This is a very manual, slightly painful, unsupported path. It’s documented here just to help, not as a complete guide.

The short story is GitHub Actions hasn’t yet solved for this multi-user mac stuff can be a bit sketchy.

GitHub doesn’t explicitly state it, but their main supported path is to install as a single user on the machine without FileVault, set the user to auto-login, and the service will start at login

If you are using macOS FileVault (which encrypts the the disk), auto-login is disabled and you will have to manually log in after restart or disable startup securityLaunchAgent will not start the GitHub runner until this happens. Read more.

brew gets messy on multi-user accounts. You either need to modify install scripts or set up the new user to have sudo access to the existing user where brew is installed.

It’s risky to use the same login as a self-hosted runner

If you are determined to use the same machine for self-hosted runners as local dev, you’ll want to put the runner on another account. That’s because otherwise:

  • A malformed bash command might delete or modify your user data
  • Code signing in CI may get confused by your local keychain existing (despite it not having access)
  • Pluginval running in CI will popup a UI while you are working.

The more robust way of supporting multi-user would be to start the services at boot via LaunchDaemon, but it’s still an open issue and with a user-suggested hot fix that many are using.

Create a new gh-runner account

The long story: create a new user, for example gh-runner. You can view another example here, this is what I did:

sudo dscl . -create /Users/gh-runner
sudo dscl . -create /Users/gh-runner UserShell /bin/bash\n
sudo dscl . -create /Users/gh-runner RealName "GitHub runner"\n
sudo dscl . -create /Users/gh-runner UniqueID 502 
sudo dscl . -create /Users/gh-runner PrimaryGroupID 20
sudo dscl . -passwd /Users/gh-runner # will prompt u for new password

Note: I did not give it admin or sudo access. This isn’t necessary. Nothing in Pamplejuce requires this.

You should also see your new user in the UI.

Installing software needed

If you already had brew installed and you need it, you will need to go down an unsupported path to install a second installation. You will need to specify the specific path to the local brew when calling it.

However, you might not need brew anymore. Pamplejuce only used it for ninja, which you’ll need to manually install anyway.

This is what I did:

  • Download and install the non-brew version of https://git-lfs.com/.
  • Do the same with cmake, which installs a GUI app for some reason, after which you can run sudo "/Applications/CMake.app/Contents/bin/cmake-gui" --install
  • Grab the latest release of ninja and stick it in /usr/local/bin for all users to use. Run it, and tell macOS that’s it’s ok it’s not code signed (Settings > Privacy & Security)
  • Download and place 7zz in /usr/local/bin/7z for all users, run it and approve in Privacy & Security.
  • Same with sccache.

Leave a Reply

Your email address will not be published. Required fields are marked *