Skip to content

Remove node modules from the image #79

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
HUAHUAI23 merged 1 commit into from
Nov 11, 2025
Merged

Remove node modules from the image #79

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 8 additions & 5 deletions lib/k8s/sandbox-manager.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -720,12 +720,13 @@ export class SandboxManager {
*
* What gets initialized:
* 1. .bashrc - Shell configuration (only if doesn't exist, never overwrite user changes)
* 2. next/ - Next.js project template (only if directory is empty)
* 2. next/ - Next.js project template WITHOUT node_modules (only if directory is empty)
*
* Safety strategy:
* - .bashrc: Copy only if missing (user may have customized it)
* - next/: Copy only if directory doesn't exist or is completely empty
* - Never overwrites existing user files
* - node_modules NOT copied (removed from image to avoid root permission issues)
*/
private generateInitContainerScript(): string {
return `
Expand Down Expand Up @@ -788,14 +789,15 @@ if [ ! -d /opt/next-template ]; then
exit 1
fi

# Copy Next.js project template
# Copy Next.js project template (without node_modules)
echo "→ Copying Next.js project template from /opt/next-template..."
echo " Source: /opt/next-template (agent:agent)"
echo " Target: /home/agent/next"
echo " This may take 10-30 seconds..."
echo " Note: node_modules NOT included - run 'pnpm install' to install dependencies"
echo " This may take 5-10 seconds..."
mkdir -p /home/agent/next

# Copy with progress indicator and preserve timestamps
# Copy project files (node_modules already removed from image)
# Using cp instead of rsync for simplicity (rsync is available but cp is sufficient)
cp -rp /opt/next-template/. /home/agent/next 2>&1 || {
echo "✗ ERROR: Failed to copy template"
Expand Down Expand Up @@ -833,7 +835,8 @@ echo "✓ Next.js project: ready (newly created)"
echo "✓ Location: /home/agent/next"
echo "✓ Ownership: agent (1001:1001)"
echo "✓ Files copied: $FILE_COUNT"
echo "✓ Project can be accessed via: cd ~/next && pnpm dev"
echo "⚠ node_modules not included - run 'pnpm install' to install dependencies"
echo "✓ To start: cd ~/next && pnpm install && pnpm dev"
echo ""
echo "=== Init Container: Completed successfully ==="
`.trim()
Expand Down
16 changes: 13 additions & 3 deletions sandbox/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
# NOTE: Sensitive variables below are declared as empty strings for documentation.
# Actual values will be securely injected at runtime via Kubernetes Secrets.
# This is safe - no actual secrets are hardcoded in the Dockerfile.
ENV DEBIAN_FRONTEND=noninteractive \

Check warning on line 20 in sandbox/Dockerfile

View workflow job for this annotation

GitHub Actions / Build Runtime Docker Images

Sensitive data should not be used in the ARG or ENV commands 

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "ANTHROPIC_AUTH_TOKEN")
More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/

Check warning on line 20 in sandbox/Dockerfile

View workflow job for this annotation

GitHub Actions / Build Runtime Docker Images

Sensitive data should not be used in the ARG or ENV commands 

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "DOCKER_HUB_PASSWD")
More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/
NODE_VERSION=22.x \
CLAUDE_CODE_VERSION=latest \
PATH="/root/.local/bin:/home/agent/.local/bin:$PATH" \
Expand Down Expand Up @@ -248,22 +248,32 @@
echo "✓ shadcn/ui installed"

# -----------------------------------------------------------------------------
# Step 3: Clean up and set ownership
# Step 3: Clean up node_modules and set ownership
# Rationale: node_modules installed by root causes permission issues when
# copied to PVC and used by agent user (UID 1001)
# Solution: Remove node_modules from template, agent will install when needed
# -----------------------------------------------------------------------------
RUN set -eux; \
TEMPLATE_DIR="/opt/next-template"; \
cd "$TEMPLATE_DIR"; \
echo "=== Removing node_modules to avoid permission issues ==="; \
rm -rf node_modules .next; \
echo "=== Cleaning up pnpm cache ==="; \
pnpm store prune; \
echo "=== Setting ownership to agent user (1001:1001) ==="; \
chown -R agent:agent "$TEMPLATE_DIR"; \
echo "=== Final verification ==="; \
ls -la "$TEMPLATE_DIR"; \
if [ ! -f "$TEMPLATE_DIR/package.json" ]; then \
echo "ERROR: Template verification failed"; \
echo "ERROR: Template verification failed - package.json missing"; \
exit 1; \
fi; \
echo "✓ Template ready at $TEMPLATE_DIR (owned by agent:agent)"
if [ -d "$TEMPLATE_DIR/node_modules" ]; then \
echo "ERROR: node_modules should have been removed"; \
exit 1; \
fi; \
echo "✓ Template ready at $TEMPLATE_DIR (owned by agent:agent)"; \
echo "✓ node_modules removed - user will install dependencies as needed"

# =============================================================================
# Container Runtime Configuration
Expand Down