mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-12-07 18:05:09 +00:00
Kevin Veen-Birkenbach
bb4391d083
The GitHub Actions DinD environment failed to start inner containers due to
cgroup v2 namespace isolation problems ('cannot enter cgroupv2 ... invalid state').
To resolve this, all docker run calls inside the CI workflow were updated
to include --cgroupns=host, ensuring the inner dockerd inherits the host
cgroup namespace instead of being sandboxed.
This aligns the CI runtime with the expectations of runc and prevents OCI-level
container creation failures.
Details and troubleshooting steps documented here:
https://chatgpt.com/share/6930e285-9604-800f-aad8-7a81c928548c
190 lines
6.6 KiB
YAML
190 lines
6.6 KiB
YAML
name: Build & Test Infinito.Nexus CLI in Docker Container
|
||
|
||
on:
|
||
push:
|
||
branches:
|
||
- main
|
||
- master
|
||
- develop
|
||
- "*"
|
||
pull_request:
|
||
|
||
jobs:
|
||
test-deploy:
|
||
runs-on: ubuntu-latest
|
||
timeout-minutes: 240
|
||
|
||
env:
|
||
# The following roles will be ignored in the tests
|
||
EXCLUDED_ROLES: >
|
||
drv-lid-switch,
|
||
svc-net-wireguard-core,
|
||
svc-net-wireguard-firewalled,
|
||
svc-net-wireguard-plain,
|
||
svc-opt-keyboard-color,
|
||
svc-opt-ssd-hdd,
|
||
web-app-bridgy-fed,
|
||
web-app-oauth2-proxy,
|
||
web-app-postmarks,
|
||
web-app-socialhome,
|
||
web-svc-xmpp,
|
||
|
||
steps:
|
||
- name: Main Checkout repository
|
||
uses: actions/checkout@v4
|
||
|
||
- name: Show Docker version
|
||
run: docker version
|
||
|
||
- name: Build Docker image
|
||
run: |
|
||
docker build --network=host --pull -t infinito:latest .
|
||
|
||
# 1) First deploy: normal + debug (inner dockerd with vfs)
|
||
- name: First deploy (normal + debug)
|
||
run: |
|
||
docker run --network=host --rm --privileged --cgroupns=host \
|
||
-e EXCLUDED_ROLES="$EXCLUDED_ROLES" \
|
||
infinito:latest \
|
||
/bin/sh -lc '
|
||
set -e
|
||
|
||
echo ">>> Starting inner dockerd..."
|
||
dockerd --debug --host=unix:///var/run/docker.sock --storage-driver=vfs \
|
||
>/var/log/dockerd.log 2>&1 &
|
||
|
||
echo ">>> Waiting for inner Docker daemon..."
|
||
for i in $(seq 1 60); do
|
||
if docker info >/dev/null 2>&1; then
|
||
echo ">>> Inner Docker daemon is up."
|
||
break
|
||
fi
|
||
sleep 1
|
||
done
|
||
|
||
if ! docker info >/dev/null 2>&1; then
|
||
echo "ERROR: Inner Docker daemon did not start in time." >&2
|
||
echo "----------- dockerd.log (inside infinito) -----------" >&2
|
||
if [ -f /var/log/dockerd.log ]; then
|
||
sed -n "1,200p" /var/log/dockerd.log >&2
|
||
else
|
||
echo "dockerd.log not found" >&2
|
||
fi
|
||
echo "-----------------------------------------------------" >&2
|
||
exit 1
|
||
fi
|
||
|
||
echo ">>> Inner Docker daemon is up, proceeding with deploy."
|
||
cd /opt/infinito-src
|
||
|
||
echo ">>> Create CI inventory (normal + debug)..."
|
||
infinito create inventory inventories/github-ci \
|
||
--host localhost \
|
||
--exclude "$EXCLUDED_ROLES" \
|
||
--ssl-disabled
|
||
|
||
INVENTORY_PATH="inventories/github-ci/servers.yml"
|
||
VAULT_FILE="inventories/github-ci/.password"
|
||
|
||
echo ">>> First deploy (normal + debug)..."
|
||
infinito deploy "$INVENTORY_PATH" -T server -p "$VAULT_FILE" --debug --skip-tests
|
||
'
|
||
|
||
# 2) Second deploy: reset + debug (same inner dockerd pattern, also vfs)
|
||
- name: Second deploy (--reset --debug)
|
||
run: |
|
||
docker run --network=host --rm --privileged --cgroupns=host \
|
||
-e EXCLUDED_ROLES="$EXCLUDED_ROLES" \
|
||
infinito:latest \
|
||
/bin/sh -lc '
|
||
set -e
|
||
|
||
echo ">>> Starting inner dockerd..."
|
||
dockerd --debug --host=unix:///var/run/docker.sock --storage-driver=vfs \
|
||
>/var/log/dockerd.log 2>&1 &
|
||
|
||
echo ">>> Waiting for inner Docker daemon..."
|
||
for i in $(seq 1 60); do
|
||
if docker info >/dev/null 2>&1; then
|
||
echo ">>> Inner Docker daemon is up."
|
||
break
|
||
fi
|
||
sleep 1
|
||
done
|
||
|
||
if ! docker info >/dev/null 2>&1; then
|
||
echo "ERROR: Inner Docker daemon did not start in time." >&2
|
||
echo "----------- dockerd.log (inside infinito) -----------" >&2
|
||
if [ -f /var/log/dockerd.log ]; then
|
||
sed -n "1,200p" /var/log/dockerd.log >&2
|
||
else
|
||
echo "dockerd.log not found" >&2
|
||
fi
|
||
echo "-----------------------------------------------------" >&2
|
||
exit 1
|
||
fi
|
||
|
||
cd /opt/infinito-src
|
||
|
||
echo ">>> Recreate CI inventory (reset run)..."
|
||
infinito create inventory inventories/github-ci \
|
||
--host localhost \
|
||
--exclude "$EXCLUDED_ROLES" \
|
||
--ssl-disabled
|
||
|
||
INVENTORY_PATH="inventories/github-ci/servers.yml"
|
||
VAULT_FILE="inventories/github-ci/.password"
|
||
|
||
echo ">>> Second deploy (--reset --debug)..."
|
||
infinito deploy "$INVENTORY_PATH" -T server -p "$VAULT_FILE" --skip-tests --reset --debug
|
||
'
|
||
|
||
# 3) Third deploy: async (no debug, same inner dockerd, also vfs)
|
||
- name: Third deploy (async deploy – no debug)
|
||
run: |
|
||
docker run --network=host --rm --privileged --cgroupns=host \
|
||
-e EXCLUDED_ROLES="$EXCLUDED_ROLES" \
|
||
infinito:latest \
|
||
/bin/sh -lc '
|
||
set -e
|
||
|
||
echo ">>> Starting inner dockerd..."
|
||
dockerd --debug --host=unix:///var/run/docker.sock --storage-driver=vfs \
|
||
>/var/log/dockerd.log 2>&1 &
|
||
|
||
echo ">>> Waiting for inner Docker daemon..."
|
||
for i in $(seq 1 60); do
|
||
if docker info >/dev/null 2>&1; then
|
||
echo ">>> Inner Docker daemon is up."
|
||
break
|
||
fi
|
||
sleep 1
|
||
done
|
||
|
||
if ! docker info >/dev/null 2>&1; then
|
||
echo "ERROR: Inner Docker daemon did not start in time." >&2
|
||
echo "----------- dockerd.log (inside infinito) -----------" >&2
|
||
if [ -f /var/log/dockerd.log ]; then
|
||
sed -n "1,200p" /var/log/dockerd.log >&2
|
||
else
|
||
echo "dockerd.log not found" >&2
|
||
fi
|
||
echo "-----------------------------------------------------" >&2
|
||
exit 1
|
||
fi
|
||
|
||
cd /opt/infinito-src
|
||
|
||
echo ">>> Create/update inventory for async deploy..."
|
||
infinito create inventory inventories/github-ci \
|
||
--host localhost \
|
||
--exclude "$EXCLUDED_ROLES" \
|
||
--ssl-disabled
|
||
|
||
INVENTORY_PATH="inventories/github-ci/servers.yml"
|
||
VAULT_FILE="inventories/github-ci/.password"
|
||
|
||
echo ">>> Third deploy (async, no debug)..."
|
||
infinito deploy "$INVENTORY_PATH" -T server -p "$VAULT_FILE" --skip-tests --async
|
||
'
|