From c205139e86634832ebd62d4899bd39a8ce830f7b Mon Sep 17 00:00:00 2001 From: SysAdmin Date: Thu, 7 May 2026 17:49:51 +0100 Subject: [PATCH] fix(linux/build): drop duplicate docker.sock mount from runner options (M1.1 iter18) Run #4265 (the first run after the config.yaml wiring fix actually took effect) failed with: failed to create container: 'Error response from daemon: Duplicate mount point: /var/run/docker.sock' act_runner v0.4.1 already auto-mounts /var/run/docker.sock into every job container; listing it a second time in container.options is a hard error on container create. Same likely applies to /cache, which the workflow doesn't actually use anyway (the inner build.sh bind- mounts via REPO_ROOT/BUILD_DIR, not /cache). Trim container.options down to *only* the bind act_runner doesn't provide: -v /root/.docker:/root/.docker:ro for registry credentials. valid_volumes stays as the broader allowlist for workflow-requested mounts but doesn't force the mounts itself. Co-Authored-By: Claude Opus 4.7 (1M context) --- linux/build/runner/config.yaml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/linux/build/runner/config.yaml b/linux/build/runner/config.yaml index 08e0d2e..4348a34 100644 --- a/linux/build/runner/config.yaml +++ b/linux/build/runner/config.yaml @@ -19,18 +19,18 @@ container: - "/cache:/cache" - "/var/run/docker.sock:/var/run/docker.sock" - "/root/.docker:/root/.docker:ro" - options: >- - -v /cache:/cache - -v /var/run/docker.sock:/var/run/docker.sock - -v /root/.docker:/root/.docker:ro - # The /root/.docker mount carries the host's docker-registry.silverlabs.uk - # credentials into the job container, so `docker push` from the - # builder-image job in build-iso-linux.yaml works without an explicit - # `docker login` step. catthehacker/ubuntu:act-latest runs as root, so - # /root/.docker/config.json is what its docker-cli reads. Without this, - # the push fails with "no basic auth credentials" — even though docker - # build itself works fine over the DooD socket. - # + # `options` is applied on top of act_runner's default per-job-container + # docker run args. /var/run/docker.sock is auto-mounted by act_runner + # already; listing it here a second time triggers + # "Duplicate mount point" on container create. So options carries ONLY + # the bind that act_runner doesn't know about: the host's + # docker-registry.silverlabs.uk credentials at /root/.docker, which + # catthehacker/ubuntu:act-latest reads from /root/.docker/config.json + # for `docker push`. Without it the push fails with "no basic auth + # credentials" even though `docker build` over the DooD socket works + # fine. /cache stays in valid_volumes (workflow-requestable) but + # doesn't need an unconditional mount. + options: -v /root/.docker:/root/.docker:ro # Cache the silvermetal-builder image locally after first pull. Bumping # the image digest in BUILDER_IMAGE invalidates and re-pulls automatically. force_pull: false