vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-04-28 11:59:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

feat(docker): replace Packer snapshots with Docker-based agent delivery (#2206)

Browse source 
* feat(docker): replace Packer snapshots with Docker-based agent delivery

Docker images on GHCR are public and cross-account, unlike DO snapshots
which are private/account-scoped. Cloud-init installs Docker + pulls the
agent image during boot. The install step extracts pre-built binaries via
`docker cp` and falls back to normal install if unavailable.

- Add Dockerfiles for all 7 agents (claude, codex, openclaw, opencode,
  kilocode, zeroclaw, hermes)
- Convert docker.yml to matrix build for all agents
- Add tryInstallFromDocker() shared helper with Docker-first install
- Add Docker pull to DigitalOcean cloud-init userdata
- Remove Packer snapshot pipeline, lookup, and SSH-only wait
- Remove packer/ directory (HCL templates, tier scripts, agents.json)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* security: address review findings in docker agent delivery

- Add agentName validation regex (/^[a-z0-9-]+$/) in digitalocean.ts
  before interpolation into cloud-init script
- Quote dockerImage variable in all docker command strings in
  agent-setup.ts to prevent command injection
- Restrict docker cp to specific known directories (.claude, .bun,
  .local, .npm, .cargo, .opencode) instead of blanket /root/.

Agent: pr-maintainer
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
This commit is contained in:
Ahmed Abushagur 2026-03-05 08:23:56 -08:00 committed by GitHub
parent 0098e60688
commit 77c3e34803
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
12 changed files with 240 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

12
.github/workflows/docker.yml vendored
View file

@ -6,7 +6,7 @@ on:
paths:
- "sh/docker/**"
schedule:
# Daily: pick up new openclaw releases
# Daily: pick up new agent releases
- cron: "0 6 * * *"
workflow_dispatch:
@ -15,8 +15,12 @@ permissions:
contents: read
jobs:
build-openclaw:
build:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
agent: [claude, codex, openclaw, opencode, kilocode, zeroclaw, hermes]
steps:
- uses: actions/checkout@v4
@ -29,6 +33,6 @@ jobs:
- uses: docker/build-push-action@v6
with:
context: .
file: sh/docker/openclaw.Dockerfile
file: sh/docker/${{ matrix.agent }}.Dockerfile
push: true
tags: ghcr.io/openrouterteam/spawn-openclaw:latest
tags: ghcr.io/openrouterteam/spawn-${{ matrix.agent }}:latest