chore: harden installer and add smoke ci
This commit is contained in:
Peter Steinberger
23
scripts/docker/install-sh-nonroot/Dockerfile
Normal file
23
scripts/docker/install-sh-nonroot/Dockerfile
Normal file
@@ -0,0 +1,23 @@
|
||||
FROM ubuntu:24.04
|
||||
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y --no-install-recommends \
|
||||
bash \
|
||||
ca-certificates \
|
||||
curl \
|
||||
sudo \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
RUN useradd -m -s /bin/bash app \
|
||||
&& echo "app ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/app
|
||||
|
||||
USER app
|
||||
WORKDIR /home/app
|
||||
|
||||
ENV NPM_CONFIG_FUND=false
|
||||
ENV NPM_CONFIG_AUDIT=false
|
||||
|
||||
COPY run.sh /usr/local/bin/clawdbot-install-nonroot
|
||||
RUN sudo chmod +x /usr/local/bin/clawdbot-install-nonroot
|
||||
|
||||
ENTRYPOINT ["/usr/local/bin/clawdbot-install-nonroot"]
|
||||
42
scripts/docker/install-sh-nonroot/run.sh
Normal file
42
scripts/docker/install-sh-nonroot/run.sh
Normal file
@@ -0,0 +1,42 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
INSTALL_URL="${CLAWDBOT_INSTALL_URL:-https://clawd.bot/install.sh}"
|
||||
|
||||
echo "==> Pre-flight: ensure git absent"
|
||||
if command -v git >/dev/null; then
|
||||
echo "git is present unexpectedly" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "==> Run installer (non-root user)"
|
||||
curl -fsSL "$INSTALL_URL" | bash
|
||||
|
||||
# Ensure PATH picks up user npm prefix
|
||||
export PATH="$HOME/.npm-global/bin:$PATH"
|
||||
|
||||
echo "==> Verify git installed"
|
||||
command -v git >/dev/null
|
||||
|
||||
echo "==> Verify clawdbot installed"
|
||||
LATEST_VERSION="$(npm view clawdbot version)"
|
||||
CMD_PATH="$(command -v clawdbot || true)"
|
||||
if [[ -z "$CMD_PATH" && -x "$HOME/.npm-global/bin/clawdbot" ]]; then
|
||||
CMD_PATH="$HOME/.npm-global/bin/clawdbot"
|
||||
fi
|
||||
if [[ -z "$CMD_PATH" ]]; then
|
||||
echo "clawdbot not on PATH" >&2
|
||||
exit 1
|
||||
fi
|
||||
INSTALLED_VERSION="$("$CMD_PATH" --version 2>/dev/null | head -n 1 | tr -d '\r')"
|
||||
|
||||
echo "installed=$INSTALLED_VERSION expected=$LATEST_VERSION"
|
||||
if [[ "$INSTALLED_VERSION" != "$LATEST_VERSION" ]]; then
|
||||
echo "ERROR: expected clawdbot@$LATEST_VERSION, got @$INSTALLED_VERSION" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "==> Sanity: CLI runs"
|
||||
"$CMD_PATH" --help >/dev/null
|
||||
|
||||
echo "OK"
|
||||
@@ -5,7 +5,7 @@ RUN apt-get update \
|
||||
bash \
|
||||
ca-certificates \
|
||||
curl \
|
||||
git \
|
||||
sudo \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
COPY run.sh /usr/local/bin/clawdbot-install-smoke
|
||||
|
||||
Reference in New Issue
Block a user