From 133df762ab4d9501c2f4e1425732d7b502220521 Mon Sep 17 00:00:00 2001 From: Amadey Vorontsov Date: Mon, 18 May 2026 19:43:22 +0000 Subject: [PATCH] runner: valid_volumes regex matches the full source:target form --- runner/config.yaml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/runner/config.yaml b/runner/config.yaml index c009a49..138e7ca 100644 --- a/runner/config.yaml +++ b/runner/config.yaml @@ -25,12 +25,11 @@ container: options: "-v cargoxx-cache-store:/srv/cargoxx-cache/store -v cargoxx-cache-keys:/srv/cargoxx-cache/keys:ro" workdir_parent: /workspace - # Whitelist regex of bind sources act_runner is allowed to forward to - # spawned job containers. Must include the cache + key volumes named - # in `options` above (otherwise act_runner silently strips them). + # Whitelist regex of bind specs act_runner forwards to spawned job + # containers. The regex matches the full `source:target[:opts]` + # string, so a permissive prefix is enough. valid_volumes: - - "^cargoxx-cache-store$" - - "^cargoxx-cache-keys$" + - "^cargoxx-cache-(store|keys):" docker_host: "unix:///var/run/docker.sock" force_pull: false