-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathopencode-sandbox-template.sh
More file actions
executable file
·105 lines (96 loc) · 2.87 KB
/
Copy pathopencode-sandbox-template.sh
File metadata and controls
executable file
·105 lines (96 loc) · 2.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
#!/usr/bin/env bash
set -eu
sandbox_dockerfile="opencode.Dockerfile"
sandbox_image_name="opencode-sandbox"
sandbox_container_name="opencode-sandbox"
agent_dir=".agents"
# Setup project
# Ensure your docker is running. Creates docker a file
# and builds the sandbox image if not exists.
if [[ ! -f "${sandbox_dockerfile}" ]]; then
cat <<- 'EOF' > "${sandbox_dockerfile}"
FROM debian:latest
ARG UID
ARG USERNAME
ARG GID
ARG GROUPNAME
RUN groupadd -f --gid ${GID} ${GROUPNAME}
RUN useradd --create-home --shell /bin/bash --uid ${UID} --gid ${GID} ${USERNAME}
RUN apt update && apt install -y curl
USER ${USERNAME}
RUN curl -fsSL https://opencode.ai/install | bash
ENV PATH="$PATH:/home/${USERNAME}/.opencode/bin"
WORKDIR /workspace
EOF
fi;
if [ -z "$(docker images -q "${sandbox_image_name}" 2> /dev/null)" ]; then
docker build \
-t "${sandbox_image_name}" \
--build-arg UID="$(id -u)" \
--build-arg USERNAME="$(id -un)" \
--build-arg GID="$(id -g)" \
--build-arg GROUPNAME="$(id -gn)" \
-f "${sandbox_dockerfile}" \
--no-cache \
.
fi;
if [[ -f "${sandbox_dockerfile}" ]]; then
rm "${sandbox_dockerfile}"
fi;
# Create project context files and settings directory.
if [[ ! -d "$agent_dir" ]]; then
mkdir "$agent_dir"
mkdir "$agent_dir/agents"
touch "$agent_dir/agents/.gitkeep"
mkdir "$agent_dir/plans"
touch "$agent_dir/plans/.gitkeep"
mkdir "$agent_dir/skills"
touch "$agent_dir/skills/.gitkeep"
# tool specific settings
touch opencode.json
cat << 'EOF' > opencode.json
{
"$schema": "https://opencode.ai/config.json",
"autoupdate": "notify",
"default_agent": "plan",
"share": "disabled",
"watcher": {
"ignore": ["node_modules/**", "dist/**", ".git/**", "out/**"]
}
}
EOF
fi;
if [[ ! -f "AGENTS.md" ]]; then
touch AGENTS.md
fi;
if [[ ! -f "CLAUDE.md" ]]; then
touch CLAUDE.md
echo "@AGENTS.md" >> CLAUDE.md
fi;
# Never share files with sensitive data like credentials or
# person related information.
# You also don't need to share library sources like `node_modules/`
# or `vendor/` which keeps the context clean.
# As a rule of thumb: Share only code and information that you
# rely on when working on the project.
#
# Don't share files like:
# - .env*
# - node_modules/
#
# Exclude deeply shared files and directories by mounting them
# to `/dev/null`. The container will see an empty file.
# `-v "$(pwd)/dev/null:/workspace/path/to/file/i/dont/want/to/share.txt"
docker run -it \
--rm \
--security-opt=no-new-privileges \
--user "$(id -un):$(id -gn)" \
-v "$(pwd)/src:/workspace/src" \
-v "$(pwd)/package.json:/workspace/package.json" \
-v "$(pwd)/README.md:/workspace/README.md" \
-v "$(pwd)/$agent_dir:/workspace/$agent_dir" \
-v "$(pwd)/AGENTS.md:/workspace/AGENTS.md" \
-v "$(pwd)/CLAUDE.md:/workspace/CLAUDE.md" \
--name "${sandbox_container_name}" \
"${sandbox_image_name}" \
bash -c 'exec $HOME/.opencode/bin/opencode'