checkout: Error: EACCES: permission denied in container on self hosted Linux runner

In an effort to checkout a repo within a container that’s being self hosted on a Linux VM running Ubuntu 20.04 as follows:

name: OS Build

# Controls when the workflow will run
on: 
    push:
      paths-ignore:
        - "Dockerfile"
        - ".github/workflows/docker_build.yml"
        - README.md
    pull_request:
    workflow_dispatch:

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  # This workflow contains a single job called "build"
  build:
    # The type of runner that the job will run on
    runs-on: camis-build-p01
    container:
      image: ghcr.io/sensoftinc/imx8mp_yocto_build_environment:1.0.0
      options: -u docker

With the image Docker file defined as:

FROM ubuntu:20.04

ENV DEBIAN_FRONTEND noninteractive

RUN apt update && apt upgrade -y && apt install ca-certificates -y && apt install wget locales -y && locale-gen en_US.UTF-8     
RUN apt install sudo
RUN apt install gawk wget git-core diffstat unzip texinfo gcc-multilib build-essential chrpath socat libsdl1.2-dev util-linux srecord -y
        
RUN apt install xterm sed cvs subversion coreutils texi2html docbook-utils python-pysqlite2 help2man make gcc g++ desktop-file-utils \
        libgl1-mesa-dev libglu1-mesa-dev mercurial autoconf automake groff curl lzop asciidoc -y

RUN apt install cpio python python3-pip python3-pexpect xz-utils debianutils iputils-ping \
        python3-git python3-jinja2 libegl1-mesa xsltproc fop dblatex xmlto pylint3 -y

RUN apt install u-boot-tools -y

RUN groupadd -r docker && useradd -r -g docker -ms /bin/bash -u 1001 docker && adduser docker sudo

I get the following error:

/usr/bin/docker exec  5b033937ed15061a8f606fa5f3805d0794caf9e04e3c12576fda15d25bde22ab sh -c "cat /etc/*release | grep ^ID"
node:internal/fs/utils:344
    throw err;
    ^

Error: EACCES: permission denied, open '/__w/_temp/_runner_file_commands/save_state_c7001c04-a974-4f62-8e53-a488[14](https://github.com/SensoftInc/imx8mp_yocto/actions/runs/3490287639/jobs/5841522655#step:3:15)7475c5'
    at Object.openSync (node:fs:585:3)
    at Object.writeFileSync (node:fs:2[15](https://github.com/SensoftInc/imx8mp_yocto/actions/runs/3490287639/jobs/5841522655#step:3:16)3:35)
    at Object.appendFileSync (node:fs:2215:6)
    at Object.issueFileCommand (/__w/_actions/actions/checkout/v3/dist/index.js:2293:8)
    at Object.saveState (/__w/_actions/actions/checkout/v3/dist/index.js:1[18](https://github.com/SensoftInc/imx8mp_yocto/actions/runs/3490287639/jobs/5841522655#step:3:19)73:31)
    at Object.153 (/__w/_actions/actions/checkout/v3/dist/index.js:4044:10)
    at __webpack_require__ (/__w/_actions/actions/checkout/v3/dist/index.js:[22](https://github.com/SensoftInc/imx8mp_yocto/actions/runs/3490287639/jobs/5841522655#step:3:23):30)
    at Object.[28](https://github.com/SensoftInc/imx8mp_yocto/actions/runs/3490287639/jobs/5841522655#step:3:29)7 (/__w/_actions/actions/checkout/v3/dist/index.js:7013:34)
    at __webpack_require__ (/__w/_actions/actions/checkout/v3/dist/index.js:22:[30](https://github.com/SensoftInc/imx8mp_yocto/actions/runs/3490287639/jobs/5841522655#step:3:31))
    at Object.853 (/__w/_actions/actions/checkout/v3/dist/index.js:[31](https://github.com/SensoftInc/imx8mp_yocto/actions/runs/3490287639/jobs/5841522655#step:3:32)801:36) {
  errno: -13,
  syscall: 'open',
  code: 'EACCES',
  path: '/__w/_temp/_runner_file_commands/save_state_c7001c04-a974-4f62-8e53-a488147475c5'
}

About this issue

  • Original URL
  • State: open
  • Created 2 years ago
  • Reactions: 11
  • Comments: 21

Commits related to this issue

Most upvoted comments

I think https://github.com/actions/checkout/issues/956 has workarounds, so I think this issue can be closed.

The workaround that I used was to “override the default container user and use ‘root’”:

container: 
    image: alpine:latest
    options: --user root
+23
nschmeller on Jan 3, 2023

Today GitHub only supports root users on the container, so we likely will only get workarounds unless/until that changes.

+10
Chocrates on Sep 13, 2023

Yes, that’s what I am doing it now. But ideally, I want to run the unit tests in the container by a regular user. Because there is a bit of difference between running the program by a regular user and the root user in my case.

+4
junaruga on Feb 19, 2023

I have my own workaround - nonroot:

# add to dockerfile RUN mkdir -m 1777 /__w

+3
rhomolka-drw on Aug 8, 2023

Adding my 2 cents as well, we want to specifically not run as root so the workaround doesn’t work in our case. We figured any other way around this?

+2
Chocrates on Jun 29, 2023

The easiest way to workaround this is to go back to actions/upload-artifact@v2 not ideal although but it works

+1
gnuton on Feb 6, 2024

I have a self hosted actions-runner on Ubuntu 20.04. It runs without sudo. It was having this problem.

Adding this “cleanup old checkout” step is working for me.

steps:
      # The "cleanup old checkout" step is needed because of this bug: https://github.com/actions/checkout/issues/1014
      - name: cleanup old checkout  
        run: chmod +w -R ${GITHUB_WORKSPACE}; rm -rf ${GITHUB_WORKSPACE}/*;
      - name: Check out repository
        uses: actions/checkout@v4
+1
joeyOBenchmark on Jan 23, 2024

I get this when using a larger runner as well (following https://docs.github.com/en/actions/using-github-hosted-runners/about-larger-runners/running-jobs-on-larger-runners)

+1
acbramley on Dec 14, 2023

Looks like https://github.com/actions/checkout/issues/956 is related…

+1
nschmeller on Jan 3, 2023
Read more comments on GitHub
← checkout: Duplicate name in working directory during checkout
checkout: Error: /etc/*release "no such file or directory" →