fix(ci): share dind's unix socket with the runner (jobs need a mountable docker host)
ci / typecheck (map[dir:apps/booking name:booking]) (push) Successful in 42s
ci / typecheck (map[dir:apps/operator name:operator]) (push) Successful in 45s
ci / typecheck (map[dir:apps/website name:website]) (push) Successful in 21s
ci / typecheck (map[dir:apps/portal name:portal]) (push) Successful in 26s
ci / typecheck (map[dir:services/platform-api name:platform-api]) (push) Successful in 20s
ci / test (push) Successful in 32s
ci / build (map[dir:apps/booking name:booking]) (push) Successful in 34s
ci / build (map[dir:apps/operator name:operator]) (push) Successful in 46s
ci / build (map[dir:services/platform-api name:platform-api]) (push) Successful in 35s
ci / build (map[dir:apps/portal name:portal]) (push) Successful in 49s
ci / deploy (push) Successful in 45s
ci / typecheck (map[dir:apps/booking name:booking]) (push) Successful in 42s
ci / typecheck (map[dir:apps/operator name:operator]) (push) Successful in 45s
ci / typecheck (map[dir:apps/website name:website]) (push) Successful in 21s
ci / typecheck (map[dir:apps/portal name:portal]) (push) Successful in 26s
ci / typecheck (map[dir:services/platform-api name:platform-api]) (push) Successful in 20s
ci / test (push) Successful in 32s
ci / build (map[dir:apps/booking name:booking]) (push) Successful in 34s
ci / build (map[dir:apps/operator name:operator]) (push) Successful in 46s
ci / build (map[dir:services/platform-api name:platform-api]) (push) Successful in 35s
ci / build (map[dir:apps/portal name:portal]) (push) Successful in 49s
ci / deploy (push) Successful in 45s
gitea/runner can only bind-mount a UNIX-socket docker host into job containers — the old tcp://localhost:2376 + TLS daemon address cannot be mounted, so build jobs still had no docker API. Share dind's /var/run/docker.sock with the runner via a /var/run emptyDir and drop the DOCKER_HOST/TLS env; the runner auto-finds the socket and the bind path resolves inside dind where the socket lives.
This commit is contained in:
Ronni Baslund
@@ -97,19 +97,19 @@ spec:
|
||||
# image with the usual build tooling; jobs run via the dind sidecar.
|
||||
- name: GITEA_RUNNER_LABELS
|
||||
value: "ubuntu-latest:docker://catthehacker/ubuntu:act-22.04,docker:docker://docker:27-cli"
|
||||
- name: DOCKER_HOST
|
||||
value: tcp://localhost:2376
|
||||
- name: DOCKER_CERT_PATH
|
||||
value: /certs/client
|
||||
- name: DOCKER_TLS_VERIFY
|
||||
value: "1"
|
||||
# No DOCKER_HOST: the runner auto-finds the dind daemon's unix
|
||||
# socket on the shared /var/run volume. A unix socket (unlike the
|
||||
# old tcp://localhost:2376) is the only kind of docker host the
|
||||
# runner can bind-mount into job containers — and the bind is
|
||||
# resolved by dockerd inside dind, where the path exists too — so
|
||||
# `docker build` works inside the build jobs.
|
||||
- name: CONFIG_FILE
|
||||
value: /config/config.yaml
|
||||
volumeMounts:
|
||||
- name: runner-data
|
||||
mountPath: /data
|
||||
- name: docker-certs
|
||||
mountPath: /certs
|
||||
- name: docker-run
|
||||
mountPath: /var/run
|
||||
- name: runner-config
|
||||
mountPath: /config
|
||||
- name: dind
|
||||
@@ -125,6 +125,10 @@ spec:
|
||||
volumeMounts:
|
||||
- name: docker-certs
|
||||
mountPath: /certs
|
||||
# dockerd serves /var/run/docker.sock here; sharing the volume
|
||||
# hands that socket to the runner container above.
|
||||
- name: docker-run
|
||||
mountPath: /var/run
|
||||
- name: dind-storage
|
||||
mountPath: /var/lib/docker
|
||||
volumes:
|
||||
@@ -133,6 +137,8 @@ spec:
|
||||
claimName: runner-data
|
||||
- name: docker-certs
|
||||
emptyDir: {}
|
||||
- name: docker-run
|
||||
emptyDir: {}
|
||||
- name: dind-storage
|
||||
emptyDir: {}
|
||||
- name: runner-config
|
||||
|
||||
Reference in New Issue
Block a user