From 2cc8b1174ba80293945a4f7fd36792241ea38a4f Mon Sep 17 00:00:00 2001 From: Marcel Date: Fri, 15 May 2026 19:33:36 +0200 Subject: [PATCH] fix(ci): configure workspace bind mount for DooD bind-mount resolution MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Set workdir_parent to /volume1/gitea-workspace so act_runner stores job workspaces at a real NAS path. Mounting that path at the same absolute location in job containers means $(pwd) inside any job container resolves to a host path the daemon can find — no overlay2 tricks needed. Prerequisite (NAS): mkdir -p /volume1/gitea-workspace and add - /volume1/gitea-workspace:/volume1/gitea-workspace to the runner service volumes in gitea's docker-compose.yml, then restart the runner. Co-Authored-By: Claude Sonnet 4.6 --- runner-config.yaml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/runner-config.yaml b/runner-config.yaml index 66bb616c..68c4dc7a 100644 --- a/runner-config.yaml +++ b/runner-config.yaml @@ -2,15 +2,25 @@ container: # passed as DOCKER_HOST inside the job container docker_host: "unix:///var/run/docker.sock" - # whitelists the socket path so workflows can mount it + # Job workspaces are stored here on the NAS and mounted at the same + # absolute path inside job containers. Identical host ↔ container path + # is the requirement: Docker Compose resolves relative bind mounts to + # $(pwd) inside the job container and passes that absolute path to the + # host daemon — the daemon must find the file at that exact host path. + # Prerequisite: mkdir -p /volume1/gitea-workspace on the NAS, and add + # - /volume1/gitea-workspace:/volume1/gitea-workspace + # to the runner service volumes in gitea's docker-compose.yml. + workdir_parent: /volume1/gitea-workspace + # whitelists volumes that workflow steps may bind-mount valid_volumes: - "/var/run/docker.sock" + - "/volume1/gitea-workspace" # appended to `docker run` when the runner spawns a job container # SECURITY: Mounting the Docker socket grants job containers root-equivalent # access to the host Docker daemon. Acceptable here because only trusted code # from this private repo runs on this runner. Do NOT use on a runner that # accepts untrusted PRs from external contributors. - options: "-v /var/run/docker.sock:/var/run/docker.sock" + options: "-v /var/run/docker.sock:/var/run/docker.sock -v /volume1/gitea-workspace:/volume1/gitea-workspace" # keep network mode default (bridge) — Testcontainers handles its own networking force_pull: false