SilverLABS/SilverMetal
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(linux/build): find self via docker inspect, cgroupns hides cgroup path (M1.1 iter22)
Some checks failed
Build SilverMetal Linux ISO (reproducibility-gated) / builder-image (push) Successful in 2s
Details
Build SilverMetal Linux ISO (reproducibility-gated) / build-and-verify (push) Failing after 4m37s
Details

Browse Source 
iter21's /proc/self/cgroup approach hit:

    build.sh: cgroup contents:
    0::/

Empty path — act_runner runs job containers with cgroupns enabled, so
the in-container view of cgroup paths is rooted at the namespace, with
no trace of the host-side container ID. Same blocker as `hostname`.

The host docker daemon does know who we are, and we have its socket.
We're the only running container with /workspace/SilverLABS/SilverMetal
as a mount destination (concurrency: 1 in the workflow), so iterate
docker ps and match by mount destination. Found CID becomes the
--volumes-from argument; if no match, dump docker ps to the log and
fail loud.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
SysAdmin
2026-05-07 18:04:41 +01:00
parent 4a837e07ed
commit 5918305fd7
1 changed files with 25 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
linux/build/scripts/build.sh
View File

@@ -100,20 +100,33 @@ echo "build.sh: output -> ${BUILD_DIR}"
# paths identical inside and outside, so the inner heredoc below is the # paths identical inside and outside, so the inner heredoc below is the
# same in both environments. # same in both environments.
# #
# Discovering the job container's own ID: `hostname` is unreliable on # Discovering the job container's own ID. Three "obvious" approaches
# act_runner / catthehacker (returned the literal string "docker" once # all fail for this runner setup:
# the runner was running with config.yaml's `network: host` applied — # * `hostname` returns the literal string "docker" — catthehacker's
# see run #4268). /proc/self/cgroup is the portable way: # /etc/hostname (run #4268).
# * cgroup v1: lines look like `12:devices:/docker/<64-hex>` # * /proc/self/cgroup returns just "0::/" because act_runner's job
# * cgroup v2: `0::/system.slice/docker-<64-hex>.scope` # containers run with cgroupns enabled, hiding the host cgroup path
# Either way the 64-char hex container ID is in the path. Extract the # (run #4269).
# first one. # * /proc/1/cpuset hits the same cgroupns wall.
#
# What we *do* have is the docker.sock pass-through. We're definitionally
# the only running container with /workspace/SilverLABS/SilverMetal as
# a mount destination (concurrency: 1 in build-iso-linux.yaml), so ask
# the host daemon to find us by that.
if [[ -n "${GITHUB_ACTIONS:-}" ]]; then if [[ -n "${GITHUB_ACTIONS:-}" ]]; then
SELF_CID="$(awk 'match($0, /[a-f0-9]{64}/) { print substr($0, RSTART, RLENGTH); exit }' /proc/self/cgroup 2>/dev/null || true)" SELF_CID=""
for cid in $(docker ps -q --no-trunc 2>/dev/null); do
if docker inspect "$cid" --format \
'{{range .Mounts}}{{if eq .Destination "/workspace/SilverLABS/SilverMetal"}}match{{end}}{{end}}' \
2>/dev/null | grep -q match; then
SELF_CID="$cid"
break
fi
done
if [[ -z "${SELF_CID}" ]]; then if [[ -z "${SELF_CID}" ]]; then
echo "build.sh: could not determine own container ID from /proc/self/cgroup" >&2 echo "build.sh: could not find own container via docker inspect on /workspace mount" >&2
echo "build.sh: cgroup contents:" >&2 echo "build.sh: docker ps -q output:" >&2
cat /proc/self/cgroup >&2 || true docker ps --no-trunc >&2 || true
exit 1 exit 1
fi fi
echo "build.sh: --volumes-from ${SELF_CID:0:12}" echo "build.sh: --volumes-from ${SELF_CID:0:12}"