workspace && \ exec ${environmentPrefix} ${entryPoint} ${