fix: merge --container-options with job container.options#6111
Open
elijahr wants to merge 1 commit into
Open
Conversation
When a job declares a container: block, RunContext.options() returned
only the job's YAML container.options and silently discarded the CLI
--container-options flag. The flag was therefore honored only for jobs
without a container: block, contradicting its documented purpose
("...for the job container without an options property in the job
definition").
options() now appends the CLI --container-options after the job's
interpolated container.options. act feeds the combined string to docker's
single flag parser, so scalar flags from the CLI win conflicts (last
value) and repeatable flags (--cap-add, --security-opt, -v, ...)
accumulate -- matching Docker Compose merge semantics (scalars override,
sequences concatenate). Jobs without a container: block and jobs without
the CLI flag are unaffected.
This lets operators inject local-only container options (e.g. --privileged
--security-opt seccomp=unconfined for ThreadSanitizer, which needs
personality(ADDR_NO_RANDOMIZE)) without editing the committed workflow,
even when the job pins its own image via a container: block.
Adds TestRunContextOptions covering merge ordering, the empty-options bug
case, the no-container-block and no-flag no-regression cases,
interpolation, and multi-token merge.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
--container-optionswas ignored for any job with acontainer:block —options()returned the job's YAMLcontainer.optionsand never looked at the CLI flag, so it only worked for jobs without a container block.This merges them: job options first, CLI flag last, through docker's normal flag parsing (CLI scalars override, repeatable flags stack — same as compose). Jobs with no container block, or no flag, behave exactly as before.
Handy for injecting local-only options like
--privileged --security-opt seccomp=unconfinedwithout committing them to the workflow. Added tests inrun_context_test.go.