mirror of
https://github.com/coleam00/Archon
synced 2026-04-21 13:37:41 +00:00
* docs: Add Phase 5 CLI binary distribution plan - Create detailed implementation plan for binary distribution - Add Phase 5.0: Bundle defaults for binary (depends on #322) - Add Phase 5.1-5.7: Build scripts, GitHub Actions, curl install, Homebrew formula, Windows docs, version command, release guide - Update research doc with Phase 6 (auto-update command) - Renumber dashboard to Phase 7, workflow builder to Phase 8 - Mark Phases 1-4 as complete in research doc * feat: Phase 5 - CLI binary distribution Implement standalone binary distribution for Archon CLI: - Bundle default commands and workflows into binaries at compile time - Add build scripts for cross-platform compilation (macOS/Linux, ARM64/x64) - Create GitHub Actions release workflow triggered on version tags - Add curl install script with checksum verification - Create Homebrew formula for macOS/Linux installation - Update version command to show platform, build type, and database info - Add developer release guide documentation - Update README with CLI installation instructions Binary compilation uses Bun's --compile flag to create standalone executables that include the Bun runtime and all dependencies. Default workflows and commands are imported as text at compile time and embedded directly into the binary. * fix: Pin Dockerfile to Bun 1.3.4 to match lockfile version The Docker build was failing because oven/bun:1-slim resolved to 1.3.6 while the lockfile was created with 1.3.4, causing --frozen-lockfile to fail. * docs: Clarify binary vs source builds for default commands/workflows * fix: Address PR review issues for CLI binary distribution Security fixes: - install.sh: Require SKIP_CHECKSUM=true to bypass checksum verification instead of silently skipping (addresses security vulnerability) - install.sh: Show actual error output when version check fails instead of falsely reporting success Validation improvements: - checksums.sh: Validate all 4 expected binaries exist before generating checksums to prevent releasing incomplete builds - build-binaries.sh: Verify binary exists and has reasonable size (>1MB) after each build step - update-homebrew.sh: Validate extracted checksums are non-empty and look like valid SHA256 hashes (64 hex chars) - update-homebrew.sh: Fix sed patterns to use URL context for updating checksums on subsequent runs Bug fixes: - homebrew/archon.rb: Fix test to expect exit code 0 (success) instead of 1 for `archon version` - loader.ts: Log error when bundled workflow fails to parse (indicates build-time corruption) Test coverage: - Add bundled-defaults.test.ts for isBinaryBuild() and content validation - Add connection.test.ts for getDatabaseType() function - Add binary build bundled workflow tests to loader.test.ts - Add binary build bundled command tests to executor.test.ts All 959 tests pass.
76 lines
2.6 KiB
Docker
76 lines
2.6 KiB
Docker
FROM oven/bun:1.3.4-slim
|
|
|
|
# OCI Labels for GHCR
|
|
LABEL org.opencontainers.image.source="https://github.com/dynamous-community/remote-coding-agent"
|
|
LABEL org.opencontainers.image.description="Control AI coding assistants remotely from Telegram, Slack, Discord, and GitHub"
|
|
LABEL org.opencontainers.image.licenses="MIT"
|
|
|
|
# Prevent interactive prompts during installation
|
|
ENV DEBIAN_FRONTEND=noninteractive
|
|
|
|
WORKDIR /app
|
|
|
|
# Install system dependencies
|
|
RUN apt-get update && apt-get install -y \
|
|
curl \
|
|
git \
|
|
bash \
|
|
ca-certificates \
|
|
gnupg \
|
|
postgresql-client \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Install GitHub CLI
|
|
RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \
|
|
&& chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \
|
|
&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
|
|
&& apt-get update \
|
|
&& apt-get install -y gh \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Create non-root user for running Claude Code
|
|
# Claude Code refuses to run with --dangerously-skip-permissions as root for security
|
|
RUN useradd -m -u 1001 -s /bin/bash appuser \
|
|
&& chown -R appuser:appuser /app
|
|
|
|
# Create Archon directories
|
|
RUN mkdir -p /.archon/workspaces /.archon/worktrees \
|
|
&& chown -R appuser:appuser /.archon
|
|
|
|
# Copy package files and lockfile
|
|
COPY package.json bun.lock ./
|
|
|
|
# Install ALL dependencies (including devDependencies for build)
|
|
RUN bun install --frozen-lockfile
|
|
|
|
# Copy application code
|
|
COPY . .
|
|
|
|
# Build TypeScript with Bun
|
|
RUN bun build src/index.ts --outdir=dist --target=bun
|
|
|
|
# Remove devDependencies to reduce image size
|
|
RUN bun install --production --frozen-lockfile
|
|
|
|
# Fix permissions for appuser
|
|
RUN chown -R appuser:appuser /app
|
|
|
|
# Switch to non-root user
|
|
USER appuser
|
|
|
|
# Create .codex directory for Codex authentication
|
|
RUN mkdir -p /home/appuser/.codex
|
|
|
|
# Configure git to trust Archon directories
|
|
# This prevents "fatal: detected dubious ownership" errors when git operations
|
|
# are performed in mounted volumes or repos cloned by different users
|
|
RUN git config --global --add safe.directory '/.archon/workspaces' && \
|
|
git config --global --add safe.directory '/.archon/workspaces/*' && \
|
|
git config --global --add safe.directory '/.archon/worktrees' && \
|
|
git config --global --add safe.directory '/.archon/worktrees/*'
|
|
|
|
# Expose port
|
|
EXPOSE 3000
|
|
|
|
# Setup Codex authentication from environment variables, then start app
|
|
CMD ["sh", "-c", "bun run setup-auth && bun run start"]
|