Issue Report on Docker-in-Docker Problem

[oilrich25]

Issue Description

When using ghcr.io/christopherhx/gitea-actions-runner:v0.0.9 as a self-hosted runner, it has been observed that both docker/setup-qemu-action@v2 and docker/setup-buildx-action@main fail to function properly with the following configuration:

ubuntu:
    runs-on: self-hosted
    steps:
      - uses: actions/checkout@v3
      - uses: docker/setup-qemu-action@v2
      - uses: docker/setup-buildx-action@main

[oilrich25]

For the above problem, @ChristopherHX can add docker/setup-qemu-action@v2 and docker/setup-buildx-action@v3 at https://gitea.com/ChristopherHX/actions_runner/actions/runs/86 to be reproducible Problem occurs.

[ChristopherHX]

What you are trying to do needs rootful dind and unix socket connection like (eventually also requires you to not add container: to your job).

For example binfmt registrations cause permission denied for rootless dind (dropping priviledges)

# docker-compose.yml
networks:
  runner:
    external: false
volumes:
  runner:
    driver: local
  runner-externals:
    driver: local
  gitea-runner-data:
    driver: local
  socket:
    driver: local
services:
  runner:
    image: ghcr.io/christopherhx/gitea-actions-runner:nightly
    environment:
      - GITEA_INSTANCE_URL=https://gitea.com/                            # Your Gitea Instance to register to
      - GITEA_RUNNER_REGISTRATION_TOKEN=XXXXXXXXXXXXXXXXXXXXXXX # The Gitea registration token
      - GITEA_RUNNER_LABELS=self-hosted                                 # The labels of your runner (comma separated)
    restart: always
    user: root
    networks:
      - runner
    volumes:
      - gitea-runner-data:/data                 # Persist runner registration across updates
      - runner:/home/runner/_work               # DIND
      - runner-externals:/home/runner/externals # DIND
      - socket:/var/run
    depends_on:
      - docker
  docker:
    image: docker:dind
    restart: always
    privileged: true
    networks:
      - runner
    volumes:
      - runner:/home/runner/_work
      - runner-externals:/home/runner/externals
      - socket:/var/run

(Can be added to samples)

An external dind container has some benefits like altering docker configurations without changing the image of the runner.

[oilrich25]

What you are trying to do needs rootful dind and unix socket connection like (eventually also requires you to not add container: to your job).

For example binfmt registrations cause permission denied for rootless dind (dropping priviledges)

# docker-compose.yml
networks:
  runner:
    external: false
volumes:
  runner:
    driver: local
  runner-externals:
    driver: local
  gitea-runner-data:
    driver: local
  socket:
    driver: local
services:
  runner:
    image: ghcr.io/christopherhx/gitea-actions-runner:nightly
    environment:
      - GITEA_INSTANCE_URL=https://gitea.com/                            # Your Gitea Instance to register to
      - GITEA_RUNNER_REGISTRATION_TOKEN=XXXXXXXXXXXXXXXXXXXXXXX # The Gitea registration token
      - GITEA_RUNNER_LABELS=self-hosted                                 # The labels of your runner (comma separated)
    restart: always
    user: root
    networks:
      - runner
    volumes:
      - gitea-runner-data:/data                 # Persist runner registration across updates
      - runner:/home/runner/_work               # DIND
      - runner-externals:/home/runner/externals # DIND
      - socket:/var/run
    depends_on:
      - docker
  docker:
    image: docker:dind
    restart: always
    privileged: true
    networks:
      - runner
    volumes:
      - runner:/home/runner/_work
      - runner-externals:/home/runner/externals
      - socket:/var/run

(Can be added to samples)

An external dind container has some benefits like altering docker configurations without changing the image of the runner.

After testing, the issue was resolved. Its configuration can be updated and synced to ChristopherHX/gitea-actions-runner