GitHub-actions sonarqube-scan-action failing with local runners

We would like to trigger sonarqube scan for a GitHub Actions executed on a local runner. with the following environment:

However, the action is failing because the container wants to run it as root despite the warning raised in the link line 12.

“Docker actions must be run by the default Docker user (root). Do not use the USER instruction in your Dockerfile, because you won’t be able to access the GITHUB_WORKSPACE.”

The first run seems to works fine, however, all subsequent call will fail because the workspace is owner by root and the runner is not privileged enough to delete it.

Do you have any idea on how to bypass this issue?

Thanks in advance,

Hi @abeche,

As the GitHub Action documentation states:

Docker actions must be run by the default Docker user (root).

So, even if we are indeed using USER here to enforce root, us removing this line will not solve your issue. The files in the workspace will still be owned by root.

The technical (and historical) reason for putting that USER line in the Dockerfile is because this image extends sonarsource/sonar-scanner-cli. And that image used to have a USER directive as well, which was different from root. So in order for the GitHub Action to work as expected, we had to override it to root.

Today, this isn’t the case anymore; we removed the USER directive from sonarsource/sonar-scanner-cli. So we could update the sonarqube-scan-action and remove the USER line over there as well. But as I wrote above, this wouldn’t really solve your problem: GitHub will still run the action as root :man_shrugging:.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.