This is a very manual, slightly painful, unsupported path. It’s documented here just to help, not as a complete guide.
The short story is GitHub Actions hasn’t yet solved for this multi-user mac stuff can be a bit sketchy.
GitHub doesn’t explicitly state it, but their main supported path is to install as a single user on the machine without FileVault, set the user to auto-login, and the service will start at login
If you are using macOS FileVault (which encrypts the the disk), auto-login is disabled and you will have to manually log in after restart or disable startup security — LaunchAgent
will not start the GitHub runner until this happens. Read more.
brew
gets messy on multi-user accounts. You either need to modify install scripts or set up the new user to have sudo access to the existing user where brew
is installed.
It’s risky to use the same login as a self-hosted runner
If you are determined to use the same machine for self-hosted runners as local dev, you’ll want to put the runner on another account. That’s because otherwise:
- A malformed bash command might delete or modify your user data
- Code signing in CI may get confused by your local keychain existing (despite it not having access)
- Pluginval running in CI will popup a UI while you are working.
The more robust way of supporting multi-user would be to start the services at boot via LaunchDaemon
, but it’s still an open issue and with a user-suggested hot fix that many are using.
Create a new gh-runner account
The long story: create a new user, for example gh-runner
. You can view another example here, this is what I did:
sudo dscl . -create /Users/gh-runner
sudo dscl . -create /Users/gh-runner UserShell /bin/bash\n
sudo dscl . -create /Users/gh-runner RealName "GitHub runner"\n
sudo dscl . -create /Users/gh-runner UniqueID 502
sudo dscl . -create /Users/gh-runner PrimaryGroupID 20
sudo dscl . -passwd /Users/gh-runner # will prompt u for new password
Note: I did not give it admin or sudo access. This isn’t necessary. Nothing in Pamplejuce requires this.
You should also see your new user in the UI.
Installing software needed
If you already had brew
installed and you need it, you will need to go down an unsupported path to install a second installation. You will need to specify the specific path to the local brew
when calling it.
However, you might not need brew anymore. Pamplejuce only used it for ninja, which you’ll need to manually install anyway.
This is what I did:
- Download and install the non-brew version of
https://git-lfs.com/
. - Do the same with
cmake
, which installs a GUI app for some reason, after which you can runsudo "/Applications/CMake.app/Contents/bin/cmake-gui" --install
- Grab the latest release of
ninja
and stick it in/usr/local/bin
for all users to use. Run it, and tell macOS that’s it’s ok it’s not code signed (Settings
>Privacy & Security
) - Download and place 7zz in
/usr/local/bin/7z
for all users, run it and approve in Privacy & Security. - Same with sccache.
Leave a Reply