mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-06 10:40:43 +00:00
CI: fix live Docker auth mounts (#67812)
* CI: fix live Docker auth mounts * CI: harden live Docker auth mounts
This commit is contained in:
Onur
@@ -8,8 +8,9 @@ LIVE_IMAGE_NAME="${OPENCLAW_LIVE_IMAGE:-${IMAGE_NAME}-live}"
|
||||
CONFIG_DIR="${OPENCLAW_CONFIG_DIR:-$HOME/.openclaw}"
|
||||
WORKSPACE_DIR="${OPENCLAW_WORKSPACE_DIR:-$HOME/.openclaw/workspace}"
|
||||
PROFILE_FILE="${OPENCLAW_PROFILE_FILE:-$HOME/.profile}"
|
||||
CLI_TOOLS_DIR="${OPENCLAW_DOCKER_CLI_TOOLS_DIR:-$HOME/.cache/openclaw/docker-cli-tools}"
|
||||
ACP_AGENT_LIST_RAW="${OPENCLAW_LIVE_ACP_BIND_AGENTS:-${OPENCLAW_LIVE_ACP_BIND_AGENT:-claude,codex,gemini}}"
|
||||
TEMP_DIRS=()
|
||||
DOCKER_USER="${OPENCLAW_DOCKER_USER:-node}"
|
||||
|
||||
openclaw_live_acp_bind_resolve_auth_provider() {
|
||||
case "${1:-}" in
|
||||
@@ -32,17 +33,42 @@ openclaw_live_acp_bind_resolve_agent_command() {
|
||||
esac
|
||||
}
|
||||
|
||||
cleanup_temp_dirs() {
|
||||
if ((${#TEMP_DIRS[@]} > 0)); then
|
||||
rm -rf "${TEMP_DIRS[@]}"
|
||||
fi
|
||||
}
|
||||
trap cleanup_temp_dirs EXIT
|
||||
|
||||
if [[ -n "${OPENCLAW_DOCKER_CLI_TOOLS_DIR:-}" ]]; then
|
||||
CLI_TOOLS_DIR="${OPENCLAW_DOCKER_CLI_TOOLS_DIR}"
|
||||
elif [[ "${CI:-}" == "true" || "${GITHUB_ACTIONS:-}" == "true" ]]; then
|
||||
CLI_TOOLS_DIR="$(mktemp -d "${RUNNER_TEMP:-/tmp}/openclaw-docker-cli-tools.XXXXXX")"
|
||||
TEMP_DIRS+=("$CLI_TOOLS_DIR")
|
||||
else
|
||||
CLI_TOOLS_DIR="$HOME/.cache/openclaw/docker-cli-tools"
|
||||
fi
|
||||
|
||||
mkdir -p "$CLI_TOOLS_DIR"
|
||||
if [[ "${CI:-}" == "true" || "${GITHUB_ACTIONS:-}" == "true" ]]; then
|
||||
DOCKER_USER="$(id -u):$(id -g)"
|
||||
fi
|
||||
|
||||
PROFILE_MOUNT=()
|
||||
if [[ -f "$PROFILE_FILE" ]]; then
|
||||
if [[ -f "$PROFILE_FILE" && -r "$PROFILE_FILE" ]]; then
|
||||
PROFILE_MOUNT=(-v "$PROFILE_FILE":/home/node/.profile:ro)
|
||||
fi
|
||||
|
||||
read -r -d '' LIVE_TEST_CMD <<'EOF' || true
|
||||
set -euo pipefail
|
||||
[ -f "$HOME/.profile" ] && source "$HOME/.profile" || true
|
||||
export PATH="$HOME/.npm-global/bin:$PATH"
|
||||
[ -f "$HOME/.profile" ] && [ -r "$HOME/.profile" ] && source "$HOME/.profile" || true
|
||||
export NPM_CONFIG_PREFIX="${NPM_CONFIG_PREFIX:-$HOME/.npm-global}"
|
||||
export npm_config_prefix="$NPM_CONFIG_PREFIX"
|
||||
export NPM_CONFIG_CACHE="${NPM_CONFIG_CACHE:-$HOME/.npm-cache}"
|
||||
export npm_config_cache="$NPM_CONFIG_CACHE"
|
||||
mkdir -p "$NPM_CONFIG_PREFIX" "$NPM_CONFIG_CACHE"
|
||||
chmod 700 "$NPM_CONFIG_CACHE" || true
|
||||
export PATH="$NPM_CONFIG_PREFIX/bin:$PATH"
|
||||
IFS=',' read -r -a auth_dirs <<<"${OPENCLAW_DOCKER_AUTH_DIRS_RESOLVED:-}"
|
||||
IFS=',' read -r -a auth_files <<<"${OPENCLAW_DOCKER_AUTH_FILES_RESOLVED:-}"
|
||||
if ((${#auth_dirs[@]} > 0)); then
|
||||
@@ -68,15 +94,15 @@ fi
|
||||
agent="${OPENCLAW_LIVE_ACP_BIND_AGENT:-claude}"
|
||||
case "$agent" in
|
||||
claude)
|
||||
if [ ! -x "$HOME/.npm-global/bin/claude" ]; then
|
||||
npm_config_prefix="$HOME/.npm-global" npm install -g @anthropic-ai/claude-code
|
||||
if [ ! -x "$NPM_CONFIG_PREFIX/bin/claude" ]; then
|
||||
npm install -g @anthropic-ai/claude-code
|
||||
fi
|
||||
real_claude="$HOME/.npm-global/bin/claude-real"
|
||||
if [ ! -x "$real_claude" ] && [ -x "$HOME/.npm-global/bin/claude" ]; then
|
||||
mv "$HOME/.npm-global/bin/claude" "$real_claude"
|
||||
real_claude="$NPM_CONFIG_PREFIX/bin/claude-real"
|
||||
if [ ! -x "$real_claude" ] && [ -x "$NPM_CONFIG_PREFIX/bin/claude" ]; then
|
||||
mv "$NPM_CONFIG_PREFIX/bin/claude" "$real_claude"
|
||||
fi
|
||||
if [ -x "$real_claude" ]; then
|
||||
cat > "$HOME/.npm-global/bin/claude" <<WRAP
|
||||
cat > "$NPM_CONFIG_PREFIX/bin/claude" <<WRAP
|
||||
#!/usr/bin/env bash
|
||||
script_dir="\$(CDPATH= cd -- "\$(dirname -- "\$0")" && pwd)"
|
||||
if [ -n "\${OPENCLAW_LIVE_ACP_BIND_ANTHROPIC_API_KEY:-}" ]; then
|
||||
@@ -87,19 +113,19 @@ if [ -n "\${OPENCLAW_LIVE_ACP_BIND_ANTHROPIC_API_KEY_OLD:-}" ]; then
|
||||
fi
|
||||
exec "\$script_dir/claude-real" "\$@"
|
||||
WRAP
|
||||
chmod +x "$HOME/.npm-global/bin/claude"
|
||||
chmod +x "$NPM_CONFIG_PREFIX/bin/claude"
|
||||
fi
|
||||
claude auth status || true
|
||||
;;
|
||||
codex)
|
||||
if [ ! -x "$HOME/.npm-global/bin/codex" ]; then
|
||||
npm_config_prefix="$HOME/.npm-global" npm install -g @openai/codex
|
||||
if [ ! -x "$NPM_CONFIG_PREFIX/bin/codex" ]; then
|
||||
npm install -g @openai/codex
|
||||
fi
|
||||
;;
|
||||
gemini)
|
||||
mkdir -p "$HOME/.gemini"
|
||||
if [ ! -x "$HOME/.npm-global/bin/gemini" ]; then
|
||||
npm_config_prefix="$HOME/.npm-global" npm install -g @google/gemini-cli
|
||||
if [ ! -x "$NPM_CONFIG_PREFIX/bin/gemini" ]; then
|
||||
npm install -g @google/gemini-cli
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
@@ -203,7 +229,7 @@ for ACP_AGENT in "${ACP_AGENTS[@]}"; do
|
||||
echo "==> Auth dirs: ${AUTH_DIRS_CSV:-none}"
|
||||
echo "==> Auth files: ${AUTH_FILES_CSV:-none}"
|
||||
docker run --rm -t \
|
||||
-u node \
|
||||
-u "$DOCKER_USER" \
|
||||
--entrypoint bash \
|
||||
-e ANTHROPIC_API_KEY \
|
||||
-e ANTHROPIC_API_KEY_OLD \
|
||||
|
||||
@@ -8,12 +8,13 @@ LIVE_IMAGE_NAME="${OPENCLAW_LIVE_IMAGE:-${IMAGE_NAME}-live}"
|
||||
CONFIG_DIR="${OPENCLAW_CONFIG_DIR:-$HOME/.openclaw}"
|
||||
WORKSPACE_DIR="${OPENCLAW_WORKSPACE_DIR:-$HOME/.openclaw/workspace}"
|
||||
PROFILE_FILE="${OPENCLAW_PROFILE_FILE:-$HOME/.profile}"
|
||||
CLI_TOOLS_DIR="${OPENCLAW_DOCKER_CLI_TOOLS_DIR:-$HOME/.cache/openclaw/docker-cli-tools}"
|
||||
DEFAULT_PROVIDER="${OPENCLAW_DOCKER_CLI_BACKEND_PROVIDER:-claude-cli}"
|
||||
CLI_MODEL="${OPENCLAW_LIVE_CLI_BACKEND_MODEL:-}"
|
||||
CLI_PROVIDER="${CLI_MODEL%%/*}"
|
||||
CLI_DISABLE_MCP_CONFIG="${OPENCLAW_LIVE_CLI_BACKEND_DISABLE_MCP_CONFIG:-}"
|
||||
CLI_AUTH_MODE="${OPENCLAW_LIVE_CLI_BACKEND_AUTH:-auto}"
|
||||
TEMP_DIRS=()
|
||||
DOCKER_USER="${OPENCLAW_DOCKER_USER:-node}"
|
||||
|
||||
if [[ -z "$CLI_PROVIDER" || "$CLI_PROVIDER" == "$CLI_MODEL" ]]; then
|
||||
CLI_PROVIDER="$DEFAULT_PROVIDER"
|
||||
@@ -55,7 +56,26 @@ if [[ "$CLI_PROVIDER" == "claude-cli" && -z "$CLI_DISABLE_MCP_CONFIG" ]]; then
|
||||
fi
|
||||
fi
|
||||
|
||||
cleanup_temp_dirs() {
|
||||
if ((${#TEMP_DIRS[@]} > 0)); then
|
||||
rm -rf "${TEMP_DIRS[@]}"
|
||||
fi
|
||||
}
|
||||
trap cleanup_temp_dirs EXIT
|
||||
|
||||
if [[ -n "${OPENCLAW_DOCKER_CLI_TOOLS_DIR:-}" ]]; then
|
||||
CLI_TOOLS_DIR="${OPENCLAW_DOCKER_CLI_TOOLS_DIR}"
|
||||
elif [[ "${CI:-}" == "true" || "${GITHUB_ACTIONS:-}" == "true" ]]; then
|
||||
CLI_TOOLS_DIR="$(mktemp -d "${RUNNER_TEMP:-/tmp}/openclaw-docker-cli-tools.XXXXXX")"
|
||||
TEMP_DIRS+=("$CLI_TOOLS_DIR")
|
||||
else
|
||||
CLI_TOOLS_DIR="$HOME/.cache/openclaw/docker-cli-tools"
|
||||
fi
|
||||
|
||||
mkdir -p "$CLI_TOOLS_DIR"
|
||||
if [[ "${CI:-}" == "true" || "${GITHUB_ACTIONS:-}" == "true" ]]; then
|
||||
DOCKER_USER="$(id -u):$(id -g)"
|
||||
fi
|
||||
|
||||
if [[ "$CLI_PROVIDER" == "claude-cli" && "$CLI_AUTH_MODE" == "subscription" ]]; then
|
||||
CLAUDE_CREDS_FILE="$HOME/.claude/.credentials.json"
|
||||
@@ -108,7 +128,7 @@ if [[ "$CLI_PROVIDER" == "claude-cli" && "$CLI_AUTH_MODE" == "subscription" ]];
|
||||
fi
|
||||
|
||||
PROFILE_MOUNT=()
|
||||
if [[ -f "$PROFILE_FILE" ]]; then
|
||||
if [[ -f "$PROFILE_FILE" && -r "$PROFILE_FILE" ]]; then
|
||||
PROFILE_MOUNT=(-v "$PROFILE_FILE":/home/node/.profile:ro)
|
||||
fi
|
||||
|
||||
@@ -162,8 +182,14 @@ fi
|
||||
|
||||
read -r -d '' LIVE_TEST_CMD <<'EOF' || true
|
||||
set -euo pipefail
|
||||
[ -f "$HOME/.profile" ] && source "$HOME/.profile" || true
|
||||
export PATH="$HOME/.npm-global/bin:$PATH"
|
||||
[ -f "$HOME/.profile" ] && [ -r "$HOME/.profile" ] && source "$HOME/.profile" || true
|
||||
export NPM_CONFIG_PREFIX="${NPM_CONFIG_PREFIX:-$HOME/.npm-global}"
|
||||
export npm_config_prefix="$NPM_CONFIG_PREFIX"
|
||||
export NPM_CONFIG_CACHE="${NPM_CONFIG_CACHE:-$HOME/.npm-cache}"
|
||||
export npm_config_cache="$NPM_CONFIG_CACHE"
|
||||
mkdir -p "$NPM_CONFIG_PREFIX" "$NPM_CONFIG_CACHE"
|
||||
chmod 700 "$NPM_CONFIG_CACHE" || true
|
||||
export PATH="$NPM_CONFIG_PREFIX/bin:$PATH"
|
||||
IFS=',' read -r -a auth_dirs <<<"${OPENCLAW_DOCKER_AUTH_DIRS_RESOLVED:-}"
|
||||
IFS=',' read -r -a auth_files <<<"${OPENCLAW_DOCKER_AUTH_FILES_RESOLVED:-}"
|
||||
if ((${#auth_dirs[@]} > 0)); then
|
||||
@@ -194,10 +220,10 @@ if [ -z "$binary_name" ] && [ -n "$default_command" ]; then
|
||||
binary_name="$(basename "$default_command")"
|
||||
fi
|
||||
if [ -z "${OPENCLAW_LIVE_CLI_BACKEND_COMMAND:-}" ] && [ -n "$binary_name" ]; then
|
||||
export OPENCLAW_LIVE_CLI_BACKEND_COMMAND="$HOME/.npm-global/bin/$binary_name"
|
||||
export OPENCLAW_LIVE_CLI_BACKEND_COMMAND="$NPM_CONFIG_PREFIX/bin/$binary_name"
|
||||
fi
|
||||
if [ -n "${OPENCLAW_LIVE_CLI_BACKEND_COMMAND:-}" ] && [ ! -x "${OPENCLAW_LIVE_CLI_BACKEND_COMMAND}" ] && [ -n "$docker_package" ]; then
|
||||
npm_config_prefix="$HOME/.npm-global" npm install -g "$docker_package"
|
||||
npm install -g "$docker_package"
|
||||
fi
|
||||
if [ "$provider" = "claude-cli" ]; then
|
||||
auth_mode="${OPENCLAW_LIVE_CLI_BACKEND_AUTH:-auto}"
|
||||
@@ -224,12 +250,12 @@ if (fs.existsSync(file)) {
|
||||
}
|
||||
NODE
|
||||
fi
|
||||
real_claude="$HOME/.npm-global/bin/claude-real"
|
||||
if [ ! -x "$real_claude" ] && [ -x "$HOME/.npm-global/bin/claude" ]; then
|
||||
mv "$HOME/.npm-global/bin/claude" "$real_claude"
|
||||
real_claude="$NPM_CONFIG_PREFIX/bin/claude-real"
|
||||
if [ ! -x "$real_claude" ] && [ -x "$NPM_CONFIG_PREFIX/bin/claude" ]; then
|
||||
mv "$NPM_CONFIG_PREFIX/bin/claude" "$real_claude"
|
||||
fi
|
||||
if [ -x "$real_claude" ]; then
|
||||
cat > "$HOME/.npm-global/bin/claude" <<WRAP
|
||||
cat > "$NPM_CONFIG_PREFIX/bin/claude" <<WRAP
|
||||
#!/usr/bin/env bash
|
||||
script_dir="\$(CDPATH= cd -- "\$(dirname -- "\$0")" && pwd)"
|
||||
if [ -n "\${OPENCLAW_LIVE_CLI_BACKEND_ANTHROPIC_API_KEY:-}" ]; then
|
||||
@@ -240,7 +266,7 @@ if [ -n "\${OPENCLAW_LIVE_CLI_BACKEND_ANTHROPIC_API_KEY_OLD:-}" ]; then
|
||||
fi
|
||||
exec "\$script_dir/claude-real" "\$@"
|
||||
WRAP
|
||||
chmod +x "$HOME/.npm-global/bin/claude"
|
||||
chmod +x "$NPM_CONFIG_PREFIX/bin/claude"
|
||||
fi
|
||||
if [ -z "${OPENCLAW_LIVE_CLI_BACKEND_PRESERVE_ENV:-}" ]; then
|
||||
export OPENCLAW_LIVE_CLI_BACKEND_PRESERVE_ENV='["ANTHROPIC_API_KEY","ANTHROPIC_API_KEY_OLD"]'
|
||||
@@ -325,7 +351,7 @@ else
|
||||
fi
|
||||
|
||||
docker run --rm -t \
|
||||
-u node \
|
||||
-u "$DOCKER_USER" \
|
||||
--entrypoint bash \
|
||||
-e COREPACK_ENABLE_DOWNLOAD_PROMPT=0 \
|
||||
-e HOME=/home/node \
|
||||
|
||||
@@ -8,12 +8,32 @@ LIVE_IMAGE_NAME="${OPENCLAW_LIVE_IMAGE:-${IMAGE_NAME}-live}"
|
||||
CONFIG_DIR="${OPENCLAW_CONFIG_DIR:-$HOME/.openclaw}"
|
||||
WORKSPACE_DIR="${OPENCLAW_WORKSPACE_DIR:-$HOME/.openclaw/workspace}"
|
||||
PROFILE_FILE="${OPENCLAW_PROFILE_FILE:-$HOME/.profile}"
|
||||
CLI_TOOLS_DIR="${OPENCLAW_DOCKER_CLI_TOOLS_DIR:-$HOME/.cache/openclaw/docker-cli-tools}"
|
||||
TEMP_DIRS=()
|
||||
DOCKER_USER="${OPENCLAW_DOCKER_USER:-node}"
|
||||
|
||||
cleanup_temp_dirs() {
|
||||
if ((${#TEMP_DIRS[@]} > 0)); then
|
||||
rm -rf "${TEMP_DIRS[@]}"
|
||||
fi
|
||||
}
|
||||
trap cleanup_temp_dirs EXIT
|
||||
|
||||
if [[ -n "${OPENCLAW_DOCKER_CLI_TOOLS_DIR:-}" ]]; then
|
||||
CLI_TOOLS_DIR="${OPENCLAW_DOCKER_CLI_TOOLS_DIR}"
|
||||
elif [[ "${CI:-}" == "true" || "${GITHUB_ACTIONS:-}" == "true" ]]; then
|
||||
CLI_TOOLS_DIR="$(mktemp -d "${RUNNER_TEMP:-/tmp}/openclaw-docker-cli-tools.XXXXXX")"
|
||||
TEMP_DIRS+=("$CLI_TOOLS_DIR")
|
||||
else
|
||||
CLI_TOOLS_DIR="$HOME/.cache/openclaw/docker-cli-tools"
|
||||
fi
|
||||
|
||||
mkdir -p "$CLI_TOOLS_DIR"
|
||||
if [[ "${CI:-}" == "true" || "${GITHUB_ACTIONS:-}" == "true" ]]; then
|
||||
DOCKER_USER="$(id -u):$(id -g)"
|
||||
fi
|
||||
|
||||
PROFILE_MOUNT=()
|
||||
if [[ -f "$PROFILE_FILE" ]]; then
|
||||
if [[ -f "$PROFILE_FILE" && -r "$PROFILE_FILE" ]]; then
|
||||
PROFILE_MOUNT=(-v "$PROFILE_FILE":/home/node/.profile:ro)
|
||||
fi
|
||||
|
||||
@@ -40,8 +60,14 @@ fi
|
||||
|
||||
read -r -d '' LIVE_TEST_CMD <<'EOF' || true
|
||||
set -euo pipefail
|
||||
[ -f "$HOME/.profile" ] && source "$HOME/.profile" || true
|
||||
export PATH="$HOME/.npm-global/bin:$PATH"
|
||||
[ -f "$HOME/.profile" ] && [ -r "$HOME/.profile" ] && source "$HOME/.profile" || true
|
||||
export NPM_CONFIG_PREFIX="${NPM_CONFIG_PREFIX:-$HOME/.npm-global}"
|
||||
export npm_config_prefix="$NPM_CONFIG_PREFIX"
|
||||
export NPM_CONFIG_CACHE="${NPM_CONFIG_CACHE:-$HOME/.npm-cache}"
|
||||
export npm_config_cache="$NPM_CONFIG_CACHE"
|
||||
mkdir -p "$NPM_CONFIG_PREFIX" "$NPM_CONFIG_CACHE"
|
||||
chmod 700 "$NPM_CONFIG_CACHE" || true
|
||||
export PATH="$NPM_CONFIG_PREFIX/bin:$PATH"
|
||||
IFS=',' read -r -a auth_files <<<"${OPENCLAW_DOCKER_AUTH_FILES_RESOLVED:-}"
|
||||
if ((${#auth_files[@]} > 0)); then
|
||||
for auth_file in "${auth_files[@]}"; do
|
||||
@@ -53,8 +79,8 @@ if ((${#auth_files[@]} > 0)); then
|
||||
fi
|
||||
done
|
||||
fi
|
||||
if [ ! -x "$HOME/.npm-global/bin/codex" ]; then
|
||||
npm_config_prefix="$HOME/.npm-global" npm install -g @openai/codex
|
||||
if [ ! -x "$NPM_CONFIG_PREFIX/bin/codex" ]; then
|
||||
npm install -g @openai/codex
|
||||
fi
|
||||
tmp_dir="$(mktemp -d)"
|
||||
cleanup() {
|
||||
@@ -83,7 +109,7 @@ echo "==> MCP probe: ${OPENCLAW_LIVE_CODEX_HARNESS_MCP_PROBE:-1}"
|
||||
echo "==> Harness fallback: none"
|
||||
echo "==> Auth files: ${AUTH_FILES_CSV:-none}"
|
||||
docker run --rm -t \
|
||||
-u node \
|
||||
-u "$DOCKER_USER" \
|
||||
--entrypoint bash \
|
||||
-e COREPACK_ENABLE_DOWNLOAD_PROMPT=0 \
|
||||
-e HOME=/home/node \
|
||||
|
||||
@@ -8,9 +8,13 @@ LIVE_IMAGE_NAME="${OPENCLAW_LIVE_IMAGE:-${IMAGE_NAME}-live}"
|
||||
CONFIG_DIR="${OPENCLAW_CONFIG_DIR:-$HOME/.openclaw}"
|
||||
WORKSPACE_DIR="${OPENCLAW_WORKSPACE_DIR:-$HOME/.openclaw/workspace}"
|
||||
PROFILE_FILE="${OPENCLAW_PROFILE_FILE:-$HOME/.profile}"
|
||||
DOCKER_USER="${OPENCLAW_DOCKER_USER:-node}"
|
||||
if [[ "${CI:-}" == "true" || "${GITHUB_ACTIONS:-}" == "true" ]]; then
|
||||
DOCKER_USER="$(id -u):$(id -g)"
|
||||
fi
|
||||
|
||||
PROFILE_MOUNT=()
|
||||
if [[ -f "$PROFILE_FILE" ]]; then
|
||||
if [[ -f "$PROFILE_FILE" && -r "$PROFILE_FILE" ]]; then
|
||||
PROFILE_MOUNT=(-v "$PROFILE_FILE":/home/node/.profile:ro)
|
||||
fi
|
||||
|
||||
@@ -73,7 +77,7 @@ fi
|
||||
|
||||
read -r -d '' LIVE_TEST_CMD <<'EOF' || true
|
||||
set -euo pipefail
|
||||
[ -f "$HOME/.profile" ] && source "$HOME/.profile" || true
|
||||
[ -f "$HOME/.profile" ] && [ -r "$HOME/.profile" ] && source "$HOME/.profile" || true
|
||||
IFS=',' read -r -a auth_dirs <<<"${OPENCLAW_DOCKER_AUTH_DIRS_RESOLVED:-}"
|
||||
IFS=',' read -r -a auth_files <<<"${OPENCLAW_DOCKER_AUTH_FILES_RESOLVED:-}"
|
||||
if ((${#auth_dirs[@]} > 0)); then
|
||||
@@ -117,6 +121,7 @@ echo "==> Target: src/gateway/gateway-models.profiles.live.test.ts"
|
||||
echo "==> External auth dirs: ${AUTH_DIRS_CSV:-none}"
|
||||
echo "==> External auth files: ${AUTH_FILES_CSV:-none}"
|
||||
docker run --rm -t \
|
||||
-u "$DOCKER_USER" \
|
||||
--entrypoint bash \
|
||||
-e COREPACK_ENABLE_DOWNLOAD_PROMPT=0 \
|
||||
-e HOME=/home/node \
|
||||
|
||||
@@ -6,6 +6,7 @@ source "$ROOT_DIR/scripts/lib/live-docker-auth.sh"
|
||||
IMAGE_NAME="${OPENCLAW_IMAGE:-openclaw:local}"
|
||||
LIVE_IMAGE_NAME="${OPENCLAW_LIVE_IMAGE:-${IMAGE_NAME}-live}"
|
||||
PROFILE_FILE="${OPENCLAW_PROFILE_FILE:-$HOME/.profile}"
|
||||
DOCKER_USER="${OPENCLAW_DOCKER_USER:-node}"
|
||||
|
||||
openclaw_live_truthy() {
|
||||
case "${1:-}" in
|
||||
@@ -35,9 +36,12 @@ else
|
||||
CONFIG_DIR="${OPENCLAW_CONFIG_DIR:-$HOME/.openclaw}"
|
||||
WORKSPACE_DIR="${OPENCLAW_WORKSPACE_DIR:-$HOME/.openclaw/workspace}"
|
||||
fi
|
||||
if [[ "${CI:-}" == "true" || "${GITHUB_ACTIONS:-}" == "true" ]]; then
|
||||
DOCKER_USER="$(id -u):$(id -g)"
|
||||
fi
|
||||
|
||||
PROFILE_MOUNT=()
|
||||
if [[ -f "$PROFILE_FILE" ]]; then
|
||||
if [[ -f "$PROFILE_FILE" && -r "$PROFILE_FILE" ]]; then
|
||||
PROFILE_MOUNT=(-v "$PROFILE_FILE":/home/node/.profile:ro)
|
||||
fi
|
||||
|
||||
@@ -110,7 +114,7 @@ fi
|
||||
|
||||
read -r -d '' LIVE_TEST_CMD <<'EOF' || true
|
||||
set -euo pipefail
|
||||
[ -f "$HOME/.profile" ] && source "$HOME/.profile" || true
|
||||
[ -f "$HOME/.profile" ] && [ -r "$HOME/.profile" ] && source "$HOME/.profile" || true
|
||||
IFS=',' read -r -a auth_dirs <<<"${OPENCLAW_DOCKER_AUTH_DIRS_RESOLVED:-}"
|
||||
IFS=',' read -r -a auth_files <<<"${OPENCLAW_DOCKER_AUTH_FILES_RESOLVED:-}"
|
||||
if ((${#auth_dirs[@]} > 0)); then
|
||||
@@ -155,6 +159,7 @@ echo "==> Profile env only: ${OPENCLAW_DOCKER_PROFILE_ENV_ONLY:-0}"
|
||||
echo "==> External auth dirs: ${AUTH_DIRS_CSV:-none}"
|
||||
echo "==> External auth files: ${AUTH_FILES_CSV:-none}"
|
||||
docker run --rm -t \
|
||||
-u "$DOCKER_USER" \
|
||||
--entrypoint bash \
|
||||
-e COREPACK_ENABLE_DOWNLOAD_PROMPT=0 \
|
||||
-e HOME=/home/node \
|
||||
|
||||
Reference in New Issue
Block a user