Self hosted runner asks for password

[alexandru-calinoiu]

When running in a self-hosted runner it asks for the password of the current user. Any ideas on how to work around it?

[maxim-lobanov]

It is by design behavior because command to switch Xcode should be run with sudo. If you will switch Xcode without this action, you will face with the same issue.
On Hosted Runners, we have passwordless sudo. (Link 1), (Link 2).

Probably, you can disable password for sudo on your self-hosted agent. I have seen a lot of self-hosted agents with disabled sudo but you should take security concern into account (how this agent is used, who has an access to it and etc)

[alexandru-calinoiu]

Got it, thanks for the answer.

[vanyasem]

Github-provided runners allow full sudo access without password, while self-hosted runners usually require entering password in order to execute commands with sudo

Disabling password for executing commands with sudo is a major security risk, and I recommend against it
You can override the default sudo behavior for a single command, allowing only that command to be executed without being prompted for the password

In our case, the command in question is xcode-select

Execute sudo visudo, and add the following lines to the sudoers file:

## No pw for xcode-select
%admin ALL=(ALL) NOPASSWD: /usr/bin/xcode-select

See https://stackoverflow.com/a/63602993 for more details

[vanyasem]

#62 has a potential solution to change Xcode versions without xcode-select, hence eliminating the need for ``sudo` altogether. You can upvote the issue, and the attached pull request (#63) to indicate that it matters to you.

[vanyasem]

@maxim-lobanov I guess this could be added to the docs/mentioned in the README? Seems like a pretty common case for self-hosted runners, and the solution is basically a one-liner added to the sudoers file