Black Github action causes subsequent actions to fail on self-hosted runner

[cjproud]

I'm running a couple of GHA jobs, one of them being the black formatter inside an Ubuntu container on a self-hosted runner. I've noticed that after running the black formatting action there are files leftover in the _actions directory that aren't owned by the runner's user but rather by root:

ne or more errors occurred. (Access to the path '/home/ubuntu/actions-runner/_work/_actions/psf/black/stable/.black-env/lib/python3.10/site-packages/black-23.3.0.dist-info/INSTALLER' is denied.) (Access to the path '/home/ubuntu/actions-runner/_work/_actions/psf/black/stable/.black-env/pyvenv.cfg' is denied.) (Access to the path '/home/ubuntu/actions-runner/_work/_actions/psf/black/stable/.black-env/lib64' is denied.) (Access to the path '/home/ubuntu/actions-runner/_work/_actions/psf/black/stable/.black-env/lib/python3.10/site-packages/mypy_extensions.py' is denied.) (Access to the path '/home/ubuntu/actions-runner/_work/_actions/psf/black/stable/.black-env/lib/python3.10/site-packages/black-23.3.0.dist-info/RECORD' is denied.) (Access to the path '/home/ubuntu/actions-runner/_work/_actions/psf/black/stable/.black-env/lib/python3.10/site-packages/black-23.3.0.dist-info/licenses/AUTHORS.md' is denied.) (Access to the path '/home/ubuntu/actions-runner/_work/_actions/psf/black/stable/.black-env/lib/python3.10/site-packages/2ec0e72aa72355e6eccf__mypyc.cpython-310-x86_64-linux-gnu.so' is denied.) (Access to the path '/home/ubuntu/actions-runner/_work/_actions/psf/black/stable/.black-env/lib/python3.10/site-packages/_black_version.py' is denied.) (Access to the path '/home/ubuntu/actions-runner/_work/_actions/psf/black/stable/.black-env/lib/python3.10/site-packages/black-23.3.0.dist-info/REQUESTED' is denied.) (Access to the path '/home/ubuntu/actions-runner/_work/_actions/psf/black/stable/.black-env/lib/python3.10/site-packages/colorama/winterm.py' is denied.) (Access to the path '/home/ubuntu/actions-runner/_work/_actions/psf/black/stable/.black-env/lib/python3.10/site-packages/colorama/__init__.py' is denied.) (Access to the path '/home/ubuntu/actions-runner/_work/_actions/psf/black/stable/.black-env/lib/python3.10/site-packages/colorama/win32.py' is denied.) (Access to the path '/home/ubuntu/actions-runner/_work/_actions/psf/black/stable/.black-env/lib/python3.10/site-packages/colorama/ansitowin32.py' is denied.) (Access to the path '/home/ubuntu/actions-runner/_work/_actions/psf/black/stable/.black-env/lib/python3.10/site-packages/colorama/ansi.py' is denied.) (Access to the path '/home/ubuntu/actions-runner/_work/_actions/psf/black/stable/.black-env/lib/python3.10/site-packages/colorama/tests/ansi_test.py' is denied.) (Access to the path '/home/ubuntu/actions-runner/_work/_actions/psf/black/stable/.black-env/lib/python3.10/site-packages/colorama/tests/initialise_test.py' is denied.)

If the GitHub Action runner isn't running as root, which the default isn't, subsequent actions will fail because they run as the action's user and not root with the error above. I can fix this by running the GitHub Action runner as root but that feels a bit suboptimal.

Has anyone else seen this behaviour? Appreciate your insight.

[swistakm]

Seen it. Fairly common and really annoying. Especially for larger organizations with shared runner infrastructure where it is impossible to make sure no one uses this action.

[JelleZijlstra]

Seems like we should just have some code in https://github.com/psf/black/blob/main/action/main.py that deletes ENV_PATH before exit. I would take a PR doing that.

[cjproud]

Hey guys,

I've made a PR here #3759 but have had a tough time replicating the issue. @swistakm could you try replicate this on your side with my fork (https://github.com/cjproud/black) or this PR?

[swistakm]

@cjproud the PR you've mentions seems to do the job.