mirror of
https://github.com/harivansh-afk/sandbox-agent.git
synced 2026-04-15 17:01:02 +00:00
b49776145b
- Add .github/actions/docker-setup composite action (from rivet) - Add docker/runtime/Dockerfile for Docker image builds - Update release.yaml to match rivet patterns: - Use corepack enable instead of pnpm/action-setup - Add reuse_engine_version input - Add Docker job with Depot runners - Use --no-frozen-lockfile for pnpm install - Add id-token permission for setup job
51 lines
1.3 KiB
Docker
51 lines
1.3 KiB
Docker
# syntax=docker/dockerfile:1.10.0
|
|
|
|
# Build stage - compile the binary
|
|
FROM rust:1.88.0 AS builder
|
|
|
|
ENV DEBIAN_FRONTEND=noninteractive
|
|
RUN apt-get update && apt-get install -y \
|
|
musl-tools \
|
|
musl-dev \
|
|
pkg-config \
|
|
ca-certificates \
|
|
git && \
|
|
apt-get clean && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
RUN rustup target add x86_64-unknown-linux-musl
|
|
|
|
WORKDIR /build
|
|
COPY . .
|
|
|
|
# Build static binary
|
|
RUN --mount=type=cache,target=/usr/local/cargo/registry \
|
|
--mount=type=cache,target=/usr/local/cargo/git \
|
|
--mount=type=cache,target=/build/target \
|
|
SANDBOX_AGENT_SKIP_INSPECTOR=1 \
|
|
RUSTFLAGS="-C target-feature=+crt-static" \
|
|
cargo build -p sandbox-agent --release --target x86_64-unknown-linux-musl && \
|
|
cp target/x86_64-unknown-linux-musl/release/sandbox-agent /sandbox-agent
|
|
|
|
# Runtime stage - minimal image
|
|
FROM debian:bookworm-slim
|
|
|
|
RUN apt-get update && apt-get install -y \
|
|
ca-certificates \
|
|
curl \
|
|
git && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
# Copy the binary from builder
|
|
COPY --from=builder /sandbox-agent /usr/local/bin/sandbox-agent
|
|
RUN chmod +x /usr/local/bin/sandbox-agent
|
|
|
|
# Create non-root user
|
|
RUN useradd -m -s /bin/bash sandbox
|
|
USER sandbox
|
|
WORKDIR /home/sandbox
|
|
|
|
EXPOSE 2468
|
|
|
|
ENTRYPOINT ["sandbox-agent"]
|
|
CMD ["--host", "0.0.0.0", "--port", "2468"]
|