Just this week I tried giving this another chance to debug some weird CI failures for ruby tests.
I’m on M-series macs so there is an inherent platform mismatch. That coupled with us using depot images as action runners. I was never able to get it running past the dry-run stage.
There is just a lot of differences between CI runners and my local docker images.
I even gave the image from catthehacker a try. Which is like >15GB. It still wouldn’t run.
Finally gave up.
It’s even worse than that, it’s 20GB compressed and 60GB uncompressed. Regardless, if your VM runs out of disk space there’s no meaningful error (well 12 months ago) except a failure to start. (Possibly colima-specific I dunno I uninstalled docker-docker)
I do find that some things just work locally and fail in real actions and vice versa. For the most part it’s made it easier to move the bar forward though.
In my experience (and as reflected by the comments on this post already), trying to run complex CI workflow locally is a fairly hopeless enterprise. If you have a fully containerized workflow, you might be able to get close, but even then ensuring you have all of your CI specific environment variables is often not a trivial task, and if your workflow orchestrates things across tasks (e.g. one task uploads an artifact and another task uses that artifact) you'll have a hard time reproducing exactly what is happening in CI. My company (RWX) builds a GitHub Actions competitor and we intentionally do not support local execution -- instead we focused on making it easy to kick off remote builds from your local machine without having to do a `git push` and we made it easy to grab an SSH session before, during, or after a running task to inspect things in the exact build environment that your workflow is running.
WARNING: act is great if you use docker. Act does not support podman.
Issues or discussions related to providing support/coverage/compatibility/workarounds for podman are closed with a terse message. Unusual for an open source project.
I've wanted this so much! My main questions are about permissions. I use environment-specific variables and secrets, I would need to reconfigure them locally and didn't see how. The other issue is workload identity federation.
could you just source vars from an .env file? maybe a bit more work to get the secrets pulled down. i guess ideally you'd want to be able to pull those values directly from github as an option (including secrets) if that's your primary source of truth.
In GitHub we use an OIDC token to access some AWS resources. Locally I need to populate tokens etc and so I have an `if: ${{ACT}}` and a not condition to populate it.
You don't get vendor lock in if you're able to run GHA on any compute you'd like (yes, I'm aware of self-hosted runners, and even that their Packer code is open source. That doesn't make it easy to use GHA outside of github.com)
Just this week I tried giving this another chance to debug some weird CI failures for ruby tests. I’m on M-series macs so there is an inherent platform mismatch. That coupled with us using depot images as action runners. I was never able to get it running past the dry-run stage. There is just a lot of differences between CI runners and my local docker images. I even gave the image from catthehacker a try. Which is like >15GB. It still wouldn’t run. Finally gave up.
It’s even worse than that, it’s 20GB compressed and 60GB uncompressed. Regardless, if your VM runs out of disk space there’s no meaningful error (well 12 months ago) except a failure to start. (Possibly colima-specific I dunno I uninstalled docker-docker)
I do find that some things just work locally and fail in real actions and vice versa. For the most part it’s made it easier to move the bar forward though.
Something like this may help by letting you ssh into the running instance so you can debug with the exact context: https://docs.warpbuild.com/tools/action-debugger
In my experience (and as reflected by the comments on this post already), trying to run complex CI workflow locally is a fairly hopeless enterprise. If you have a fully containerized workflow, you might be able to get close, but even then ensuring you have all of your CI specific environment variables is often not a trivial task, and if your workflow orchestrates things across tasks (e.g. one task uploads an artifact and another task uses that artifact) you'll have a hard time reproducing exactly what is happening in CI. My company (RWX) builds a GitHub Actions competitor and we intentionally do not support local execution -- instead we focused on making it easy to kick off remote builds from your local machine without having to do a `git push` and we made it easy to grab an SSH session before, during, or after a running task to inspect things in the exact build environment that your workflow is running.
WARNING: act is great if you use docker. Act does not support podman.
Issues or discussions related to providing support/coverage/compatibility/workarounds for podman are closed with a terse message. Unusual for an open source project.
I've wanted this so much! My main questions are about permissions. I use environment-specific variables and secrets, I would need to reconfigure them locally and didn't see how. The other issue is workload identity federation.
Secrets can be loaded from a file.
https://nektosact.com/usage/index.html?highlight=Secret#secr...
could you just source vars from an .env file? maybe a bit more work to get the secrets pulled down. i guess ideally you'd want to be able to pull those values directly from github as an option (including secrets) if that's your primary source of truth.
Lots of changes have to be made to your github action workflow to actually make this work properly.
What things have you needed to change? Can't say I've ever needed to do that but of course I've only used it on a few projects.
In GitHub we use an OIDC token to access some AWS resources. Locally I need to populate tokens etc and so I have an `if: ${{ACT}}` and a not condition to populate it.
It's amazing that Microsoft built a whole IDE and programming environment for builds but left all the debugging tools up to the community.
You don't get vendor lock in if you're able to run GHA on any compute you'd like (yes, I'm aware of self-hosted runners, and even that their Packer code is open source. That doesn't make it easy to use GHA outside of github.com)