Replaces 'gitea:3000' with '172.21.0.4:3000' to bypass DNS
resolution issues in act job containers. Also removed --dns
override from runner-config.yaml which was breaking Docker's
embedded DNS and container name resolution.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
CI runner in China can't reach GitHub to download the checkout action.
Clone directly from internal Gitea container (http://gitea:3000) instead.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The --cache-to type=inline flag is only valid with DOCKER_BUILDKIT=1.
With BuildKit disabled, it causes docker build to fail with exit 125.
Keep the documentation comments for when BuildKit is re-enabled.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- Document DOCKER_BUILDKIT=0 rationale in all deploy workflows
- Add --cache-to type=inline to all docker build commands
- Pin Python 3.12 and Node 20 with version assertions in CI
- Remove dead test-summary job from test.yml
- Reconcile required-tools.txt with Dockerfile.base (bash, ca-certificates, openssh-client)
- Clean up stale artifacts (Dockerfile comment, orphaned .md files)
- Add docker-compose config validation before claude-dev deploy
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- Create Dockerfile.base with all tools and dependencies (built once)
- Slim down Dockerfile to just copy scripts from base image
- CI checks for base image existence, builds if missing
- Runtime builds drop from ~17min to ~10sec (only copies scripts)
- Base image only needs rebuild when tools/versions change
- Remove container blocks causing Docker-in-Docker permission issues
- Use actions/checkout@v4 instead of manual git cloning
- Use actions/setup-python@v5 and actions/setup-node@v4 for clean environments
- Remove nsenter workarounds and mount complexity
- Fix volume paths to use /volume1/docker/* directly
- Add /volume1/docker/claude-dev to runner valid_volumes config
This eliminates 20+ commits of permission/namespace hacks by letting
workflows run directly in the runner's environment which already has
Docker access and proper volume mounts configured.
Delete any existing claude-dev container before compose up so name conflicts do not block CI deployment.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Create /claude-dev-runtime before writing previous-image.txt so post-build record step does not fail when the bind path is absent.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Drop the server2 preload stage and rely on direct docker build pulls to avoid long-running preload stream stalls in CI.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Drop chmod on the read-only mounted server2 SSH key so preload can execute without failing the workflow before the SSH attempt.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Mount a read-only SSH key into the claude-dev deploy runner container and use it explicitly for server2 preload so the fast-path image transfer can authenticate.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Treat server2 preload as best-effort so missing SSH keys do not fail deployment; fall back to normal registry pull during image build.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace the runner-only host alias with an explicit SSH user@host so the preload step can resolve and stream the base image tar reliably.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Switch claude-dev to node:20-bookworm-slim and preload the base image from server2 in CI to avoid slow pulls on the NAS runner.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Limit workflow path triggers to each workflow file, add concurrency groups to cancel outdated runs, and checkout the exact triggering SHA for deterministic deploys.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Define claude-dev capabilities as a tested contract and deploy immutable tags only after smoke checks so daily tooling upgrades remain CI-first and rollback-safe.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>