build-push-action
build-push-action copied to clipboard
docker
buildx create fails on rootless docker with ping_group_range: invalid argument: unknown
Troubleshooting
Before sumbitting a bug report please read the Troubleshooting doc.
Behaviour
Steps to reproduce this issue
- Install self hosted actions runner as directed here https://stackoverflow.com/questions/66137419/how-to-enable-non-docker-actions-to-access-docker-created-files-on-my-self-hoste & enable experimental features to enable buildx
- Run a github action that sets up buildx, then uses the login action, and then the buildx action
- observe the error
buildx call failed write sysctl key net.ipv4.ping_group_range: write /proc/sys/net/ipv4/ping_group_range: invalid argument: unknown
Expected behaviour
It builds correctly
Actual behaviour
I get an error
Configuration
on:
push:
branches:
- '**'
name: UH Schedule CI
defaults:
run:
working-directory: 'uh/schedule'
jobs:
test:
name: Test
runs-on: [self-hosted, linux, x64]
container: node:14-slim
steps:
- uses: actions/checkout@v2
- run: yarn install --frozen-lockfile --non-interactive
- run: yarn build
working-directory: sdk
- run: yarn test
test_with_redis:
services:
redis:
image: redis:6-alpine
ports:
- 6379:6379
name: Test with Redis
runs-on: [self-hosted, linux, x64]
container: node:14-slim
env:
REDIS_URL: redis://redis:6379
steps:
- uses: actions/checkout@v2
- run: yarn install --frozen-lockfile --non-interactive
- run: yarn build
working-directory: sdk
- run: yarn test
lint:
name: Lint
runs-on: [self-hosted, linux, x64]
container: node:14-slim
steps:
- uses: actions/checkout@v2
- run: yarn install --frozen-lockfile --non-interactive
- run: yarn build
working-directory: sdk
- run: yarn lint
build_push_beta:
name: Build and Push beta
runs-on: [self-hosted, linux, x64]
steps:
- uses: actions/checkout@v2
- uses: docker/setup-buildx-action@v1
- uses: docker/login-action@v1
with:
registry: xxx
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push Docker images
uses: docker/build-push-action@v2
with:
context: .
tags: xxx/xx:${{ github.sha }}
push: true
build-args: |
workspace=uh/schedule
build_push_prod:
name: Build and Push prod
needs:
- test
- test_with_redis
- lint
runs-on: [self-hosted, linux, x64]
if: startsWith(github.ref, 'refs/tags/') && endsWith(github.ref, 'v*' )
steps:
- uses: actions/checkout@v2
- uses: actions/github-script@v3
with:
id: tag
script: |
return context.payload.ref.replace(/\/refs\/tags\//, '');
result-encoding: string
- uses: docker/setup-buildx-action@v1
- uses: docker/login-action@v1
with:
registry: xxx
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push Docker images
uses: docker/build-push-action@v2
with:
tags: xxx/xx:${{ steps.tag.outputs.result }}
push: true
build-args: |
workspace=uh/schedule
Logs
@Frederik-Baetens From what I see you're running the Docker daemon as a non-root user (rootless mode). In that case I think you should use the rootless buildkit image:
- uses: docker/setup-buildx-action@v1
with:
driver-opts: image=moby/buildkit:buildx-stable-1-rootless
cc @tonistiigi
That doesn't seem to fix the error.
I have buildx installed & enabled on my runner, and building basic containers with them manually in the cli seems to work, so I don't know where buildx is going wrong in the action.
build_push_beta:
name: Build and Push beta
runs-on: [self-hosted, linux, x64]
#if: github.ref == 'refs/heads/master'
steps:
- uses: actions/checkout@v2
- uses: docker/setup-buildx-action@v1
with:
driver-opts: image=moby/buildkit:buildx-stable-1-rootless
- uses: docker/login-action@v1
with:
registry: xxx
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push Docker images
uses: docker/build-push-action@v2
with:
context: .
tags: xxx/xx:${{ github.sha }}
push: true
build-args: |
workspace=uh/schedule
When I remove the docker/setup-buildx-action It works as expected. Something about the setup-buildx-action is breaking my buildx for the runner.
like so:
build_push_beta:
name: Build and Push beta
runs-on: [self-hosted, linux, x64]
#if: github.ref == 'refs/heads/master'
steps:
- uses: actions/checkout@v2
- uses: docker/login-action@v1
with:
registry: quivr.azurecr.io
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push Docker images
uses: docker/build-push-action@v2
with:
context: .
tags: quivr.azurecr.io/cps-uh:${{ github.sha }}
push: true
build-args: |
workspace=uh/schedule
Is there a way to basically make that action not do anything when buildx is already installed? I would like to keep that step in order to maintain full compatibility between my self-hosted runner & github's managed runners.
adding driver: docker fixes this.
- uses: docker/setup-buildx-action@v1
with:
driver: docker
While adding driver: docker does fix the issue I would prefer retaining the ability to build using the docker-container driver which allows for caching. Has anyone looked at this this issue appears related: https://github.com/docker/buildx/issues/561 is there a way to manipulate the user ns flag with the buildx create command that I am missing?
- uses: docker/setup-buildx-action@v1 with: driver: docker
this fixed the issue for me
docker-container requires a privileged container. So yes docker driver is the right move but features like multi-platform are not available in the docker engine. If you want to be able to build multi-platform images, you can consider switching to containerd snapshotter in your daemon config: https://docs.docker.com/storage/containerd/