From 1c17f0ff7320106135c280f80892fa8dace8787d Mon Sep 17 00:00:00 2001 From: hongming-pc2 Date: Tue, 12 May 2026 22:14:46 -0700 Subject: [PATCH] fix(platform): install docker-cli-buildx in workspace-server image (mc#765 follow-up) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit mc#765 added `docker-cli` to the workspace-server Alpine runtime, but the Alpine package is just the CLI binary — it does NOT include the buildx plugin. Modern Docker (26.x in this image) defaults BuildKit=on, so `docker build` immediately fails with: local-build: pre-flight OK (docker=/usr/bin/docker) Provisioner: workspace start failed for : local-build mode: ensure image for runtime "claude-code": local-build: docker build molecule-local/workspace-template-claude-code:: exit status 1: ERROR: BuildKit is enabled but the buildx component is missing or broken. Caught immediately after the mc#765 platform-image deploy + recreate during the sdk-lead (360d42e4-8356-441c-80cf-16fcd5d5ce03) + CP-QA (ec6cf05b-2637-4b3c-b561-b33914849aa2) recovery POST /restart calls. Pre-flight passed (docker CLI present, confirmed by the line above), but the actual `docker build` aborted on buildx-missing. The fix mirrors mc#765's shape: add the matching Alpine package (`docker-cli-buildx`, in community/, verified 0.14.0-r3 on alpine:3.20) to the apk add line in workspace-server/Dockerfile. Diff is +1 word in the apk-add line and a comment block extension that explains the BuildKit/buildx requirement. Related: mc#765 (parent fix), Task #194 / Issue #63 (local-build path). --- workspace-server/Dockerfile | 37 +++++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/workspace-server/Dockerfile b/workspace-server/Dockerfile index ade5812d..18f275d9 100644 --- a/workspace-server/Dockerfile +++ b/workspace-server/Dockerfile @@ -35,22 +35,27 @@ RUN CGO_ENABLED=0 GOOS=linux go build \ -o /memory-plugin ./cmd/memory-plugin-postgres FROM alpine:3.20@sha256:c64c687cbea9300178b30c95835354e34c4e4febc4badfe27102879de0483b5e -# docker-cli is required by internal/provisioner/localbuild.go which -# shells out via exec.Command("docker", "image", "inspect"/"build"/"tag", ...) -# whenever Resolve().Mode == RegistryModeLocal — which is the permanent -# mode post-2026-05-06 (Molecule-AI GitHub org suspended → GHCR -# unreachable → MOLECULE_IMAGE_REGISTRY unset → registry_mode.go falls -# through to RegistryModeLocal). Without docker-cli here the platform -# fails every workspace re-provision with `local-build: image inspect -# for molecule-local/workspace-template-: failed -# (exec: "docker": executable file not found in $PATH)` and the -# workspace stays status=failed. The Docker SOCKET is already mounted -# (entrypoint.sh adds the platform user to the docker group) — only -# the CLI binary was missing. Caught after sdk-lead + CP-QA went down -# this way during the MiniMax-switch attempt + after-Class-A audit. -# Related: Task #194 / Issue #63 (local-build path added); -# `feedback_workspace_image_ghcr_dead`. -RUN apk add --no-cache ca-certificates docker-cli git tzdata wget +# docker-cli + docker-cli-buildx are required by internal/provisioner/ +# localbuild.go which shells out via exec.Command("docker", "image", +# "inspect"/"build"/"tag", ...) whenever Resolve().Mode == +# RegistryModeLocal — which is the permanent mode post-2026-05-06 +# (Molecule-AI GitHub org suspended → GHCR unreachable → +# MOLECULE_IMAGE_REGISTRY unset → registry_mode.go falls through to +# RegistryModeLocal). The CLI binary alone is not enough: modern +# Docker (26.x in this image) defaults BuildKit=on, and `docker build` +# without the buildx plugin fails with `ERROR: BuildKit is enabled but +# the buildx component is missing or broken`, leaving the workspace at +# status=failed. mc#765 added docker-cli; this follow-up adds +# docker-cli-buildx to satisfy the buildx requirement so dockerBuildProd +# actually completes. The Docker SOCKET is already mounted (entrypoint.sh +# adds the platform user to the docker group). Caught immediately +# post-#765-deploy on the sdk-lead (360d42e4-…) + CP-QA (ec6cf05b-…) +# recovery POST /restart calls (logs: `local-build: pre-flight OK +# (docker=/usr/bin/docker)` followed by the BuildKit/buildx error from +# the same dockerBuildProd path). +# Related: mc#765 (parent fix), Task #194 / Issue #63 (local-build path +# added); `feedback_workspace_image_ghcr_dead`. +RUN apk add --no-cache ca-certificates docker-cli docker-cli-buildx git tzdata wget COPY --from=builder /platform /platform COPY --from=builder /memory-plugin /memory-plugin COPY workspace-server/migrations /migrations -- 2.45.2