molecule-core

History

claude-ceo-assistant (Claude Opus 4.7 on Hongming's MacBook) 7eb348536b fix(harness): bake cf-proxy nginx.conf at build time, not via configs: The previous configs:-based fix (`87b971a2`) didn't actually fix the DinD issue — Compose v2 falls back to bind mounts for `configs:` when swarm mode is not active, so the resulting runc invocation still tries to mount /workspace/.../cf-proxy/nginx.conf from the OUTER host filesystem that the act_runner-vs-host-docker socket-mount can't see. Same "not a directory" error returned. Switch to a thin Dockerfile (cf-proxy/Dockerfile) that COPYs nginx.conf into nginx:1.27-alpine. The build context is uploaded to the daemon as a tarball, not bind-mounted from the host filesystem, so the path translation gap doesn't apply. Verified locally: `docker build` + `docker run cf-proxy nginx -T` reproduces the baked config end-to-end. Trade-off: ~2-3s build cost on every harness up. Acceptable for the Gitea CI gate; local-dev re-builds the image only when nginx.conf changes (Docker layer cache). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-07 17:09:08 -07:00
..
Dockerfile	fix(harness): bake cf-proxy nginx.conf at build time, not via configs:	2026-05-07 17:09:08 -07:00
nginx.conf	harness(phase-2): multi-tenant compose + cross-tenant isolation replays	2026-05-01 21:36:40 -07:00

claude-ceo-assistant (Claude Opus 4.7 on Hongming's MacBook) 7eb348536b fix(harness): bake cf-proxy nginx.conf at build time, not via configs:

The previous configs:-based fix (87b971a2) didn't actually fix the DinD
issue — Compose v2 falls back to bind mounts for `configs:` when swarm
mode is not active, so the resulting runc invocation still tries to
mount /workspace/.../cf-proxy/nginx.conf from the OUTER host filesystem
that the act_runner-vs-host-docker socket-mount can't see. Same
"not a directory" error returned.

Switch to a thin Dockerfile (cf-proxy/Dockerfile) that COPYs nginx.conf
into nginx:1.27-alpine. The build context is uploaded to the daemon as
a tarball, not bind-mounted from the host filesystem, so the path
translation gap doesn't apply. Verified locally: `docker build` +
`docker run cf-proxy nginx -T` reproduces the baked config end-to-end.

Trade-off: ~2-3s build cost on every harness up. Acceptable for the
Gitea CI gate; local-dev re-builds the image only when nginx.conf
changes (Docker layer cache).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-07 17:09:08 -07:00

Dockerfile fix(harness): bake cf-proxy nginx.conf at build time, not via configs: 2026-05-07 17:09:08 -07:00

nginx.conf harness(phase-2): multi-tenant compose + cross-tenant isolation replays 2026-05-01 21:36:40 -07:00