starred/act

Fork 0

mirror of https://github.com/nektos/act.git synced 2026-04-26 01:15:51 +03:00

[GH-ISSUE #1946] Issues with execute privileges on script files when using Snyk #934

New issue

Closed

opened 2026-03-01 21:47:33 +03:00 by kerem · 1 comment

kerem commented

2026-03-01 21:47:33 +03:00

Owner

Originally created by @AtleWebstep on GitHub (Aug 6, 2023).
Original GitHub issue: https://github.com/nektos/act/issues/1946

Bug report info

act version:            0.2.49
GOOS:                   windows
GOARCH:                 amd64
NumCPU:                 20
Docker host:            npipe:////./pipe/docker_engine
Sockets found:
        \\.\pipe\docker_engine(broken)
Config files:
        C:\Users\atles\.actrc:
                -P ubuntu-latest=catthehacker/ubuntu:full-latest
                -P ubuntu-latest=catthehacker/ubuntu:full-20.04
                -P ubuntu-18.04=catthehacker/ubuntu:full-18.04
        .actrc:
                --secret-file my.secrets
                -P ubuntu-latest=ghcr.io/catthehacker/ubuntu:act-latest
                --env-file my.env
Build info:
        Go version:            go1.20.6
        Module path:           github.com/nektos/act
        Main version:          (devel)
        Main path:             github.com/nektos/act
        Main checksum:
        Build settings:
                -buildmode:           exe
                -compiler:            gc
                -ldflags:             -s -w -X main.version=0.2.49 -X main.commit=d5d854854651c151ecd914bb6e2e370e0057929a -X main.date=2023-08-01T02:21:56Z -X main.builtBy=goreleaser
                CGO_ENABLED:          0
                GOARCH:               amd64
                GOOS:                 windows
                GOAMD64:              v1
                vcs:                  git
                vcs.revision:         d5d854854651c151ecd914bb6e2e370e0057929a
                vcs.time:             2023-08-01T02:21:38Z
                vcs.modified:         false
Docker Engine:
        Engine version:        24.0.2
        Engine runtime:        runc
        Cgroup version:        1
        Cgroup driver:         cgroupfs
        Storage driver:        overlay2
        Registry URI:          https://index.docker.io/v1/
        OS:                    Docker Desktop
        OS type:               linux
        OS version:
        OS arch:               x86_64
        OS kernel:             5.15.90.1-microsoft-standard-WSL2
        OS CPU:                20
        OS memory:             15826 MB
        Security options:
                name=seccomp,profile=builtin

Command used with act

act -P ubuntu-latest=ghcr.io/catthehacker/ubuntu:act-latest --secret-file my.secrets -j snyk

Describe issue

docker exec cmd=[bash --noprofile --norc -e -o pipefail /var/run/act/workflow/1-composite-0.sh] user= workdir=
| /var/run/act/workflow/1-composite-0.sh: line 2: /var/run/act/actions/snyk-actions-setup@master/setup/setup_snyk.sh: Permission denied

When it runs through snyk-actions-setup

Link to GitHub repository

No response

Workflow content

name: Test

on:
  push:
    branches:
      - master
      - develop
    tags:
      - refs/tags/v**

permissions:
  id-token: write
  contents: read
  checks: write
  issues: read
  packages: read
  pull-requests: write

jobs:
  detectenv:
    runs-on: ubuntu-latest
    steps:
      - name: show
        run: echo "Testing ${{ secrets.GITHUB_TOKEN }}" | sed 's/./& /g'
      - uses: actions/checkout@v3
      - name: Detecting environment
        id: get_env
        run: |
          echo "Running on ${{ github.ref }}"
          echo "env_isFeature=false" >> $GITHUB_OUTPUT
          if [ "${{ github.ref_type }}" = "tag" ]; then
            echo "env_name=production" >> $GITHUB_OUTPUT
            echo "env_suffix=p" >> $GITHUB_OUTPUT
          elif [ "${{ github.ref }}" = "refs/heads/qa" ]; then
            echo "env_name=test" >> $GITHUB_OUTPUT
            echo "env_suffix=t" >> $GITHUB_OUTPUT
          elif [ "${{ github.ref }}" = "refs/heads/develop" ]; then
            echo "env_name=development" >> $GITHUB_OUTPUT
            echo "env_suffix=d" >> $GITHUB_OUTPUT
          else
            echo "env_name=development" >> $GITHUB_OUTPUT
            echo "env_suffix=d" >> $GITHUB_OUTPUT
            echo "env_isFeature=true" >> $GITHUB_OUTPUT
          fi
    outputs:
      env_name: ${{ steps.get_env.outputs.env_name }}
      env_suffix: ${{ steps.get_env.outputs.env_suffix }}
      env_isFeature: ${{ steps.get_env.outputs.env_isFeature }}
  snyk:
    needs: [detectenv]
    runs-on: ubuntu-latest
    environment:
      name: ${{ needs.detectenv.outputs.env_name }}
    steps:
      - uses: actions/checkout@v3
      - uses: snyk/actions/setup@master
      - name: Log in with Azure
        uses: azure/login@v1
        with:
          client-id: ${{ secrets.AZURE_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
      - name: Install python 3.11
        uses: actions/setup-python@v4
        with:
          python-version: '3.11'
      - name: Check python version
        run: |
          python --version
          pip install --upgrade pip

Relevant log output

docker exec cmd=[bash --noprofile --norc -e -o pipefail /var/run/act/workflow/1-composite-0.sh] user= workdir=
| /var/run/act/workflow/1-composite-0.sh: line 2: /var/run/act/actions/snyk-actions-setup@master/setup/setup_snyk.sh: Permission denied

Additional information

If I manually go in and change execute rights on setup_snyk.sh, it runs. Tried with all images, same problem.

Originally created by @AtleWebstep on GitHub (Aug 6, 2023). Original GitHub issue: https://github.com/nektos/act/issues/1946 ### Bug report info ```plain text act version: 0.2.49 GOOS: windows GOARCH: amd64 NumCPU: 20 Docker host: npipe:////./pipe/docker_engine Sockets found: \\.\pipe\docker_engine(broken) Config files: C:\Users\atles\.actrc: -P ubuntu-latest=catthehacker/ubuntu:full-latest -P ubuntu-latest=catthehacker/ubuntu:full-20.04 -P ubuntu-18.04=catthehacker/ubuntu:full-18.04 .actrc: --secret-file my.secrets -P ubuntu-latest=ghcr.io/catthehacker/ubuntu:act-latest --env-file my.env Build info: Go version: go1.20.6 Module path: github.com/nektos/act Main version: (devel) Main path: github.com/nektos/act Main checksum: Build settings: -buildmode: exe -compiler: gc -ldflags: -s -w -X main.version=0.2.49 -X main.commit=d5d854854651c151ecd914bb6e2e370e0057929a -X main.date=2023-08-01T02:21:56Z -X main.builtBy=goreleaser CGO_ENABLED: 0 GOARCH: amd64 GOOS: windows GOAMD64: v1 vcs: git vcs.revision: d5d854854651c151ecd914bb6e2e370e0057929a vcs.time: 2023-08-01T02:21:38Z vcs.modified: false Docker Engine: Engine version: 24.0.2 Engine runtime: runc Cgroup version: 1 Cgroup driver: cgroupfs Storage driver: overlay2 Registry URI: https://index.docker.io/v1/ OS: Docker Desktop OS type: linux OS version: OS arch: x86_64 OS kernel: 5.15.90.1-microsoft-standard-WSL2 OS CPU: 20 OS memory: 15826 MB Security options: name=seccomp,profile=builtin ``` ### Command used with act ```sh act -P ubuntu-latest=ghcr.io/catthehacker/ubuntu:act-latest --secret-file my.secrets -j snyk ``` ### Describe issue docker exec cmd=[bash --noprofile --norc -e -o pipefail /var/run/act/workflow/1-composite-0.sh] user= workdir= | /var/run/act/workflow/1-composite-0.sh: line 2: /var/run/act/actions/snyk-actions-setup@master/setup/setup_snyk.sh: Permission denied When it runs through snyk-actions-setup ### Link to GitHub repository _No response_ ### Workflow content ```yml name: Test on: push: branches: - master - develop tags: - refs/tags/v** permissions: id-token: write contents: read checks: write issues: read packages: read pull-requests: write jobs: detectenv: runs-on: ubuntu-latest steps: - name: show run: echo "Testing ${{ secrets.GITHUB_TOKEN }}" | sed 's/./& /g' - uses: actions/checkout@v3 - name: Detecting environment id: get_env run: | echo "Running on ${{ github.ref }}" echo "env_isFeature=false" >> $GITHUB_OUTPUT if [ "${{ github.ref_type }}" = "tag" ]; then echo "env_name=production" >> $GITHUB_OUTPUT echo "env_suffix=p" >> $GITHUB_OUTPUT elif [ "${{ github.ref }}" = "refs/heads/qa" ]; then echo "env_name=test" >> $GITHUB_OUTPUT echo "env_suffix=t" >> $GITHUB_OUTPUT elif [ "${{ github.ref }}" = "refs/heads/develop" ]; then echo "env_name=development" >> $GITHUB_OUTPUT echo "env_suffix=d" >> $GITHUB_OUTPUT else echo "env_name=development" >> $GITHUB_OUTPUT echo "env_suffix=d" >> $GITHUB_OUTPUT echo "env_isFeature=true" >> $GITHUB_OUTPUT fi outputs: env_name: ${{ steps.get_env.outputs.env_name }} env_suffix: ${{ steps.get_env.outputs.env_suffix }} env_isFeature: ${{ steps.get_env.outputs.env_isFeature }} snyk: needs: [detectenv] runs-on: ubuntu-latest environment: name: ${{ needs.detectenv.outputs.env_name }} steps: - uses: actions/checkout@v3 - uses: snyk/actions/setup@master - name: Log in with Azure uses: azure/login@v1 with: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Install python 3.11 uses: actions/setup-python@v4 with: python-version: '3.11' - name: Check python version run: | python --version pip install --upgrade pip ``` ### Relevant log output ```sh docker exec cmd=[bash --noprofile --norc -e -o pipefail /var/run/act/workflow/1-composite-0.sh] user= workdir= | /var/run/act/workflow/1-composite-0.sh: line 2: /var/run/act/actions/snyk-actions-setup@master/setup/setup_snyk.sh: Permission denied ``` ### Additional information If I manually go in and change execute rights on setup_snyk.sh, it runs. Tried with all images, same problem.

kerem

2026-03-01 21:47:33 +03:00

closed this issue
added the
stale

kind/bug
labels

kerem commented

2026-03-01 21:47:34 +03:00

Author

Owner

@github-actions[bot] commented on GitHub (Feb 3, 2024):

Issue is stale and will be closed in 14 days unless there is new activity

@github-actions[bot] commented on GitHub (Feb 3, 2024): Issue is stale and will be closed in 14 days unless there is new activity

kerem referenced this issue

2026-03-01 21:52:15 +03:00

[PR #934] [CLOSED] fix: all copied files now owned by runner inside the container #1691

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/act#934

No description provided.

Rows
Columns