Action fails on ubuntu-24.04 with "This environment is externally managed"

[aahlenst]

Description

The Ubuntu 24.04 image is now in public beta. Otherwise unmodified workflows that worked on ubuntu-22.04 now fail on ubuntu-24.04 with error: externally-managed-environment.

Minimal workflow to reproduce:

name: Test

on:
  push:

jobs:
  build:
    runs-on: ubuntu-24.04
    permissions:
      contents: read
      id-token: write

    steps:
      - name: Create artefact
        run: |
            mkdir dist
            touch dist/file.txt

      - name: Sign the artifacts with Sigstore
        uses: sigstore/gh-action-sigstore-python@v2.1.1
        with:
          inputs: dist/*

Here's the full log of the workflow run:

2024-07-03T12:38:43.8015044Z Current runner version: '2.317.0'
2024-07-03T12:38:43.8051724Z ##[group]Operating System
2024-07-03T12:38:43.8052639Z Ubuntu
2024-07-03T12:38:43.8053222Z 24.04
2024-07-03T12:38:43.8053866Z LTS
2024-07-03T12:38:43.8054409Z ##[endgroup]
2024-07-03T12:38:43.8055097Z ##[group]Runner Image
2024-07-03T12:38:43.8056005Z Image: ubuntu-24.04
2024-07-03T12:38:43.8056667Z Version: 20240630.1.0
2024-07-03T12:38:43.8058336Z Included Software: https://github.com/actions/runner-images/blob/ubuntu24/20240630.1/images/ubuntu/Ubuntu2404-Readme.md
2024-07-03T12:38:43.8061120Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20240630.1
2024-07-03T12:38:43.8062596Z ##[endgroup]
2024-07-03T12:38:43.8063349Z ##[group]Runner Image Provisioner
2024-07-03T12:38:43.8064352Z 2.0.370.1
2024-07-03T12:38:43.8064942Z ##[endgroup]
2024-07-03T12:38:43.8066420Z ##[group]GITHUB_TOKEN Permissions
2024-07-03T12:38:43.8068658Z Contents: read
2024-07-03T12:38:43.8069368Z Metadata: read
2024-07-03T12:38:43.8070295Z ##[endgroup]
2024-07-03T12:38:43.8074915Z Secret source: Actions
2024-07-03T12:38:43.8076022Z Prepare workflow directory
2024-07-03T12:38:43.8744996Z Prepare all required actions
2024-07-03T12:38:43.8904119Z Getting action download info
2024-07-03T12:38:44.0087330Z Download action repository 'sigstore/gh-action-sigstore-python@v2.1.1' (SHA:61f6a500bbfdd9a2a339cf033e5421951fbc1cd2)
2024-07-03T12:38:44.4755944Z Getting action download info
2024-07-03T12:38:44.5526751Z Download action repository 'actions/upload-artifact@v3' (SHA:a8a3f3ad30e3422c9c7b888a15615d19a852ae32)
2024-07-03T12:38:44.6780861Z Download action repository 'softprops/action-gh-release@v1' (SHA:de2c0eb89ae2a093876385947365aca7b0e5f844)
2024-07-03T12:38:44.9151804Z Complete job name: build
2024-07-03T12:38:44.9952532Z ##[group]Run mkdir dist
2024-07-03T12:38:44.9952911Z �[36;1mmkdir dist�[0m
2024-07-03T12:38:44.9953197Z �[36;1mtouch dist/file.txt�[0m
2024-07-03T12:38:45.0008817Z shell: /usr/bin/bash -e {0}
2024-07-03T12:38:45.0009152Z ##[endgroup]
2024-07-03T12:38:45.0486401Z ##[group]Run sigstore/gh-action-sigstore-python@v2.1.1
2024-07-03T12:38:45.0487052Z with:
2024-07-03T12:38:45.0487361Z   inputs: dist/*
2024-07-03T12:38:45.0487701Z   staging: false
2024-07-03T12:38:45.0488077Z   verify: false
2024-07-03T12:38:45.0488432Z   upload-signing-artifacts: false
2024-07-03T12:38:45.0488852Z   release-signing-artifacts: false
2024-07-03T12:38:45.0489320Z   internal-be-careful-debug: false
2024-07-03T12:38:45.0489704Z ##[endgroup]
2024-07-03T12:38:45.0705474Z ##[group]Run # NOTE: Sourced, not executed as a script.
2024-07-03T12:38:45.0706080Z �[36;1m# NOTE: Sourced, not executed as a script.�[0m
2024-07-03T12:38:45.0706657Z �[36;1msource "${GITHUB_ACTION_PATH}/setup/setup.bash"�[0m
2024-07-03T12:38:45.0738703Z shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
2024-07-03T12:38:45.0739206Z env:
2024-07-03T12:38:45.0739695Z   GHA_SIGSTORE_PYTHON_INTERNAL_BE_CAREFUL_DEBUG: false
2024-07-03T12:38:45.0740175Z ##[endgroup]
2024-07-03T12:38:47.5962677Z error: externally-managed-environment
2024-07-03T12:38:47.5963266Z 
2024-07-03T12:38:47.5963782Z × This environment is externally managed
2024-07-03T12:38:47.5964696Z ╰─> To install Python packages system-wide, try apt install
2024-07-03T12:38:47.5965591Z     python3-xyz, where xyz is the package you are trying to
2024-07-03T12:38:47.5966202Z     install.
2024-07-03T12:38:47.5966542Z     
2024-07-03T12:38:47.5967116Z     If you wish to install a non-Debian-packaged Python package,
2024-07-03T12:38:47.5968085Z     create a virtual environment using python3 -m venv path/to/venv.
2024-07-03T12:38:47.5969058Z     Then use path/to/venv/bin/python and path/to/venv/bin/pip. Make
2024-07-03T12:38:47.5969908Z     sure you have python3-full installed.
2024-07-03T12:38:47.5970397Z     
2024-07-03T12:38:47.5971245Z     If you wish to install a non-Debian packaged Python application,
2024-07-03T12:38:47.5972109Z     it may be easiest to use pipx install xyz, which will manage a
2024-07-03T12:38:47.5972954Z     virtual environment for you. Make sure you have pipx installed.
2024-07-03T12:38:47.5974016Z     
2024-07-03T12:38:47.5974506Z     See /usr/share/doc/python3.12/README.venv for more information.
2024-07-03T12:38:47.5975046Z 
2024-07-03T12:38:47.5976672Z note: If you believe this is a mistake, please contact your Python installation or OS distribution provider. You can override this, at the risk of breaking your Python installation or OS, by passing --break-system-packages.
2024-07-03T12:38:47.5978420Z hint: See PEP 668 for the detailed specification.
2024-07-03T12:38:47.6322452Z ##[error]Process completed with exit code 1.
2024-07-03T12:38:47.6511283Z Cleaning up orphan processes

Using actions/setup-python@v5 before sigstore/gh-action-sigstore-python@v2.1.1 makes the problem go away and the workflow completes successfully.

Version

sigstore/gh-action-sigstore-python@v2.1.1

[woodruffw]

Thanks for the report. This is almost certainly PEP 668 rearing its head on Ubuntu 24.04, which I haven't added to the CI yet. Looking into it now.

[woodruffw]

#145 will fix this. Thanks again for the report!

[aahlenst]

Thanks a lot for the fast turnaround. Works great.