veilor-org/veilor-os
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

ci(bluebuild): locate podman auth.json + copy to stable bind path

Browse source 
podman login writes to $XDG_RUNTIME_DIR/containers/auth.json by
default; that path varies and was missing. Probe known locations,
copy into /root/.config/containers/auth.json so the bind into the
bluebuild container has a stable source.
This commit is contained in:
obsidian-ai 2026-05-06 17:21:21 +01:00
parent 237968bfac
commit 2c197796e3
1 changed files with 20 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
.github/workflows/build-bluebuild.yml vendored
View file

@ -128,18 +128,32 @@ jobs:
# CLI container so buildah inside it can see the pre-pulled # CLI container so buildah inside it can see the pre-pulled
# secureblue base layer (avoids GHCR auth round-trip during # secureblue base layer (avoids GHCR auth round-trip during
# templating). # templating).
# Mount podman's auth.json so the bluebuild container can # podman login writes to $XDG_RUNTIME_DIR/containers/auth.json
# authenticate to GHCR via the same login we did above. # by default, which is volatile. Find it + copy to a stable
AUTH_JSON="${XDG_RUNTIME_DIR:-/run/containers/0}/containers/auth.json" # path that we then bind into the bluebuild container.
[ -f "$AUTH_JSON" ] || AUTH_JSON=/root/.config/containers/auth.json AUTH_SRC=""
ls -la "$AUTH_JSON" 2>&1 || true for cand in \
"${XDG_RUNTIME_DIR:-/run/user/0}/containers/auth.json" \
"/run/containers/0/auth.json" \
"/root/.config/containers/auth.json" \
"/root/.docker/config.json"; do
if [ -f "$cand" ]; then AUTH_SRC="$cand"; break; fi
done
if [ -z "$AUTH_SRC" ]; then
echo "[ERR] no podman/docker auth.json found post-login"
find / -name auth.json -o -name 'config.json' 2>/dev/null | head -10
exit 1
fi
mkdir -p /root/.config/containers
cp "$AUTH_SRC" /root/.config/containers/auth.json
ls -la /root/.config/containers/auth.json
podman run --rm \ podman run --rm \
--privileged \ --privileged \
--entrypoint /usr/bin/bluebuild \ --entrypoint /usr/bin/bluebuild \
-v "$PWD:/work" \ -v "$PWD:/work" \
-v /var/lib/containers/storage:/var/lib/containers/storage \ -v /var/lib/containers/storage:/var/lib/containers/storage \
-v "${AUTH_JSON}:/root/.config/containers/auth.json:ro" \ -v /root/.config/containers/auth.json:/root/.config/containers/auth.json:ro \
-w /work \ -w /work \
-e BB_BUILD_DRIVER=buildah \ -e BB_BUILD_DRIVER=buildah \
ghcr.io/blue-build/cli:latest \ ghcr.io/blue-build/cli:latest \