From 1e4ed280236504e9a0399488f6a74c063ebfd874 Mon Sep 17 00:00:00 2001
From: hongming <hongmingwang@moleculesai.app>
Date: Thu, 4 Jun 2026 02:51:38 +0000
Subject: [PATCH] =?UTF-8?q?fix(ci):=20writable=20HOME+DOCKER=5FCONFIG=20in?=
 =?UTF-8?q?=20Production=20auto-deploy=20(fixes=20#2193=20=E2=80=94=20mkdi?=
 =?UTF-8?q?r=20/home/hongming=20perm=20denied=20halting=20prod=20rollout)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .gitea/workflows/publish-workspace-server-image.yml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/.gitea/workflows/publish-workspace-server-image.yml b/.gitea/workflows/publish-workspace-server-image.yml
index 260479d05..04a076ea8 100644
--- a/.gitea/workflows/publish-workspace-server-image.yml
+++ b/.gitea/workflows/publish-workspace-server-image.yml
@@ -263,6 +263,19 @@ jobs:
       PROD_AUTO_DEPLOY_DRY_RUN: ${{ vars.PROD_AUTO_DEPLOY_DRY_RUN || '' }}
       PROD_ALLOW_NON_PROD_CP_URL: ${{ vars.PROD_ALLOW_NON_PROD_CP_URL || '' }}
     steps:
+      # The publish runner's default HOME (/home/hongming) is not writable, so
+      # git/docker credential saves fail (`Error saving credentials: mkdir
+      # /home/hongming: permission denied`) and halt the production rollout
+      # (#2193). Point HOME + DOCKER_CONFIG at the writable job temp dir —
+      # mirrors build-and-push's "Prepare writable Docker config" fix above.
+      - name: Prepare writable HOME + Docker config
+        run: |
+          set -euo pipefail
+          H="$RUNNER_TEMP/auto-deploy-home"
+          mkdir -p "$H/.docker"
+          echo "HOME=$H" >> "$GITHUB_ENV"
+          echo "DOCKER_CONFIG=$H/.docker" >> "$GITHUB_ENV"
+
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
-- 
2.52.0