Specify container uid and gid

[mtcolman]

Can it be made possible to specify user and group to be used in the docker run command?

Such as using an options command?

name: 'Container Action Template'
description: 'Get started with Container actions'
author: 'GitHub'
inputs: 
  myInput:
    description: 'Input to use'
    default: 'world'
runs:
  using: 'docker'
  image: 'Dockerfile'
  options: --user 1000:1000
  args:
    - ${{ inputs.myInput }}

My use case is as follows: We have a container where we specify the user (uid=1000,gid=1000) and one of the workflow steps we wish for is to start the container up and send some args to it. If it's successful, we know the PR hasn't broken it.

However when using container-action github is starting the container and mounting workspace, workflow, home etc as uid=1001 and gid=121 and therefore our user (who is non-root) cannot then perform actions in a script.

Thanks,

Matt

[ncalteen]

Hello! Apologies for the delay in responding to this issue. Unfortunately at this time adding separate command options is not supported for container-based actions.

In this scenario, do you intend for other workflows to call the same container? Or is it part of a single workflow only? If it's just for this workflow, you could build and run the container "locally" (within the workflow) and run it from there. Here's a quick example:

name: Continuous Integration

on:
  pull_request:
    branches:
      - main
  push:
    branches:
      - main

jobs:
  test-docker:
    name: Docker Tests
    runs-on: ubuntu-latest

    # Run a local registry to push to
    services:
      registry:
        image: registry:2
        ports:
          - 5001:5000

    env:
      TEST_TAG: localhost:5001/actions/container-action:latest

    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@v3

      - name: Setup Docker BuildX
        id: setup-buildx
        uses: docker/setup-buildx-action@v2
        with:
          install: true
          driver-opts: network=host

      - name: Build the Container
        id: build
        uses: docker/build-push-action@v4
        with:
          context: .
          push: true
          tags: ${{ env.TEST_TAG }}

      - name: Run the Container
        id: run
        env:
          INPUT_WHO_TO_GREET: Mona Lisa Octocat
        run: |
          docker run \
            --env INPUT_WHO_TO_GREET="${{ env.INPUT_WHO_TO_GREET }}" \
            --rm ${{ env.TEST_TAG }}

The main thing to note here is the services block specifies a local container registry that is run within the workflow. That way the container can be built, "pushed," and run all within the same action.

[ncalteen]

Hey @mtcolman checking in if this was still an issue for you, or if you had a chance to try the above. If you're still running into this problem please let me know! I'll go ahead and close this for now, but definitely feel free to reopen if you're still having any trouble :)