Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ScribeMD/rootless-docker
Run Docker in Rootless Mode to Prevent Permission Errors
https://github.com/ScribeMD/rootless-docker
asdf composite-action conventional-commits docker editorconfig github-actions github-actions-docker megalinter nodejs permissions pre-commit prettier python python-poetry renovate rootless-docker security semver vscode yaml
Last synced: 2 months ago
JSON representation
Run Docker in Rootless Mode to Prevent Permission Errors
- Host: GitHub
- URL: https://github.com/ScribeMD/rootless-docker
- Owner: ScribeMD
- License: mit
- Created: 2021-10-02T09:19:14.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2024-03-26T01:37:49.000Z (10 months ago)
- Last Synced: 2024-11-14T12:54:23.023Z (3 months ago)
- Topics: asdf, composite-action, conventional-commits, docker, editorconfig, github-actions, github-actions-docker, megalinter, nodejs, permissions, pre-commit, prettier, python, python-poetry, renovate, rootless-docker, security, semver, vscode, yaml
- Homepage:
- Size: 322 KB
- Stars: 30
- Watchers: 1
- Forks: 5
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# rootless-docker
[](https://github.com/marketplace/actions/rootless-docker)
[](https://docs.docker.com/engine/security/rootless/)
[](https://github.com/ScribeMD/rootless-docker/actions/workflows/test.yaml)
[](https://github.com/kucherenko/jscpd)
[](https://docs.renovatebot.com/)
[](https://python-poetry.org/)
[](https://pre-commit.com/)
[](https://conventionalcommits.org)
[](https://semver.org/)
[](https://prettier.io/)
[](https://editorconfig.org/)
[](https://code.visualstudio.com/)
Run Docker in Rootless Mode to Prevent Permission Errors
- [rootless-docker](#rootless-docker)
- [Usage](#usage)
- [Supported Runners](#supported-runners)
- [Permissions](#permissions)
- [Changelog](#changelog)
GitHub-hosted (and many self-hosted) runners use rootful Docker, but the runner
itself does not run as root. As described in
[actions/runner#434](https://github.com/actions/runner/issues/434), files
created by Docker containers are hence owned by root, resulting in permission
errors when the runner attempts to clean up checked out repositories. This
action efficiently prevents those permission errors by running Docker in
rootless mode so that all files are owned by the runner user. This approach has
many benefits as it is:
- safer than elevating the runner to root
- less brittle than changing the ownership/permissions of or deleting files
- simpler than other ways of running rootless Docker
- and fast (~15 seconds on GitHub-hosted runner `ubuntu-22.04`)
[Docker's documentation](https://docs.docker.com/engine/security/rootless/)
discusses rootless mode in detail. If you are running a supported Linux
distribution locally, you can follow the steps there to use rootless mode. If
you aren't sure, you can ask Docker whether it is in rootless mode:
```sh
docker info --format "{{ .ClientInfo.Context }}"
```
## Usage
- Add the following step before your first use of Docker:
```yaml
- name: Use Docker in rootless mode.
uses: ScribeMD/[email protected]
```
## Supported Runners
- Tested on `ubuntu-22.04`
- Probably works on `ubuntu-18.04` and `ubuntu-20.04`
- May work on future versions of Linux
- Definitely doesn't work on Windows or macOS since Docker only offers rootless
mode on Linux
## Permissions
No
[permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token)
are required.
## Changelog
Please refer to [`CHANGELOG.md`](CHANGELOG.md).