Cannot get docker/setup-qemu-action@v2 to work

Question

Cannot get docker/setup-qemu-action@v2 to work

Miladiir opened this issue a year ago · comments

Maybe this is an upstream issue. My workflow:

name: Build and push
--
on:
push:
branches: ["main"]
jobs:
docker:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Set up QEMU
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
-
name: Login to GHCR
uses: docker/login-action@v2
with:
registry: <<redacted>>
username: ${{ gitea.repository_owner }}
password: ${{ secrets.PACKAGES_TOKEN }}
-
name: Build and push
id: docker_build
uses: docker/build-push-action@v4
with:
push: true
platforms: linux/amd64,linux/arm64/v8
tags: <<redacted>>
-
name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}

Error in docker/setup-qemu-action@v2 :

::group::Docker info
[command]/usr/bin/docker version
Client:
 Version:           20.10.25+azure-2
 API version:       1.41
 Go version:        go1.19.10
 Git commit:        b82b9f3a0e763304a250531cb9350aa6d93723c9
 Built:             Thu Apr  6 10:55:17 UTC 2023
 OS/Arch:           linux/arm64
 Context:           default
 Experimental:      true
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/version": dial unix /var/run/docker.sock: connect: permission denied

I also tried with other paths. Does somebody know how to get this working?

Sebastian Thomschke · Answer 1 · Mon Jul 24 2023 13:38:00 GMT+0800 (China Standard Time)

are you using dind? does it work with dood?

can you run the hello world docker image in your workflow?

Oliver Conzen · Answer 2 · Tue Jul 25 2023 03:43:10 GMT+0800 (China Standard Time)

I have the worst luck. I tried to use the latest tag to try out dood, now I got this:

gitea_runner-gitea_act_runner-1  | 2023-07-24 21:13:38 INFO [/opt/run.sh:127] Fixing permissions...
gitea_runner-gitea_act_runner-1  | sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
gitea_runner-gitea_act_runner-1  | sudo: a password is required

Which makes little sense to me since I did not modify the user in any way and also did not specify any uids or gids in the docker compose yml. Seems like it is setup correctly in the dockerfile etc. Very weird.

But yes, I am using dind and the hello world container works:

     - 
        uses: https://github.com/actions/hello-world-docker-action@main
        with:
          who-to-greet: 'Mona the Octocat'

It seems that the docker.sock is not mounted into child containers, which is either a good thing from a security perspective or a bad thing from a "I cannot build docker containers" perspective.

Sebastian Thomschke · Answer 3 · Tue Jul 25 2023 03:56:04 GMT+0800 (China Standard Time)

I currently have limited internet access atm. I can try to reproduce the issue earliest on Wednesday.

Oliver Conzen · Answer 4 · Wed Jul 26 2023 00:59:54 GMT+0800 (China Standard Time)

No worries, it is absolutely not urgent or anything. I value your time and your help.

Sebastian Thomschke · Answer 5 · Wed Jul 26 2023 16:44:46 GMT+0800 (China Standard Time)

I am not getting the sudo: a password is required even if sudo is executed. Can you paste the compose file or command with args how you are trying to run the container?

Oliver Conzen · Answer 6 · Thu Jul 27 2023 03:23:51 GMT+0800 (China Standard Time)

version: '3.8'

services:
  gitea_act_runner:
    image: vegardit/gitea-act-runner:latest
    volumes:
      - data:/data
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      TZ: "Europe/Berlin"
      GITEA_INSTANCE_URL: 'url'
      GITEA_RUNNER_REGISTRATION_TOKEN: 'token'
      GITEA_RUNNER_NAME: 'runnername'
      GITEA_RUNNER_MAX_PARALLEL_JOBS: 4
volumes:
  data:

ONTAINER                         REPOSITORY                  TAG                 IMAGE ID            SIZE
gitea_runner-gitea_act_runner-1   vegardit/gitea-act-runner   latest              d93dd316fe01        44.8MB

sysbite · Answer 7 · Thu Jul 27 2023 05:12:06 GMT+0800 (China Standard Time)

I am also using dind with this:

jobs:
  build:
    runs-on: ubuntu-latest
    container:
      volumes:
        - /etc/ssl/certs/mkcert.pem:/etc/ssl/certs/mkcert.pem
    steps:
        - name: Check out repository code 
          uses: actions/checkout@v3
        - name: Set up Docker Buildx
          uses: docker/setup-buildx-action@v1
        - name: Build and push Docker Image
          uses: docker/build-push-action@v4.1.1

In docker buildx

Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/version": dial unix /var/run/docker.sock: connect: permission denied
::error::The process '/usr/bin/docker' failed with exit code 1

compose:

  gitea_act_runner:
    image: vegardit/gitea-act-runner:dind-latest
    privileged: true
    volumes:
      - /mnt/exthdd/gitea_act_runner/data:/data:rw # the config file is located at /data/.runner and needs to survive container restarts
      - /mnt/exthdd/ca/mkcert.pem:/etc/ssl/certs/mkcert.pem
    environment:
      - GITEA_RUNNER_REGISTRATION_TOKEN=${GITEA_RUNNER_TOKEN}
      - GITEA_RUNNER_JOB_CONTAINER_PRIVILEGED=true
      - GITEA_RUNNER_VALID_VOLUME_1=/etc/ssl/certs/mkcert.pem

Tried some playing around, specifying UID and GID using their env variables GITEA_RUNNER_UID but same result.

Using the dood option is a bit tricky for my case, since the real use case is within a local dns with a root-ca, dind has some convenience there.

Thanks for any hints in advance!

sysbite · Answer 8 · Thu Jul 27 2023 14:13:17 GMT+0800 (China Standard Time)

If you encounter this, add sudo chmod 666 /var/run/docker.sock in your steps, that resolves the issue. Just be aware this opens up the access, I am using this locally so I don't care.

Ilya Naydanov · Answer 9 · Tue Sep 12 2023 03:35:02 GMT+0800 (China Standard Time)

I have the same problem in dood.

docker-compose:

  gitea_act_runner:
    image: vegardit/gitea-act-runner:latest
    platform: linux/arm64
    container_name: act_runner
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:rw
      - act-data:/data:rw # the config file is located at /data/.runner and needs to survive container restarts
    environment:
      TZ: "Asia/Yekaterinburg"
      USER_UID: 1000
      USER_GID: 1000
      # config parameters for initial runner registration:
      GITEA_INSTANCE_URL: '***'
      GITEA_RUNNER_REGISTRATION_TOKEN: '***'

Gitea Actions file:

name: Build Docker image
run-name: ${{ gitea.actor }} is testing out Gitea Actions 🚀
on: [push]

jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      -
        name: Build and push
        uses: docker/build-push-action@v4
        with:
          push: false
          tags: yt-chat/downloader

Error in act-runner logs:

Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/version": dial unix /var/run/docker.sock: connect: permission denied
::error::The process '/usr/bin/docker' failed with exit code 1

Ilya Naydanov · Answer 10 · Tue Sep 12 2023 03:36:01 GMT+0800 (China Standard Time)

Eventually, @sysbite solution helped me temporarily.

stale · Answer 11 · Mon Nov 13 2023 16:13:16 GMT+0800 (China Standard Time)

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions.