diff --git a/linux/build/runner/README.md b/linux/build/runner/README.md index 0969c36..fb1bd54 100644 --- a/linux/build/runner/README.md +++ b/linux/build/runner/README.md @@ -34,9 +34,16 @@ GITEA_TOKEN= \ cp .env.example .env $EDITOR .env # paste the token -# Pre-pull the builder image so the first job isn't a cold start: +# Log in to the registry on the *host* — config.yaml mounts the resulting +# /root/.docker/config.json into both the act_runner container and every +# job container it spawns, so the builder-image job in build-iso-linux.yaml +# can `docker push` without its own login step. docker login docker-registry.silverlabs.uk -docker pull docker-registry.silverlabs.uk/silvermetal-builder:latest + +# Pre-pull the builder image so the first job isn't a cold start. (Skip +# this on the very first deploy: the :latest tag won't exist until CI +# runs once. After that it's pushed by the builder-image job.) +docker pull docker-registry.silverlabs.uk/silvermetal-builder:latest || true docker compose up -d docker compose logs -f --tail 50 # watch for "Runner registered" diff --git a/linux/build/runner/config.yaml b/linux/build/runner/config.yaml index 703c670..08e0d2e 100644 --- a/linux/build/runner/config.yaml +++ b/linux/build/runner/config.yaml @@ -18,9 +18,19 @@ container: valid_volumes: - "/cache:/cache" - "/var/run/docker.sock:/var/run/docker.sock" + - "/root/.docker:/root/.docker:ro" options: >- -v /cache:/cache -v /var/run/docker.sock:/var/run/docker.sock + -v /root/.docker:/root/.docker:ro + # The /root/.docker mount carries the host's docker-registry.silverlabs.uk + # credentials into the job container, so `docker push` from the + # builder-image job in build-iso-linux.yaml works without an explicit + # `docker login` step. catthehacker/ubuntu:act-latest runs as root, so + # /root/.docker/config.json is what its docker-cli reads. Without this, + # the push fails with "no basic auth credentials" — even though docker + # build itself works fine over the DooD socket. + # # Cache the silvermetal-builder image locally after first pull. Bumping # the image digest in BUILDER_IMAGE invalidates and re-pulls automatically. force_pull: false