SilverLABS/SilverMetal
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(linux/build): discover job container ID from cgroup, not hostname (M1.1 iter21)
Some checks failed
Build SilverMetal Linux ISO (reproducibility-gated) / builder-image (push) Successful in 2s
Details
Build SilverMetal Linux ISO (reproducibility-gated) / build-and-verify (push) Failing after 1m17s
Details

Browse Source 
Run #4268's build-and-verify died <1s into Build A:

    docker: Error response from daemon: No such container: docker

Cause: build.sh's CI path uses `--volumes-from "$(hostname)"` to
inherit the parent job container's /workspace mount, but in the new
runner config (network: host applied via the now-actually-loaded
config.yaml) `hostname` returns the literal string "docker" inside
catthehacker/ubuntu:act-latest — the image bakes that into /etc/hostname
and act_runner doesn't override it. So `--volumes-from docker` looks for
a container literally named "docker", finds nothing, exits.

This worked in earlier runs (#4260) only because config.yaml *wasn't
being loaded* (see iter18 commit), so the runner ran on its built-in
defaults — which kept the container's hostname as the auto-generated
container ID. Fixing config.yaml exposed this latent bug.

Right way to learn your own container ID inside a Linux container is
/proc/self/cgroup, which contains the 64-char hex ID on every cgroup
driver:
  cgroup v1: 12:devices:/docker/<64-hex>
  cgroup v2: 0::/system.slice/docker-<64-hex>.scope

awk extracts the first 64-hex run; that becomes the --volumes-from
argument. If extraction fails (would only happen on a non-docker
runtime), fail loud rather than silent.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
SysAdmin
2026-05-07 17:59:48 +01:00
parent ec942b7698
commit 4a837e07ed
1 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
linux/build/scripts/build.sh
View File

@@ -99,8 +99,25 @@ echo "build.sh: output -> ${BUILD_DIR}"
# job container, which inherits its /workspace mount intact. That keeps
# paths identical inside and outside, so the inner heredoc below is the
# same in both environments.
#
# Discovering the job container's own ID: `hostname` is unreliable on
# act_runner / catthehacker (returned the literal string "docker" once
# the runner was running with config.yaml's `network: host` applied —
# see run #4268). /proc/self/cgroup is the portable way:
# * cgroup v1: lines look like `12:devices:/docker/<64-hex>`
# * cgroup v2: `0::/system.slice/docker-<64-hex>.scope`
# Either way the 64-char hex container ID is in the path. Extract the
# first one.
if [[ -n "${GITHUB_ACTIONS:-}" ]]; then
BIND_ARGS=(--volumes-from "$(hostname)")
SELF_CID="$(awk 'match($0, /[a-f0-9]{64}/) { print substr($0, RSTART, RLENGTH); exit }' /proc/self/cgroup 2>/dev/null || true)"
if [[ -z "${SELF_CID}" ]]; then
echo "build.sh: could not determine own container ID from /proc/self/cgroup" >&2
echo "build.sh: cgroup contents:" >&2
cat /proc/self/cgroup >&2 || true
exit 1
fi
echo "build.sh: --volumes-from ${SELF_CID:0:12}"
BIND_ARGS=(--volumes-from "${SELF_CID}")
else
BIND_ARGS=(-v "${REPO_ROOT}:${REPO_ROOT}:rw")
# If BUILD_DIR lives outside REPO_ROOT (uncommon, but the env-var