From 5918305fd73ddff7a5eb9bee1ea53df2fe61088e Mon Sep 17 00:00:00 2001 From: SysAdmin Date: Thu, 7 May 2026 18:04:41 +0100 Subject: [PATCH] fix(linux/build): find self via docker inspect, cgroupns hides cgroup path (M1.1 iter22) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit iter21's /proc/self/cgroup approach hit: build.sh: cgroup contents: 0::/ Empty path — act_runner runs job containers with cgroupns enabled, so the in-container view of cgroup paths is rooted at the namespace, with no trace of the host-side container ID. Same blocker as `hostname`. The host docker daemon does know who we are, and we have its socket. We're the only running container with /workspace/SilverLABS/SilverMetal as a mount destination (concurrency: 1 in the workflow), so iterate docker ps and match by mount destination. Found CID becomes the --volumes-from argument; if no match, dump docker ps to the log and fail loud. Co-Authored-By: Claude Opus 4.7 (1M context) --- linux/build/scripts/build.sh | 37 ++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/linux/build/scripts/build.sh b/linux/build/scripts/build.sh index db46cc1..f16c397 100755 --- a/linux/build/scripts/build.sh +++ b/linux/build/scripts/build.sh @@ -100,20 +100,33 @@ echo "build.sh: output -> ${BUILD_DIR}" # paths identical inside and outside, so the inner heredoc below is the # same in both environments. # -# Discovering the job container's own ID: `hostname` is unreliable on -# act_runner / catthehacker (returned the literal string "docker" once -# the runner was running with config.yaml's `network: host` applied — -# see run #4268). /proc/self/cgroup is the portable way: -# * cgroup v1: lines look like `12:devices:/docker/<64-hex>` -# * cgroup v2: `0::/system.slice/docker-<64-hex>.scope` -# Either way the 64-char hex container ID is in the path. Extract the -# first one. +# Discovering the job container's own ID. Three "obvious" approaches +# all fail for this runner setup: +# * `hostname` returns the literal string "docker" — catthehacker's +# /etc/hostname (run #4268). +# * /proc/self/cgroup returns just "0::/" because act_runner's job +# containers run with cgroupns enabled, hiding the host cgroup path +# (run #4269). +# * /proc/1/cpuset hits the same cgroupns wall. +# +# What we *do* have is the docker.sock pass-through. We're definitionally +# the only running container with /workspace/SilverLABS/SilverMetal as +# a mount destination (concurrency: 1 in build-iso-linux.yaml), so ask +# the host daemon to find us by that. if [[ -n "${GITHUB_ACTIONS:-}" ]]; then - SELF_CID="$(awk 'match($0, /[a-f0-9]{64}/) { print substr($0, RSTART, RLENGTH); exit }' /proc/self/cgroup 2>/dev/null || true)" + SELF_CID="" + for cid in $(docker ps -q --no-trunc 2>/dev/null); do + if docker inspect "$cid" --format \ + '{{range .Mounts}}{{if eq .Destination "/workspace/SilverLABS/SilverMetal"}}match{{end}}{{end}}' \ + 2>/dev/null | grep -q match; then + SELF_CID="$cid" + break + fi + done if [[ -z "${SELF_CID}" ]]; then - echo "build.sh: could not determine own container ID from /proc/self/cgroup" >&2 - echo "build.sh: cgroup contents:" >&2 - cat /proc/self/cgroup >&2 || true + echo "build.sh: could not find own container via docker inspect on /workspace mount" >&2 + echo "build.sh: docker ps -q output:" >&2 + docker ps --no-trunc >&2 || true exit 1 fi echo "build.sh: --volumes-from ${SELF_CID:0:12}"