0

Problem

I am running .NET Framework SDK to run GitHub Actions to build Releases of a project. I need to be able to copy the built project files from the Docker Container to the host and beyond to an external server.

On a non-Docker runner I was able to use the following command in PowerShell to copy the files: Copy-Item -Path "./ReleaseFolder*" -Destination "\\SERVERNAME\Destination" -Recurse -Force -PassThru

However, when running from within Docker, I get the following error:

Copy-Item : Access is denied
At C:\actions-runner\_work\_temp\58a0d5f5-1c21-468a-9cc1-6add157ef7da.ps1:2 char:1
+ Copy-Item -Path "./ReleaseFolder*" -Destination "\\SERVERNAME\Destination"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Copy-Item], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.CopyItemCommand

Error: Process completed with exit code 1.

What I have tried

I have tried turning off my firewall to see if that is the issue, but no luck.

I have also tried using the IP Address of the host (which I am able to ping) Copy-Item -Path "./ReleaseFolder*" -Destination "\\192.168.0.1\Destination" -Recurse -Force -PassThru But I get the same error message.

Through some googling I found host.docker.internal but I am unable to even ping it.

I am aware of the concept of volumes as a potential solution, as discussed in this question. However, since I need to copy beyond the host, to an external server, this does not solve my problem.

How do I allow access for the Docker Container to copy files to its host and beyond? Or is there a different way that I should be doing this?

Tyler
  • 85
  • 8
  • Does this answer your question? [Docker: Copying files from Docker container to host](https://stackoverflow.com/questions/22049212/docker-copying-files-from-docker-container-to-host) – β.εηοιτ.βε Nov 09 '22 at 20:07
  • My guess is that access to `\\SERVERNAME\Destination` is restricted to users in your AD domain. When the container user tries to access the directory, it doesn't have valid Windows credentials and is denied access. When you copy the file outside of a container, your Windows credentials are used and access is allowed. – Hans Kilian Nov 09 '22 at 20:47
  • @β.εηοιτ.βε No, because I would like the copy command to be run from within the container – Tyler Nov 09 '22 at 21:04
  • @HansKilian I am also unable to copy directly to the host computer from within the container, with the same error message. So, while it may be part of the problem, I am doubtful that this is the full issue. – Tyler Nov 09 '22 at 21:21
  • Do you have anonymous access allowed on your local share? I.e. 'everyone' is allowed to write to the share. – Hans Kilian Nov 09 '22 at 21:26

1 Answers1

1

When building inside a container, the standard approach is:

  1. Create a directory on the host, like output/, where you want the files
  2. Mount output/ in the container, obviously as RW (or use volumes if you want), some place like /host_output/
  3. In your container, make sure it's saving the artifacts in /host_output/

Your container will not be aware that anything special is happening, but when it naively builds into "just a directory", the files will "magically" appear on the host as well.

If you have an existing container where you cannot mess with the Dockerfile, then you can pull out individual files with something like docker exec foo_container cat /container_output/some_file.bin > /host_output/some_file.bin (the > is not part of docker exec, it will run on the host's shell). This is most useful for troubleshooting, the mount method is much less tedious and error-prone.

Dommondke
  • 307
  • 1
  • 8
  • This seems like a good option, but I want to copy to a directory on an external server. Is there a way to mount the external server as a volume for the container? I've played around with this a little, but keep getting the message "Error invoking remote method 'docker-run-container': Error: (HTTP code 500) server error - invalid volume specification" – Tyler Nov 09 '22 at 21:07
  • well if this was easy containers would not be safe - "breaking out of virtualisation jails" is an attack vector, and being able to write to a random directory would definitely be a vulnerable thing in my book. – JoSSte Nov 10 '22 at 20:44
  • @Tyler I'm not familiar with Windows, but on Linux you can use sshfs to mount the remote dir and it will look like any other folder on your disk (albeit slow). However, this is a bad approach. Either pull the container on the remote server and build there, or add `RUN rsync blah blah blah` as a final step to your container. – Dommondke Nov 11 '22 at 22:20