--container-daemon-socket and DOCKER_HOST both required with Podman

[fenech]

Bug report info

❯ gh act --bug-report
act version:            0.2.50
GOOS:                   linux
GOARCH:                 amd64
NumCPU:                 8
Docker host:            unix:///run/user/1000/podman/podman.sock
Sockets found:
        /var/run/docker.sock(broken)
        $XDG_RUNTIME_DIR/docker.sock
        $XDG_RUNTIME_DIR/podman/podman.sock
Config files:           
        /home/tom/.actrc:
                -P ubuntu-latest=node:12.20.1-buster-slim
                -P ubuntu-20.04=node:12.20.1-buster-slim
                -P ubuntu-18.04=node:12.20.1-buster-slim
                -P ubuntu-16.04=node:12.20.1-stretch-slim
Build info:
        Go version:            go1.20.7
        Module path:           github.com/nektos/act
        Main version:          (devel)
        Main path:             github.com/nektos/act
        Main checksum:         
        Build settings:
                -buildmode:           exe
                -compiler:            gc
                -trimpath:            true
                CGO_ENABLED:          0
                GOARCH:               amd64
                GOOS:                 linux
                GOAMD64:              v1
                vcs:                  git
                vcs.revision:         e8856f0fb00fcdd16eef2325b845f55f5d346f51
                vcs.time:             2023-08-21T16:17:06Z
                vcs.modified:         true
Docker Engine:
        Engine version:        4.6.2
        Engine runtime:        crun
        Cgroup version:        2
        Cgroup driver:         systemd
        Storage driver:        overlay
        Registry URI:          
        OS:                    fedora
        OS type:               linux
        OS version:            38
        OS arch:               amd64
        OS kernel:             6.4.15-200.fc38.x86_64
        OS CPU:                8
        OS memory:             15687 MB
        Security options:
                name=seccomp,profile=default
                name=rootless
                name=selinux

Command used with act

act --container-daemon-socket $XDG_RUNTIME_DIR/podman/podman.sock pull_request -e pull_request.json 

# or
export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock
act pull_request -e pull_request.json

Describe issue

When using Podman with the podman.socket service running, it is necessary to specify both --container-daemon-socket and DOCKER_HOST. It seems like it should be sufficient to only set DOCKER_HOST and for that socket to be used, without having to also pass --container-daemon-socket.

Output with DOCKER_HOST unset:

❯ gh act --container-daemon-socket $XDG_RUNTIME_DIR/podman/podman.sock pull_request -e pull_request.json
[Asana/set-state-waiting] 🚀  Start image=node:12.20.1-buster-slim
[Asana/set-state-waiting]   🐳  docker pull image=node:12.20.1-buster-slim platform= username= forcePull=true
Error: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/images/create?fromImage=node&tag=12.20.1-buster-slim": dial unix /var/run/docker.sock: connect: permission denied

N.B. There is no additional log output when using -v in this case.

---

Output with DOCKER_HOST set, no command line argument:

❯ export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock
❯ gh act pull_request -e pull_request.json
[Asana/set-state-waiting] 🚀  Start image=node:12.20.1-buster-slim
[Asana/set-state-waiting]   🐳  docker pull image=node:12.20.1-buster-slim platform= username= forcePull=true
[Asana/set-state-waiting]   🐳  docker create image=node:12.20.1-buster-slim platform= entrypoint=["tail" "-f" "/dev/null"] cmd=[]
Error: failed to create container: 'Error response from daemon: container create: statfs /var/run/docker.sock: permission denied'

With both the environment variable and the command line argument, the command runs successfully.

Verbose output for this case is shown below.

Link to GitHub repository

No response

Workflow content

name: Asana

on:
  pull_request:
    types: ["opened", "edited", "reopened", "synchronize", "ready_for_review"]

jobs:
  set-state-waiting:
    if: ${{ !github.event.pull_request.draft }}
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2

Relevant log output

[Asana/set-state-waiting] [DEBUG] pulling image 'docker.io/library/node:12.20.1-buster-slim' ()
DEBU[0000] Saving notices etag=16104d16-7646-4b54-86fe-f05680fde0a5 
DEBU[0000] No new notices                               
[Asana/set-state-waiting] [DEBUG] Already exists :: cd4902827248
[Asana/set-state-waiting] [DEBUG] Already exists :: 450331f0fd6d
[Asana/set-state-waiting] [DEBUG] Already exists :: 56f831d51b9a
[Asana/set-state-waiting] [DEBUG] Already exists :: d7361e2eb1cb
[Asana/set-state-waiting] [DEBUG] Already exists :: 45b42c59be33
[Asana/set-state-waiting] [DEBUG] Pulling fs layer :: 4ead7950876e
[Asana/set-state-waiting] [DEBUG] Download complete :: 4ead7950876e
[Asana/set-state-waiting] [DEBUG] Download complete :: 4ead7950876e
[Asana/set-state-waiting]   🐳  docker create image=node:12.20.1-buster-slim platform= entrypoint=["tail" "-f" "/dev/null"] cmd=[]
[Asana/set-state-waiting] [DEBUG] Common container.Config ==> &{Hostname: Domainname: User: AttachStdin:false AttachStdout:false AttachStderr:false ExposedPorts:map[] Tty:true OpenStdin:false StdinOnce:false Env:[RUNNER_TOOL_CACHE=/opt/hostedtoolcache RUNNER_OS=Linux RUNNER_ARCH=amd64 RUNNER_TEMP=/tmp LANG=C.UTF-8] Cmd:[] Healthcheck:<nil> ArgsEscaped:false Image:node:12.20.1-buster-slim Volumes:map[] WorkingDir:/home/tom/dev/nbycomp/asana-github-actions Entrypoint:[] NetworkDisabled:false MacAddress: OnBuild:[] Labels:map[] StopSignal: StopTimeout:<nil> Shell:[]}
[Asana/set-state-waiting] [DEBUG] Common container.HostConfig ==> &{Binds:[/var/run/docker.sock:/var/run/docker.sock] ContainerIDFile: LogConfig:{Type: Config:map[]} NetworkMode:host PortBindings:map[] RestartPolicy:{Name: MaximumRetryCount:0} AutoRemove:false VolumeDriver: VolumesFrom:[] ConsoleSize:[0 0] Annotations:map[] CapAdd:[] CapDrop:[] CgroupnsMode: DNS:[] DNSOptions:[] DNSSearch:[] ExtraHosts:[] GroupAdd:[] IpcMode: Cgroup: Links:[] OomScoreAdj:0 PidMode: Privileged:false PublishAllPorts:false ReadonlyRootfs:false SecurityOpt:[] StorageOpt:map[] Tmpfs:map[] UTSMode: UsernsMode: ShmSize:0 Sysctls:map[] Runtime: Isolation: Resources:{CPUShares:0 Memory:0 NanoCPUs:0 CgroupParent: BlkioWeight:0 BlkioWeightDevice:[] BlkioDeviceReadBps:[] BlkioDeviceWriteBps:[] BlkioDeviceReadIOps:[] BlkioDeviceWriteIOps:[] CPUPeriod:0 CPUQuota:0 CPURealtimePeriod:0 CPURealtimeRuntime:0 CpusetCpus: CpusetMems: Devices:[] DeviceCgroupRules:[] DeviceRequests:[] KernelMemory:0 KernelMemoryTCP:0 MemoryReservation:0 MemorySwap:0 MemorySwappiness:<nil> OomKillDisable:<nil> PidsLimit:<nil> Ulimits:[] CPUCount:0 CPUPercent:0 IOMaximumIOps:0 IOMaximumBandwidth:0} Mounts:[{Type:volume Source:act-toolcache Target:/toolcache ReadOnly:false Consistency: BindOptions:<nil> VolumeOptions:<nil> TmpfsOptions:<nil> ClusterOptions:<nil>} {Type:volume Source:act-Asana-set-state-waiting-9673d7f8d5ebf1d8a45653134007d1a04bfeeb01bae6f2e7b538729310d1ff6a-env Target:/var/run/act ReadOnly:false Consistency: BindOptions:<nil> VolumeOptions:<nil> TmpfsOptions:<nil> ClusterOptions:<nil>} {Type:volume Source:act-Asana-set-state-waiting-9673d7f8d5ebf1d8a45653134007d1a04bfeeb01bae6f2e7b538729310d1ff6a Target:/home/tom/dev/nbycomp/asana-github-actions ReadOnly:false Consistency: BindOptions:<nil> VolumeOptions:<nil> TmpfsOptions:<nil> ClusterOptions:<nil>}] MaskedPaths:[] ReadonlyPaths:[] Init:<nil>}
Error: failed to create container: 'Error response from daemon: container create: statfs /var/run/docker.sock: permission denied'

Additional information

No response

[ChristopherHX]

I'm responding here, because a PR aims to close this Issue. However I don't think it does fix it
Did you try?

act --container-daemon-socket unix://$XDG_RUNTIME_DIR/podman/podman.sock

I mean the help text of act --help says uri not filepath

--container-daemon-socket <uri> URI to Docker Engine socket (e.g.: unix://~/.docker/run/docker.sock or - to disable bind mounting the socket)")

Act (might) has no logic to convert the filepath to uri, so DOCKER_HOST is not derived if you provide a file path.

[fenech]

Sure enough, it works like:

unset DOCKER_HOST
act --container-daemon-socket unix://$XDG_RUNTIME_DIR/podman/podman.sock

as you say 👍

But it'd be nice if it was sufficient to use the DOCKER_HOST environment variable, which I already have set, rather than having to always pass this --container-daemon-socket option.

[ChristopherHX]

I believe #2181 fixes your concern.

But it'd be nice if it was sufficient to use the DOCKER_HOST environment variable, which I already have set, rather than having to always pass this --container-daemon-socket option.

In the latest act release adding a single line to ~/.actrc

--container-daemon-socket ${DOCKER_HOST}

also make the cli option implicit. And get derived.

Still there is a PR, that makes creating a .actrc file irrelevant.