michal/mcpctl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: use buildah chroot isolation (no user namespaces in container)
Some checks failed
CI/CD / lint (push) Successful in 41s
Details
CI/CD / test (push) Successful in 54s
Details
CI/CD / typecheck (push) Successful in 10m44s
Details
CI/CD / build (push) Successful in 1m21s
Details
CI/CD / docker (push) Failing after 29s
Details
CI/CD / publish-rpm (push) Successful in 38s
Details
CI/CD / deploy (push) Has been skipped
Details

Browse Source 
Runner container has no /proc/self/uid_map (no user namespace support).
Chroot isolation doesn't need namespaces, only filesystem access.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Michal
2026-03-09 03:02:40 +00:00
parent c47669d064
commit 9e587ddadf
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.gitea/workflows/ci.yml
View File

@@ -153,7 +153,7 @@ jobs:
- name: Build & push mcpd - name: Build & push mcpd
run: | run: |
buildah --storage-driver vfs bud -t mcpd:latest -f deploy/Dockerfile.mcpd . buildah --storage-driver vfs --isolation chroot bud -t mcpd:latest -f deploy/Dockerfile.mcpd .
buildah --storage-driver vfs push --tls-verify=false \ buildah --storage-driver vfs push --tls-verify=false \
--creds "${{ env.OWNER }}:${{ secrets.PACKAGES_TOKEN }}" \ --creds "${{ env.OWNER }}:${{ secrets.PACKAGES_TOKEN }}" \
mcpd:latest \ mcpd:latest \
@@ -161,7 +161,7 @@ jobs:
- name: Build & push node-runner - name: Build & push node-runner
run: | run: |
buildah --storage-driver vfs bud -t node-runner:latest -f deploy/Dockerfile.node-runner . buildah --storage-driver vfs --isolation chroot bud -t node-runner:latest -f deploy/Dockerfile.node-runner .
buildah --storage-driver vfs push --tls-verify=false \ buildah --storage-driver vfs push --tls-verify=false \
--creds "${{ env.OWNER }}:${{ secrets.PACKAGES_TOKEN }}" \ --creds "${{ env.OWNER }}:${{ secrets.PACKAGES_TOKEN }}" \
node-runner:latest \ node-runner:latest \
@@ -169,7 +169,7 @@ jobs:
- name: Build & push python-runner - name: Build & push python-runner
run: | run: |
buildah --storage-driver vfs bud -t python-runner:latest -f deploy/Dockerfile.python-runner . buildah --storage-driver vfs --isolation chroot bud -t python-runner:latest -f deploy/Dockerfile.python-runner .
buildah --storage-driver vfs push --tls-verify=false \ buildah --storage-driver vfs push --tls-verify=false \
--creds "${{ env.OWNER }}:${{ secrets.PACKAGES_TOKEN }}" \ --creds "${{ env.OWNER }}:${{ secrets.PACKAGES_TOKEN }}" \
python-runner:latest \ python-runner:latest \
@@ -177,7 +177,7 @@ jobs:
- name: Build & push docmost-mcp - name: Build & push docmost-mcp
run: | run: |
buildah --storage-driver vfs bud -t docmost-mcp:latest -f deploy/Dockerfile.docmost-mcp . buildah --storage-driver vfs --isolation chroot bud -t docmost-mcp:latest -f deploy/Dockerfile.docmost-mcp .
buildah --storage-driver vfs push --tls-verify=false \ buildah --storage-driver vfs push --tls-verify=false \
--creds "${{ env.OWNER }}:${{ secrets.PACKAGES_TOKEN }}" \ --creds "${{ env.OWNER }}:${{ secrets.PACKAGES_TOKEN }}" \
docmost-mcp:latest \ docmost-mcp:latest \