feat: add configurable bind_workdir option for DinD setups

When running in Docker-in-Docker mode, workspace directories are created as Docker volumes which are not accessible from the DinD daemon's filesystem. This causes docker compose bind mounts like ".:/app" to resolve to empty directories. Add a `container.bind_workdir` configuration option that exposes the existing nektos/act `BindWorkdir` setting. When enabled, workspaces are bind-mounted from the host filesystem instead of using Docker volumes, making them accessible to nested Docker operations. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-02 10:16:01 +01:00 · 2026-03-02 10:16:01 +01:00 · 0bae040917
parent 5dd5436169
commit 0bae040917
3 changed files with 8 additions and 1 deletions
--- a/internal/app/run/runner.go
+++ b/internal/app/run/runner.go
@ -200,7 +200,7 @@ func (r *Runner) run(ctx context.Context, task *runnerv1.Task, reporter *report.
 		// On Linux, Workdir will be like "/<parent_directory>/<owner>/<repo>"
 		// On Windows, Workdir will be like "\<parent_directory>\<owner>\<repo>"
 		Workdir:        filepath.FromSlash(fmt.Sprintf("/%s/%s", strings.TrimLeft(r.cfg.Container.WorkdirParent, "/"), preset.Repository)),
-		BindWorkdir:    false,
+		BindWorkdir:    r.cfg.Container.BindWorkdir,
 		ActionCacheDir: filepath.FromSlash(r.cfg.Host.WorkdirParent),

 		ReuseContainers:       false,
--- a/internal/pkg/config/config.example.yaml
+++ b/internal/pkg/config/config.example.yaml
@ -103,6 +103,12 @@ container:
  require_docker: false
  # Timeout to wait for the docker daemon to be reachable, if docker is required by require_docker or act_runner
  docker_timeout: 0s
+  # Bind the workspace to the host filesystem instead of using Docker volumes.
+  # This is required for Docker-in-Docker (DinD) setups when jobs use docker compose
+  # with bind mounts (e.g., ".:/app"), as volume-based workspaces are not accessible
+  # from the DinD daemon's filesystem. When enabled, ensure the workspace parent
+  # directory is also mounted into the runner container and listed in valid_volumes.
+  bind_workdir: false

 host:
  # The parent directory of a job's working directory.
--- a/internal/pkg/config/config.go
+++ b/internal/pkg/config/config.go
@ -57,6 +57,7 @@ type Container struct {
 	ForceRebuild  bool          `yaml:"force_rebuild"`  // Rebuild docker image(s) even if already present
 	RequireDocker bool          `yaml:"require_docker"` // Always require a reachable docker daemon, even if not required by act_runner
 	DockerTimeout time.Duration `yaml:"docker_timeout"` // Timeout to wait for the docker daemon to be reachable, if docker is required by require_docker or act_runner
+	BindWorkdir   bool          `yaml:"bind_workdir"`   // BindWorkdir binds the workspace to the host filesystem instead of using Docker volumes. Required for DinD when jobs use docker compose with bind mounts.
 }

 // Host represents the configuration for the host.