fix(platform): install docker-cli-buildx in workspace-server image (mc#765 follow-up)
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 18s
CI / Detect changes (pull_request) Successful in 37s
Harness Replays / detect-changes (pull_request) Successful in 12s
E2E API Smoke Test / detect-changes (pull_request) Successful in 41s
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 38s
Handlers Postgres Integration / detect-changes (pull_request) Successful in 30s
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 13s
qa-review / approved (pull_request) Failing after 12s
security-review / approved (pull_request) Failing after 11s
gate-check-v3 / gate-check (pull_request) Successful in 17s
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 28s
sop-checklist-gate / gate (pull_request) Successful in 9s
sop-tier-check / tier-check (pull_request) Successful in 11s
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m10s
CI / Canvas (Next.js) (pull_request) Successful in 7s
CI / Shellcheck (E2E scripts) (pull_request) Successful in 5s
Harness Replays / Harness Replays (pull_request) Successful in 4s
CI / Python Lint & Test (pull_request) Successful in 5s
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 7s
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 6s
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 6s
CI / Canvas Deploy Reminder (pull_request) Has been skipped
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 1m47s
CI / Platform (Go) (pull_request) Failing after 3m47s
CI / all-required (pull_request) Successful in 2s
sop-checklist / all-items-acked (pull_request) tier:low bootstrap-exception: PR#797 fixed main workflow; post-recheck run did not post new status
audit-force-merge / audit (pull_request) Successful in 18s
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 18s
CI / Detect changes (pull_request) Successful in 37s
Harness Replays / detect-changes (pull_request) Successful in 12s
E2E API Smoke Test / detect-changes (pull_request) Successful in 41s
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 38s
Handlers Postgres Integration / detect-changes (pull_request) Successful in 30s
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 13s
qa-review / approved (pull_request) Failing after 12s
security-review / approved (pull_request) Failing after 11s
gate-check-v3 / gate-check (pull_request) Successful in 17s
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 28s
sop-checklist-gate / gate (pull_request) Successful in 9s
sop-tier-check / tier-check (pull_request) Successful in 11s
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m10s
CI / Canvas (Next.js) (pull_request) Successful in 7s
CI / Shellcheck (E2E scripts) (pull_request) Successful in 5s
Harness Replays / Harness Replays (pull_request) Successful in 4s
CI / Python Lint & Test (pull_request) Successful in 5s
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 7s
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 6s
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 6s
CI / Canvas Deploy Reminder (pull_request) Has been skipped
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 1m47s
CI / Platform (Go) (pull_request) Failing after 3m47s
CI / all-required (pull_request) Successful in 2s
sop-checklist / all-items-acked (pull_request) tier:low bootstrap-exception: PR#797 fixed main workflow; post-recheck run did not post new status
audit-force-merge / audit (pull_request) Successful in 18s
mc#765 added `docker-cli` to the workspace-server Alpine runtime, but
the Alpine package is just the CLI binary — it does NOT include the
buildx plugin. Modern Docker (26.x in this image) defaults BuildKit=on,
so `docker build` immediately fails with:
local-build: pre-flight OK (docker=/usr/bin/docker)
Provisioner: workspace start failed for <id>: local-build mode:
ensure image for runtime "claude-code": local-build: docker build
molecule-local/workspace-template-claude-code:<sha>:
exit status 1: ERROR: BuildKit is enabled but the buildx component
is missing or broken.
Caught immediately after the mc#765 platform-image deploy + recreate
during the sdk-lead (360d42e4-8356-441c-80cf-16fcd5d5ce03) + CP-QA
(ec6cf05b-2637-4b3c-b561-b33914849aa2) recovery POST /restart calls.
Pre-flight passed (docker CLI present, confirmed by the line above),
but the actual `docker build` aborted on buildx-missing.
The fix mirrors mc#765's shape: add the matching Alpine package
(`docker-cli-buildx`, in community/, verified 0.14.0-r3 on alpine:3.20)
to the apk add line in workspace-server/Dockerfile. Diff is +1 word
in the apk-add line and a comment block extension that explains the
BuildKit/buildx requirement.
Related: mc#765 (parent fix), Task #194 / Issue #63 (local-build path).
This commit is contained in:
parent
738e54593c
commit
1c17f0ff73
@ -35,22 +35,27 @@ RUN CGO_ENABLED=0 GOOS=linux go build \
|
||||
-o /memory-plugin ./cmd/memory-plugin-postgres
|
||||
|
||||
FROM alpine:3.20@sha256:c64c687cbea9300178b30c95835354e34c4e4febc4badfe27102879de0483b5e
|
||||
# docker-cli is required by internal/provisioner/localbuild.go which
|
||||
# shells out via exec.Command("docker", "image", "inspect"/"build"/"tag", ...)
|
||||
# whenever Resolve().Mode == RegistryModeLocal — which is the permanent
|
||||
# mode post-2026-05-06 (Molecule-AI GitHub org suspended → GHCR
|
||||
# unreachable → MOLECULE_IMAGE_REGISTRY unset → registry_mode.go falls
|
||||
# through to RegistryModeLocal). Without docker-cli here the platform
|
||||
# fails every workspace re-provision with `local-build: image inspect
|
||||
# for molecule-local/workspace-template-<runtime>:<sha> failed
|
||||
# (exec: "docker": executable file not found in $PATH)` and the
|
||||
# workspace stays status=failed. The Docker SOCKET is already mounted
|
||||
# (entrypoint.sh adds the platform user to the docker group) — only
|
||||
# the CLI binary was missing. Caught after sdk-lead + CP-QA went down
|
||||
# this way during the MiniMax-switch attempt + after-Class-A audit.
|
||||
# Related: Task #194 / Issue #63 (local-build path added);
|
||||
# `feedback_workspace_image_ghcr_dead`.
|
||||
RUN apk add --no-cache ca-certificates docker-cli git tzdata wget
|
||||
# docker-cli + docker-cli-buildx are required by internal/provisioner/
|
||||
# localbuild.go which shells out via exec.Command("docker", "image",
|
||||
# "inspect"/"build"/"tag", ...) whenever Resolve().Mode ==
|
||||
# RegistryModeLocal — which is the permanent mode post-2026-05-06
|
||||
# (Molecule-AI GitHub org suspended → GHCR unreachable →
|
||||
# MOLECULE_IMAGE_REGISTRY unset → registry_mode.go falls through to
|
||||
# RegistryModeLocal). The CLI binary alone is not enough: modern
|
||||
# Docker (26.x in this image) defaults BuildKit=on, and `docker build`
|
||||
# without the buildx plugin fails with `ERROR: BuildKit is enabled but
|
||||
# the buildx component is missing or broken`, leaving the workspace at
|
||||
# status=failed. mc#765 added docker-cli; this follow-up adds
|
||||
# docker-cli-buildx to satisfy the buildx requirement so dockerBuildProd
|
||||
# actually completes. The Docker SOCKET is already mounted (entrypoint.sh
|
||||
# adds the platform user to the docker group). Caught immediately
|
||||
# post-#765-deploy on the sdk-lead (360d42e4-…) + CP-QA (ec6cf05b-…)
|
||||
# recovery POST /restart calls (logs: `local-build: pre-flight OK
|
||||
# (docker=/usr/bin/docker)` followed by the BuildKit/buildx error from
|
||||
# the same dockerBuildProd path).
|
||||
# Related: mc#765 (parent fix), Task #194 / Issue #63 (local-build path
|
||||
# added); `feedback_workspace_image_ghcr_dead`.
|
||||
RUN apk add --no-cache ca-certificates docker-cli docker-cli-buildx git tzdata wget
|
||||
COPY --from=builder /platform /platform
|
||||
COPY --from=builder /memory-plugin /memory-plugin
|
||||
COPY workspace-server/migrations /migrations
|
||||
|
||||
Loading…
Reference in New Issue
Block a user