From dd8f006d3f662073000513b3dc904fdcd26958c6 Mon Sep 17 00:00:00 2001
From: Andrew Noyes <andrew@weaselab.dev>
Date: Fri, 12 Jun 2026 11:58:30 -0400
Subject: [PATCH] Remove docker socket debug step and unneeded sudo

Jobs run as root in the job container; the earlier permission errors
were SELinux denials on the mounted podman socket, fixed in the runner
config with --security-opt label=disable.
---
 .gitea/workflows/ci.yml | 29 +++++++++--------------------
 1 file changed, 9 insertions(+), 20 deletions(-)

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index 377436d..49db030 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -16,39 +16,28 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Debug docker socket
-        run: |
-          id
-          sudo id || true
-          ls -la /var/run/docker.sock /run/user 2>&1 || true
-          sudo ls -laL /var/run/docker.sock 2>&1 || true
-          findmnt /var/run/docker.sock 2>&1 || true
-          env | grep -iE 'docker|container|podman' || true
-          sudo docker version 2>&1 || true
-          docker version 2>&1 || true
-
       - name: Log in to registry
         run: |
           echo "${{ secrets.REGISTRY_TOKEN }}" \
-            | sudo docker login -u "${{ secrets.REGISTRY_USER }}" --password-stdin git.weaselab.dev
+            | docker login -u "${{ secrets.REGISTRY_USER }}" --password-stdin git.weaselab.dev
 
       - name: Build and push image if changed
         run: |
           image=git.weaselab.dev/weaselab/conflict-set-ci
           tag="$(sha256sum Dockerfile .pre-commit-config.yaml | sha256sum | cut -c 1-16)-${{ matrix.arch }}"
           latest=latest-${{ matrix.arch }}
-          if sudo docker manifest inspect "$image:$tag" > /dev/null 2>&1; then
-            if [ "$(sudo docker manifest inspect "$image:$tag")" = "$(sudo docker manifest inspect "$image:$latest" 2> /dev/null)" ]; then
+          if docker manifest inspect "$image:$tag" > /dev/null 2>&1; then
+            if [ "$(docker manifest inspect "$image:$tag")" = "$(docker manifest inspect "$image:$latest" 2> /dev/null)" ]; then
               echo "$image:$latest is up to date"
             else
-              sudo docker pull "$image:$tag"
-              sudo docker tag "$image:$tag" "$image:$latest"
-              sudo docker push "$image:$latest"
+              docker pull "$image:$tag"
+              docker tag "$image:$tag" "$image:$latest"
+              docker push "$image:$latest"
             fi
           else
-            sudo docker build -t "$image:$tag" -t "$image:$latest" .
-            sudo docker push "$image:$tag"
-            sudo docker push "$image:$latest"
+            docker build -t "$image:$tag" -t "$image:$latest" .
+            docker push "$image:$tag"
+            docker push "$image:$latest"
           fi
 
   pre-commit: