From b6846ce07f6385bfd4a741b64b06d136a4b29531 Mon Sep 17 00:00:00 2001 From: Eric Burke <163169620+eburke-openai@users.noreply.github.com> Date: Wed, 16 Apr 2025 12:02:41 -0700 Subject: [PATCH] (fix) update Docker container scripts (#47) * Fix Docker container scripts Signed-off-by:: Eric Burke * Build codex TGZ * fix run_in_container --------- Co-authored-by: Kyle Kosic --- codex-cli/.dockerignore | 1 + codex-cli/Dockerfile | 28 ++++++++++++++------------- codex-cli/scripts/build_container.sh | 15 +++++++++++++- codex-cli/scripts/run_in_container.sh | 16 +++++++++++---- 4 files changed, 42 insertions(+), 18 deletions(-) create mode 100644 codex-cli/.dockerignore diff --git a/codex-cli/.dockerignore b/codex-cli/.dockerignore new file mode 100644 index 00000000..c2658d7d --- /dev/null +++ b/codex-cli/.dockerignore @@ -0,0 +1 @@ +node_modules/ diff --git a/codex-cli/Dockerfile b/codex-cli/Dockerfile index bdd4be30..95fe3800 100644 --- a/codex-cli/Dockerfile +++ b/codex-cli/Dockerfile @@ -4,22 +4,24 @@ ARG TZ ENV TZ="$TZ" # Install basic development tools and iptables/ipset -RUN apt update && apt install -y less \ +RUN apt update && apt install -y \ + aggregate \ + dnsutils \ + fzf \ + gh \ git \ + gnupg2 \ + iproute2 \ + ipset \ + iptables \ + jq \ + less \ + man-db \ procps \ sudo \ - fzf \ - zsh \ - man-db \ unzip \ - gnupg2 \ - gh \ - iptables \ - ipset \ - iproute2 \ - dnsutils \ - aggregate \ - jq + ripgrep \ + zsh # Ensure default node user has access to /usr/local/share RUN mkdir -p /usr/local/share/npm-global && \ @@ -44,4 +46,4 @@ USER root RUN chmod +x /usr/local/bin/init_firewall.sh && \ echo "node ALL=(root) NOPASSWD: /usr/local/bin/init_firewall.sh" > /etc/sudoers.d/node-firewall && \ chmod 0440 /etc/sudoers.d/node-firewall -USER node \ No newline at end of file +USER node diff --git a/codex-cli/scripts/build_container.sh b/codex-cli/scripts/build_container.sh index c99e09ee..fd4c8f5a 100755 --- a/codex-cli/scripts/build_container.sh +++ b/codex-cli/scripts/build_container.sh @@ -1,3 +1,16 @@ #!/bin/bash -docker build -t codex -f codex-cli/Dockerfile codex-cli +set -euo pipefail + +SCRIPT_DIR=$(realpath "$(dirname "$0")") +trap "popd >> /dev/null" EXIT +pushd "$SCRIPT_DIR/.." >> /dev/null || { + echo "Error: Failed to change directory to $SCRIPT_DIR/.." + exit 1 +} +npm install +npm run build +rm -rf ./dist/openai-codex-*.tgz +npm pack --pack-destination ./dist +mv ./dist/openai-codex-*.tgz ./dist/codex.tgz +docker build -t codex -f "./Dockerfile" . diff --git a/codex-cli/scripts/run_in_container.sh b/codex-cli/scripts/run_in_container.sh index a0bd80a4..2e6978be 100755 --- a/codex-cli/scripts/run_in_container.sh +++ b/codex-cli/scripts/run_in_container.sh @@ -1,4 +1,5 @@ #!/bin/bash +set -e # Usage: # ./run_in_container.sh [--work_dir directory] "COMMAND" @@ -8,7 +9,7 @@ # ./run_in_container.sh "echo Hello, world!" # Default the work directory to WORKSPACE_ROOT_DIR if not provided. -WORK_DIR="${WORKSPACE_ROOT_DIR}" +WORK_DIR="${WORKSPACE_ROOT_DIR:-$(pwd)}" # Parse optional flag. if [ "$1" = "--work_dir" ]; then @@ -20,6 +21,8 @@ if [ "$1" = "--work_dir" ]; then shift 2 fi +WORK_DIR=$(realpath "$WORK_DIR") + # Ensure a command is provided. if [ "$#" -eq 0 ]; then echo "Usage: $0 [--work_dir directory] \"COMMAND\"" @@ -33,14 +36,14 @@ if [ -z "$WORK_DIR" ]; then fi # Remove any existing container named 'codex'. -docker rm -f codex || true +docker rm -f codex 2>/dev/null || true # Run the container with the specified directory mounted at the same path inside the container. docker run --name codex -d \ -e OPENAI_API_KEY \ --cap-add=NET_ADMIN \ --cap-add=NET_RAW \ - -v "$WORK_DIR:$WORK_DIR" \ + -v "$WORK_DIR:/app$WORK_DIR" \ codex \ sleep infinity @@ -49,4 +52,9 @@ docker exec codex bash -c "sudo /usr/local/bin/init_firewall.sh" # Execute the provided command in the container, ensuring it runs in the work directory. # We use a parameterized bash command to safely handle the command and directory. -docker exec codex bash -c "cd \"$WORK_DIR\" && codex --dangerously-auto-approve-everything -q \"$@\"" + +quoted_args="" +for arg in "$@"; do + quoted_args+=" $(printf '%q' "$arg")" +done +docker exec -it codex bash -c "cd \"/app$WORK_DIR\" && codex --full-auto ${quoted_args}"