From f7d5510b8b45a8288dd2ed8e56bdae85fa062aad Mon Sep 17 00:00:00 2001 From: mkorwel Date: Sun, 15 Mar 2026 09:16:01 -0700 Subject: [PATCH] feat(build): implement multi-stage maintainer parent image and dual-tag cloud build --- .gcp/release-docker.yml | 19 +++++++++--- .gemini/skills/offload/NEXT_MISSION.md | 24 ++++++++++++++ Dockerfile | 43 +++++++++++++++++--------- 3 files changed, 68 insertions(+), 18 deletions(-) create mode 100644 .gemini/skills/offload/NEXT_MISSION.md diff --git a/.gcp/release-docker.yml b/.gcp/release-docker.yml index 53e78b0882..cdf5a489a7 100644 --- a/.gcp/release-docker.yml +++ b/.gcp/release-docker.yml @@ -35,7 +35,7 @@ steps: echo "Determined image tag: $$FINAL_TAG" echo "$$FINAL_TAG" > /workspace/image_tag.txt - # Step 5: Build sandbox container image + # Step 5: Build sandbox container image (Final stage) - name: 'us-west1-docker.pkg.dev/gemini-code-dev/gemini-code-containers/gemini-code-builder' id: 'Build sandbox Docker image' entrypoint: 'bash' @@ -43,11 +43,24 @@ steps: - '-c' - |- export GEMINI_SANDBOX_IMAGE_TAG=$$(cat /workspace/image_tag.txt) - echo "Using Docker image tag for build: $$GEMINI_SANDBOX_IMAGE_TAG" npm run build:sandbox -- --output-file /workspace/final_image_uri.txt env: - 'GEMINI_SANDBOX=$_CONTAINER_TOOL' + # Step 6: Build maintainer container image (Maintainer stage) + - name: 'us-west1-docker.pkg.dev/gemini-code-dev/gemini-code-containers/gemini-code-builder' + id: 'Build maintainer Docker image' + entrypoint: 'bash' + args: + - '-c' + - |- + export TAG=$$(cat /workspace/image_tag.txt) + IMAGE_BASE="us-docker.pkg.dev/gemini-code-dev/gemini-cli/maintainer" + docker build --target maintainer -t "$${IMAGE_BASE}:$${TAG}" . + docker push "$${IMAGE_BASE}:$${TAG}" + env: + - 'GEMINI_SANDBOX=$_CONTAINER_TOOL' + # Step 8: Publish sandbox container image - name: 'us-west1-docker.pkg.dev/gemini-code-dev/gemini-code-containers/gemini-code-builder' id: 'Publish sandbox Docker image' @@ -57,8 +70,6 @@ steps: - |- set -e FINAL_IMAGE_URI=$$(cat /workspace/final_image_uri.txt) - - echo "Pushing sandbox image: $${FINAL_IMAGE_URI}" $_CONTAINER_TOOL push "$${FINAL_IMAGE_URI}" env: - 'GEMINI_SANDBOX=$_CONTAINER_TOOL' diff --git a/.gemini/skills/offload/NEXT_MISSION.md b/.gemini/skills/offload/NEXT_MISSION.md new file mode 100644 index 0000000000..c7af242927 --- /dev/null +++ b/.gemini/skills/offload/NEXT_MISSION.md @@ -0,0 +1,24 @@ +# Mission: GCE Container-First Refactor 🚀 + +## Current State +- **Architecture**: Persistent GCE VM (`gcli-offload-mattkorwel`) with Fast-Path SSH (`gcli-worker`). +- **Logic**: Decoupled scripts in `~/.offload/scripts`, using Git Worktrees for concurrency. +- **Auth**: Scoped GitHub PATs mirrored via setup. + +## The Goal (Container-OS Transition) +Shift from a "Manual VM" to an "Invisible VM" (Container-Optimized OS) that runs our Sandbox Docker image directly. + +## Planned Changes +1. **Multi-Stage Dockerfile**: + - Optimize `Dockerfile.gemini-maintainer` to include `tsx`, `vitest`, `gh`, and a pre-warmed repository. + - Base it on the existing `google-gemini-cli-sandbox`. +2. **Setup Script (`setup.ts`)**: + - Refactor `provision` to use `gcloud compute instances create-with-container`. + - Configure the VM to launch the container as the primary entrypoint. +3. **Orchestrator (`orchestrator.ts`)**: + - Update SSH logic to include the `--container` flag. + - Ensure `rsync` still maps to the persistent home directory that is mounted into the container. + +## How to Resume +1. Load the checkpoint: `/checkpoint load offload-container-refactor` (if available). +2. Tell Gemini: *"Read .gemini/skills/offload/NEXT_MISSION.md and start Phase 1: The Multi-Stage Dockerfile."* diff --git a/Dockerfile b/Dockerfile index 25d27d46c6..b3a1edce40 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,21 +1,26 @@ -FROM docker.io/library/node:20-slim +# --- STAGE 1: Base Runtime --- +FROM docker.io/library/node:20-slim AS base -ARG SANDBOX_NAME="gemini-cli-sandbox" ARG CLI_VERSION_ARG -ENV SANDBOX="$SANDBOX_NAME" ENV CLI_VERSION=$CLI_VERSION_ARG -# install minimal set of packages, then clean up RUN apt-get update && apt-get install -y --no-install-recommends \ python3 \ - make \ - g++ \ - man-db \ curl \ dnsutils \ less \ jq \ - bc \ + ca-certificates \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# --- STAGE 2: Maintainer (Parent of Sandbox) --- +FROM base AS maintainer + +# Install "Maintainer Bloat" - tools needed for development and offloading +RUN apt-get update && apt-get install -y --no-install-recommends \ + make \ + g++ \ gh \ git \ unzip \ @@ -25,21 +30,31 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ psmisc \ lsof \ socat \ - ca-certificates \ + build-essential \ + libsecret-1-dev \ + libkrb5-dev \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* -# set up npm global package folder under /usr/local/share -# give it to non-root user node, already set up in base image +# Install global dev tools +RUN npm install -g tsx vitest + +# Set up npm global package folder RUN mkdir -p /usr/local/share/npm-global \ && chown -R node:node /usr/local/share/npm-global ENV NPM_CONFIG_PREFIX=/usr/local/share/npm-global ENV PATH=$PATH:/usr/local/share/npm-global/bin -# switch to non-root user node +# --- STAGE 3: Sandbox (Final CLI Image) --- +FROM maintainer AS sandbox + +ARG SANDBOX_NAME="gemini-cli-sandbox" +ENV SANDBOX="$SANDBOX_NAME" + +# Switch to non-root user node USER node -# install gemini-cli and clean up +# Install gemini-cli and clean up COPY packages/cli/dist/google-gemini-cli-*.tgz /tmp/gemini-cli.tgz COPY packages/core/dist/google-gemini-cli-core-*.tgz /tmp/gemini-core.tgz RUN npm install -g /tmp/gemini-core.tgz \ @@ -49,5 +64,5 @@ RUN npm install -g /tmp/gemini-core.tgz \ && npm cache clean --force \ && rm -f /tmp/gemini-{cli,core}.tgz -# default entrypoint when none specified +# Default entrypoint CMD ["gemini"]