From f66585e0b18623e082fb3f6b343d320f1d0a1af9 Mon Sep 17 00:00:00 2001 From: SysAdmin Date: Thu, 7 May 2026 17:48:07 +0100 Subject: [PATCH] fix(linux/build): wire config.yaml into act_runner via CONFIG_FILE env MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The runner config.yaml on disk was decorative — never read. The upstream gitea/act_runner image's run.sh only adds `--config ` when the CONFIG_FILE env var is set, and our compose set neither CONFIG_FILE nor mounted config.yaml into the container. So `timeout: 240m`, `container.options`, `valid_volumes` etc. were silently ignored and the runner ran on built-in defaults. This is also why iter17's `-v /root/.docker:/root/.docker:ro` addition to config.yaml had no effect on run #4264: the runner never read it. The push still failed with "no basic auth credentials". Fix: bind-mount ./config.yaml into the runner container at /etc/act_runner/config.yaml and set CONFIG_FILE to that path. After a `docker compose up -d --force-recreate`, the runner picks up everything in config.yaml — including the per-job-container /root/.docker bind. Per-job timeouts in build-iso-linux.yaml are set via `timeout-minutes: 240` at the job level, which overrides the daemon default anyway, so nothing was visibly broken before. But silently-ignored config is a trap for the next thing we add to config.yaml, so wire it correctly now. Co-Authored-By: Claude Opus 4.7 (1M context) --- linux/build/runner/docker-compose.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/linux/build/runner/docker-compose.yml b/linux/build/runner/docker-compose.yml index 1dc6d29..85c61a9 100644 --- a/linux/build/runner/docker-compose.yml +++ b/linux/build/runner/docker-compose.yml @@ -31,10 +31,19 @@ services: # that keeps the silvermetal-builder image minimal and avoids nesting # docker-cli inside our own pinned image. GITEA_RUNNER_LABELS: "silvermetal-builder:docker://catthehacker/ubuntu:act-latest,ubuntu-latest:docker://catthehacker/ubuntu:act-latest" + # Tell run.sh to launch act_runner with `--config /etc/act_runner/config.yaml`. + # Without this env, run.sh skips --config entirely and act_runner falls + # back to compiled-in defaults — silently ignoring everything in + # config.yaml (timeout, container.options, valid_volumes…). + CONFIG_FILE: /etc/act_runner/config.yaml volumes: - runner-data:/data - /var/run/docker.sock:/var/run/docker.sock - /root/.docker:/root/.docker:ro + # Bind the runner config in. With CONFIG_FILE set above, run.sh hands + # this path to `act_runner daemon --config`. Both the host file and the + # mount path must match the env var exactly. + - ./config.yaml:/etc/act_runner/config.yaml:ro # Cache for snapshot.debian.org and apt downloads — survives container # recreate, avoids repeated mirror traffic and the rate-limit risk. - /opt/silvermetal-builder-runner/cache:/cache