marcel/familienarchiv
1
0
Fork 0
Code Issues 103 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(ci): replace overlay2 sync with workspace bind mount for DooD

Browse Source 
runner-config.yaml: correct path to /srv/gitea-workspace (VPS, not Synology).
docker-compose.observability.yml: revert 5 bind mounts to plain relative paths;
  OBS_CONFIG_DIR variable is no longer needed.
nightly.yml / release.yml: remove OBS_CONFIG_DIR env injection and the
  "Sync observability configs to host" step from both workflows.

With workdir_parent=/srv/gitea-workspace and an identical host<->container
bind mount, $(pwd) inside job containers resolves to a real host path the
daemon can find — no privileged container, no overlay2 inspection, no nsenter.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Marcel
2026-05-15 19:36:55 +02:00
parent 2cc8b1174b
commit 56c3e51657
4 changed files with 11 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
runner-config.yaml
View File

@@ -7,20 +7,20 @@ container:
# is the requirement: Docker Compose resolves relative bind mounts to
# $(pwd) inside the job container and passes that absolute path to the
# host daemon — the daemon must find the file at that exact host path.
# Prerequisite: mkdir -p /volume1/gitea-workspace on the NAS, and add
# - /volume1/gitea-workspace:/volume1/gitea-workspace
# to the runner service volumes in gitea's docker-compose.yml.
workdir_parent: /volume1/gitea-workspace
# Prerequisite: mkdir -p /srv/gitea-workspace on the host, and add
# - /srv/gitea-workspace:/srv/gitea-workspace
# to the runner service volumes in gitea's compose.yaml.
workdir_parent: /srv/gitea-workspace
# whitelists volumes that workflow steps may bind-mount
valid_volumes:
- "/var/run/docker.sock"
- "/volume1/gitea-workspace"
- "/srv/gitea-workspace"
# appended to `docker run` when the runner spawns a job container
# SECURITY: Mounting the Docker socket grants job containers root-equivalent
# access to the host Docker daemon. Acceptable here because only trusted code
# from this private repo runs on this runner. Do NOT use on a runner that
# accepts untrusted PRs from external contributors.
options: "-v /var/run/docker.sock:/var/run/docker.sock -v /volume1/gitea-workspace:/volume1/gitea-workspace"
options: "-v /var/run/docker.sock:/var/run/docker.sock -v /srv/gitea-workspace:/srv/gitea-workspace"
# keep network mode default (bridge) — Testcontainers handles its own networking
force_pull: false