ci: run docker job in privileged container with socket mount

No build tool works in the default unprivileged runner container (no Docker socket, no procfs, no FUSE). Run the docker job privileged with the host Docker socket mounted, then use standard docker build/push. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-09 03:24:51 +00:00
parent 9e587ddadf
commit f934b2f84c
1 changed files with 19 additions and 22 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -142,46 +142,43 @@ jobs:
    runs-on: ubuntu-latest
    needs: [build]
    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+    container:
+      options: --privileged -v /var/run/docker.sock:/var/run/docker.sock
    env:
      REGISTRY: ${{ env.GITEA_REGISTRY }}
      OWNER: ${{ env.GITEA_OWNER }}
    steps:
      - uses: actions/checkout@v4

-      - name: Install buildah
-        run: sudo apt-get update && sudo apt-get install -y buildah
+      - name: Login to Gitea container registry
+        run: |
+          echo "${{ secrets.PACKAGES_TOKEN }}" | docker login \
+            --username ${{ env.OWNER }} --password-stdin \
+            ${{ env.REGISTRY }}

      - name: Build & push mcpd
        run: |
-          buildah --storage-driver vfs --isolation chroot bud -t mcpd:latest -f deploy/Dockerfile.mcpd .
-          buildah --storage-driver vfs push --tls-verify=false \
-            --creds "${{ env.OWNER }}:${{ secrets.PACKAGES_TOKEN }}" \
-            mcpd:latest \
-            docker://${{ env.REGISTRY }}/${{ env.OWNER }}/mcpd:latest
+          docker build -t ${{ env.REGISTRY }}/${{ env.OWNER }}/mcpd:latest \
+            -f deploy/Dockerfile.mcpd .
+          docker push ${{ env.REGISTRY }}/${{ env.OWNER }}/mcpd:latest

      - name: Build & push node-runner
        run: |
-          buildah --storage-driver vfs --isolation chroot bud -t node-runner:latest -f deploy/Dockerfile.node-runner .
-          buildah --storage-driver vfs push --tls-verify=false \
-            --creds "${{ env.OWNER }}:${{ secrets.PACKAGES_TOKEN }}" \
-            node-runner:latest \
-            docker://${{ env.REGISTRY }}/${{ env.OWNER }}/mcpctl-node-runner:latest
+          docker build -t ${{ env.REGISTRY }}/${{ env.OWNER }}/mcpctl-node-runner:latest \
+            -f deploy/Dockerfile.node-runner .
+          docker push ${{ env.REGISTRY }}/${{ env.OWNER }}/mcpctl-node-runner:latest

      - name: Build & push python-runner
        run: |
-          buildah --storage-driver vfs --isolation chroot bud -t python-runner:latest -f deploy/Dockerfile.python-runner .
-          buildah --storage-driver vfs push --tls-verify=false \
-            --creds "${{ env.OWNER }}:${{ secrets.PACKAGES_TOKEN }}" \
-            python-runner:latest \
-            docker://${{ env.REGISTRY }}/${{ env.OWNER }}/mcpctl-python-runner:latest
+          docker build -t ${{ env.REGISTRY }}/${{ env.OWNER }}/mcpctl-python-runner:latest \
+            -f deploy/Dockerfile.python-runner .
+          docker push ${{ env.REGISTRY }}/${{ env.OWNER }}/mcpctl-python-runner:latest

      - name: Build & push docmost-mcp
        run: |
-          buildah --storage-driver vfs --isolation chroot bud -t docmost-mcp:latest -f deploy/Dockerfile.docmost-mcp .
-          buildah --storage-driver vfs push --tls-verify=false \
-            --creds "${{ env.OWNER }}:${{ secrets.PACKAGES_TOKEN }}" \
-            docmost-mcp:latest \
-            docker://${{ env.REGISTRY }}/${{ env.OWNER }}/docmost-mcp:latest
+          docker build -t ${{ env.REGISTRY }}/${{ env.OWNER }}/docmost-mcp:latest \
+            -f deploy/Dockerfile.docmost-mcp .
+          docker push ${{ env.REGISTRY }}/${{ env.OWNER }}/docmost-mcp:latest

      - name: Link packages to repository
        env: