gb_flea/paperclip
1
0
Fork 0
forked from farhoodlabs/paperclip
Code Pull Requests Activity

Add our tooling to Dockerfile, restore build workflow

Browse Source 
- Expand base apt: jq, procps, python3, python3-pip, gh
- Install kubectl, uv/uvx, kubeseal binaries
- Add @google/gemini-cli to production agent installs
- Use pnpm-lock.yaml* wildcard + --no-frozen-lockfile (lockfile policy)
- Restore build.yml targeting runners-cpfarhood

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Chris Farhood
2026-03-25 10:54:57 -04:00
parent 6d63a4df45
commit fa03b5944e
2 changed files with 68 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/build.yml
+53
View File
@@ -0,0 +1,53 @@
name: Build & Push
on:
push:
branches: [master]
workflow_dispatch:
permissions:
contents: read
packages: write
jobs:
build:
runs-on: runners-cpfarhood
timeout-minutes: 30
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/cpfarhood/paperclip
tags: |
type=raw,value=latest
type=sha,prefix=
type=semver,pattern={{version}}
- name: Build and push
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
no-cache: true
Dockerfile
+15 -5
View File
@@ -2,7 +2,7 @@ FROM node:lts-trixie-slim AS base
ARG USER_UID=1000 ARG USER_UID=1000
ARG USER_GID=1000 ARG USER_GID=1000
RUN apt-get update \ RUN apt-get update \
&& apt-get install -y --no-install-recommends ca-certificates gosu curl git wget ripgrep python3 \ && apt-get install -y --no-install-recommends ca-certificates curl git jq procps python3 python3-pip \
&& mkdir -p -m 755 /etc/apt/keyrings \ && mkdir -p -m 755 /etc/apt/keyrings \
&& wget -nv -O/etc/apt/keyrings/githubcli-archive-keyring.gpg https://cli.github.com/packages/githubcli-archive-keyring.gpg \ && wget -nv -O/etc/apt/keyrings/githubcli-archive-keyring.gpg https://cli.github.com/packages/githubcli-archive-keyring.gpg \
&& echo "20e0125d6f6e077a9ad46f03371bc26d90b04939fb95170f5a1905099cc6bcc0 /etc/apt/keyrings/githubcli-archive-keyring.gpg" | sha256sum -c - \ && echo "20e0125d6f6e077a9ad46f03371bc26d90b04939fb95170f5a1905099cc6bcc0 /etc/apt/keyrings/githubcli-archive-keyring.gpg" | sha256sum -c - \
@@ -12,16 +12,26 @@ RUN apt-get update \
&& apt-get update \ && apt-get update \
&& apt-get install -y --no-install-recommends gh \ && apt-get install -y --no-install-recommends gh \
&& rm -rf /var/lib/apt/lists/* \ && rm -rf /var/lib/apt/lists/* \
&& corepack enable && curl -fsSL "https://dl.k8s.io/release/$(curl -fsSL https://dl.k8s.io/release/stable.txt)/bin/linux/$(dpkg --print-architecture)/kubectl" \
-o /usr/local/bin/kubectl \
&& chmod +x /usr/local/bin/kubectl \
&& curl -LsSf https://astral.sh/uv/install.sh | sh \
&& mv /root/.local/bin/uv /usr/local/bin/uv \
&& mv /root/.local/bin/uvx /usr/local/bin/uvx \
&& curl -fsSL "https://github.com/bitnami-labs/sealed-secrets/releases/latest/download/kubeseal-$(uname -s | tr '[:upper:]' '[:lower:]')-$(dpkg --print-architecture)" \
-o /usr/local/bin/kubeseal \
&& chmod +x /usr/local/bin/kubeseal
# Modify the existing node user/group to have the specified UID/GID to match host user # Modify the existing node user/group to have the specified UID/GID to match host user
RUN usermod -u $USER_UID --non-unique node \ RUN usermod -u $USER_UID --non-unique node \
&& groupmod -g $USER_GID --non-unique node \ && groupmod -g $USER_GID --non-unique node \
&& usermod -g $USER_GID -d /paperclip node && usermod -g $USER_GID -d /paperclip node
RUN corepack enable
FROM base AS deps FROM base AS deps
WORKDIR /app WORKDIR /app
COPY package.json pnpm-workspace.yaml pnpm-lock.yaml .npmrc ./ COPY package.json pnpm-workspace.yaml pnpm-lock.yaml* .npmrc ./
COPY cli/package.json cli/ COPY cli/package.json cli/
COPY server/package.json server/ COPY server/package.json server/
COPY ui/package.json ui/ COPY ui/package.json ui/
@@ -39,7 +49,7 @@ COPY packages/adapters/pi-local/package.json packages/adapters/pi-local/
COPY packages/plugins/sdk/package.json packages/plugins/sdk/ COPY packages/plugins/sdk/package.json packages/plugins/sdk/
COPY patches/ patches/ COPY patches/ patches/
RUN pnpm install --frozen-lockfile RUN pnpm install --no-frozen-lockfile
FROM base AS build FROM base AS build
WORKDIR /app WORKDIR /app
@@ -55,7 +65,7 @@ ARG USER_UID=1000
ARG USER_GID=1000 ARG USER_GID=1000
WORKDIR /app WORKDIR /app
COPY --chown=node:node --from=build /app /app COPY --chown=node:node --from=build /app /app
RUN npm install --global --omit=dev @anthropic-ai/claude-code@latest @openai/codex@latest opencode-ai \ RUN npm install --global --omit=dev @anthropic-ai/claude-code@latest @openai/codex@latest opencode-ai @google/gemini-cli \
&& mkdir -p /paperclip \ && mkdir -p /paperclip \
&& chown node:node /paperclip && chown node:node /paperclip