From 7d1bb1fbef43956ada97f46161d4e29dd8396d4b Mon Sep 17 00:00:00 2001 From: Mathias Beaulieu-Duncan Date: Tue, 16 Jun 2026 10:49:03 -0400 Subject: [PATCH] build: copy imager artifacts via docker cp for DinD runners The Gitea act_runners on the fondation cluster run jobs in containers against a docker:dind sidecar (socket at /shared/docker.sock). A nested `docker run -v ./_out:/out` resolves the path on the dind daemon's filesystem, not the job container, so the installer tar / raw image never came back and `crane push ./_out/...` failed. Run the imager without an output bind mount (anonymous /out volume) and pull artifacts back with `docker cp`, which streams over the Docker API and works under DinD, a shared socket, or a local daemon. Also drop `-t` (no TTY in container-mode steps) and name+clean the containers. Co-Authored-By: Claude Opus 4.8 (1M context) --- Makefile | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 8b5a540..72a28cb 100644 --- a/Makefile +++ b/Makefile @@ -169,6 +169,12 @@ overlay: # Builds the imager, installer-base, and installer images step by step, # pushing each to our project-specific Docker Hub repos. # +# The imager runs as a container. Under DinD CI runners it is a sibling of the +# dind daemon, so a bind mount of ./_out would resolve on the daemon's +# filesystem rather than here. We therefore run the imager without an output +# mount and copy artifacts back with `docker cp` (streams over the Docker API, +# so it works under DinD, a shared socket, or a local daemon alike). +# .PHONY: installer installer: cd "$(CHECKOUTS_DIRECTORY)/talos" && \ @@ -190,22 +196,28 @@ installer: target-installer-base \ TARGET_ARGS="--output type=image,name=$(INSTALLER_IMAGE):base-$(TALOS_TAG),push=true $(ATTESTATION_ARGS)" && \ docker pull $(IMAGER_IMAGE):$(TALOS_TAG) && \ - docker run --rm -t -v ./_out:/out --privileged --network=host \ + mkdir -p ./_out && \ + ( docker rm -fv talos-imager 2>/dev/null || true ) && \ + docker run --name talos-imager -v /out --privileged --network=host \ $(IMAGER_IMAGE):$(TALOS_TAG) \ installer --arch arm64 \ --base-installer-image="$(INSTALLER_IMAGE):base-$(TALOS_TAG)" \ $(IMAGER_COMMON_FLAGS) && \ + docker cp talos-imager:/out/installer-arm64.tar ./_out/installer-arm64.tar && \ + docker rm -fv talos-imager >/dev/null && \ crane push ./_out/installer-arm64.tar $(INSTALLER_IMAGE):$(TALOS_TAG) && \ printf "FROM $(INSTALLER_IMAGE):$(TALOS_TAG)\n" | docker buildx build \ --platform linux/arm64 \ $(ATTESTATION_ARGS) \ -t $(INSTALLER_IMAGE):$(TALOS_TAG) --push - && \ - docker \ - run --rm -t -v ./_out:/out -v /dev:/dev --privileged --network=host \ + ( docker rm -fv talos-imager-metal 2>/dev/null || true ) && \ + docker run --name talos-imager-metal -v /out -v /dev:/dev --privileged --network=host \ $(IMAGER_IMAGE):$(TALOS_TAG) \ metal --arch arm64 \ --base-installer-image="$(INSTALLER_IMAGE):$(TALOS_TAG)" \ - $(IMAGER_COMMON_FLAGS) + $(IMAGER_COMMON_FLAGS) && \ + docker cp talos-imager-metal:/out/. ./_out/ && \ + docker rm -fv talos-imager-metal >/dev/null # # Release — tag images with the Git tag for stable references