Skip to content

Permissions denied on workingDir (__w/repo) #282

New issue
New issue
Open
#283
Open
Permissions denied on workingDir (__w/repo)#282
#283
@zarko-a

Description

@zarko-a
zarko-a
opened on Nov 21, 2025

I pulled the latest changes after #264 was merged and built a custom image to test it out.

Unfortunately it hit a snag as soon as I tried to run it with a non-root workflow container. Everything still works with root.

Run actions/checkout@v4
Run '/home/runner/k8s-novolume/custom-index.js'
(node:198) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
GITHUB_EVENT_PATH /github/workflow/event.json does not exist
GITHUB_EVENT_PATH /github/workflow/event.json does not exist
Syncing repository: chtbks/gh-testing
Getting Git version info
Temporarily overriding HOME='/__w/_temp/89b585d0-1814-4cd9-adb4-42510c8000dc' before making global git config changes
Adding repository directory to the temporary git global config as a safe directory
/usr/bin/git config --global --add safe.directory /__w/gh-testing/gh-testing
Deleting the contents of '/__w/gh-testing/gh-testing'
Initializing the repository
  /usr/bin/git init /__w/gh-testing/gh-testing
  /__w/gh-testing/gh-testing/.git: Permission denied
  Error: The process '/usr/bin/git' failed with exit code 1
  Error: Error: failed to run script step: Error: command terminated with non-zero exit code: command terminated with exit code 1
  Error: Process completed with exit code 1.
  Error: Executing the custom container implementation failed. Please contact your self hosted runner administrator.

After some troubleshooting it seems that the directory we are trying to checkout code to is owned by uid 0 and gid 1001 with permissions drwxr-sr-x. the main problem is permissions, because group lacks write it fails immediately on checkout.

It seems that workingDir at /__w/<repo>/<repo> dir is created by kuberentes because it doesn't exist, when it gets created it gets ownership and permissions mention above. When I added creation of the directory to the init container arguments, it started working.

I'll file a PR with a proposed solution.

linux-self-hosted-1gb-1cpu-zq5r4-runner-zfb77.yaml
linux-self-hosted-1gb-1cpu-zq5r4-runner-zfb77-workflow.yaml

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions