From 9358a3a8903d6527767eb4f7094f1d2a6e39edee Mon Sep 17 00:00:00 2001
From: Paul Pacheco <paulpach@gmail.com>
Date: Fri, 11 Mar 2022 11:18:18 -0600
Subject: [PATCH 1/2] feat: compatibility with self-hosted runners with SELinux
 (#355)

* feat: compatibility with self-hosted runners with SELinux

When using a self-hosted runner with SELinux (fedora)
volumes need to be mounted with ":z" in order to have write access

these flags are documented [here](https://docs.docker.com/storage/bind-mounts/#configure-the-selinux-label)

* Ensure folders are created

* use if instead of short circuit

* ts convention either inline or use braces

* Fix linting

* fix linting errors

Co-authored-by: Webber Takken <webber.nl@gmail.com>
---
 src/model/docker.ts | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/src/model/docker.ts b/src/model/docker.ts
index 5d22f8a0..4b77a9a6 100644
--- a/src/model/docker.ts
+++ b/src/model/docker.ts
@@ -1,14 +1,16 @@
 import { exec } from '@actions/exec';
 import ImageTag from './image-tag';
 import ImageEnvironmentFactory from './image-environment-factory';
+import { existsSync, mkdirSync } from 'fs';
+import path from 'path';
 
 class Docker {
   static async build(buildParameters, silent = false) {
-    const { path, dockerfile, baseImage } = buildParameters;
+    const { path: buildPath, dockerfile, baseImage } = buildParameters;
     const { version, platform } = baseImage;
 
     const tag = new ImageTag({ repository: '', name: 'unity-builder', version, platform });
-    const command = `docker build ${path} \
+    const command = `docker build ${buildPath} \
       --file ${dockerfile} \
       --build-arg IMAGE=${baseImage} \
       --tag ${tag}`;
@@ -41,16 +43,22 @@ class Docker {
 
   static getBaseOsSpecificArguments(baseOs, workspace, unitySerial, runnerTemporaryPath, sshAgent): string {
     switch (baseOs) {
-      case 'linux':
+      case 'linux': {
+        const githubHome = path.join(runnerTemporaryPath, '_github_home');
+        if (!existsSync(githubHome)) mkdirSync(githubHome);
+        const githubWorkflow = path.join(runnerTemporaryPath, '_github_workflow');
+        if (!existsSync(githubWorkflow)) mkdirSync(githubWorkflow);
+
         return `--env UNITY_SERIAL \
                 --env GITHUB_WORKSPACE=/github/workspace \
                 ${sshAgent ? '--env SSH_AUTH_SOCK=/ssh-agent' : ''} \
-                --volume "/var/run/docker.sock":"/var/run/docker.sock" \
-                --volume "${runnerTemporaryPath}/_github_home":"/root" \
-                --volume "${runnerTemporaryPath}/_github_workflow":"/github/workflow" \
-                --volume "${workspace}":"/github/workspace" \
+                --volume "/var/run/docker.sock":"/var/run/docker.sock:z" \
+                --volume "${githubHome}":"/root:z" \
+                --volume "${githubWorkflow}":"/github/workflow:z" \
+                --volume "${workspace}":"/github/workspace:z" \
                 ${sshAgent ? `--volume ${sshAgent}:/ssh-agent` : ''} \
                 ${sshAgent ? '--volume /home/runner/.ssh/known_hosts:/root/.ssh/known_hosts:ro' : ''}`;
+      }
       case 'win32':
         return `--env UNITY_SERIAL="${unitySerial}" \
                 --env GITHUB_WORKSPACE=c:/github/workspace \

From efa2eddee9e2153e03d13253bfffd42a448a7004 Mon Sep 17 00:00:00 2001
From: Frostebite <jas.f.ukcmti@gmail.com>
Date: Tue, 15 Mar 2022 23:09:38 +0000
Subject: [PATCH 2/2] Update cloud-runner-aws-pipeline.yml

---
 .github/workflows/cloud-runner-aws-pipeline.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/cloud-runner-aws-pipeline.yml b/.github/workflows/cloud-runner-aws-pipeline.yml
index 0d1fc858..45341a4d 100644
--- a/.github/workflows/cloud-runner-aws-pipeline.yml
+++ b/.github/workflows/cloud-runner-aws-pipeline.yml
@@ -86,10 +86,10 @@ jobs:
                 aws configure set region $AWS_DEFAULT_REGION --profile default
                 aws s3 ls
                 aws s3 ls game-ci-test-storage
-                ls /data/cache/$BRANCH
-                echo "/data/cache/$BRANCH/build-$BUILD_GUID.zip s3://game-ci-test-storage/$BRANCH/$BUILD_FILE"
-                aws s3 cp /data/cache/$BRANCH/build-$BUILD_GUID.zip s3://game-ci-test-storage/$BRANCH/build-$BUILD_GUID.zip
-                aws s3 cp /data/cache/$BRANCH s3://game-ci-test-storage/$BRANCH/$BUILD_GUID
+                ls /data/cache/$CACHE_KEY
+                echo "/data/cache/$CACHE_KEY/build-$BUILD_GUID.zip s3://game-ci-test-storage/$CACHE_KEY/$BUILD_FILE"
+                aws s3 cp /data/cache/$CACHE_KEY/build-$BUILD_GUID.zip s3://game-ci-test-storage/$CACHE_KEY/build-$BUILD_GUID.zip
+                aws s3 cp /data/cache/$CACHE_KEY s3://game-ci-test-storage/$CACHE_KEY/$BUILD_GUID
               secrets:
               - name: awsAccessKeyId
                 value: ${{ secrets.AWS_ACCESS_KEY_ID }}