SilverLABS/SilverMetal
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(linux/build): drop duplicate docker.sock mount from runner options (M1.1 iter18)
Some checks failed
Build SilverMetal Linux ISO (reproducibility-gated) / builder-image (push) Failing after 6s
Details
Build SilverMetal Linux ISO (reproducibility-gated) / build-and-verify (push) Has been skipped
Details

Browse Source 
Run #4265 (the first run after the config.yaml wiring fix actually took
effect) failed with:

    failed to create container: 'Error response from daemon:
      Duplicate mount point: /var/run/docker.sock'

act_runner v0.4.1 already auto-mounts /var/run/docker.sock into every
job container; listing it a second time in container.options is a
hard error on container create. Same likely applies to /cache, which
the workflow doesn't actually use anyway (the inner build.sh bind-
mounts via REPO_ROOT/BUILD_DIR, not /cache).

Trim container.options down to *only* the bind act_runner doesn't
provide: -v /root/.docker:/root/.docker:ro for registry credentials.
valid_volumes stays as the broader allowlist for workflow-requested
mounts but doesn't force the mounts itself.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
SysAdmin
2026-05-07 17:49:51 +01:00
parent f66585e0b1
commit c205139e86
1 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
linux/build/runner/config.yaml
View File

@@ -19,18 +19,18 @@ container:
- "/cache:/cache"
- "/var/run/docker.sock:/var/run/docker.sock"
- "/root/.docker:/root/.docker:ro"
options: >-
-v /cache:/cache
-v /var/run/docker.sock:/var/run/docker.sock
-v /root/.docker:/root/.docker:ro
# The /root/.docker mount carries the host's docker-registry.silverlabs.uk
# credentials into the job container, so `docker push` from the
# builder-image job in build-iso-linux.yaml works without an explicit
# `docker login` step. catthehacker/ubuntu:act-latest runs as root, so
# /root/.docker/config.json is what its docker-cli reads. Without this,
# the push fails with "no basic auth credentials" — even though docker
# build itself works fine over the DooD socket.
#
# `options` is applied on top of act_runner's default per-job-container
# docker run args. /var/run/docker.sock is auto-mounted by act_runner
# already; listing it here a second time triggers
# "Duplicate mount point" on container create. So options carries ONLY
# the bind that act_runner doesn't know about: the host's
# docker-registry.silverlabs.uk credentials at /root/.docker, which
# catthehacker/ubuntu:act-latest reads from /root/.docker/config.json
# for `docker push`. Without it the push fails with "no basic auth
# credentials" even though `docker build` over the DooD socket works
# fine. /cache stays in valid_volumes (workflow-requestable) but
# doesn't need an unconditional mount.
options: -v /root/.docker:/root/.docker:ro
# Cache the silvermetal-builder image locally after first pull. Bumping
# the image digest in BUILDER_IMAGE invalidates and re-pulls automatically.
force_pull: false