fix(linux/build): find self via docker inspect, cgroupns hides cgroup path (M1.1 iter22)
iter21's /proc/self/cgroup approach hit:
build.sh: cgroup contents:
0::/
Empty path — act_runner runs job containers with cgroupns enabled, so
the in-container view of cgroup paths is rooted at the namespace, with
no trace of the host-side container ID. Same blocker as `hostname`.
The host docker daemon does know who we are, and we have its socket.
We're the only running container with /workspace/SilverLABS/SilverMetal
as a mount destination (concurrency: 1 in the workflow), so iterate
docker ps and match by mount destination. Found CID becomes the
--volumes-from argument; if no match, dump docker ps to the log and
fail loud.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -100,20 +100,33 @@ echo "build.sh: output -> ${BUILD_DIR}"
|
||||
# paths identical inside and outside, so the inner heredoc below is the
|
||||
# same in both environments.
|
||||
#
|
||||
# Discovering the job container's own ID: `hostname` is unreliable on
|
||||
# act_runner / catthehacker (returned the literal string "docker" once
|
||||
# the runner was running with config.yaml's `network: host` applied —
|
||||
# see run #4268). /proc/self/cgroup is the portable way:
|
||||
# * cgroup v1: lines look like `12:devices:/docker/<64-hex>`
|
||||
# * cgroup v2: `0::/system.slice/docker-<64-hex>.scope`
|
||||
# Either way the 64-char hex container ID is in the path. Extract the
|
||||
# first one.
|
||||
# Discovering the job container's own ID. Three "obvious" approaches
|
||||
# all fail for this runner setup:
|
||||
# * `hostname` returns the literal string "docker" — catthehacker's
|
||||
# /etc/hostname (run #4268).
|
||||
# * /proc/self/cgroup returns just "0::/" because act_runner's job
|
||||
# containers run with cgroupns enabled, hiding the host cgroup path
|
||||
# (run #4269).
|
||||
# * /proc/1/cpuset hits the same cgroupns wall.
|
||||
#
|
||||
# What we *do* have is the docker.sock pass-through. We're definitionally
|
||||
# the only running container with /workspace/SilverLABS/SilverMetal as
|
||||
# a mount destination (concurrency: 1 in build-iso-linux.yaml), so ask
|
||||
# the host daemon to find us by that.
|
||||
if [[ -n "${GITHUB_ACTIONS:-}" ]]; then
|
||||
SELF_CID="$(awk 'match($0, /[a-f0-9]{64}/) { print substr($0, RSTART, RLENGTH); exit }' /proc/self/cgroup 2>/dev/null || true)"
|
||||
SELF_CID=""
|
||||
for cid in $(docker ps -q --no-trunc 2>/dev/null); do
|
||||
if docker inspect "$cid" --format \
|
||||
'{{range .Mounts}}{{if eq .Destination "/workspace/SilverLABS/SilverMetal"}}match{{end}}{{end}}' \
|
||||
2>/dev/null | grep -q match; then
|
||||
SELF_CID="$cid"
|
||||
break
|
||||
fi
|
||||
done
|
||||
if [[ -z "${SELF_CID}" ]]; then
|
||||
echo "build.sh: could not determine own container ID from /proc/self/cgroup" >&2
|
||||
echo "build.sh: cgroup contents:" >&2
|
||||
cat /proc/self/cgroup >&2 || true
|
||||
echo "build.sh: could not find own container via docker inspect on /workspace mount" >&2
|
||||
echo "build.sh: docker ps -q output:" >&2
|
||||
docker ps --no-trunc >&2 || true
|
||||
exit 1
|
||||
fi
|
||||
echo "build.sh: --volumes-from ${SELF_CID:0:12}"
|
||||
|
||||
Reference in New Issue
Block a user