From 65cddc2ed714064b111f2ac5aff2245e93350783 Mon Sep 17 00:00:00 2001
From: Roman Vanicek <roman.vanicek@ivasoft.cz>
Date: Thu, 18 Apr 2024 09:18:40 +0200
Subject: [PATCH] Allow KVM access on request

---
 cmd/main.go |  6 ++++++
 plugin.go   | 10 +++++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/cmd/main.go b/cmd/main.go
index b73044c..21b39ac 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -81,6 +81,11 @@ func main() {
 			Usage:  "disable forced pulling in act",
 			EnvVar: "PLUGIN_NO_FORCE_PULL",
 		},
+		cli.BoolFlag{
+			Name:   "kvm",
+			Usage:  "enable KVM (Kernel Virtual Machine)",
+			EnvVar: "PLUGIN_KVM",
+		},
 		cli.StringFlag{
 			Name:   "event-payload",
 			Usage:  "Webhook event payload",
@@ -194,6 +199,7 @@ func run(c *cli.Context) error {
 			Verbose:      c.Bool("action-verbose"),
 			Image:        c.String("action-image"),
 			NoForcePull:  c.Bool("no-force-pull"),
+			Kvm:          c.Bool("kvm"),
 			EventPayload: c.String("event-payload"),
 			Actor:        c.String("actor"),
 		},
diff --git a/plugin.go b/plugin.go
index dad127c..2a41ff6 100644
--- a/plugin.go
+++ b/plugin.go
@@ -39,6 +39,7 @@ type (
 		Actor        string
 		Verbose      bool
 		NoForcePull  bool
+		Kvm          bool
 	}
 
 	Plugin struct {
@@ -94,7 +95,11 @@ func (p Plugin) Exec() error {
 	}
 
 	if p.Action.NoForcePull {
-		cmdArgs = append(cmdArgs, "-p=false")
+		cmdArgs = append(cmdArgs, "--pull=false")
+	}
+
+	if p.Action.Kvm {
+		cmdArgs = append(cmdArgs, "--privileged")
 	}
 
 	if p.Daemon.Disabled {
@@ -111,6 +116,9 @@ func (p Plugin) Exec() error {
 			bindModifiers = ":z"
 		}
 		cmdArgs = append(cmdArgs, "--container-options", fmt.Sprintf("--volume=%s:%s%s", hostWorkDirPath, guestWorkDirPath, bindModifiers))
+		if p.Action.Kvm {
+			cmdArgs = append(cmdArgs, "--volume=/dev/kvm:/dev/kvm")
+		}
 	}
 
 	cmd := exec.Command("act", cmdArgs...)