0

I have a self-hosted GitHub Action Runner that builds a Visual Studio solution and then launches a powershell script that lives inside the repo. This script modifies some files in the repo. I would like these modified files to also be copied to a folder outside the GitHub Action Runner directory as the last step of my action within my PC (Windows 10). This is what the launched script looks like:

$scriptFile = Get-Item ".\SFDScripts\Internal\Hardcore\Hardcore.cs"
$maps = Get-ChildItem ".\SFDScripts\Internal\Hardcore\Maps\"

foreach ($map in $maps) {

    if ($map.PSIsContainer) { continue }

    # This modifies the file at {$map.FullName}
    SFDScriptInjector $scriptFile.FullName $map.FullName 

    # Then I want to copy that file to a specific directory on the device where the GitHub Action Runner runs
    Copy-Item $map.FullName "C:\Users\juans\OneDrive\Documents\Superfighters Deluxe\Maps\Custom"
}

I am currently getting an error at the Copy-Item $map.FullName "C:\Users\juans\OneDrive\Documents\Superfighters Deluxe\Maps\Custom" line. The error is the following

Copy-Item : Access is denied
At E:\actions-runner\_work\SFDScripts\SFDScripts\injectScriptToAllMaps.ps1:7 char:5
+     Copy-Item $map.FullName "C:\Users\juans\OneDrive\Documents\Superf ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Copy-Item], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.CopyItemCommand
 
Error: Process completed with exit code 1.

I also tried running the script using this run_as.ps1 script. This allows the Action to finish without errors, but the files are still not copied (I'm guessing it fails silently inside the new instance of powershell.

Here is the .yml action file at its current state.

I can't find out how to give access to the github runner to modify external directories. So, how can I make it to copy the file to an external directory?

Juansero29
  • 231
  • 2
  • 10
  • Did you try using SUDO on your github action workflow with the Copy-Item line? – GuiFalourd Mar 27 '21 at 16:25
  • SUDO doesn't exist in powershell... or is there an alternative? – Juansero29 Mar 27 '21 at 16:26
  • I found some orientations here for sudo equivalent with powershell: https://stackoverflow.com/questions/55314557/how-to-sudo-on-powershell-on-windows – GuiFalourd Mar 27 '21 at 16:29
  • Has your Powershell script have the “execute” filesystem permission set? (could be similar to this issue as well: https://github.community/t/action-showing-permission-denied/134957) – GuiFalourd Mar 27 '21 at 16:32
  • Interesting. Does the github action run from powershell already though? I mean, when you do something like this: `run: msbuild $env:Solution_Name /t:Restore` does it run inside powershell if this is a self-hosted runner running on windows? Or does it run in cmd, or something else? – Juansero29 Mar 27 '21 at 16:33
  • So I modified the run to this: `Start-Process -Verb RunAs powershell.exe -Args "-executionpolicy bypass -command Set-Location \`"$PWD\`"; .\injectScriptToAllMaps.ps1"` and it is the same behavior as with `.\run_as.ps1`. I also run this command based on the second link you sent me : `git update-index --chmod=+x .\injectScriptToAllMaps.ps1`. Now the action doesn't fail but the files are not modified nor copied to the destination directory... so it doesn't really help :/ – Juansero29 Mar 27 '21 at 16:45
  • The default shell for windows is pwsh (https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#using-a-specific-shell) so you don't have to specify it in the build with something like shell: pwsh (this could be used for non-windows). I found this action that could also help if necessary: https://github.com/marketplace/actions/powershell-script – GuiFalourd Mar 27 '21 at 16:45
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/230451/discussion-between-juansero29-and-guifalourd). – Juansero29 Mar 27 '21 at 17:09

1 Answers1

0

What needs to be changed is actually the concerned folder Security parameters. In this case I went to the folder at "C:\Users\juans\OneDrive\Documents\Superfighters Deluxe\Maps\Custom" then did the following:

  1. Right Click on folder > Properties > Security Tab > Advanced > Add > Select a principal > Advanced... > Find Now
  2. In the list under Search Results: search for an entity with a name like GITHUB_ActionsRunner_[short-id].
  3. OK > OK
  4. Choose the permissions you want the Github Action Runner to have on this folder, in my case: Full Control
  5. OK > OK > OK

Then I re runned the Github Action, and the script was launched without any problems

Juansero29
  • 231
  • 2
  • 10