Image errors for GitHub Actions

[infinisil]

Trying to use these images in GitHub Actions gives an error, see e.g. https://github.com/Infinisil/github-actions-docker/runs/1271863329:

 /usr/bin/docker exec  de645264c246e9831bfdda7ede83a62ed2d14583037ddb6b317acabd8fdfb1fa sh -c "cat /etc/*release | grep ^ID"
OCI runtime exec failed: exec failed: container_linux.go:370: starting container process caused: no such file or directory: unknown

This has already been reported in actions/checkout#334, but it doesn't really have anything to do with the checkout action (that's just the first action that tries to run the container).

Most likely it's some file missing in the image, but the error really doesn't help a lot to figure out which file.

A possible way to figure this out is to do a long-winded bisection with e.g. an alpine image, because that one works, and the image contents can be inspected with https://stackoverflow.com/a/53481010. So by incrementally copying files from that image to the docker-nixpkgs one, it should start working at some point.

[zimbatm]

$ drun nixpkgs/nix:nixos-unstable sh -c "cat /etc/*release | grep ^ID"
sh: grep: command not found
cat: '/etc/*release': No such file or directory

The nix image is fairly minimal right now but it could be extended.

[infinisil]

It's a bit misleading, but the error happens before the command is actually started and has nothing to do with either grep or /etc/*release.

For https://github.com/niteoweb/nix-docker-base, which uses the same nixpkgs Docker builders as this repo, both grep and /etc/os-release exist:

docker run -it niteo/nixpkgs-nixos-20.03:925ae0dee63cf2c59533a6258340812e5643428a sh -c "cat /etc/*release | grep ^ID"
ID=nix

Yet on GitHub Actions, it fails in the very same way: https://github.com/Infinisil/github-actions-docker/runs/1271712451?check_suite_focus=true

[zimbatm]

It's possible that GitHub Actions sets a custom entry point for the container. That would explain the error.
To test that I would create an image with tons of wrappers in /bin that echo $0. And then symlink /bin to /usr/bin.

[infinisil]

Looks like somebody figured it out! actions/checkout#334 (comment)
With nixpkgs' Docker builders, these dynamic libraries could be added relatively easily, though this will sacrifice a bit of purity. I'll certainly give that a try soonish

[infinisil]

Was able to fix it for https://github.com/niteoweb/nix-docker-base with teamniteo/nix-docker-base@0a5ceed, turns out it's a bit different for Nix. See also actions/checkout#334 (comment). Feel free to reuse this fix for docker-nixpkgs.

[zimbatm]

I am a bit torn. It allows running programs that didn't go through patchelf, which is both a bad and good thing. Depending if the binary was packaged by Nix or not.

I do a similar trick in the devcontainer image because VSCode injects their own binary as well:

docker-nixpkgs/images/devcontainer/default.nix

Lines 98 to 99 in a720d8e

	mkdir -p lib64
	ln -s ${glibc}/lib64/ld-linux-x86-64.so.2 lib64/ld-linux-x86-64.so.2

[sandangel]

hi, could we do this for other images? I would love to use the nixpkgs nix-unstable image in our CI, instead of devcontainer.

[CMCDragonkai]

@infinisil I noticed your https://github.com/niteoweb/nix-docker-base is deprecated. What are you doing for building docker container images for GitHub CI?

[infinisil]

Not using docker anymore really 😅