mirror of
https://github.com/actions/runner-container-hooks.git
synced 2025-12-14 16:46:43 +00:00
0951cc73e4
* fix: calculate hash again after failure The hash from the source is calculated only once. The source hash is checked with the destination hash, but if the destination hash does not match, the destination match is calculated again. The problem is that if the source hash is incorrect, the check will keep failing because the source hash is never re-calculated. Now, in the event that the hashes do not match, the hash of the source and the destination are calculated again. * fix: use size instead of block size Previously the %b parameter was used with stat. This displays the block size of the file. We noticed that in some cases the block size of the source and the destination file could be slightly different. Since the source and target run in different containers, they can have different block sizes defined. If the block size did not match, the hash would also not match, even if the file content would be exactly the same. With this change, the block size is no longer used. Instead the actual size in bytes of the file is listed.
K8s Hooks
Description
This implementation provides a way to dynamically spin up jobs to run container workflows, rather then relying on the default docker implementation. It is meant to be used when the runner itself is running in k8s, for example when using the Actions Runner Controller
Pre-requisites
Some things are expected to be set when using these hooks
- The runner itself should be running in a pod, with a service account with the following permissions
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: default
name: runner-role
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "create", "delete"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["get", "create"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get", "list", "watch",]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list", "create", "delete"]
- The
ACTIONS_RUNNER_POD_NAMEenv should be set to the name of the pod - The
ACTIONS_RUNNER_REQUIRE_JOB_CONTAINERenv should be set to true to prevent the runner from running any jobs outside of a container - The runner pod should map a persistent volume claim into the
_workdirectory- The
ACTIONS_RUNNER_CLAIM_NAMEenv should be set to the persistent volume claim that contains the runner's working directory, otherwise it defaults to${ACTIONS_RUNNER_POD_NAME}-work
- The
- Some actions runner env's are expected to be set. These are set automatically by the runner.
RUNNER_WORKSPACEis expected to be set to the workspace of the runnerGITHUB_WORKSPACEis expected to be set to the workspace of the job
Limitations
- A job containers will be required for all jobs
- Building container actions from a dockerfile is not supported at this time
- Container actions will not have access to the services network or job container network
- Docker create options are not supported
- Container actions will have to specify the entrypoint, since the default entrypoint will be overridden to run the commands from the workflow.
- Container actions need to have the following binaries in their container image:
sh,env,tail.