Docker CLI v1.52 is too new for the host's podman daemon (max 1.43).
Set DOCKER_API_VERSION to force the older API.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
bun install on top of pnpm's nested node_modules fails to resolve
workspace transitive deps (Ink, inquirer, etc). Remove node_modules
first so bun creates a proper flat layout from scratch.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
docker build works via podman socket (builds don't need registry access).
skopeo pushes directly over HTTP with --dest-tls-verify=false, bypassing
the daemon's registry config entirely. No login/daemon config needed.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The host uses podman (not Docker) — the socket mounted in job containers
is /run/podman/podman.sock. Podman reads /etc/containers/registries.conf
for insecure registry config, which takes effect immediately without any
daemon restart.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
No build tool works in the default unprivileged runner container (no
Docker socket, no procfs, no FUSE). Run the docker job privileged with
the host Docker socket mounted, then use standard docker build/push.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Runner container has no /proc/self/uid_map (no user namespace support).
Chroot isolation doesn't need namespaces, only filesystem access.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The runner container lacks FUSE device access needed for overlay mounts.
VFS storage driver works without special privileges.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The Act Runner job containers have no Docker socket access. Replace
docker build/push + skopeo with buildah which builds OCI images
without needing a daemon, and pushes with --tls-verify=false for HTTP.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
docker login/push require daemon.json insecure-registries config which
needs a dockerd restart (impossible in the Act Runner container).
Use skopeo copy with --dest-tls-verify=false to push over HTTP directly.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
There's no bun.lockb in the repo, so --frozen-lockfile fails
intermittently when pnpm cache is unavailable. Use plain bun install.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Buildx docker-container driver needs socket perms the runner lacks.
The host Docker daemon should already trust its local registry, so
skip insecure registry config and use plain docker build/push.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The Gitea Act Runner can't restart dockerd to add insecure registries.
Switch to buildx with a BuildKit config that allows HTTP registries,
and write Docker credentials directly instead of using docker login.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The Gitea Act Runner container has no systemd, service, or init.d.
Kill dockerd by PID and relaunch it directly after writing daemon.json.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Gitea Act Runner containers don't use systemd. Fall back to
service/init.d for restarting dockerd after configuring insecure registry.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
upload-artifact@v4 and download-artifact@v4 require GitHub.com's
artifact backend and are not supported on Gitea Actions (GHES).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
bun can't resolve transitive deps through pnpm's symlinked node_modules.
Running bun install creates a flat layout bun can resolve from.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove explicit version from pnpm/action-setup — it reads from
packageManager in package.json automatically.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replaces the minimal CI workflow with a complete build/release pipeline:
- lint, typecheck, test (parallel, every push/PR)
- build: TS + completions + bun binaries + RPM packaging
- docker: build & push all 4 images (mcpd, node-runner, python-runner, docmost-mcp)
- publish-rpm: upload RPM to Gitea packages
- deploy: update Portainer stack
Also adds scripts/link-package.sh shared helper to auto-link packages
to the repository (Gitea 1.24+ API with graceful fallback), called from
all build/publish scripts.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Bundles the CLI into a standalone binary via bun compile, packages
as RPM with nfpm, and publishes to Gitea's built-in package registry.
Users install with: dnf config-manager --add-repo <gitea>/rpm.repo
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Runs on push to main and PRs. Parallel lint/typecheck/test jobs
with a final build step that depends on all three passing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
