custom sandboxing via sandbox.Dockerfile and sandbox.bashrc in project settings (#249)

2025-05-02 14:07:40 -07:00 · 2025-05-02 14:07:40 -07:00 · 69d1c644d9
parent cc838fad44
commit 69d1c644d9
2 changed files with 27 additions and 4 deletions
--- a/packages/cli/src/utils/sandbox.ts
+++ b/packages/cli/src/utils/sandbox.ts
@ -83,7 +83,17 @@ export async function start_sandbox(sandbox: string) {
    } else {
      console.log('building sandbox ...');
      const gcRoot = gcPath.split('/packages/')[0];
-      spawnSync(`cd ${gcRoot} && scripts/build_sandbox.sh`, {
+      // if project folder has sandbox.Dockerfile under project settings folder, use that
      let buildArgs = '';
      const projectSandboxDockerfile = path.join(
        SETTINGS_DIRECTORY_NAME,
        'sandbox.Dockerfile',
      );
      if (fs.existsSync(projectSandboxDockerfile)) {
        console.log(`using ${projectSandboxDockerfile} for sandbox`);
        buildArgs += `-f ${path.resolve(projectSandboxDockerfile)}`;
      }
      spawnSync(`cd ${gcRoot} && scripts/build_sandbox.sh ${buildArgs}`, {
        stdio: 'inherit',
        shell: true,
      });
@ -266,6 +276,15 @@ export async function start_sandbox(sandbox: string) {
    bashCmd += `export PYTHONPATH="$PYTHONPATH${pythonPathSuffix}"; `; // suffix includes leading ':'
  }
  // source sandbox.bashrc if exists under project settings directory
  const projectSandboxBashrc = path.join(
    SETTINGS_DIRECTORY_NAME,
    'sandbox.bashrc',
  );
  if (fs.existsSync(projectSandboxBashrc)) {
    bashCmd += `source ${projectSandboxBashrc}; `;
  }
  // open additional ports if SANDBOX_PORTS is set
  // also set up redirects (via socat) so servers can listen on localhost instead of 0.0.0.0
  if (process.env.SANDBOX_PORTS) {
--- a/scripts/build_sandbox.sh
+++ b/scripts/build_sandbox.sh
@ -27,17 +27,21 @@ IMAGE=gemini-code-sandbox
 DOCKERFILE=Dockerfile
 SKIP_NPM_INSTALL_BUILD=false
-while getopts "sd" opt; do
+while getopts "sdf:" opt; do
    case ${opt} in
    s) SKIP_NPM_INSTALL_BUILD=true ;;
    d)
        DOCKERFILE=Dockerfile-dev
        IMAGE+="-dev"
        ;;
    f)
        DOCKERFILE=$OPTARG
        ;;
    \?)
-        echo "usage: $(basename "$0") [-s] [-d]"
+        echo "usage: $(basename "$0") [-s] [-d] [-f <dockerfile>]"
        echo "  -s: skip npm install + npm run build"
-        echo "  -d: build dev image (using Dockerfile-dev)"
+        echo "  -d: build dev image (use Dockerfile-dev)"
        echo "  -f <dockerfile>: use <dockerfile>"
        exit 1
        ;;
    esac