Run action as non root user #284
Description
Is your feature request related to a problem? Please describe.
When the pipeline runs in a self hosted runner, there happens that some elements under .git folder of the project this action is used on are created by root and then the deletion of the directory is unsuccessful.
E.g:
- name: Pull translations from Crowdin
uses: crowdin/github-action@v2
with:
upload_sources: false
upload_translations: false
download_translations: true
export_only_approved: true
commit_message: ${commit message}
localization_branch_name: ${localization_branch_name}
create_pull_request: true
pull_request_title: "my title"
pull_request_body: "my body"
pull_request_base_branch_name: "main"
If the previous github action: actions/checkout@v4 tries to delete the content of the action working directory in an execution after an execution of crowdin/github-action@v2 that was successful, it will fail because some elements created under: .git/objects/... are created by root and my action user is not root.
Describe the solution you'd like
It would be nice to have an action tag like the following:
crowdin/github-action@v2-1000uid or similar, where the user of the docker container is 1000 (the first regular assigned user account)
Describe alternatives you've considered
To avoid this issue currently I cloned the action.yml, entypoint.sh and Dockerfile to my project and I modified the Dockerfile as follows:
FROM crowdin/cli:4.8.0
RUN apk --no-cache add curl git git-lfs jq gnupg;
RUN addgroup -g 1000 runner \
&& adduser -D -u 1000 -G runner runner
COPY . .
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh \
&& chown -R runner:runner /app /entrypoint.sh
USER ubuntu
ENTRYPOINT ["/entrypoint.sh"]
Then in my action I use:
- name: Pull translations from Crowdin
uses: ./.github/actions/crowdin
And it works without the issue.