TIL = Things, or Today I Learned

An experiment in Learning in Public.

Home

GitHub Actions - Self-hosted Windows Runners - enable docker build

Aim: able to run docker build in a GitHub Action that's running on Self-hosted runners.

When running docker build as part of a step in a GitHub action, we're greeted with the error

error during connect: In the default daemon configuration on Windows, the docker client must be run with elevated privileges to connect.: Post http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.24/images/create?fromImage=mcr.microsoft.com%2Fwindows%2Fnanoserver&tag=1809: open //./pipe/docker_engine: The system cannot find the file specified.

The Fix

Grant the user under which the GitHub Action runs access to the Docker Pipe as in Powershell - Grant user access to Docker Pipe without Admin rightsPowershell - Grant user access to Docker Pipe without Admin rights
Aim:


able to run docker commands without Administrator privileges.
Preparation for running docker commands in GitHub Actions that's running on Self-hosted runners. See [[GitHub Actions - Self...

# GrantAccessToDockerPipe.ps1
# account that's to be granted access. When on laptop, I use juliusg.
$account="NT AUTHORITY\NetworkService" 
$npipe = "\\.\pipe\docker_engine"
$dInfo = New-Object "System.IO.DirectoryInfo" -ArgumentList $npipe
$dSec = $dInfo.GetAccessControl()
$fullControl =[System.Security.AccessControl.FileSystemRights]::FullControl
$allow =[System.Security.AccessControl.AccessControlType]::Allow
$rule = New-Object "System.Security.AccessControl.FileSystemAccessRule" -ArgumentList $account,$fullControl,$allow
$dSec.AddAccessRule($rule)
$dInfo.SetAccessControl($dSec)

Doing that as part of preparing the runner means I don't need to think about it anymore.

  • After the runner starts, GrantAccessToDockerPipe.ps1 is executed.
  • Now the user of the runner has access to the Docker Pipe and can execute docker commands.

The Workflow

The github action checks out the repository to access a couple of files:

name: Docker build and run

on:
  push:
    branches:
    - test-run-as-admin
jobs:
  run-as-admin-test:
  runs-on: [self-hosted, windows]
  steps:
    - name: Checkout repo
      uses: actions/checkout@v2 # repo contains the docker file
    - name: Display User
      run: |
        whoami
    - name: Run docker build
      run: docker build --file "$env:GITHUB_WORKSPACE\Dockerfile-Windows" --tag localhost:5000/mydockerapp:0.0.1

References