runner: drop volume name prefix, whitelist in valid_volumes

This commit is contained in:
2026-05-18 19:34:37 +00:00
parent 202f6389bc
commit 031d943979
2 changed files with 11 additions and 1 deletions

View File

@@ -28,12 +28,17 @@ services:
volumes:
cargoxx-cache-store:
# Explicit name disables compose's project-prefix so spawned job
# containers (which don't know about compose) can reference the
# same volume by the same name.
name: cargoxx-cache-store
driver: local
driver_opts:
type: none
o: bind
device: "${PWD}/cache/store"
cargoxx-cache-keys:
name: cargoxx-cache-keys
driver: local
driver_opts:
type: none

View File

@@ -25,7 +25,12 @@ container:
options: "-v cargoxx-cache-store:/srv/cargoxx-cache/store
-v cargoxx-cache-keys:/srv/cargoxx-cache/keys:ro"
workdir_parent: /workspace
valid_volumes: []
# Whitelist regex of bind sources act_runner is allowed to forward to
# spawned job containers. Must include the cache + key volumes named
# in `options` above (otherwise act_runner silently strips them).
valid_volumes:
- "^cargoxx-cache-store$"
- "^cargoxx-cache-keys$"
docker_host: "unix:///var/run/docker.sock"
force_pull: false