From 2a2b7352f7f837c4bb2f5204a68462f9766190b3 Mon Sep 17 00:00:00 2001
From: j-dunham <j-dunham@github.com>
Date: Tue, 18 Jul 2023 11:39:29 -0400
Subject: [PATCH 1/2] Add flag to disable use of host network

---
 .../Services/DockerServiceTests.cs                | 15 ++++++++++-----
 src/ActionsImporter/App.cs                        |  2 ++
 src/ActionsImporter/Commands/Common.cs            |  8 ++++++++
 src/ActionsImporter/Commands/ContainerCommand.cs  |  4 ++--
 src/ActionsImporter/Interfaces/IDockerService.cs  |  2 +-
 src/ActionsImporter/Program.cs                    |  1 +
 src/ActionsImporter/Services/DockerService.cs     | 10 ++++++++--
 7 files changed, 32 insertions(+), 10 deletions(-)

diff --git a/src/ActionsImporter.UnitTests/Services/DockerServiceTests.cs b/src/ActionsImporter.UnitTests/Services/DockerServiceTests.cs
index d0f287d1..1d75d92e 100644
--- a/src/ActionsImporter.UnitTests/Services/DockerServiceTests.cs
+++ b/src/ActionsImporter.UnitTests/Services/DockerServiceTests.cs
@@ -103,6 +103,8 @@ public async Task ExecuteCommandAsync_InvokesDocker_ReturnsTrue()
         var server = "ghcr.io";
         var version = "latest";
         var arguments = new[] { "run", "this", "command" };
+        var noHostNetwork = false;
+
         _processService.Setup(handler =>
             handler.RunAsync(
                 "docker",
@@ -114,7 +116,7 @@ public async Task ExecuteCommandAsync_InvokesDocker_ReturnsTrue()
         ).Returns(Task.CompletedTask);
 
         // Act
-        await _dockerService.ExecuteCommandAsync(image, server, version, arguments);
+        await _dockerService.ExecuteCommandAsync(image, server, version, noHostNetwork, arguments);
 
         // Assert
         _processService.VerifyAll();
@@ -127,6 +129,7 @@ public async Task ExecuteCommandAsync_InvokesDocker_WithEnvironmentVariables_Ret
         var image = "actions-importer/cli";
         var server = "ghcr.io";
         var version = "latest";
+        var noHostNetwork = false;
         var arguments = new[] { "run", "this", "command" };
 
         Environment.SetEnvironmentVariable("GH_ACCESS_TOKEN", "foo");
@@ -144,7 +147,7 @@ public async Task ExecuteCommandAsync_InvokesDocker_WithEnvironmentVariables_Ret
         ).Returns(Task.CompletedTask);
 
         // Act
-        await _dockerService.ExecuteCommandAsync(image, server, version, arguments);
+        await _dockerService.ExecuteCommandAsync(image, server, version, noHostNetwork, arguments);
 
         // Assert
         _processService.VerifyAll();
@@ -157,6 +160,7 @@ public async Task ExecuteCommandAsync_InvokesDocker_WithAdditionalDockerArgument
         var image = "actions-importer/cli";
         var server = "ghcr.io";
         var version = "latest";
+        var noHostNetwork = false;
         var arguments = new[] { "run", "this", "command" };
 
         Environment.SetEnvironmentVariable("DOCKER_ARGS", "--network=host");
@@ -172,7 +176,7 @@ public async Task ExecuteCommandAsync_InvokesDocker_WithAdditionalDockerArgument
         ).Returns(Task.CompletedTask);
 
         // Act
-        await _dockerService.ExecuteCommandAsync(image, server, version, arguments);
+        await _dockerService.ExecuteCommandAsync(image, server, version, noHostNetwork, arguments);
 
         // Assert
         _processService.VerifyAll();
@@ -185,6 +189,7 @@ public async Task ExecuteCommandAsync_InvokesDocker_OnLinuxOS_ReturnsTrue()
         var image = "actions-importer/cli";
         var server = "ghcr.io";
         var version = "latest";
+        var noHostNetwork = true;
         var arguments = new[] { "run", "this", "command" };
 
         _runtimeService.Setup(handler => handler.IsLinux).Returns(true);
@@ -200,7 +205,7 @@ public async Task ExecuteCommandAsync_InvokesDocker_OnLinuxOS_ReturnsTrue()
         _processService.Setup(handler =>
             handler.RunAsync(
                 "docker",
-                $"run --rm -t --network=host -e USER_ID=50 -e GROUP_ID=100 -v \"{Directory.GetCurrentDirectory()}\":/data {server}/{image}:{version} {string.Join(' ', arguments)}",
+                $"run --rm -t -e USER_ID=50 -e GROUP_ID=100 -v \"{Directory.GetCurrentDirectory()}\":/data {server}/{image}:{version} {string.Join(' ', arguments)}",
                 Directory.GetCurrentDirectory(),
                 new[] { new ValueTuple<string, string>("MSYS_NO_PATHCONV", "1") },
                 true
@@ -208,7 +213,7 @@ public async Task ExecuteCommandAsync_InvokesDocker_OnLinuxOS_ReturnsTrue()
         ).Returns(Task.CompletedTask);
 
         // Act
-        await _dockerService.ExecuteCommandAsync(image, server, version, arguments);
+        await _dockerService.ExecuteCommandAsync(image, server, version, noHostNetwork, arguments);
 
         // Assert
         _processService.VerifyAll();
diff --git a/src/ActionsImporter/App.cs b/src/ActionsImporter/App.cs
index 1488daab..560ea21e 100644
--- a/src/ActionsImporter/App.cs
+++ b/src/ActionsImporter/App.cs
@@ -14,6 +14,7 @@ public class App
     private readonly IConfigurationService _configurationService;
 
     public bool IsPrerelease { get; set; }
+    public bool NoHostNetwork { get; set; }
 
     private string ImageTag => IsPrerelease ? "pre" : "latest";
 
@@ -53,6 +54,7 @@ await _dockerService.ExecuteCommandAsync(
             ActionsImporterImage,
             ActionsImporterContainerRegistry,
             ImageTag,
+            NoHostNetwork,
             args.Select(x => x.EscapeIfNeeded()).ToArray()
         );
         return 0;
diff --git a/src/ActionsImporter/Commands/Common.cs b/src/ActionsImporter/Commands/Common.cs
index 0f025283..9043255b 100644
--- a/src/ActionsImporter/Commands/Common.cs
+++ b/src/ActionsImporter/Commands/Common.cs
@@ -19,6 +19,12 @@ public static class Common
         IsHidden = true
     };
 
+    public static readonly Option<bool> NoHostNetwork = new("--no-host-network")
+    {
+        Description = "Disable using host network.",
+        IsRequired = false,
+    };
+
     public static Command AppendTransformerOptions(this Command command)
     {
         ArgumentNullException.ThrowIfNull(command);
@@ -149,6 +155,8 @@ public static Command AppendGeneralOptions(this Command command)
 
         command.AddGlobalOption(Prerelease);
 
+        command.AddGlobalOption(NoHostNetwork);
+
         return command;
     }
 
diff --git a/src/ActionsImporter/Commands/ContainerCommand.cs b/src/ActionsImporter/Commands/ContainerCommand.cs
index ca756092..9333418c 100644
--- a/src/ActionsImporter/Commands/ContainerCommand.cs
+++ b/src/ActionsImporter/Commands/ContainerCommand.cs
@@ -10,8 +10,8 @@ public abstract class ContainerCommand : BaseCommand
 
     protected ContainerCommand(string[] args)
     {
-        // Don't forward the --prerelease flag to GitHub Actions Importer image
-        _args = args.Where(arg => !arg.Contains(Common.Prerelease.Name, StringComparison.Ordinal)).ToArray();
+        // Don't forward the --prerelease or --no-host-network flag to GitHub Actions Importer image
+        _args = args.Where(arg => !arg.Contains(Common.Prerelease.Name, StringComparison.Ordinal) && !arg.Contains(Common.NoHostNetwork.Name, StringComparison.Ordinal)).ToArray();
     }
 
     protected abstract ImmutableArray<Option> Options { get; }
diff --git a/src/ActionsImporter/Interfaces/IDockerService.cs b/src/ActionsImporter/Interfaces/IDockerService.cs
index 607ea1e9..a93fb328 100644
--- a/src/ActionsImporter/Interfaces/IDockerService.cs
+++ b/src/ActionsImporter/Interfaces/IDockerService.cs
@@ -6,7 +6,7 @@ public interface IDockerService
 {
     Task UpdateImageAsync(string image, string server, string version);
 
-    Task ExecuteCommandAsync(string image, string server, string version, params string[] arguments);
+    Task ExecuteCommandAsync(string image, string server, string version, bool noHostNetwork, params string[] arguments);
 
     Task<List<Feature>> GetFeaturesAsync(string image, string server, string version);
 
diff --git a/src/ActionsImporter/Program.cs b/src/ActionsImporter/Program.cs
index 07317b93..abe39bbf 100644
--- a/src/ActionsImporter/Program.cs
+++ b/src/ActionsImporter/Program.cs
@@ -51,6 +51,7 @@
 
 var parsedArguments = parser.Parse(args);
 app.IsPrerelease = parsedArguments.HasOption(Common.Prerelease);
+app.NoHostNetwork = parsedArguments.HasOption(Common.NoHostNetwork);
 
 var testCommandOnly = Environment.GetEnvironmentVariable("TEST_COMMAND_ONLY");
 if (testCommandOnly != null && testCommandOnly.ToUpperInvariant() == "TRUE")
diff --git a/src/ActionsImporter/Services/DockerService.cs b/src/ActionsImporter/Services/DockerService.cs
index 5826aaa1..86650990 100644
--- a/src/ActionsImporter/Services/DockerService.cs
+++ b/src/ActionsImporter/Services/DockerService.cs
@@ -21,12 +21,18 @@ public Task UpdateImageAsync(string image, string server, string version)
         return DockerPullAsync(image, server, version);
     }
 
-    public async Task ExecuteCommandAsync(string image, string server, string version, params string[] arguments)
+    public async Task ExecuteCommandAsync(string image, string server, string version, bool noHostNetwork, params string[] arguments)
     {
         var actionsImporterArguments = new List<string>
         {
-            "run --rm -t --network=host"
+            "run --rm -t"
         };
+
+        if (!noHostNetwork)
+        {
+            actionsImporterArguments.Add("--network=host");
+        }
+
         actionsImporterArguments.AddRange(GetEnvironmentVariableArguments());
 
         var dockerArgs = Environment.GetEnvironmentVariable("DOCKER_ARGS");

From ecf894cb2678f5732314bf4893a60ce039cf9d1f Mon Sep 17 00:00:00 2001
From: j-dunham <j-dunham@github.com>
Date: Tue, 18 Jul 2023 13:05:37 -0400
Subject: [PATCH 2/2] Update src/ActionsImporter/Commands/Common.cs

Co-authored-by: Ethan Dennis <ethanis@github.com>
---
 src/ActionsImporter/Commands/Common.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ActionsImporter/Commands/Common.cs b/src/ActionsImporter/Commands/Common.cs
index 9043255b..88e26b16 100644
--- a/src/ActionsImporter/Commands/Common.cs
+++ b/src/ActionsImporter/Commands/Common.cs
@@ -21,7 +21,7 @@ public static class Common
 
     public static readonly Option<bool> NoHostNetwork = new("--no-host-network")
     {
-        Description = "Disable using host network.",
+        Description = "Use docker's default bridge network instead of the host machine's network.",
         IsRequired = false,
     };