From 5c5e9651519b944740944c32046e1a0c7bdafba8 Mon Sep 17 00:00:00 2001
From: おさむのひと <46447427+samunohito@users.noreply.github.com>
Date: Mon, 22 Dec 2025 16:51:38 +0900
Subject: fix(ci): dockleのciをより安定して動かせるようにする (#16987)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/dockle.yml | 39 ++++++++++++++++++++++-----------------
 1 file changed, 22 insertions(+), 17 deletions(-)

(limited to '.github/workflows')

diff --git a/.github/workflows/dockle.yml b/.github/workflows/dockle.yml
index 45b8d23dda..ec7073c9fd 100644
--- a/.github/workflows/dockle.yml
+++ b/.github/workflows/dockle.yml
@@ -11,6 +11,7 @@ on:
 jobs:
   dockle:
     runs-on: ubuntu-latest
+
     env:
       DOCKER_CONTENT_TRUST: 1
       DOCKLE_VERSION: 0.4.15
@@ -20,29 +21,33 @@ jobs:
 
       - name: Download and install dockle v${{ env.DOCKLE_VERSION }}
         run: |
+          set -eux
           curl -L -o dockle.deb "https://github.com/goodwithtech/dockle/releases/download/v${DOCKLE_VERSION}/dockle_${DOCKLE_VERSION}_Linux-64bit.deb"
           sudo dpkg -i dockle.deb
 
-      - run: |
-          cp .config/docker_example.env .config/docker.env
-          cp ./compose_example.yml ./compose.yml
-
-      - run: |
-          docker compose up -d web
-          IMAGE_ID=$(docker compose images --format json web | jq -r '.[0].ID')
-          docker tag "${IMAGE_ID}" misskey-web:latest
-
-      - name: Prune docker junk (optional but recommended)
+      - name: Build web image (docker build)
         run: |
-          docker system prune -af
-          docker volume prune -f
+          set -eux
+          docker build -t "misskey-web:ci" .
+          docker image ls
 
-      - name: Save image for Dockle
+      - name: Mount tmpfs for Dockle tar
+        env:
+          TMPFS_SIZE: 8G
         run: |
-          docker save misskey-web:latest -o ./misskey-web.tar
-          ls -lh ./misskey-web.tar
+          set -eux
+          sudo mkdir -p /mnt/dockle-tmp
+          sudo mount -t tmpfs -o size=${{ env.TMPFS_SIZE }} tmpfs /mnt/dockle-tmp
+          free -h
+          df -h
 
-      - name: Run Dockle with tar input
+      - name: Save image tar into tmpfs
         run: |
-          dockle --exit-code 1 --input ./misskey-web.tar
+          set -eux
+          docker save misskey-web:ci -o /mnt/dockle-tmp/misskey-web.tar
+          ls -lh /mnt/dockle-tmp/misskey-web.tar
 
+      - name: Run Dockle Scan (tar input)
+        run: |
+          set -eux
+          dockle --exit-code 1 --input /mnt/dockle-tmp/misskey-web.tar
-- 
cgit v1.2.3-freya