Error: File was unable to be removed Error: EACCES: permission denied, rmdir '/opt/actions-runner/_work/...

[mihalt]

When I run checout second+ times I have error like this on the title on my ubuntu self-hosted runner. A config is very simple like

on:
  push:
    branches: [ "production", "developing" ]
  pull_request:
    branches: [ "production", "developing" ]
  workflow_dispatch:

env:
  IMAGE_NAME: ${{ github.repository }}

jobs:
  testing:
    runs-on: self-hosted

    permissions:
      contents: write

    steps:
      - uses: actions/checkout@v4

      - uses: hoverkraft-tech/compose-action@v1.5.1
        with:
          up-flags: "--build"
      - name: testing
        run: "docker compose exec app pytest"
...

This command can help, but just once. After on the next running of job I see the same errors:

sudo chmod -R u+w /opt/actions-runner/_work/
sudo chown -R <username>:<group> /opt/actions-runner/_work/

[seniordev-ca]

@mihalt , any updates on this how to fix the error?

[mihalt]

@seniordev-ca Nothing better than this yet

This command can help, but just once. After on the next running of job I see the same errors:

sudo chmod -R u+w /opt/actions-runner/_work/
sudo chown -R : /opt/actions-runner/_work/

[rainerh]

We are facing the same issue on all GitHub managed runners since this morning.

Error: File was unable to be removed Error: EACCES: permission denied, unlink '/home/runner/work/<reponame>/<reponame>/pkg/mod/golang.org/x/telemetry/config@v0.28.0/LICENSE'

A quick workaround for us was to disable the GOPROXY before the first checkout step as described here: golang/go#67463 (comment)

      - run: |
          echo "GOPROXY=off" >> $GITHUB_ENV

[asei-proxima]

I faced same issue. But the following code resolve this issue:

./svc.sh install root

sudo ./svc.sh start

(please uninstall existing service, first)

[marissareyes80]

Y como lo hago? El lun, 19 de ago de 2024, 1:46 a. m., Asei Inoue ***@***.***> escribió:

…

I faced same issue. But the following code resolve this issue: ./svc.sh install root — Reply to this email directly, view it on GitHub <#1720 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/BKA5PLXFOCH35HYFVC45573ZSGPFLAVCNFSM6AAAAABHNSK6K6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEOJVHA4DIOBUG4> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[pmabres]

Having the same issue with Github cloud hosted runners and custom docker images using ghcr.io registry.

jobs:
  build:
    runs-on: ubuntu-latest
    container:
      image:  ghcr.io/${{ github.repository_owner }}/MY_CUSTOM_IMAGE:main
      credentials:
        username: ${{ github.actor }}
        password: ${{ secrets.GITHUB_TOKEN }}
    steps:
    - uses: actions/checkout@v4.1.0

Is producing the following output

/usr/bin/docker exec  9c1ef0722b50a35be011c94cd4b11613abd66de932815320787efe6a556b42ec sh -c "cat /etc/*release | grep ^ID"
node:fs:2346
    return binding.writeFileUtf8(
                   ^

Error: EACCES: permission denied, open '/__w/_temp/_runner_file_commands/save_state_67a1c14a-d0a9-4347-a4e9-91d95775aead'
    at Object.writeFileSync (node:fs:2346:20)
    at Object.appendFileSync (node:fs:2427:6)
    at Object.issueFileCommand (/__w/_actions/actions/checkout/v4.1.0/dist/index.js:2967:8)
    at Object.saveState (/__w/_actions/actions/checkout/v4.1.0/dist/index.js:2884:31)
    at 8647 (/__w/_actions/actions/checkout/v4.1.0/dist/index.js:2343:10)
    at __nccwpck_require__ (/__w/_actions/actions/checkout/v4.1.0/dist/index.js:[18](https://github.com/###REDACTED###/actions/runs/10448856273/job/28973868656#step:3:19)273:43)
    at 2565 (/__w/_actions/actions/checkout/v4.1.0/dist/index.js:146:34)
    at __nccwpck_require__ (/__w/_actions/actions/checkout/v4.1.0/dist/index.js:18273:43)
    at 9[21](https://github.com/###REDACTED###/actions/runs/10448856273/job/28973868656#step:3:22)0 (/__w/_actions/actions/checkout/v4.1.0/dist/index.js:1144:36)
    at __nccwpck_require__ (/__w/_actions/actions/checkout/v4.1.0/dist/index.js:18273:43) {
  errno: -13,
  code: 'EACCES',
  syscall: 'open',
  path: '/__w/_temp/_runner_file_commands/save_state_67a1c14a-d0a9-4347-a4e9-91d95775aead'
}

[jdebbink]

Also getting this issue. I'm using this workaround with some success.

- uses: actions/checkout@v4
   with:
     path: ${{ github.sha }}

[jacescheffler-tanduo]

Also getting this issue. I'm using this workaround with some success.

- uses: actions/checkout@v4
   with:
     path: ${{ github.sha }}

This worked for one of our pipelines that had two jobs running on a single self hosted server runner. The first job always succeeded but the second job would fail until we added path: ${{ github.sha }}

[hcvdwerf]

Also getting this issue. I'm using this workaround with some success.

- uses: actions/checkout@v4
   with:
     path: ${{ github.sha }}

This worked for one of our pipelines that had two jobs running on a single self hosted server runner. The first job always succeeded but the second job would fail until we added path: ${{ github.sha }}

Not working for me: https://github.com/Health-RI/ckanext-dcat/actions/runs/11841455363

[djha-skin]

I found the problem, at least what it looks like on our end. The build couldn't get rid of some golang build files, and I looked in the directory that couldn't be gotten rid of. Look what I found:

total 128K
dr-xr-xr-x 19 github github 4.0K Dec 23 20:48 .
drwxr-xr-x  8 github github 4.0K Dec 23 20:48 ..
dr-xr-xr-x  2 github github 4.0K Dec 23 20:48 cases
dr-xr-xr-x  3 github github 4.0K Dec 23 20:48 cmd
-r--r--r--  1 github github   21 Dec 23 20:48 codereview.cfg
dr-xr-xr-x  4 github github 4.0K Dec 23 20:48 collate
-r--r--r--  1 github github  913 Dec 23 20:48 CONTRIBUTING.md
dr-xr-xr-x  2 github github 4.0K Dec 23 20:48 currency
dr-xr-xr-x  2 github github 4.0K Dec 23 20:48 date
-r--r--r--  1 github github  653 Dec 23 20:48 doc.go
dr-xr-xr-x 12 github github 4.0K Dec 23 20:48 encoding
dr-xr-xr-x  3 github github 4.0K Dec 23 20:48 feature
-r--r--r--  1 github github 8.8K Dec 23 20:48 gen.go
-r--r--r--  1 github github  345 Dec 23 20:48 .gitattributes
-r--r--r--  1 github github  206 Dec 23 20:48 .gitignore
-r--r--r--  1 github github  220 Dec 23 20:48 go.mod
-r--r--r--  1 github github  523 Dec 23 20:48 go.sum
dr-xr-xr-x 16 github github 4.0K Dec 23 20:48 internal
dr-xr-xr-x  4 github github 4.0K Dec 23 20:48 language
-r--r--r--  1 github github 1.5K Dec 23 20:48 LICENSE
dr-xr-xr-x  4 github github 4.0K Dec 23 20:48 message
dr-xr-xr-x  2 github github 4.0K Dec 23 20:48 number
-r--r--r--  1 github github 1.3K Dec 23 20:48 PATENTS
-r--r--r--  1 github github 3.0K Dec 23 20:48 README.md
dr-xr-xr-x  2 github github 4.0K Dec 23 20:48 runes
dr-xr-xr-x  2 github github 4.0K Dec 23 20:48 search
dr-xr-xr-x  4 github github 4.0K Dec 23 20:48 secure
dr-xr-xr-x  2 github github 4.0K Dec 23 20:48 transform
dr-xr-xr-x  7 github github 4.0K Dec 23 20:48 unicode
dr-xr-xr-x  2 github github 4.0K Dec 23 20:48 width

The files all have github as their owner, which is correct, but they are a lot of them marked -r--r--r--, which disallows the build from removing the file.

The solution (workaround) is to add this build step before checkout:

      - name: https://github.com/actions/checkout/issues/1720
        run: |
          chmod -R u+rwX .

Perhaps you guys might add a chmod option to fix?

[sriram-rach]

I'm also facing the same issue, is there a workaround for this?

[rrichards]

I've tried the above workaround but the same issue persists.

[pmabres]

Some people might experience in self hosted runners that the writing of GitHub runner temp folders (anything under _work) that is done whilst using docker containers might not match what the runner can have access to.

This could occur because a mismatch of what user docker is associated with and the user of the GitHub runner.

The solution would be to just make sure that both users can access the same resources.

For example, If you're running docker with --priviledge access, make sure your GitHub runner service is running as root.

[rrichards]

I am curious how many people get this error when running directly on the host compared to running in a container?

[duckworth]

The only way I have been able to resolve this issue when installing the service as non-root was to:

• Add the actions-runner user to the Docker group.
• Update /etc/subuid and /etc/subgid to map the actions-runner UID and GID correctly.
• Configure Docker’s daemon to use user namespace remapping with the actions-runner user.