MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-05-16 06:43:07 -07:00
Code Issues Packages Projects Releases Wiki Activity

feat(workspaces): enforce UID 1000 ownership and use sudo for host git ops

Browse Source
This commit is contained in:
mkorwel
2026-03-19 01:15:10 -07:00
parent 4591d4177a
commit bb1137d0fa
2 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gemini/skills/workspaces/scripts/orchestrator.ts
+7 -6
View File
@@ -77,18 +77,19 @@ export async function runOrchestrator(args: string[], env: NodeJS.ProcessEnv = p
if (check.status !== 0) {
console.log(` - Provisioning isolated git worktree for ${prNumber}...`);
// We run these on the host. We use the current remote user to ensure ownership is correct.
// We run these on the host. Since setup might have left the repo root-owned, we use sudo.
const gitFetch = isShellMode
? `git -C ${hostWorkDir} fetch --quiet origin`
: `git -C ${hostWorkDir} fetch --quiet upstream pull/${prNumber}/head`;
? `sudo git -C ${hostWorkDir} fetch --quiet origin`
: `sudo git -C ${hostWorkDir} fetch --quiet upstream pull/${prNumber}/head`;
const gitTarget = isShellMode ? 'FETCH_HEAD' : 'FETCH_HEAD';
const setupCmd = `
git -C ${hostWorkDir} config --add safe.directory ${hostWorkDir} && \
mkdir -p ${hostWorkspaceRoot}/worktrees && \
sudo git config --global --add safe.directory ${hostWorkDir} && \
sudo mkdir -p ${hostWorkspaceRoot}/worktrees && \
${gitFetch} && \
git -C ${hostWorkDir} worktree add --quiet -f ${hostWorktreeDir} ${gitTarget} 2>&1
sudo git -C ${hostWorkDir} worktree add --quiet -f ${hostWorktreeDir} ${gitTarget} 2>&1 && \
sudo chown -R 1000:1000 ${hostWorkspaceRoot}
`;
const setupRes = await provider.getExecOutput(setupCmd);
if (setupRes.status !== 0) {
.gemini/skills/workspaces/scripts/setup.ts
+4 -4
View File
@@ -288,8 +288,8 @@ and full builds) to a dedicated, high-performance GCP worker.
const setupRes = await provider.setup({ projectId, zone, dnsSuffix: '.internal.gcpnode.com' });
if (setupRes !== 0) return setupRes;
// Use the direct mount path to avoid symlink race conditions
const workspaceRoot = `/mnt/disks/data`;
// Use the unified path to ensure host and container match perfectly
const workspaceRoot = `/home/node/.workspaces`;
const persistentScripts = `${workspaceRoot}/scripts`;
const remoteConfigDir = `${workspaceRoot}/gemini-cli-config/.gemini`;
@@ -297,7 +297,7 @@ and full builds) to a dedicated, high-performance GCP worker.
console.log(`\n📦 Synchronizing Logic & Credentials...`);
// Ensure the directory structure exists on the host
await provider.exec(`sudo mkdir -p ${workspaceRoot}/main ${workspaceRoot}/worktrees ${workspaceRoot}/policies ${workspaceRoot}/scripts ${remoteConfigDir}`);
await provider.exec(`sudo chown -R $(whoami):$(whoami) ${workspaceRoot}`);
await provider.exec(`sudo chown -R 1000:1000 ${workspaceRoot}`);
await provider.exec(`sudo chmod -R 777 ${workspaceRoot}`);
// 1. Sync Scripts & Policies
@@ -371,7 +371,7 @@ and full builds) to a dedicated, high-performance GCP worker.
// Final Repo Sync
console.log(`🚀 Finalizing Remote Repository (${userFork})...`);
const repoUrl = `https://github.com/${userFork}.git`;
const cloneCmd = `sudo rm -rf ${workspaceRoot}/main && sudo git clone --quiet --filter=blob:none ${repoUrl} ${workspaceRoot}/main && sudo git -C ${workspaceRoot}/main remote add upstream https://github.com/${upstreamRepo}.git && sudo git -C ${workspaceRoot}/main fetch --quiet upstream && sudo chown -R $(whoami):$(whoami) ${workspaceRoot}`;
const cloneCmd = `sudo rm -rf ${workspaceRoot}/main && sudo git clone --quiet --filter=blob:none ${repoUrl} ${workspaceRoot}/main && sudo git -C ${workspaceRoot}/main remote add upstream https://github.com/${upstreamRepo}.git && sudo git -C ${workspaceRoot}/main fetch --quiet upstream && sudo chown -R 1000:1000 ${workspaceRoot}`;
await provider.exec(cloneCmd);
console.log('\n✨ ALL SYSTEMS GO! Your Gemini Workspace is ready.');