-
Notifications
You must be signed in to change notification settings - Fork 15
Expand file tree
/
Copy pathDockerfile
More file actions
90 lines (76 loc) · 3.31 KB
/
Copy pathDockerfile
File metadata and controls
90 lines (76 loc) · 3.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
FROM cgr.dev/chainguard/node:latest-dev@sha256:c6975adf424afb2cdee11eb723bfc65a91647fee3611785d71c8186a9c75af8e
# openssh-client: ssh binary for git-over-SSH (PI_SSH_AGENT=1) and ssh-add.
USER root
RUN apk add --no-cache \
curl \
ca-certificates \
git \
openssh-client \
tmux
# Install mise (GPG-verified via mise-release.asc).
RUN --mount=type=bind,source=mise-release.asc,target=/tmp/mise-release.asc <<'EOF'
set -e
apk add --no-cache gpg gpg-agent
gpg --import /tmp/mise-release.asc
curl -fsSL https://mise.jdx.dev/install.sh.sig -o /tmp/mise-install.sh.sig
gpg --decrypt /tmp/mise-install.sh.sig > /tmp/mise-install.sh
MISE_VERSION=2026.5.15 MISE_INSTALL_PATH=/usr/local/bin/mise sh /tmp/mise-install.sh
rm /tmp/mise-install.sh.sig /tmp/mise-install.sh
apk del gpg gpg-agent
EOF
# ARG (not ENV): available during build, not baked in. At runtime mise defaults
# to ~/.local/share/mise, which the container user can write to.
ARG MISE_DATA_DIR=/usr/local/share/mise
# Install uv via mise and expose uv and uvx on PATH.
RUN <<'EOF'
set -e
mise install uv@0.11.16
ln -s "$(mise exec uv@0.11.16 -- which uv)" /usr/local/bin/uv
ln -s "$(mise exec uv@0.11.16 -- which uvx)" /usr/local/bin/uvx
EOF
ENV UV_PYTHON_INSTALL_DIR=/usr/local/share/uv/python
# Install Python via uv and expose it on PATH
RUN uv python install 3.14.4 \
&& ln -s "$(uv python find 3.14.4)" /usr/local/bin/python3
# Install pi globally
RUN npm install -g "@earendil-works/pi-coding-agent@0.78.0"
# Prepend extension binaries (host-mounted via /pi-agent). Security: binaries
# here can shadow any command; no privilege escalation (--cap-drop=ALL,
# --no-new-privileges), but review ~/.pi/agent/npm-global/bin/ after installs.
ENV PATH="/pi-agent/npm-global/bin:${PATH}"
# /home/piuser: world-writable (1777) so any runtime UID can write here.
# /home/piuser/.ssh: root-owned 755; SSH accepts it and the runtime user can
# read mounts inside it (700 would block a non-matching UID).
# /etc/passwd: world-writable so the entrypoint can add the runtime UID.
# SSH calls getpwuid(3) and hard-fails without a passwd entry. Safe here
# because --cap-drop=ALL and --no-new-privileges block privilege escalation.
# .npmrc sets prefix=/pi-agent/npm-global so extensions persist across restarts.
# Written as a literal file because ENV HOME is not yet set to /home/piuser.
RUN mkdir -p /home/piuser /home/piuser/.ssh \
&& chmod 1777 /home/piuser \
&& chmod 755 /home/piuser/.ssh \
&& chmod a+w /etc/passwd \
&& touch /home/piuser/.ssh/known_hosts \
&& chmod 666 /home/piuser/.ssh/known_hosts \
&& echo "prefix=/pi-agent/npm-global" > /home/piuser/.npmrc
ENV HOME=/home/piuser
# Register the runtime UID in /etc/passwd before starting pi.
# SSH calls getpwuid(3) and hard-fails without an entry; nss_wrapper is
# unavailable in Wolfi so we append directly.
RUN <<'EOF'
cat > /usr/local/bin/entrypoint.sh << 'ENTRYPOINT'
#!/bin/sh
set -e
if ! grep -q "^[^:]*:[^:]*:$(id -u):" /etc/passwd; then
printf 'piuser:x:%d:%d:piuser:%s:/bin/sh\n' \
"$(id -u)" "$(id -g)" "${HOME}" >> /etc/passwd
fi
# Pass through to a shell when invoked via `pi:shell`; otherwise run pi.
case "${1:-}" in
bash|sh) exec "$@" ;;
*) exec pi "$@" ;;
esac
ENTRYPOINT
chmod +x /usr/local/bin/entrypoint.sh
EOF
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]