-
Notifications
You must be signed in to change notification settings - Fork 121
Expand file tree
/
Copy pathDockerfile.grok
More file actions
58 lines (49 loc) · 2.42 KB
/
Dockerfile.grok
File metadata and controls
58 lines (49 loc) · 2.42 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# --- Build stage ---
FROM rust:1-bookworm AS builder
WORKDIR /build
COPY Cargo.toml Cargo.lock ./
RUN mkdir src && echo 'fn main() {}' > src/main.rs && cargo build --release && rm -rf src
COPY src/ src/
RUN touch src/main.rs && cargo build --release
# --- Runtime stage ---
FROM debian:bookworm-slim
# Create agent user first so WORKDIR gets correct ownership
RUN useradd -m -u 1000 agent
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates curl procps ripgrep tini git && \
rm -rf /var/lib/apt/lists/*
# Install Grok Build CLI — pinned version with SHA256 checksum verification.
# Binary sourced from xAI's public artifacts bucket (same source the official
# `https://x.ai/cli/install.sh` resolves to) so the build is reproducible.
ARG GROK_VERSION=0.1.211
ARG GROK_SHA256_AMD64=9245f9c921b1f91bfb34ee2ee27715000b65e947723541ff1a612eaece468bd0
ARG GROK_SHA256_ARM64=b283cb72fdc3143365e044fd7f8630e14845640d4d81404bb36905cc7209abc6
ARG TARGETPLATFORM
RUN set -eux; \
case "${TARGETPLATFORM:-linux/amd64}" in \
"linux/amd64") arch=x86_64; sha="${GROK_SHA256_AMD64}" ;; \
"linux/arm64") arch=aarch64; sha="${GROK_SHA256_ARM64}" ;; \
*) echo "Unsupported platform: ${TARGETPLATFORM}" >&2; exit 1 ;; \
esac; \
curl -fsSL "https://storage.googleapis.com/grok-build-public-artifacts/cli/grok-${GROK_VERSION}-linux-${arch}" \
-o /tmp/grok && \
echo "${sha} /tmp/grok" | sha256sum -c - && \
install -m 0755 /tmp/grok /usr/local/bin/grok && \
rm /tmp/grok
# Install gh CLI
RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
-o /usr/share/keyrings/githubcli-archive-keyring.gpg && \
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \
> /etc/apt/sources.list.d/github-cli.list && \
apt-get update && apt-get install -y --no-install-recommends gh && \
rm -rf /var/lib/apt/lists/*
ENV HOME=/home/agent
WORKDIR /home/agent
COPY --from=builder --chown=1000:1000 /build/target/release/openab /usr/local/bin/openab
# Pre-create credential dir so a PVC mounted at ~/.grok inherits correct ownership
RUN mkdir -p /home/agent/.grok && chown -R agent:agent /home/agent
USER agent
HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
CMD pgrep -x openab || exit 1
ENTRYPOINT ["tini", "--"]
CMD ["openab", "run", "-c", "/etc/openab/config.toml"]