ci(bluebuild): locate podman auth.json + copy to stable bind path

podman login writes to $XDG_RUNTIME_DIR/containers/auth.json by default; that path varies and was missing. Probe known locations, copy into /root/.config/containers/auth.json so the bind into the bluebuild container has a stable source.
2026-05-06 17:21:21 +01:00 · 2026-05-06 17:21:21 +01:00 · 2c197796e3
commit 2c197796e3
parent 237968bfac
1 changed files with 20 additions and 6 deletions
--- a/.github/workflows/build-bluebuild.yml
+++ b/.github/workflows/build-bluebuild.yml
@ -128,18 +128,32 @@ jobs:
          # CLI container so buildah inside it can see the pre-pulled
          # secureblue base layer (avoids GHCR auth round-trip during
          # templating).
-          # Mount podman's auth.json so the bluebuild container can
-          # authenticate to GHCR via the same login we did above.
-          AUTH_JSON="${XDG_RUNTIME_DIR:-/run/containers/0}/containers/auth.json"
-          [ -f "$AUTH_JSON" ] || AUTH_JSON=/root/.config/containers/auth.json
-          ls -la "$AUTH_JSON" 2>&1 || true
+          # podman login writes to $XDG_RUNTIME_DIR/containers/auth.json
+          # by default, which is volatile. Find it + copy to a stable
+          # path that we then bind into the bluebuild container.
+          AUTH_SRC=""
+          for cand in \
+              "${XDG_RUNTIME_DIR:-/run/user/0}/containers/auth.json" \
+              "/run/containers/0/auth.json" \
+              "/root/.config/containers/auth.json" \
+              "/root/.docker/config.json"; do
+            if [ -f "$cand" ]; then AUTH_SRC="$cand"; break; fi
+          done
+          if [ -z "$AUTH_SRC" ]; then
+            echo "[ERR] no podman/docker auth.json found post-login"
+            find / -name auth.json -o -name 'config.json' 2>/dev/null | head -10
+            exit 1
+          fi
+          mkdir -p /root/.config/containers
+          cp "$AUTH_SRC" /root/.config/containers/auth.json
+          ls -la /root/.config/containers/auth.json

          podman run --rm \
            --privileged \
            --entrypoint /usr/bin/bluebuild \
            -v "$PWD:/work" \
            -v /var/lib/containers/storage:/var/lib/containers/storage \
-            -v "${AUTH_JSON}:/root/.config/containers/auth.json:ro" \
+            -v /root/.config/containers/auth.json:/root/.config/containers/auth.json:ro \
            -w /work \
            -e BB_BUILD_DRIVER=buildah \
            ghcr.io/blue-build/cli:latest \