From 015d69b54d2822920c4d442271ff0adfc2d6eb40 Mon Sep 17 00:00:00 2001 From: Claude Date: Sat, 15 Nov 2025 16:44:59 -0500 Subject: [PATCH 1/2] fix: skip step-checker in container jobs where _diag is not accessible The step-checker was causing warnings in container jobs because the _diag directory exists on the host but is not mounted into containers. Changes: - Check for /.dockerenv file (docker-specific indicator) - Check cgroup for container indicators (works with cgroup v1) - Check if working directory starts with /__w/ (GitHub Actions container mount) - Skip step-checker gracefully when any of these conditions are met This handles both cgroup v1 and v2 formats and allows sticky disk commits to proceed normally for container jobs. Affects container jobs only - regular jobs continue to work as before. --- dist/post/index.js | 37 +++++++++++++++++++++++++++++++++++++ src/step-checker.ts | 43 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 80 insertions(+) diff --git a/dist/post/index.js b/dist/post/index.js index 4779960..e42a998 100644 --- a/dist/post/index.js +++ b/dist/post/index.js @@ -36320,6 +36320,43 @@ var external_path_ = __nccwpck_require__(6928); */ async function checkPreviousStepFailures(runnerBasePath) { try { + // Check if we're running inside a container. + // In container jobs, _diag is not mounted and not accessible. + const isContainer = await (async () => { + try { + // Check for /.dockerenv file (docker-specific). + try { + await external_fs_.promises.access("/.dockerenv"); + return true; + } + catch { + // Not a docker container, continue checking. + } + // Check cgroup for container indicators (works with cgroup v1). + const cgroup = await external_fs_.promises.readFile("/proc/1/cgroup", "utf-8"); + if (cgroup.includes("docker") || cgroup.includes("containerd")) { + return true; + } + // For cgroup v2, check if working directory starts with /__w/. + // This is GitHub Actions container-specific workspace mount. + const cwd = process.cwd(); + if (cwd.startsWith("/__w/")) { + return true; + } + return false; + } + catch { + return false; + } + })(); + if (isContainer) { + core.debug("Running inside container - _diag directory not accessible, skipping step failure check"); + return { + hasFailures: false, + failedCount: 0, + error: "Step failure checking skipped: running inside container where _diag is not accessible", + }; + } // If no base path provided, try to detect the runner root if (!runnerBasePath) { // In GitHub Actions, we're typically in /home/runner/_work/{repo}/{repo} diff --git a/src/step-checker.ts b/src/step-checker.ts index 76bb42e..fb44120 100644 --- a/src/step-checker.ts +++ b/src/step-checker.ts @@ -23,6 +23,49 @@ export async function checkPreviousStepFailures( runnerBasePath?: string, ): Promise { try { + // Check if we're running inside a container. + // In container jobs, _diag is not mounted and not accessible. + const isContainer = await (async () => { + try { + // Check for /.dockerenv file (docker-specific). + try { + await fs.access("/.dockerenv"); + return true; + } catch { + // Not a docker container, continue checking. + } + + // Check cgroup for container indicators (works with cgroup v1). + const cgroup = await fs.readFile("/proc/1/cgroup", "utf-8"); + if (cgroup.includes("docker") || cgroup.includes("containerd")) { + return true; + } + + // For cgroup v2, check if working directory starts with /__w/. + // This is GitHub Actions container-specific workspace mount. + const cwd = process.cwd(); + if (cwd.startsWith("/__w/")) { + return true; + } + + return false; + } catch { + return false; + } + })(); + + if (isContainer) { + core.debug( + "Running inside container - _diag directory not accessible, skipping step failure check", + ); + return { + hasFailures: false, + failedCount: 0, + error: + "Step failure checking skipped: running inside container where _diag is not accessible", + }; + } + // If no base path provided, try to detect the runner root if (!runnerBasePath) { // In GitHub Actions, we're typically in /home/runner/_work/{repo}/{repo} From 1afddd30e184291e7a198700875b0e4e98e3b2f9 Mon Sep 17 00:00:00 2001 From: Claude Date: Sat, 15 Nov 2025 17:25:40 -0500 Subject: [PATCH 2/2] ci: add GitHub token to buf-setup-action to avoid API rate limits The buf-setup-action was hitting GitHub API rate limits for unauthenticated requests. Adding the GITHUB_TOKEN allows authenticated requests which have a much higher rate limit. --- .github/workflows/build.yaml | 2 ++ dist/post/index.js | 36 ++++++++++++++++----------------- src/step-checker.ts | 39 ++++++++++++++++++------------------ 3 files changed, 39 insertions(+), 38 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 5113ce8..3464260 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -19,6 +19,8 @@ jobs: - name: Setup Buf uses: bufbuild/buf-setup-action@v1 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} - name: Configure Buf Registry run: | diff --git a/dist/post/index.js b/dist/post/index.js index e42a998..afc1f4f 100644 --- a/dist/post/index.js +++ b/dist/post/index.js @@ -36323,38 +36323,38 @@ async function checkPreviousStepFailures(runnerBasePath) { // Check if we're running inside a container. // In container jobs, _diag is not mounted and not accessible. const isContainer = await (async () => { + // Check for /.dockerenv file (docker-specific). + try { + await external_fs_.promises.access("/.dockerenv"); + return true; + } + catch { + // Not a docker container, continue checking. + } + // Check cgroup for container indicators (works with cgroup v1). try { - // Check for /.dockerenv file (docker-specific). - try { - await external_fs_.promises.access("/.dockerenv"); - return true; - } - catch { - // Not a docker container, continue checking. - } - // Check cgroup for container indicators (works with cgroup v1). const cgroup = await external_fs_.promises.readFile("/proc/1/cgroup", "utf-8"); if (cgroup.includes("docker") || cgroup.includes("containerd")) { return true; } - // For cgroup v2, check if working directory starts with /__w/. - // This is GitHub Actions container-specific workspace mount. - const cwd = process.cwd(); - if (cwd.startsWith("/__w/")) { - return true; - } - return false; } catch { - return false; + // /proc/1/cgroup unreadable or doesn't exist, continue checking. } + // For cgroup v2, check if working directory starts with /__w/. + // This is GitHub Actions container-specific workspace mount. + const cwd = process.cwd(); + if (cwd.startsWith("/__w/")) { + return true; + } + return false; })(); if (isContainer) { core.debug("Running inside container - _diag directory not accessible, skipping step failure check"); return { hasFailures: false, failedCount: 0, - error: "Step failure checking skipped: running inside container where _diag is not accessible", + // No error field - we want commits to proceed in containers }; } // If no base path provided, try to detect the runner root diff --git a/src/step-checker.ts b/src/step-checker.ts index fb44120..c074181 100644 --- a/src/step-checker.ts +++ b/src/step-checker.ts @@ -26,32 +26,32 @@ export async function checkPreviousStepFailures( // Check if we're running inside a container. // In container jobs, _diag is not mounted and not accessible. const isContainer = await (async () => { + // Check for /.dockerenv file (docker-specific). try { - // Check for /.dockerenv file (docker-specific). - try { - await fs.access("/.dockerenv"); - return true; - } catch { - // Not a docker container, continue checking. - } + await fs.access("/.dockerenv"); + return true; + } catch { + // Not a docker container, continue checking. + } - // Check cgroup for container indicators (works with cgroup v1). + // Check cgroup for container indicators (works with cgroup v1). + try { const cgroup = await fs.readFile("/proc/1/cgroup", "utf-8"); if (cgroup.includes("docker") || cgroup.includes("containerd")) { return true; } - - // For cgroup v2, check if working directory starts with /__w/. - // This is GitHub Actions container-specific workspace mount. - const cwd = process.cwd(); - if (cwd.startsWith("/__w/")) { - return true; - } - - return false; } catch { - return false; + // /proc/1/cgroup unreadable or doesn't exist, continue checking. } + + // For cgroup v2, check if working directory starts with /__w/. + // This is GitHub Actions container-specific workspace mount. + const cwd = process.cwd(); + if (cwd.startsWith("/__w/")) { + return true; + } + + return false; })(); if (isContainer) { @@ -61,8 +61,7 @@ export async function checkPreviousStepFailures( return { hasFailures: false, failedCount: 0, - error: - "Step failure checking skipped: running inside container where _diag is not accessible", + // No error field - we want commits to proceed in containers }; }