From 031d9439796d5bf1e385fdbb80e17bdb65f5378e Mon Sep 17 00:00:00 2001 From: Amadey Vorontsov Date: Mon, 18 May 2026 19:34:37 +0000 Subject: [PATCH] runner: drop volume name prefix, whitelist in valid_volumes --- runner/compose.yml | 5 +++++ runner/config.yaml | 7 ++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/runner/compose.yml b/runner/compose.yml index 5d4b192..bd3c810 100644 --- a/runner/compose.yml +++ b/runner/compose.yml @@ -28,12 +28,17 @@ services: volumes: cargoxx-cache-store: + # Explicit name disables compose's project-prefix so spawned job + # containers (which don't know about compose) can reference the + # same volume by the same name. + name: cargoxx-cache-store driver: local driver_opts: type: none o: bind device: "${PWD}/cache/store" cargoxx-cache-keys: + name: cargoxx-cache-keys driver: local driver_opts: type: none diff --git a/runner/config.yaml b/runner/config.yaml index 29030c7..c009a49 100644 --- a/runner/config.yaml +++ b/runner/config.yaml @@ -25,7 +25,12 @@ container: options: "-v cargoxx-cache-store:/srv/cargoxx-cache/store -v cargoxx-cache-keys:/srv/cargoxx-cache/keys:ro" workdir_parent: /workspace - valid_volumes: [] + # Whitelist regex of bind sources act_runner is allowed to forward to + # spawned job containers. Must include the cache + key volumes named + # in `options` above (otherwise act_runner silently strips them). + valid_volumes: + - "^cargoxx-cache-store$" + - "^cargoxx-cache-keys$" docker_host: "unix:///var/run/docker.sock" force_pull: false