mirror of
https://github.com/google-gemini/gemini-cli.git
synced 2026-06-13 21:07:00 -07:00
refactor(ci): simplify sandbox build process
- Replaces the `build_sandbox.js` script with a direct `docker build` command in the `build-and-publish` workflow. - Deletes the now-redundant `build_sandbox.js` and `sandbox_command.js` scripts. - This makes the sandbox build process more transparent and removes unnecessary complexity.
This commit is contained in:
mkorwel
@@ -104,8 +104,18 @@ jobs:
|
||||
|
||||
- name: 'Build and Push Sandbox Image'
|
||||
id: 'docker_build'
|
||||
env:
|
||||
GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
|
||||
shell: 'bash'
|
||||
run: |
|
||||
IMAGE_TAG="ghcr.io/${{ github.repository }}/sandbox:${{ needs.publish-bundle.outputs.version }}"
|
||||
node scripts/build_sandbox.js --image "${IMAGE_TAG}"
|
||||
docker build . \
|
||||
--file Dockerfile \
|
||||
--tag "${IMAGE_TAG}" \
|
||||
--build-arg CLI_VERSION=${{ needs.publish-bundle.outputs.version }} \
|
||||
--build-arg NPM_REGISTRY_SCOPE=${{ vars.NPM_REGISTRY_SCOPE }} \
|
||||
--build-arg NPM_REGISTRY_URL=${{ vars.NPM_REGISTRY_URL }} \
|
||||
--build-arg CLI_PACKAGE_NAME=${{ vars.CLI_PACKAGE_NAME }} \
|
||||
--secret id=GITHUB_TOKEN
|
||||
docker push "${IMAGE_TAG}"
|
||||
echo "uri=${IMAGE_TAG}" >> "$GITHUB_OUTPUT"
|
||||
|
||||
@@ -1,192 +0,0 @@
|
||||
/**
|
||||
* @license
|
||||
* Copyright 2025 Google LLC
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*/
|
||||
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
import { execSync } from 'node:child_process';
|
||||
import {
|
||||
chmodSync,
|
||||
existsSync,
|
||||
readFileSync,
|
||||
rmSync,
|
||||
writeFileSync,
|
||||
} from 'node:fs';
|
||||
import { join } from 'node:path';
|
||||
import os from 'node:os';
|
||||
import yargs from 'yargs';
|
||||
import { hideBin } from 'yargs/helpers';
|
||||
import cliPkgJson from '../packages/cli/package.json' with { type: 'json' };
|
||||
|
||||
const argv = yargs(hideBin(process.argv))
|
||||
.option('s', {
|
||||
alias: 'skip-npm-install-build',
|
||||
type: 'boolean',
|
||||
default: false,
|
||||
description: 'skip npm install + npm run build',
|
||||
})
|
||||
.option('f', {
|
||||
alias: 'dockerfile',
|
||||
type: 'string',
|
||||
default: 'Dockerfile',
|
||||
description: 'use <dockerfile> for custom image',
|
||||
})
|
||||
.option('i', {
|
||||
alias: 'image',
|
||||
type: 'string',
|
||||
default: cliPkgJson.config.sandboxImageUri,
|
||||
description: 'use <image> name for custom image',
|
||||
})
|
||||
.option('output-file', {
|
||||
type: 'string',
|
||||
description:
|
||||
'Path to write the final image URI. Used for CI/CD pipeline integration.',
|
||||
}).argv;
|
||||
|
||||
let sandboxCommand;
|
||||
try {
|
||||
sandboxCommand = execSync('node scripts/sandbox_command.js')
|
||||
.toString()
|
||||
.trim();
|
||||
} catch (e) {
|
||||
console.warn('ERROR: could not detect sandbox container command');
|
||||
console.error(e);
|
||||
process.exit(process.env.CI ? 1 : 0);
|
||||
}
|
||||
|
||||
if (sandboxCommand === 'sandbox-exec') {
|
||||
console.warn(
|
||||
'WARNING: container-based sandboxing is disabled (see README.md#sandboxing)',
|
||||
);
|
||||
process.exit(0);
|
||||
}
|
||||
|
||||
console.log(`using ${sandboxCommand} for sandboxing`);
|
||||
|
||||
const image = argv.i;
|
||||
const dockerFile = argv.f;
|
||||
|
||||
if (!image.length) {
|
||||
console.warn(
|
||||
'No default image tag specified in gemini-cli/packages/cli/package.json',
|
||||
);
|
||||
}
|
||||
|
||||
if (!argv.s) {
|
||||
execSync('npm install', { stdio: 'inherit' });
|
||||
execSync('npm run build --workspaces', { stdio: 'inherit' });
|
||||
}
|
||||
|
||||
console.log('packing @google/gemini-cli ...');
|
||||
const cliPackageDir = join('packages', 'cli');
|
||||
rmSync(join(cliPackageDir, 'dist', 'google-gemini-cli-*.tgz'), { force: true });
|
||||
execSync(
|
||||
`npm pack -w @google/gemini-cli --pack-destination ./packages/cli/dist`,
|
||||
{
|
||||
stdio: 'ignore',
|
||||
},
|
||||
);
|
||||
|
||||
console.log('packing @google/gemini-cli-core ...');
|
||||
const corePackageDir = join('packages', 'core');
|
||||
rmSync(join(corePackageDir, 'dist', 'google-gemini-cli-core-*.tgz'), {
|
||||
force: true,
|
||||
});
|
||||
execSync(
|
||||
`npm pack -w @google/gemini-cli-core --pack-destination ./packages/core/dist`,
|
||||
{ stdio: 'ignore' },
|
||||
);
|
||||
|
||||
const packageVersion = JSON.parse(
|
||||
readFileSync(join(process.cwd(), 'package.json'), 'utf-8'),
|
||||
).version;
|
||||
|
||||
chmodSync(
|
||||
join(cliPackageDir, 'dist', `google-gemini-cli-${packageVersion}.tgz`),
|
||||
0o755,
|
||||
);
|
||||
chmodSync(
|
||||
join(corePackageDir, 'dist', `google-gemini-cli-core-${packageVersion}.tgz`),
|
||||
0o755,
|
||||
);
|
||||
|
||||
const buildStdout = process.env.VERBOSE ? 'inherit' : 'ignore';
|
||||
|
||||
// Determine the appropriate shell based on OS
|
||||
const isWindows = os.platform() === 'win32';
|
||||
const shellToUse = isWindows ? 'powershell.exe' : '/bin/bash';
|
||||
|
||||
function buildImage(imageName, dockerfile) {
|
||||
console.log(`building ${imageName} ... (can be slow first time)`);
|
||||
|
||||
let buildCommandArgs = '';
|
||||
let tempAuthFile = '';
|
||||
|
||||
if (sandboxCommand === 'podman') {
|
||||
if (isWindows) {
|
||||
// PowerShell doesn't support <() process substitution.
|
||||
// Create a temporary auth file that we will clean up after.
|
||||
tempAuthFile = join(os.tmpdir(), `gemini-auth-${Date.now()}.json`);
|
||||
writeFileSync(tempAuthFile, '{}');
|
||||
buildCommandArgs = `--authfile="${tempAuthFile}"`;
|
||||
} else {
|
||||
// Use bash-specific syntax for Linux/macOS
|
||||
buildCommandArgs = `--authfile=<(echo '{}')`;
|
||||
}
|
||||
}
|
||||
|
||||
const npmPackageVersion = JSON.parse(
|
||||
readFileSync(join(process.cwd(), 'package.json'), 'utf-8'),
|
||||
).version;
|
||||
|
||||
const imageTag =
|
||||
process.env.GEMINI_SANDBOX_IMAGE_TAG || imageName.split(':')[1];
|
||||
const finalImageName = `${imageName.split(':')[0]}:${imageTag}`;
|
||||
|
||||
try {
|
||||
execSync(
|
||||
`${sandboxCommand} build ${buildCommandArgs} ${
|
||||
process.env.BUILD_SANDBOX_FLAGS || ''
|
||||
} --build-arg CLI_VERSION=${npmPackageVersion} --build-arg NPM_REGISTRY_SCOPE=${process.env.NPM_REGISTRY_SCOPE} --build-arg NPM_REGISTRY_URL=${process.env.NPM_REGISTRY_URL} --build-arg CLI_PACKAGE_NAME=${process.env.CLI_PACKAGE_NAME} --secret id=GITHUB_TOKEN,env=GITHUB_TOKEN -f "${dockerfile}" -t "${finalImageName}" .`,
|
||||
{ stdio: buildStdout, shell: shellToUse },
|
||||
);
|
||||
console.log(`built ${finalImageName}`);
|
||||
|
||||
// If an output file path was provided via command-line, write the final image URI to it.
|
||||
if (argv.outputFile) {
|
||||
console.log(
|
||||
`Writing final image URI for CI artifact to: ${argv.outputFile}`,
|
||||
);
|
||||
// The publish step only supports one image. If we build multiple, only the last one
|
||||
// will be published. Throw an error to make this failure explicit if the file already exists.
|
||||
if (existsSync(argv.outputFile)) {
|
||||
throw new Error(
|
||||
`CI artifact file ${argv.outputFile} already exists. Refusing to overwrite.`,
|
||||
);
|
||||
}
|
||||
writeFileSync(argv.outputFile, finalImageName);
|
||||
}
|
||||
} finally {
|
||||
// If we created a temp file, delete it now.
|
||||
if (tempAuthFile) {
|
||||
rmSync(tempAuthFile, { force: true });
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
buildImage(image, dockerFile);
|
||||
|
||||
execSync(`${sandboxCommand} image prune -f`, { stdio: 'ignore' });
|
||||
@@ -1,127 +0,0 @@
|
||||
/**
|
||||
* @license
|
||||
* Copyright 2025 Google LLC
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*/
|
||||
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
import { execSync } from 'node:child_process';
|
||||
import { existsSync, readFileSync } from 'node:fs';
|
||||
import { join, dirname } from 'node:path';
|
||||
import stripJsonComments from 'strip-json-comments';
|
||||
import os from 'node:os';
|
||||
import yargs from 'yargs';
|
||||
import { hideBin } from 'yargs/helpers';
|
||||
import dotenv from 'dotenv';
|
||||
import { GEMINI_DIR } from '@google/gemini-cli-core';
|
||||
|
||||
const argv = yargs(hideBin(process.argv)).option('q', {
|
||||
alias: 'quiet',
|
||||
type: 'boolean',
|
||||
default: false,
|
||||
}).argv;
|
||||
|
||||
let geminiSandbox = process.env.GEMINI_SANDBOX;
|
||||
|
||||
if (!geminiSandbox) {
|
||||
const userSettingsFile = join(os.homedir(), GEMINI_DIR, 'settings.json');
|
||||
if (existsSync(userSettingsFile)) {
|
||||
const settings = JSON.parse(
|
||||
stripJsonComments(readFileSync(userSettingsFile, 'utf-8')),
|
||||
);
|
||||
if (settings.sandbox) {
|
||||
geminiSandbox = settings.sandbox;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!geminiSandbox) {
|
||||
let currentDir = process.cwd();
|
||||
while (true) {
|
||||
const geminiEnv = join(currentDir, GEMINI_DIR, '.env');
|
||||
const regularEnv = join(currentDir, '.env');
|
||||
if (existsSync(geminiEnv)) {
|
||||
dotenv.config({ path: geminiEnv, quiet: true });
|
||||
break;
|
||||
} else if (existsSync(regularEnv)) {
|
||||
dotenv.config({ path: regularEnv, quiet: true });
|
||||
break;
|
||||
}
|
||||
const parentDir = dirname(currentDir);
|
||||
if (parentDir === currentDir) {
|
||||
break;
|
||||
}
|
||||
currentDir = parentDir;
|
||||
}
|
||||
geminiSandbox = process.env.GEMINI_SANDBOX;
|
||||
}
|
||||
|
||||
geminiSandbox = (geminiSandbox || '').toLowerCase();
|
||||
|
||||
const commandExists = (cmd) => {
|
||||
const checkCommand = os.platform() === 'win32' ? 'where' : 'command -v';
|
||||
try {
|
||||
execSync(`${checkCommand} ${cmd}`, { stdio: 'ignore' });
|
||||
return true;
|
||||
} catch {
|
||||
if (os.platform() === 'win32') {
|
||||
try {
|
||||
execSync(`${checkCommand} ${cmd}.exe`, { stdio: 'ignore' });
|
||||
return true;
|
||||
} catch {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
};
|
||||
|
||||
let command = '';
|
||||
if (['1', 'true'].includes(geminiSandbox)) {
|
||||
if (commandExists('docker')) {
|
||||
command = 'docker';
|
||||
} else if (commandExists('podman')) {
|
||||
command = 'podman';
|
||||
} else {
|
||||
console.error(
|
||||
'ERROR: install docker or podman or specify command in GEMINI_SANDBOX',
|
||||
);
|
||||
process.exit(1);
|
||||
}
|
||||
} else if (geminiSandbox && !['0', 'false'].includes(geminiSandbox)) {
|
||||
if (commandExists(geminiSandbox)) {
|
||||
command = geminiSandbox;
|
||||
} else {
|
||||
console.error(
|
||||
`ERROR: missing sandbox command '${geminiSandbox}' (from GEMINI_SANDBOX)`,
|
||||
);
|
||||
process.exit(1);
|
||||
}
|
||||
} else {
|
||||
if (os.platform() === 'darwin' && process.env.SEATBELT_PROFILE !== 'none') {
|
||||
if (commandExists('sandbox-exec')) {
|
||||
command = 'sandbox-exec';
|
||||
} else {
|
||||
process.exit(1);
|
||||
}
|
||||
} else {
|
||||
process.exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
if (!argv.q) {
|
||||
console.log(command);
|
||||
}
|
||||
process.exit(0);
|
||||
Reference in New Issue
Block a user