Skip to content

fix(trace-fixtures): require podman label on fixture-vm workflows#240

Merged
avrabe merged 1 commit into
mainfrom
fix/v0.11.0-podman-runner-label
May 23, 2026
Merged

fix(trace-fixtures): require podman label on fixture-vm workflows#240
avrabe merged 1 commit into
mainfrom
fix/v0.11.0-podman-runner-label

Conversation

@avrabe
Copy link
Copy Markdown
Contributor

@avrabe avrabe commented May 23, 2026

Summary

Both fixture-vm flake.lock runs landed on runner8 and died at the
rootless-podman userns step (newuidmap: write to uid_map failed: Operation not permitted). The image digest is correct; the failure is
in the runner's rootless-podman setup, one layer below the container.

Per smithy, rootless podman is only known-good on runner9 right now.
This adds podman to the runs-on label set on both workflows so GHA
schedules only on a podman-capable runner. KVM access is universal on
the fleet, so no kvm label is needed on the nightly.

Test plan

  • Merge, then re-dispatch fixture-vm flake.lock — first real
    end-to-end exercise of the rootless-podman + digest-pinned
    nixos/nix chain. Artifact fixture-vm-flake-lock comes back
    on success.
  • Commit the produced flake.lock in a follow-up PR; the nightly
    then goes live.

🤖 Generated with Claude Code

@avrabe @claude
fix(trace-fixtures): require podman label on fixture-vm workflows
4a0b77d 
Both `fixture-vm flake.lock` runs landed on runner8 and died at the
rootless-podman userns step:

    newuidmap: write to uid_map failed: Operation not permitted
    Error: cannot set up namespace using "/usr/bin/newuidmap"
    Process completed with exit code 125

The image digest is correct; the failure is one layer below it. Per
smithy: rootless podman is only known-good on runner9 right now, and
the right way to express that is a `podman` label in the runs-on set.
GHA will then only schedule on a podman-capable runner. KVM access is
universal across the fleet so no `kvm` label is needed on the nightly.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@avrabe avrabe enabled auto-merge (squash) May 23, 2026 12:50
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 23, 2026

Rivet verification gate

20/20 passed

count
Passed 20
Failed 0
Skipped (no steps) 0

Filter: (and (= type "feature") (or (has-tag "v093") (has-tag "v0100")))

Failed artifacts

(none)

Updated automatically by tools/post_verification_comment.py. Source of truth: artifacts/verification.yaml.

@codecov
Copy link
Copy Markdown

codecov Bot commented May 23, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@avrabe avrabe merged commit 9d301d2 into main May 23, 2026
18 checks passed
@avrabe avrabe deleted the fix/v0.11.0-podman-runner-label branch May 23, 2026 18:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@avrabe