custom sandboxing via sandbox.Dockerfile and sandbox.bashrc in project settings (#249)

2025-05-02 14:07:40 -07:00 · 2025-05-02 14:07:40 -07:00 · 69d1c644d9
parent cc838fad44
commit 69d1c644d9
2 changed files with 27 additions and 4 deletions
--- a/packages/cli/src/utils/sandbox.ts
+++ b/packages/cli/src/utils/sandbox.ts
@ -83,7 +83,17 @@ export async function start_sandbox(sandbox: string) {
    } else {
      console.log('building sandbox ...');
      const gcRoot = gcPath.split('/packages/')[0];
-      spawnSync(`cd ${gcRoot} && scripts/build_sandbox.sh`, {
+      // if project folder has sandbox.Dockerfile under project settings folder, use that
+      let buildArgs = '';
+      const projectSandboxDockerfile = path.join(
+        SETTINGS_DIRECTORY_NAME,
+        'sandbox.Dockerfile',
+      );
+      if (fs.existsSync(projectSandboxDockerfile)) {
+        console.log(`using ${projectSandboxDockerfile} for sandbox`);
+        buildArgs += `-f ${path.resolve(projectSandboxDockerfile)}`;
+      }
+      spawnSync(`cd ${gcRoot} && scripts/build_sandbox.sh ${buildArgs}`, {
        stdio: 'inherit',
        shell: true,
      });
@ -266,6 +276,15 @@ export async function start_sandbox(sandbox: string) {
    bashCmd += `export PYTHONPATH="$PYTHONPATH${pythonPathSuffix}"; `; // suffix includes leading ':'
  }

+  // source sandbox.bashrc if exists under project settings directory
+  const projectSandboxBashrc = path.join(
+    SETTINGS_DIRECTORY_NAME,
+    'sandbox.bashrc',
+  );
+  if (fs.existsSync(projectSandboxBashrc)) {
+    bashCmd += `source ${projectSandboxBashrc}; `;
+  }
+
  // open additional ports if SANDBOX_PORTS is set
  // also set up redirects (via socat) so servers can listen on localhost instead of 0.0.0.0
  if (process.env.SANDBOX_PORTS) {
--- a/scripts/build_sandbox.sh
+++ b/scripts/build_sandbox.sh
@ -27,17 +27,21 @@ IMAGE=gemini-code-sandbox
 DOCKERFILE=Dockerfile

 SKIP_NPM_INSTALL_BUILD=false
-while getopts "sd" opt; do
+while getopts "sdf:" opt; do
    case ${opt} in
    s) SKIP_NPM_INSTALL_BUILD=true ;;
    d)
        DOCKERFILE=Dockerfile-dev
        IMAGE+="-dev"
        ;;
+    f)
+        DOCKERFILE=$OPTARG
+        ;;
    \?)
-        echo "usage: $(basename "$0") [-s] [-d]"
+        echo "usage: $(basename "$0") [-s] [-d] [-f <dockerfile>]"
        echo "  -s: skip npm install + npm run build"
-        echo "  -d: build dev image (using Dockerfile-dev)"
+        echo "  -d: build dev image (use Dockerfile-dev)"
+        echo "  -f <dockerfile>: use <dockerfile>"
        exit 1
        ;;
    esac