crossbuild: fix double-slash in m4 paths and auth dind to internal registry

CB_DIR was constructed via `$(dir $(realpath ...))`, which always ends in `/`. Subsequent concatenations of the form `$(CB_DIR)/build` produced rendered paths like `/workspace/scripts/docker//build`, which made the BUILD/REGEN log lines and stamp-file paths ugly (though make itself happily collapses the doubled slash). Strip the trailing slash once at the CB_DIR definition with patsubst so every existing `/foo` concat stays readable.

The dind sidecar's daemon isn't pre-authenticated to docker.internal.networkradius.com - only the self-hosted runner host's daemon is, via the runner's job-started hook, and that auth doesn't propagate into dind. crossbuild now FROMs self-hosted-* via the CB_FROM_<distro> overrides, so the inner build was failing with `401 Unauthorized` on the manifest HEAD. Add an explicit `docker login` step via the existing DOCKER_REPO_USERNAME/_PASSWORD secrets, mirroring what ci-multi-server-tests.yml already does for the same reason.

diff --git a/.github/workflows/crossbuild.yml b/.github/workflows/crossbuild.yml
index 416b6dcda1bad0fb7748f276503dce1b68984357..2bf9af95861808b11fa0d04eb4cd42e54d55e826 100644 (file)
--- a/.github/workflows/crossbuild.yml
+++ b/.github/workflows/crossbuild.yml
@@ -115,6 +115,21 @@ jobs:
 
     - uses: ./.github/actions/setup-dind
 
+    #
+    #  The dind sidecar has its own dockerd that's not pre-authenticated
+    #  to docker.internal.networkradius.com (the host docker daemon on
+    #  the self-hosted runner is, via the runner's job-started hook,
+    #  but that auth doesn't propagate into the dind container). Log in
+    #  explicitly so the inner crossbuild's FROM-pull of self-hosted-*
+    #  works instead of 401-ing.
+    #
+    - name: Login to internal Docker registry (via dind)
+      env:
+        DOCKER_USERNAME: ${{ secrets.DOCKER_REPO_USERNAME }}
+        DOCKER_PASSWORD: ${{ secrets.DOCKER_REPO_PASSWORD }}
+      run: |
+        echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin https://docker.internal.networkradius.com/
+
     #
     #  Run the per-distro crossbuild. CB_FROM_<distro> overrides the
     #  `from` build-arg in scripts/docker/crossbuild.mk so the inner

diff --git a/scripts/docker/crossbuild.mk b/scripts/docker/crossbuild.mk
index ff4b97639dd3105f87e38193116636d505348d03..8f42b0938282db30d1ca74380395f0f960e1e524 100644 (file)
--- a/scripts/docker/crossbuild.mk
+++ b/scripts/docker/crossbuild.mk
@@ -13,8 +13,10 @@ else
 #
 CB_COMMON:=rocky9 debian12 ubuntu24
 
-# Top level of where all crossbuild and docker files are
-CB_DIR:=$(dir $(realpath $(lastword $(MAKEFILE_LIST))))
+# Top level of where all crossbuild and docker files are. `$(dir ...)`
+# would leave a trailing slash that doubles up when concatenated with
+# `/build` etc., so strip it here once.
+CB_DIR:=$(patsubst %/,%,$(dir $(realpath $(lastword $(MAKEFILE_LIST)))))
 
 # Where the docker directories are
 DT:=$(CB_DIR)/build

diff --git a/scripts/docker/docker.mk b/scripts/docker/docker.mk
index 2bd5b52c6cea9a49592aa3e66f302105d70dc42f..651e37e2f8889a2fddacb697a63f271a6f55ad3a 100644 (file)
--- a/scripts/docker/docker.mk
+++ b/scripts/docker/docker.mk
@@ -12,8 +12,10 @@ else
 #
 DOCKER_COMMON:=ubuntu22
 
-# Top level of where all crossbuild and docker files are
-CB_DIR:=$(dir $(realpath $(lastword $(MAKEFILE_LIST))))
+# Top level of where all crossbuild and docker files are. `$(dir ...)`
+# would leave a trailing slash that doubles up when concatenated with
+# `/build` etc., so strip it here once.
+CB_DIR:=$(patsubst %/,%,$(dir $(realpath $(lastword $(MAKEFILE_LIST)))))
 
 # Where the docker directories are
 DT:=$(CB_DIR)/build