diff --git a/.github/workflows/test-user_option.yml b/.github/workflows/test-user_option.yml new file mode 100644 index 0000000..a9b7d6b --- /dev/null +++ b/.github/workflows/test-user_option.yml @@ -0,0 +1,48 @@ +name: Test user option +on: + push: + branches: + - 'main' + - 'releases/**' + pull_request: + workflow_dispatch: + +jobs: + build: + runs-on: ubuntu-latest + steps: + - run: | + id | grep -c runner + - uses: actions/checkout@v3 + - uses: ./ # pguyot/arm-runner-action@HEAD + with: + commands: | + id | grep -c root + - uses: ./ # pguyot/arm-runner-action@HEAD + with: + user: nobody + commands: | + id | grep -c nobody + - uses: ./ # pguyot/arm-runner-action@HEAD + with: + user: nobody:lp + commands: | + id | grep -c lp + - uses: ./ # pguyot/arm-runner-action@HEAD + with: + user: nobody + use_systemd_nspawn: true + commands: | + id | grep -c nobody + - id: unknown_user + continue-on-error: true + uses: ./ # pguyot/arm-runner-action@HEAD + with: + user: unknown_user + commands: | + id + - name: Report unexpected success + if: ${{ steps.unknown_user.outcome == 'success' }} + run: | + echo "Action is expected to fail" + exit 1 diff --git a/README.md b/README.md index f9f0332..327f33c 100644 --- a/README.md +++ b/README.md @@ -240,6 +240,13 @@ with some shells that come packaged under a different package name. For example, to use `ksh93` as shell, set `shell` to `ksh93` and `shell_package` to `ksh`. +#### `user` + +User to run commands within the image. It must exists. +By default, commands are run with user 0 (root). +Unless you are using `systemd-nspawn`, you can also specify the group with +the `user:group` syntax. + #### `exit_on_fail` Exit immediately if a command exits with a non-zero status. Default is to exit. diff --git a/action.yml b/action.yml index bc471c6..b687e7c 100644 --- a/action.yml +++ b/action.yml @@ -64,6 +64,10 @@ inputs: description: 'The shell package to install, if different from shell' required: false default: '' + user: + description: 'User to run commands on the image. Must exist in the image' + required: false + default: '' exit_on_fail: description: 'Exit immediately if a command exits with a non-zero status' required: false @@ -178,6 +182,15 @@ runs: else shell_opts="" fi + if [ "${{ inputs.user }}" != "" ]; then + if [ "${{ inputs.use_systemd_nspawn }}x" != "x" -a "${{ inputs.use_systemd_nspawn }}x" != "nox" ]; then + user_opt="-u ${{ inputs.user }}" + else + user_opt="--userspec=${{ inputs.user }}" + fi + else + user_opt="" + fi shell_package=${{ inputs.shell_package }} [ -x ${{ steps.mount_image.outputs.mount }}/${shell} ] || \ shell_path=$(sudo chroot ${{ steps.mount_image.outputs.mount }} /bin/sh -c "command -v ${shell}") || \ @@ -233,9 +246,9 @@ runs: ARM_RUNNER_INPUT_COMMANDS_EOF if [ "${{ inputs.use_systemd_nspawn }}x" != "x" -a "${{ inputs.use_systemd_nspawn }}x" != "nox" ]; then sudo apt-get install -y systemd-container - sudo -E systemd-nspawn -q -a --bind=${script_dir}:${chroot_script_dir} -D ${{ steps.mount_image.outputs.mount }} ${{ inputs.systemd_nspawn_options }} ${shell_path} ${shell_opts} ${chroot_script_dir}/commands.sh + sudo -E systemd-nspawn ${user_opt} -q -a --bind=${script_dir}:${chroot_script_dir} -D ${{ steps.mount_image.outputs.mount }} ${{ inputs.systemd_nspawn_options }} ${shell_path} ${shell_opts} ${chroot_script_dir}/commands.sh else - sudo -E chroot ${{ steps.mount_image.outputs.mount }} ${shell_path} ${shell_opts} ${chroot_script_dir}/commands.sh + sudo -E chroot ${user_opt} ${{ steps.mount_image.outputs.mount }} ${shell_path} ${shell_opts} ${chroot_script_dir}/commands.sh fi rc=$? [ -f ${script_dir}/github_env.sh ] && \ @@ -244,7 +257,7 @@ runs: shell: bash - name: Copy artifacts within image if: ${{ always() && !cancelled() && (inputs.copy_artifacts_on_fail == 'yes' || steps.runcmd.conclusion == 'success') }} - run: | + run: | case "${{ inputs.debug }}" in yes|true) set -x