runner: valid_volumes regex matches the full source:target form

This commit is contained in:
2026-05-18 19:43:22 +00:00
parent 031d943979
commit 133df762ab

View File

@@ -25,12 +25,11 @@ container:
options: "-v cargoxx-cache-store:/srv/cargoxx-cache/store options: "-v cargoxx-cache-store:/srv/cargoxx-cache/store
-v cargoxx-cache-keys:/srv/cargoxx-cache/keys:ro" -v cargoxx-cache-keys:/srv/cargoxx-cache/keys:ro"
workdir_parent: /workspace workdir_parent: /workspace
# Whitelist regex of bind sources act_runner is allowed to forward to # Whitelist regex of bind specs act_runner forwards to spawned job
# spawned job containers. Must include the cache + key volumes named # containers. The regex matches the full `source:target[:opts]`
# in `options` above (otherwise act_runner silently strips them). # string, so a permissive prefix is enough.
valid_volumes: valid_volumes:
- "^cargoxx-cache-store$" - "^cargoxx-cache-(store|keys):"
- "^cargoxx-cache-keys$"
docker_host: "unix:///var/run/docker.sock" docker_host: "unix:///var/run/docker.sock"
force_pull: false force_pull: false