nixos/github-runners: clean workDir as root

Purge contents of `workDir` as root to also allow the removal of files marked as read-only. It is easy to create read-only files in `workDir`, e.g., by copying files from the Nix store.
2023-02-23 08:41:06 +01:00
parent 79e0d204e2
commit 36949b9718
1 changed files with 2 additions and 3 deletions
--- a/nixos/modules/services/continuous-integration/github-runner/service.nix
+++ b/nixos/modules/services/continuous-integration/github-runner/service.nix
@@ -124,6 +124,8 @@ in
              # The state directory is entirely empty which indicates a first start
              copy_tokens
            fi
+            # Always clean workDir
+            find -H "$WORK_DIRECTORY" -mindepth 1 -delete
          '';
          configureRunner = writeScript "configure" ''
            if [[ -e "${newConfigTokenPath}" ]]; then
@@ -159,9 +161,6 @@ in
            fi
          '';
          setupWorkDir = writeScript "setup-work-dirs" ''
-            # Cleanup previous service
-            ${pkgs.findutils}/bin/find -H "$WORK_DIRECTORY" -mindepth 1 -delete
-
            # Link _diag dir
            ln -s "$LOGS_DIRECTORY" "$WORK_DIRECTORY/_diag"