james/hugo-ap-comments
1
0
Fork 0
Code Issues Pull requests Projects Releases 5 Packages 1 Wiki Activity Actions

fix(ci): build proxy image with Buildx instead of buildah #7

Merged
james merged 1 commit from fix/proxy-release-buildx into main 2026-05-26 04:25:12 +00:00
Conversation 0 Commits 1 Files changed 2 +53 -33
james commented 2026-05-26 04:23:39 +00:00
Owner
Copy link

Rootless buildah can't run in the unprivileged job container — it fails
with unshare(CLONE_NEWUSER): Operation not permitted. Build via
docker/build-push-action with the Buildx kubernetes driver, which offloads
the build to a buildkit pod (act-runner namespace), so no privileged or
userns access is needed on the runner.

  • setup-buildx-action (driver: kubernetes, namespace=act-runner, qemu)
  • login-action + build-push-action with REGISTRY_USERNAME/REGISTRY_TOKEN
    secrets; VERSION build-arg flows into the Dockerfile ldflags
  • derive step now emits the tag list (adds :latest only for final versions)
  • gha build cache
  • docs: note the required registry secrets and the buildkit-pod build

Co-Authored-By: Claude Opus 4.7 (1M context) noreply@anthropic.com

Rootless buildah can't run in the unprivileged job container — it fails with `unshare(CLONE_NEWUSER): Operation not permitted`. Build via docker/build-push-action with the Buildx kubernetes driver, which offloads the build to a buildkit pod (act-runner namespace), so no privileged or userns access is needed on the runner. - setup-buildx-action (driver: kubernetes, namespace=act-runner, qemu) - login-action + build-push-action with REGISTRY_USERNAME/REGISTRY_TOKEN secrets; VERSION build-arg flows into the Dockerfile ldflags - derive step now emits the tag list (adds :latest only for final versions) - gha build cache - docs: note the required registry secrets and the buildkit-pod build Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
fix(ci): build proxy image with Buildx instead of buildah
Some checks failed
CI / build (pull_request) Successful in 26s
Details
Proxy / test (pull_request) Successful in 1m3s
Details
Proxy Release / release (push) Failing after 37s
Details
49448d4493 
Rootless buildah can't run in the unprivileged job container — it fails
with `unshare(CLONE_NEWUSER): Operation not permitted`. Build via
docker/build-push-action with the Buildx kubernetes driver, which offloads
the build to a buildkit pod (act-runner namespace), so no privileged or
userns access is needed on the runner.

- setup-buildx-action (driver: kubernetes, namespace=act-runner, qemu)
- login-action + build-push-action with REGISTRY_USERNAME/REGISTRY_TOKEN
  secrets; VERSION build-arg flows into the Dockerfile ldflags
- derive step now emits the tag list (adds :latest only for final versions)
- gha build cache
- docs: note the required registry secrets and the buildkit-pod build

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
james merged commit 1ec4d6b944 into main 2026-05-26 04:25:12 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
james/hugo-ap-comments!7
No description provided.