docs: remove resolved MCP gateway Docker socket limitation from ARC/DinD guide#46045
Conversation
…om ARC/DinD guide Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
…inD guide Closes #46042 - Remove MCP gateway Docker socket access bullet from Known limitations (issue #44251 was fixed and closed July 10, 2026) - Remove 'Docker daemon is not accessible' troubleshooting section and its YAML snippet workaround - Keep allowPrivilegeEscalation: false limitation (still accurate) Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
…ific, reference #46046 Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Updated in the latest commit. The
|
|
Great cleanup on the ARC/DinD guide! Removing the stale Docker socket limitation and its workaround now that issue #44251 is resolved keeps operators from applying unnecessary config — exactly the kind of housekeeping that makes docs trustworthy. The PR is well-scoped, the description clearly explains what changed and why, and the lock file updates alongside the doc edit are consistent with the repo workflow. No issues to flag — this looks ready for review.
|
There was a problem hiding this comment.
Pull request overview
Removes obsolete MCP gateway guidance from the ARC/DinD guide while retaining the privilege-escalation limitation.
Changes:
- Removes resolved Docker socket troubleshooting.
- Expands Copilot CLI rootless-install guidance.
- Refreshes generated workflows and changes the auto-upgrade schedule.
Show a summary per file
| File | Description |
|---|---|
docs/src/content/docs/guides/arc-dind-copilot-agent.md |
Updates ARC/DinD limitations and troubleshooting. |
.github/workflows/skillet.lock.yml |
Refreshes generated action-version metadata. |
.github/workflows/release.lock.yml |
Refreshes generated action-version metadata. |
.github/workflows/hourly-ci-cleaner.lock.yml |
Refreshes generated checkout metadata. |
.github/workflows/avenger.lock.yml |
Refreshes generated checkout metadata. |
.github/workflows/agentic-auto-upgrade.yml |
Changes the weekly execution schedule. |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 6/6 changed files
- Comments generated: 2
- Review effort level: Medium
|
@copilot run the pr-finisher skill |
|
✅ PR Code Quality Reviewer completed the code quality review. |
|
✅ Design Decision Gate 🏗️ completed the design decision gate check. No ADR enforcement needed: PR #46045 does not have the 'implementation' label and has 0 new lines of code in business logic directories (threshold: 100). |
|
🧠 Matt Pocock Skills Reviewer has completed the skills-based review. ✅ |
|
✅ Test Quality Sentinel completed test quality analysis. No test files were added or modified in this PR. Test Quality Sentinel skipped. This PR contains only documentation updates. |
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
There was a problem hiding this comment.
Skills-Based Review 🧠
Applied /grill-with-docs — docs-only change removing a resolved limitation.
📋 Key Themes & Highlights
Key Themes
- Correct removal: The MCP gateway Docker socket section and its YAML workaround are cleanly excised now that #44251 is resolved.
- Enhanced surviving bullet: The
allowPrivilegeEscalation: falseentry now explains why the constraint exists, names the script, install path, and links the tracking issue — genuinely more useful than the original.
Minor observation
The new bullet adds implementation details (install_copilot_cli.sh, /usr/local/bin, "fix file ownership") that could drift if the install script changes. Keeping those details is a trade-off worth watching, but not a blocker.
Positive Highlights
- ✅ Concise removal — no orphan references or broken links left behind
- ✅ PR description explains the why (issue closed, stale workaround causing unnecessary operator work)
- ✅ Lock file and schedule changes are unrelated noise; core doc change is surgical
🧠 Reviewed using Matt Pocock's skills by Matt Pocock Skills Reviewer · 18.1 AIC · ⌖ 4.36 AIC · ⊞ 6.7K
Comment /matt to run again
There was a problem hiding this comment.
The changes are accurate and well-scoped: the resolved MCP gateway Docker socket limitation is cleanly removed, the minimum version is correctly bumped to v0.82.8, and the expanded allowPrivilegeEscalation note adds useful context with a tracking issue link. No issues found.
🧵 Reviewed using Impeccable skills by Impeccable Skills Reviewer · 12.5 AIC · ⌖ 4.92 AIC · ⊞ 5K
There was a problem hiding this comment.
Two issues need resolution before merge
The lock-file comment normalization is consistent and correct. The docs removal of the resolved MCP gateway limitation is appropriate. However, two issues block this PR:
Blocking issues
1. Unexplained schedule drift — agentic-auto-upgrade.yml silently shifts the cron from Friday 03:21 UTC to Saturday 04:11 UTC with no rationale. This is an operational change hidden in a docs-only PR. Revert or document why the schedule moved.
2. Stale minimum version — The guide still advertises gh-aw ≥ v0.82.5, but the Docker socket fix (which this PR removes the workaround for) shipped in v0.82.8. Users on v0.82.5–v0.82.7 will encounter the failure silently. Update the minimum version to v0.82.8.
🔎 Code quality review by PR Code Quality Reviewer · 69.8 AIC · ⌖ 4.36 AIC · ⊞ 5.6K
Comment /review to run again
Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
|
@copilot please run the
|
Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>
Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>
Completed another pr-finisher pass and pushed |
|
@copilot please run the Unresolved review threads:
The thread already has a follow-up reply from the PR author, so please confirm the branch state on current HEAD and close out any remaining review cleanup.
|
Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>
Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>
Done. I ran another pr-finisher pass and pushed |
🤖 PR Triage
Rationale: Removes stale MCP gateway Docker socket limitation from ARC/DinD guide — issue #44251 was fixed July 10. GHA approved. Low risk doc update.
|
Issue #44251 (MCP gateway Docker socket access failure on TCP-only
DOCKER_HOST) was fixed and closed July 10, 2026. The guide's stale limitation and workaround caused operators to apply unnecessary config.Changes
allowPrivilegeEscalation: falseconstraint (still valid) remains.Docker daemon is not accessible in MCP gatewaysection and its shared-volume YAML workaround.