[GH-ISSUE #2641] Invocation of gh client results in "command not found" #1198

New issue

Open

opened 2026-03-01 21:49:37 +03:00 by kerem · 6 comments

kerem commented 2026-03-01 21:49:37 +03:00

Owner

Copy link

Originally created by @socketbox on GitHub (Jan 30, 2025).
Original GitHub issue: https://github.com/nektos/act/issues/2641

Discussed in https://github.com/nektos/act/discussions/2639

^{Originally posted by socketbox January 29, 2025}

In a job that uses the ubuntu-latest runner, I've got a step that calls the GitHub API with the gh client, like so:

       - id: get-github-issue-url
        run: |
          issue_url=$(gh api -H "Accept: application/vnd.github+json"\                                                                            
            "repos/foo/baz-next/issues?per_page=1\&sort=created\&direction=desc&labels=npm,audit" |\
            jq -r '.[0].html_url')
          echo issue_url=$issue_url >> $GITHUB_OUTPUT

However, the step fails when I run the workflow with the following command (I'm using the GitHub-extension-installed version of act):
gh act schedule -v -s GITHUB_TOKEN=github_pat_foo -W ./.github/workflows/npm-audit.yml

The full job looks like this:

  parse:
    name: Parse audit report
    needs: scan
    if: always() && github.event_name == 'push' || github.event_name == 'schedule'
    runs-on: ubuntu-latest
    outputs:
      audit_link: ${{steps.get-github-issue-url.outputs.issue_url}}
      is-vulnerable: ${{steps.parse-audit-report.outputs.is-vulnerable}}
    steps:
      - id: get-github-issue-url
        run: |
          issue_url=$(gh api -H "Accept: application/vnd.github+json"\                                                                            
            "repos/foo/baz-next/issues?per_page=1\&sort=created\&direction=desc&labels=npm,audit" |\
            jq -r '.[0].html_url')
          echo issue_url=$issue_url >> $GITHUB_OUTPUT
      - id: parse-audit-report
        shell: python
        run: |
          import os
          import json
          
          report_dict = json.loads(os.environ.get("REPORT"))
          vulns = report_dict.get('metadata').get('vulnerabilities')
          is_vulnerable = any(vulns[severity] > 0 for severity in ['moderate', 'high', 'critical'])
          print(f"Vulnerabilities have been found: {is_vulnerable}")
          with open(os.getenv('GITHUB_OUTPUT'), 'a') as fh:
              print(f'is-vulnerable={is_vulnerable}', file=fh)
        env:
          REPORT: ${{needs.scan.outputs.audit-report}}

Here's the error I receive with verbose output:

[npm audit/Parse audit report] [DEBUG] Working directory '/home/socketbox/code/work/foo/baz-next/RWEB-8995-npm-audit-workflow'
| /var/run/act/workflow/get-github-issue-url: line 5: gh: command not found
[npm audit/Parse audit report]   ❌  Failure - Main 
issue_url=$(gh api -H "Accept: application/vnd.github+json" "repos/foo/baz-next/issues?per_page=1\&sort=created\&direction=desc&labels=npm,audit")
echo issue_url=$issue_url >> $GITHUB_OUTPUT
[npm audit/Parse audit report] exitcode '127': command not found, please refer to https://github.com/nektos/act/issues/107 for more information
[npm audit/Parse audit report] [DEBUG] Loading revision from git directory

What's got me puzzled (among other things) is that the catthehacker runner images seem to contain gh: https://github.com/catthehacker/docker_images/blob/master/linux/ubuntu/scripts/gh.sh

Update: thinking it was possible that I was using a non-standard image for the runner, I logged in to GHCR and then ran act with the -P flag:
gh act schedule -P ubuntu-latest="ghcr.io/catthehacker/ubuntu:act-22.04" -v -s GITHUB_TOKEN=github_foo -W ./.github/workflows/npm-audit.yml Still the same result. I also tried the 20.04 image, thinking that it might have been removed in the 22.04 image. No luck.

Then I shelled into the pulled image and tried to find gh. Nothing:

[2025-01-29 23:18:54]❮ docker run -i -t 0fbcdbe238bf /bin/bash
root@97ca12c2a7cf:/tmp# which gh
root@97ca12c2a7cf:/tmp# gh
bash: gh: command not found
root@97ca12c2a7cf:/tmp# echo $PATH
/opt/acttoolcache/node/18.20.5/x64/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin

Versions:

[2025-01-30 09:16:16]» gh extensions list
NAME         REPO                       VERSION
gh act       nektos/gh-act              v0.2.71
gh copilot   github/gh-copilot          v1.0.6
gh sbom      advanced-security/gh-sbom  v0.1.0
gh worktree  despreston/gh-worktree     v1.0.0
[origin RWEB-8995-npm-audit-workflow][RWEB-8995-npm-audit-workflow]
[2025-01-30 09:16:20]» gh --version
gh version 2.65.0 (2025-01-06)
https://github.com/cli/cli/releases/tag/v2.65.0

Originally created by @socketbox on GitHub (Jan 30, 2025). Original GitHub issue: https://github.com/nektos/act/issues/2641 ### Discussed in https://github.com/nektos/act/discussions/2639 <div type='discussions-op-text'> ^{Originally posted by **socketbox** January 29, 2025} In a job that uses the `ubuntu-latest` runner, I've got a step that calls the GitHub API with the `gh` client, like so: ``` - id: get-github-issue-url run: | issue_url=$(gh api -H "Accept: application/vnd.github+json"\ "repos/foo/baz-next/issues?per_page=1\&sort=created\&direction=desc&labels=npm,audit" |\ jq -r '.[0].html_url') echo issue_url=$issue_url >> $GITHUB_OUTPUT ``` However, the step fails when I run the workflow with the following command (I'm using the GitHub-extension-installed version of act): `gh act schedule -v -s GITHUB_TOKEN=github_pat_foo -W ./.github/workflows/npm-audit.yml` The full job looks like this: ``` parse: name: Parse audit report needs: scan if: always() && github.event_name == 'push' || github.event_name == 'schedule' runs-on: ubuntu-latest outputs: audit_link: ${{steps.get-github-issue-url.outputs.issue_url}} is-vulnerable: ${{steps.parse-audit-report.outputs.is-vulnerable}} steps: - id: get-github-issue-url run: | issue_url=$(gh api -H "Accept: application/vnd.github+json"\ "repos/foo/baz-next/issues?per_page=1\&sort=created\&direction=desc&labels=npm,audit" |\ jq -r '.[0].html_url') echo issue_url=$issue_url >> $GITHUB_OUTPUT - id: parse-audit-report shell: python run: | import os import json report_dict = json.loads(os.environ.get("REPORT")) vulns = report_dict.get('metadata').get('vulnerabilities') is_vulnerable = any(vulns[severity] > 0 for severity in ['moderate', 'high', 'critical']) print(f"Vulnerabilities have been found: {is_vulnerable}") with open(os.getenv('GITHUB_OUTPUT'), 'a') as fh: print(f'is-vulnerable={is_vulnerable}', file=fh) env: REPORT: ${{needs.scan.outputs.audit-report}} ``` Here's the error I receive with verbose output: ``` [npm audit/Parse audit report] [DEBUG] Working directory '/home/socketbox/code/work/foo/baz-next/RWEB-8995-npm-audit-workflow' | /var/run/act/workflow/get-github-issue-url: line 5: gh: command not found [npm audit/Parse audit report] ❌ Failure - Main issue_url=$(gh api -H "Accept: application/vnd.github+json" "repos/foo/baz-next/issues?per_page=1\&sort=created\&direction=desc&labels=npm,audit") echo issue_url=$issue_url >> $GITHUB_OUTPUT [npm audit/Parse audit report] exitcode '127': command not found, please refer to https://github.com/nektos/act/issues/107 for more information [npm audit/Parse audit report] [DEBUG] Loading revision from git directory ``` What's got me puzzled (among other things) is that the catthehacker runner images _seem_ to contain `gh`: https://github.com/catthehacker/docker_images/blob/master/linux/ubuntu/scripts/gh.sh **Update:** thinking it was possible that I was using a non-standard image for the runner, I logged in to GHCR and then ran `act` with the `-P` flag: `gh act schedule -P ubuntu-latest="ghcr.io/catthehacker/ubuntu:act-22.04" -v -s GITHUB_TOKEN=github_foo -W ./.github/workflows/npm-audit.yml` Still the same result. I also tried the `20.04` image, thinking that it might have been removed in the `22.04` image. No luck. Then I shelled into the pulled image and tried to find `gh`. Nothing: ``` [2025-01-29 23:18:54]❮ docker run -i -t 0fbcdbe238bf /bin/bash root@97ca12c2a7cf:/tmp# which gh root@97ca12c2a7cf:/tmp# gh bash: gh: command not found root@97ca12c2a7cf:/tmp# echo $PATH /opt/acttoolcache/node/18.20.5/x64/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin ``` **Versions**: ``` [2025-01-30 09:16:16]» gh extensions list NAME REPO VERSION gh act nektos/gh-act v0.2.71 gh copilot github/gh-copilot v1.0.6 gh sbom advanced-security/gh-sbom v0.1.0 gh worktree despreston/gh-worktree v1.0.0 [origin RWEB-8995-npm-audit-workflow][RWEB-8995-npm-audit-workflow] [2025-01-30 09:16:20]» gh --version gh version 2.65.0 (2025-01-06) https://github.com/cli/cli/releases/tag/v2.65.0 ``` </div>

kerem commented 2026-03-01 21:49:38 +03:00

Author

Owner

Copy link

@ChristopherHX commented on GitHub (Jan 31, 2025):

tags that would contain gh, your selected image does not ship gh

• full-24.04
• custom-24.04

If you really want avoid program not found download the full image, it's almost a 1 : 1 snapshot of the GitHub Hosted Runners, but this one is big use -v of act to not assume act stalled.

<!-- gh-comment-id:2626880594 --> @ChristopherHX commented on GitHub (Jan 31, 2025): tags that would contain gh, your selected image does not ship gh - full-24.04 - custom-24.04 If you really want avoid program not found download the full image, it's almost a 1 : 1 snapshot of the GitHub Hosted Runners, but this one is big use `-v` of act to not assume act stalled.

kerem commented 2026-03-01 21:49:38 +03:00

Author

Owner

Copy link

@socketbox commented on GitHub (Jan 31, 2025):

@ChristopherHX Thanks for your response.

It seems that I was mistaken regarding this script: https://github.com/catthehacker/docker_images/blob/master/linux/ubuntu/scripts/gh.sh . I thought it was executed as part of all ubuntu-based image builds: github.com/catthehacker/docker_images@844d48050c/linux/ubuntu/Dockerfile (L25)

<!-- gh-comment-id:2627448203 --> @socketbox commented on GitHub (Jan 31, 2025): @ChristopherHX Thanks for your response. It seems that I was mistaken regarding this script: https://github.com/catthehacker/docker_images/blob/master/linux/ubuntu/scripts/gh.sh . I thought it was executed as part of all ubuntu-based image builds: https://github.com/catthehacker/docker_images/blob/844d48050c644ed19d504d10f63cf91ba196c6a1/linux/ubuntu/Dockerfile#L25

kerem commented 2026-03-01 21:49:38 +03:00

Author

Owner

Copy link

@ToppDev commented on GitHub (Jan 31, 2025):

Another solution to this is, to add a step installing the GitHub CLI

name: 'install_gh_cli'
description: 'Install the GitHub CLI'

runs:
  using: "composite"
  steps:
    # https://github.com/cli/cli/blob/trunk/docs/install_linux.md
    - name: Install GitHub CLI
      shell: bash
      if: ${{ env.ACT && runner.os == 'Linux' }}
      run: |
        (type -p wget >/dev/null || (sudo apt update && sudo apt-get install wget -y)) \
          && sudo mkdir -p -m 755 /etc/apt/keyrings \
          && out=$(mktemp) && wget -nv -O$out https://cli.github.com/packages/githubcli-archive-keyring.gpg \
          && cat $out | sudo tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null \
          && sudo chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg \
          && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
          && sudo apt update \
          && sudo apt install gh -y

<!-- gh-comment-id:2628411278 --> @ToppDev commented on GitHub (Jan 31, 2025): Another solution to this is, to add a step installing the GitHub CLI ```yml name: 'install_gh_cli' description: 'Install the GitHub CLI' runs: using: "composite" steps: # https://github.com/cli/cli/blob/trunk/docs/install_linux.md - name: Install GitHub CLI shell: bash if: ${{ env.ACT && runner.os == 'Linux' }} run: | (type -p wget >/dev/null || (sudo apt update && sudo apt-get install wget -y)) \ && sudo mkdir -p -m 755 /etc/apt/keyrings \ && out=$(mktemp) && wget -nv -O$out https://cli.github.com/packages/githubcli-archive-keyring.gpg \ && cat $out | sudo tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null \ && sudo chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg \ && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null \ && sudo apt update \ && sudo apt install gh -y ```

kerem commented 2026-03-01 21:49:38 +03:00

Author

Owner

Copy link

@robtaylor commented on GitHub (May 14, 2025):

I only found this out from this bug, maybe a doc update would help for the possible images to use?

<!-- gh-comment-id:2880931428 --> @robtaylor commented on GitHub (May 14, 2025): I only found this out from this bug, maybe a doc update would help for the possible images to use?

kerem commented 2026-03-01 21:49:38 +03:00

Author

Owner

Copy link

@matheusmazzoni commented on GitHub (Aug 10, 2025):

I went through the same issue and it would be interesting to mention in the doc that the default image does not have the gh cli

<!-- gh-comment-id:3172849108 --> @matheusmazzoni commented on GitHub (Aug 10, 2025): I went through the same issue and it would be interesting to mention in the doc that the default image does not have the gh cli

kerem commented 2026-03-01 21:49:39 +03:00

Author

Owner

Copy link

@ChristopherHX commented on GitHub (Aug 10, 2025):

If you want to document this, you can contribute to https://github.com/nektos/act-docs then everybody using act might benefit.

It's just markdown Formatting, very similar to the GitHub Comments / Readme files.

<!-- gh-comment-id:3172976370 --> @ChristopherHX commented on GitHub (Aug 10, 2025): If you want to document this, you can contribute to <https://github.com/nektos/act-docs> then everybody using act might benefit. It's just markdown Formatting, very similar to the GitHub Comments / Readme files.

kerem referenced this issue 2026-03-01 21:52:52 +03:00

[PR #1198] [MERGED] fix: localcheckout mock #1831

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

dependabot/go_modules/github.com/go-git/go-git/v5-5.18.0

dependabot/go_modules/dependencies-08815e2262

mergify/configuration-deprecated-update

dependabot/github_actions/dependencies-a3a104477f

chore/simplify-ci-and-makefile

dependabot/go_modules/golang.org/x/crypto-0.45.0

dependabot/go_modules/github.com/go-viper/mapstructure/v2-2.4.0

panekj/ci/improve-jobs

fix-skip-non-yaml-files-in-dir

normalize-pull-rebuild-flags

fix-no-recurse-by-default

2517-poor-error-for-incomplete-action-step

2472-make-use-new-action-cache-the-new-default-for-downloading-actions

act-tart

act-lxc

act-oidc

act-dind

avoid-slash-in-actor

dependabot/go_modules/github.com/docker/docker-26.1.4incompatible

meta-keep-filetime

local-repository-action-cache

pr-merger

update-docker-deps

follow_local_action_symlink

boltdb-lock-in-handler

use-socket-path

no-pull-no-rebuild

path-issues

fix/env

feat/podman

refactor/testdata

v0.2.87

v0.2.86

v0.2.85

v0.2.84

v0.2.83

v0.2.82

v0.2.81

v0.2.80

v0.2.79

v0.2.78

v0.2.77

v0.2.76

v0.2.75

v0.2.74

v0.2.73

v0.2.72

v0.2.71

v0.2.70

v0.2.69

v0.2.68

v0.2.67

v0.2.66

v0.2.65

v0.2.64

v0.2.63

v0.2.62

v0.2.61

v0.2.60

v0.2.59

v0.2.58

v0.2.57

v0.2.56

v0.2.55

v0.2.54

v0.2.53

v0.2.52

v0.2.51

v0.2.50

v0.2.49

v0.2.48

v0.2.47

v0.2.46

v0.2.45

v0.2.44

v0.2.43

v0.2.42

v0.2.41

v0.2.40

v0.2.39

v0.2.38

v0.2.37

v0.2.36

v0.2.35

v0.2.34

v0.2.33

v0.2.32

v0.2.31

v0.2.30

v0.2.29

v0.2.28

v0.2.27

v0.2.26

v0.2.25

v0.2.24

v0.2.23

v0.2.22

v0.2.21

v0.2.20

v0.2.19

v0.2.18

v0.2.17

v0.2.16

v0.2.15

v0.2.14

v0.2.13

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.8

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.3

v0.1.2

v0.1.1

v0.1.0

v0.0.5

v0.0.4

v0.0.3

v0.0.2

v0.0.1

Labels

Clear labels   

area/action

  

area/cli

  

area/docs

  

area/image

  

area/runner

  

area/workflow

  

backlog

  

confirmed/not-planned

  

kind/bug

  

kind/discussion

  

kind/external

  

kind/feature-request

  

kind/question

  

meta/duplicate

  

meta/invalid

  

meta/need-more-info

  

meta/resolved

  

meta/wontfix

  

meta/workaround

  

needs-work

  

pull-request

Mirrored from GitHub Pull Request

  

review/not-planned

  

size/M

  

size/XL

  

size/XXL

  

stale

  

stale-exempt

No labels

area/action

area/cli

area/docs

area/image

area/runner

area/workflow

backlog

confirmed/not-planned

kind/bug

kind/discussion

kind/external

kind/feature-request

kind/question

meta/duplicate

meta/invalid

meta/need-more-info

meta/resolved

meta/wontfix

meta/workaround

needs-work

pull-request

review/not-planned

size/M

size/XL

size/XXL

stale

stale-exempt

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/act#1198

No description provided.