docker: gate image cleanup behind DOCKER_PRUNE=yes (default off)

igorpecovnik · igorpecovnik · commit 4d6d58c8f92f · 2026-04-20T15:29:53.000+02:00
docker_cli_prepare() called docker_cleanup_old_images
unconditionally, which enumerates 'docker images' and rmi's old
armbian tags. Fine on a single-daemon workstation; broken on
hosts where several build framework invocations share one
dockerd — the usual setup when multiple self-hosted GH Actions
runners live on the same machine.

Two concurrent invocations race: runner A's cleanup fires
'docker rmi &lt;id&gt;' on a tag runner B just committed between
'Successfully built &lt;sha&gt;' and dockerd writing the imagedb
digest file. B's build then aborts with:

  Successfully built ed6bcbe445e6
  failed to get digest sha256:ed6bcbe445e6…:
    open /var/lib/docker/image/overlay2/imagedb/content/sha256/…:
    no such file or directory

Make the cleanup opt-in via DOCKER_PRUNE=yes. Default-off keeps
shared-daemon setups safe out of the box; single-host users who
want automatic disk reclaim flip the flag and either accept the
race risk or serialise their builds.

No behaviour change for users who add DOCKER_PRUNE=yes — same
codepath runs. Only the default changes.
diff --git a/lib/functions/host/docker.sh b/lib/functions/host/docker.sh
@@ -155,8 +155,27 @@ function docker_cli_prepare() {
 	fi
 
 	#############################################################################################################
-	# Cleanup old Docker images to free disk space
-	docker_cleanup_old_images
+	# Optionally clean up old Docker images to free disk space. Off by
+	# default — set DOCKER_PRUNE=yes to opt in.
+	#
+	# The cleanup enumerates `docker images` and calls `docker rmi` on
+	# "old" ones. On hosts where several build invocations share one
+	# dockerd (the usual setup when multiple self-hosted GH Actions
+	# runners live on the same machine) two concurrent invocations
+	# race: runner A's cleanup can rmi an image runner B just
+	# committed between `Successfully built <sha>` and the daemon
+	# writing the imagedb digest file, surfacing as:
+	#   failed to get digest sha256:…: open …/imagedb/content/sha256/…:
+	#   no such file or directory
+	# which aborts runner B's build. Default-off keeps shared-daemon
+	# setups safe; single-host users who want automatic reclaim set
+	# DOCKER_PRUNE=yes and either accept the race risk or run builds
+	# serially.
+	if [[ "${DOCKER_PRUNE:-no}" == "yes" ]]; then
+		docker_cleanup_old_images
+	else
+		display_alert "Skipping Docker image cleanup" "set DOCKER_PRUNE=yes to enable" "debug"
+	fi
 
 	#############################################################################################################
 	# Detect some docker info; use cached.
