From 4a837e07ed7fda4178101ebff39bcde58d3c57af Mon Sep 17 00:00:00 2001 From: SysAdmin Date: Thu, 7 May 2026 17:59:48 +0100 Subject: [PATCH] fix(linux/build): discover job container ID from cgroup, not hostname (M1.1 iter21) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Run #4268's build-and-verify died <1s into Build A: docker: Error response from daemon: No such container: docker Cause: build.sh's CI path uses `--volumes-from "$(hostname)"` to inherit the parent job container's /workspace mount, but in the new runner config (network: host applied via the now-actually-loaded config.yaml) `hostname` returns the literal string "docker" inside catthehacker/ubuntu:act-latest — the image bakes that into /etc/hostname and act_runner doesn't override it. So `--volumes-from docker` looks for a container literally named "docker", finds nothing, exits. This worked in earlier runs (#4260) only because config.yaml *wasn't being loaded* (see iter18 commit), so the runner ran on its built-in defaults — which kept the container's hostname as the auto-generated container ID. Fixing config.yaml exposed this latent bug. Right way to learn your own container ID inside a Linux container is /proc/self/cgroup, which contains the 64-char hex ID on every cgroup driver: cgroup v1: 12:devices:/docker/<64-hex> cgroup v2: 0::/system.slice/docker-<64-hex>.scope awk extracts the first 64-hex run; that becomes the --volumes-from argument. If extraction fails (would only happen on a non-docker runtime), fail loud rather than silent. Co-Authored-By: Claude Opus 4.7 (1M context) --- linux/build/scripts/build.sh | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/linux/build/scripts/build.sh b/linux/build/scripts/build.sh index 32a5f0f..db46cc1 100755 --- a/linux/build/scripts/build.sh +++ b/linux/build/scripts/build.sh @@ -99,8 +99,25 @@ echo "build.sh: output -> ${BUILD_DIR}" # job container, which inherits its /workspace mount intact. That keeps # paths identical inside and outside, so the inner heredoc below is the # same in both environments. +# +# Discovering the job container's own ID: `hostname` is unreliable on +# act_runner / catthehacker (returned the literal string "docker" once +# the runner was running with config.yaml's `network: host` applied — +# see run #4268). /proc/self/cgroup is the portable way: +# * cgroup v1: lines look like `12:devices:/docker/<64-hex>` +# * cgroup v2: `0::/system.slice/docker-<64-hex>.scope` +# Either way the 64-char hex container ID is in the path. Extract the +# first one. if [[ -n "${GITHUB_ACTIONS:-}" ]]; then - BIND_ARGS=(--volumes-from "$(hostname)") + SELF_CID="$(awk 'match($0, /[a-f0-9]{64}/) { print substr($0, RSTART, RLENGTH); exit }' /proc/self/cgroup 2>/dev/null || true)" + if [[ -z "${SELF_CID}" ]]; then + echo "build.sh: could not determine own container ID from /proc/self/cgroup" >&2 + echo "build.sh: cgroup contents:" >&2 + cat /proc/self/cgroup >&2 || true + exit 1 + fi + echo "build.sh: --volumes-from ${SELF_CID:0:12}" + BIND_ARGS=(--volumes-from "${SELF_CID}") else BIND_ARGS=(-v "${REPO_ROOT}:${REPO_ROOT}:rw") # If BUILD_DIR lives outside REPO_ROOT (uncommon, but the env-var