runner: valid_volumes regex matches the full source:target form

This commit is contained in:
2026-05-18 19:43:22 +00:00
parent 031d943979
commit 133df762ab

View File

@@ -25,12 +25,11 @@ container:
options: "-v cargoxx-cache-store:/srv/cargoxx-cache/store
-v cargoxx-cache-keys:/srv/cargoxx-cache/keys:ro"
workdir_parent: /workspace
# Whitelist regex of bind sources act_runner is allowed to forward to
# spawned job containers. Must include the cache + key volumes named
# in `options` above (otherwise act_runner silently strips them).
# Whitelist regex of bind specs act_runner forwards to spawned job
# containers. The regex matches the full `source:target[:opts]`
# string, so a permissive prefix is enough.
valid_volumes:
- "^cargoxx-cache-store$"
- "^cargoxx-cache-keys$"
- "^cargoxx-cache-(store|keys):"
docker_host: "unix:///var/run/docker.sock"
force_pull: false