checkout: Permission denied when "Deleting the contents of"

Hi checkout team,

I’m having an issue when actions/checkout@v2 is trying to delete the repository:

image

I tried to change the permissions of the file but still happening, this has been happening since yesterday. I think that could be a bug but correct me if I’m wrong.

My .github/workflow/docker.yml is like this:

name: MorciTravel CI

on: [push]

jobs:

  morcitravel_job:
    name: Morcitravel job
    runs-on: ubuntu-latest
    env:
      KILL_JAVA_SH: ${{ github.workspace }}/ci/kill_java_process.sh
      SERVER_PUB_KEY: ${{ github.workspace }}/data/server/server_pub_key.txt
      JAVA_CMD_PATH: /opt/prod_jdk/bin/java
      JAR_NAME: morci-travel-api-
    services:
      mongodb:
        image: mongo:4-bionic
        ports:
          - 27017:27017
        volumes:
          - ${{ github.workspace }}/data/mongo/001_users.js:/docker-entrypoint-initdb.d/001_users.js
    steps:
      - name: Check out repository
        uses: actions/checkout@v2
      - name: Set up JDK 13
        uses: actions/setup-java@v1
        with:
          java-version: 13
      - name: Test & Package frontend
        run: mvn -B clean install -pl :morci-travel-frontend
      - name: Create version
        run: |
          APP_RELEASE_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
          APP_RELEASE_VERSION_ARRAY=(${APP_RELEASE_VERSION//./ })
          ((APP_RELEASE_VERSION_ARRAY[2]++))
          APP_RELEASE_VERSION="${APP_RELEASE_VERSION_ARRAY[0]}.${APP_RELEASE_VERSION_ARRAY[1]}.${APP_RELEASE_VERSION_ARRAY[2]}"
          echo "::set-env name=JAR_NAME::$JAR_NAME$APP_RELEASE_VERSION-SNAPSHOT.jar"
          mvn -B --batch-mode release:update-versions -DdevelopmentVersion=$APP_RELEASE_VERSION-SNAPSHOT
      - name: Test & Package backend
        run: mvn -B clean test package -pl :morci-travel-api
      - name: Prepare SSH Keys
        run: |
          mkdir -p ~/.ssh
          echo "${{ secrets.KEY }}" > ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa
          cat "$SERVER_PUB_KEY" > ~/.ssh/known_hosts
          chmod 600 ~/.ssh/known_hosts
      - name: Kill java process
        run: |
          ssh -p ${{ secrets.PORT }} ${{ secrets.USERNAME }}@${{ secrets.HOST }} 'bash -s' < $KILL_JAVA_SH
      - name: Remove old artifacts
        run: |
          ssh -p ${{ secrets.PORT }} ${{ secrets.USERNAME }}@${{ secrets.HOST }} "rm -rf morci-travel-api-*.jar"
      - name: Copy jar to server
        run: |
          scp -P ${{ secrets.PORT }} ${{ github.workspace }}/morci-travel-api/target/$JAR_NAME ${{ secrets.USERNAME }}@${{ secrets.HOST }}:~
      - name: Launch app
        run: |
          ssh -f -p ${{ secrets.PORT }} ${{ secrets.USERNAME }}@${{ secrets.HOST }} "$JAVA_CMD_PATH -Xms64M -Xmx256M -jar $JAR_NAME &"
      - name: Commit version
        run: |
          git config --global user.name 'Nicolas Vargas Ortega'
          git config --global user.email 'soasada@users.noreply.github.com'
          git commit -am "AUTOMATIC: Updated version"
          git push

About this issue

  • Original URL
  • State: open
  • Created 4 years ago
  • Reactions: 48
  • Comments: 37 (3 by maintainers)

Commits related to this issue

Most upvoted comments

I experienced the same issue. To get around this I ran a command to change file permissions right before executing actions/checkout:

sudo chown -R $USER:$USER /home/github/actions-runner/_work/{REPOSITORY_NAME_HERE}
+75
jeremylynch on Apr 10, 2020

@felipecrs Something like this (runs-on must be equal):

  configure:
    runs-on: ubuntu-latest
    outputs:
      containerUser: ${{ steps.get-user.outputs.containerUser }}
    
    steps:
      - id: get-user
        run: echo "::set-output name=containerUser::`id -u`:`id -g`"
    
    
  clone-and-install:
    
    needs: configure
    runs-on: ubuntu-latest
    container:
      image: mcr.microsoft.com/vscode/devcontainers/base:ubuntu
      options: --user ${{ needs.configure.outputs.containerUser }}
    steps:
      - uses: actions/checkout@v2

But it is ridiculous.

+21
xanantis on Aug 25, 2020

I experienced the same issue. To get around this I ran a command to change file permissions right before executing actions/checkout:

sudo chown -R $USER:$USER /home/github/actions-runner/_work/{REPOSITORY_NAME_HERE}

This worked for me - but I used ${{ github.workspace }} as the path

+19
TrangPham on Jun 20, 2021

I was able to resolve this by adding this step:

- name: Chown user
  run: |
    sudo chown -R $USER:$USER $GITHUB_WORKSPACE
+12
softlberton on Dec 5, 2022

I was able to resolve this by adding this step:

- name: Chown user
  run: |
    sudo chown -R $USER:$USER $GITHUB_WORKSPACE

Only solution that worked for me after 12 hours of debugging.

+9
temurih on Dec 31, 2022

Here is another solution that is a bit hacky but works to clean up the working directory before attempting any checkout:

jobs:
  cleanup:
    runs-on: self-hosted
    container:
      image: ubuntu:latest
    steps:
      - name: Cleaning up the $GITHUB_WORKSPACE as root from a Docker image
        # Volume auto mounted by gh actions pointing to the current working-directory
        run: find /__w/${{ github.event.repository.name }}/${{ github.event.repository.name }}/. -name . -o -prune -exec rm -rf -- {} + || true

  unit_tests:
    needs: cleanup
    name: Run the unit tests
    runs-on: self-hosted
    steps:
      - name: Checkout code
        uses: actions/checkout@v2

  ...

Hope it helps!

+8
EKami on Mar 17, 2021

You may need to specify the checkout path input to avoid the volume mount being under the repository.

The containers are setup at the beginning of the job. And git clone will fail if the directory isnt empty.

You could always symlink the dir back in place (or copy the files), if you need the data underneath the repository. Or if it’s your test data, consider updating your scripts to allow the location to be overridden using an env var.

+6
ericsciple on Apr 8, 2020

@Yalchin403 AutoModality/action-clean@v1 action fixed this for me

+5
rpiosi on Nov 2, 2022

I had to add “echo password” before, otherwise sudo is asking for password.

echo ${{secrets.DEPLOY_PASSWORD}} | sudo -S chown -R $USER:$USER /home/github/deployment/{REPOSITORY_NAME_HERE}

Is there a better solution?

+5
zpsjs on Apr 24, 2020

I’m going to add a troubleshooting doc. I’ll add a section for this.

+4
ericsciple on Apr 15, 2020

Is there any way to simply make the checkout work with containers running as non-root?

I’m trying something like:

clone-and-install:
    runs-on: ubuntu-latest
    container:
      image: mcr.microsoft.com/vscode/devcontainers/base:ubuntu
      options: --user 1000
  steps:
      - uses: actions/checkout@v2

and it does not work.

If I run the container as root it works by the way.

+3
felipecrs on Aug 22, 2020

Since I could not find an issue that exactly describes the real root cause and how to solve it, I created one. I believe this can now be closed.

+2
felipecrs on Sep 2, 2020

I believe the maintainers should close this issue since it’s not caused by this Action. And of course, point to the relevant repository.

Reading https://github.com/actions/runner/issues/434 description, I don’t think it’s so related.

+1
felipecrs on Sep 2, 2020

Any plan on fix this, this is quite annoying since many services limit user not to be root.

+1
gengjiawen on Sep 2, 2020

@felipecrs Well, how it looks, GitHub runner, is running under user, with UID: 1001 and GID: 116 So, change it to:

clone-and-install:
    runs-on: ubuntu-latest
    container:
      image: mcr.microsoft.com/vscode/devcontainers/base:ubuntu
      options: --user 1001
  steps:
      - uses: actions/checkout@v2
+1
xanantis on Aug 25, 2020

I was not able to solve this, and instead had to stop using a container altogether. Would love a solution if anyone has one. FYI @JungHanter @ekahannes

+1
guykeller on Jul 21, 2020
Read more comments on GitHub
← checkout: maxBuffer length exceeded
checkout: Private repository submodule sync failed. →