Gitea Actions mounting workspace in another container

[gizbo]

Description

Hello guys,
I'm trying to scan my code with SonarQube. Here's my current implementation:

      run: |
          echo "Current directory: $(pwd)"
          echo "Listing contents:"
          ls -la
          docker run --rm \
            --user root \
            --network gitea_net \
            -e SONAR_HOST_URL="${{ vars.SONARQUBE_HOST }}" \
            -e SONAR_TOKEN="${{ secrets.SONARQUBE_TOKEN }}" \
            -v "$(pwd)":/usr/src \
            sonarsource/sonar-scanner-cli \
            -Dsonar.projectKey="${{ vars.SONARQUBE_PROJECT_KEY }}" \
            -Dsonar.sources=.

But for some reason, the volume bind is not working. Here is another simplified job (with SonarQube removed from the equation) to highlight the binding issue:

      run: | 
        echo "Current directory: $(pwd)"
        echo "Listing contents:"
        ls -la 
        docker run --rm \
          --privileged \
          -v "$(pwd):/tmp" \
          alpine:latest \
          sh -c 'ls -la /tmp && echo "Files in app:" && ls -la /tmp/app' 

Again, this fails. How can I get my checked-out project to be processed by this other container?

Thanks.

Gitea Version

1.23.5

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

docker-compose.yml

name: gitea

services:
  gitea_srv:
    image: docker.gitea.com/gitea:1.23.5
    container_name: gitea_srv
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - GITEA__database__DB_TYPE=postgres
      - GITEA__database__HOST=db:5432
      - GITEA__database__NAME=gitea
      - GITEA__database__USER=${POSTGRES_USER}
      - GITEA__database__PASSWD=${POSTGRES_PASSWORD}
    restart: always
    networks:
      - gitea
    volumes:
      - gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "8030:3000"
      - "2221:22"
    depends_on:
      - db

  sonarqube:
    image: sonarqube:community
    container_name: sonarqube
    depends_on:
      - db
    environment:
      - SONAR_JDBC_URL=jdbc:postgresql://db:5432/sonar
      - SONAR_JDBC_USERNAME=${POSTGRES_USER}
      - SONAR_JDBC_PASSWORD=${POSTGRES_PASSWORD}
    volumes:
      - sonarqube_data:/opt/sonarqube/data
      - sonarqube_extensions:/opt/sonarqube/extensions
      - sonarqube_logs:/opt/sonarqube/logs
    networks:
      - gitea
    ports:
      - "9000:9000"

  db:
    image: docker.io/library/postgres:14
    container_name: postgres_db
    restart: always
    environment:
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
    networks:
      - gitea
    volumes:
      - postgres_data:/var/lib/postgresql/data
      - ./db/init.sql:/docker-entrypoint-initdb.d/init.sql:ro

  runner:
    image: docker.io/gitea/act_runner:latest
    container_name: gitea_runner
    environment:
      - GITEA_INSTANCE_URL=http://gitea_srv:3000
      - GITEA_RUNNER_REGISTRATION_TOKEN=${GITEA_RUNNER_REGISTRATION_TOKEN}
      - GITEA_RUNNER_NAME=Gitea Runner
      - CONFIG_FILE=/config.yml
    depends_on:
      - db
      - gitea_srv
    networks:
      - gitea
    volumes:
      - ./runner/config.yml:/config.yml:ro
      - runner:/data
      - /var/run/docker.sock:/var/run/docker.sock

networks:
  gitea:
    external: false

volumes:
  gitea:
  sonarqube_data:
  sonarqube_extensions:
  sonarqube_logs:
  runner:
  postgres_data:

runner config.yml

log:
  level: info

runner:
  file: .runner
  capacity: 1
  envs:
    A_TEST_ENV_NAME_1: a_test_env_value_1
    A_TEST_ENV_NAME_2: a_test_env_value_2
  env_file: .env
  timeout: 3h
  shutdown_timeout: 0s
  insecure: false
  fetch_timeout: 5s
  fetch_interval: 2s
  labels:
    - "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
    - "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
    - "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"

cache:
  enabled: true
  dir: ""
  host: ""
  port: 0
  external_server: ""

container:
  network: "gitea_gitea"
  privileged: true
  options:
  workdir_parent:
  valid_volumes: []
  docker_host: ""
  force_pull: true
  force_rebuild: false

host:
  workdir_parent:

Database

None

[techknowlogick]

This is because the socket you are providing to the runner is for the host. So when you try to mount a path it is in the host. Each workflow is given a volume for its workspace, and I'd recommend trying to mount from that instead in your container so you can access files in the workspace. Off hand I can't remember how to get the volume name, but I believe it is possible to fetch from the environment (at the very least df might have it)

[techknowlogick]

As for sonaqube, there is a plugin available, but you could also try using the following tutorial: https://about.gitea.com/resources/tutorials/gitea-integrate-sonarqube

[gizbo]

Hello,

Thank you so much for your reply. I actually had looked at the example, but unfortunately, it wasn’t working with the latest version of SonarQube due to the old version of Java...

That said, great news! I found a solution! The proposed GitHub Action from the latest version of SonarQube worked!!! 🙂

If you're interested, here is my implementation.

on:
  push:
    branches:
      - main
  pull_request:
      types: [opened, synchronize, reopened]

name: SonarQube Scan
jobs:
  sonarqube:
    name: SonarQube Trigger
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
      - uses: SonarSource/sonarqube-scan-action@v4
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL }}

Cheers,

[techknowlogick]

Awesome. Thanks for the details on the update action <3