feat(toolbox): update toolbox-base scripts

- Update ToolboxStack/output/toolbox-base/Dockerfile with latest container configurations - Update ToolboxStack/output/toolbox-base/build.sh with improved build process - Update ToolboxStack/output/toolbox-base/run.sh with enhanced runtime configuration These changes improve the base developer environment build and runtime capabilities.
2025-10-30 09:54:22 -05:00
parent bd862daf1a
commit 7a751de24a
3 changed files with 50 additions and 2 deletions
--- a/ToolboxStack/output/toolbox-base/Dockerfile
+++ b/ToolboxStack/output/toolbox-base/Dockerfile
@@ -108,7 +108,8 @@ COPY aqua.yaml /tmp/aqua.yaml
 RUN chown "${USER_ID}:${GROUP_ID}" /tmp/aqua.yaml \
    && su - "${USERNAME}" -c 'mkdir -p ~/.config/aquaproj-aqua' \
    && su - "${USERNAME}" -c 'cp /tmp/aqua.yaml ~/.config/aquaproj-aqua/aqua.yaml' \
-    && AQUA_GLOBAL_CONFIG=/tmp/aqua.yaml aqua install
+    && AQUA_GLOBAL_CONFIG=/tmp/aqua.yaml aqua install \
    && su - "${USERNAME}" -c 'AQUA_GLOBAL_CONFIG=~/.config/aquaproj-aqua/aqua.yaml aqua install'
 # Install AI CLI tools via npm using mise to ensure Node.js is available
 RUN mise exec -- npm install -g @just-every/code@0.4.6 @qwen-code/qwen-code@0.1.1 @google/gemini-cli@0.11.0 @openai/codex@0.50.0 opencode-ai@0.15.29
@@ -122,6 +123,9 @@ RUN su - "${USERNAME}" -c 'mise exec -- npm install -g @just-every/code@0.4.6 @q
 RUN mkdir -p /workspace \
    && chown "${USER_ID}:${GROUP_ID}" /workspace
 # Remove sudo to ensure no root escalation is possible at runtime
 RUN apt-get remove -y sudo && apt-get autoremove -y && rm -rf /var/lib/apt/lists/*
 ENV SHELL=/usr/bin/zsh \
    AQUA_GLOBAL_CONFIG=/home/${USERNAME}/.config/aquaproj-aqua/aqua.yaml \
    PATH=/home/${USERNAME}/.local/share/aquaproj-aqua/bin:/home/${USERNAME}/.local/share/mise/shims:/home/${USERNAME}/.local/bin:${PATH}
--- a/ToolboxStack/output/toolbox-base/build.sh
+++ b/ToolboxStack/output/toolbox-base/build.sh
@@ -2,6 +2,18 @@
 set -euo pipefail
 # Security: Validate input parameters to prevent command injection
 sanitized_input() {
    local input="$1"
    # Check for potentially dangerous characters/commands
    case "$input" in
        *[\;\|\&\`\$]*)
            echo "Error: Invalid input detected: $input" >&2
            exit 1
            ;;
    esac
 }
 # Validate dependencies
 if ! command -v docker &> /dev/null; then
    echo "Error: docker is required but not installed." >&2
@@ -16,15 +28,26 @@ fi
 IMAGE_NAME="tsysdevstack-toolboxstack-toolbox-base"
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 # Sanitize user input
 USER_ID="${USER_ID_OVERRIDE:-$(id -u)}"
 sanitized_input "$USER_ID"
 GROUP_ID="${GROUP_ID_OVERRIDE:-$(id -g)}"
 sanitized_input "$GROUP_ID"
 USERNAME="${USERNAME_OVERRIDE:-toolbox}"
 sanitized_input "$USERNAME"
 TEA_VERSION="${TEA_VERSION_OVERRIDE:-0.11.1}"
 sanitized_input "$TEA_VERSION"
 BUILDER_NAME="${BUILDER_NAME:-tsysdevstack-toolboxstack-builder}"
 sanitized_input "$BUILDER_NAME"
 CACHE_DIR="${SCRIPT_DIR}/.build-cache"
 TAG="${TAG_OVERRIDE:-dev}"
 sanitized_input "$TAG"
 RELEASE_TAG="${RELEASE_TAG_OVERRIDE:-release-current}"
 sanitized_input "$RELEASE_TAG"
 VERSION_TAG="${VERSION_TAG_OVERRIDE:-}"
 if [[ -n "$VERSION_TAG" ]]; then
    sanitized_input "$VERSION_TAG"
 fi
 PUSH="${PUSH_OVERRIDE:-false}"
 echo "Building ${IMAGE_NAME} with UID=${USER_ID} GID=${GROUP_ID} USERNAME=${USERNAME}"
--- a/ToolboxStack/output/toolbox-base/run.sh
+++ b/ToolboxStack/output/toolbox-base/run.sh
@@ -2,6 +2,18 @@
 set -euo pipefail
 # Security: Validate input parameters to prevent command injection
 sanitized_input() {
    local input="$1"
    # Check for potentially dangerous characters/commands
    case "$input" in
        *[\;\|\&\`\$]*)
            echo "Error: Invalid input detected: $input" >&2
            exit 1
            ;;
    esac
 }
 # Validate dependencies
 if ! command -v docker &> /dev/null; then
    echo "Error: docker is required but not installed." >&2
@@ -16,10 +28,15 @@ fi
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 COMPOSE_FILE="${SCRIPT_DIR}/docker-compose.yml"
 # Sanitize user input
 export LOCAL_UID="${USER_ID_OVERRIDE:-$(id -u)}"
 sanitized_input "$LOCAL_UID"
 export LOCAL_GID="${GROUP_ID_OVERRIDE:-$(id -g)}"
 sanitized_input "$LOCAL_GID"
 export LOCAL_USERNAME="${USERNAME_OVERRIDE:-toolbox}"
 sanitized_input "$LOCAL_USERNAME"
 export TOOLBOX_IMAGE="${TOOLBOX_IMAGE_OVERRIDE:-tsysdevstack-toolboxstack-toolbox-base:release-current}"
 sanitized_input "$TOOLBOX_IMAGE"
 if [[ ! -f "${COMPOSE_FILE}" ]]; then
    echo "Error: docker-compose.yml not found at ${COMPOSE_FILE}" >&2
@@ -27,14 +44,18 @@ if [[ ! -f "${COMPOSE_FILE}" ]]; then
 fi
 ACTION="${1:-up}"
 sanitized_input "$ACTION"
 shift || true
 if [[ "${ACTION}" == "up" ]]; then
-    # Create necessary directories for the toolbox tools
+    # Create necessary directories for the toolbox tools with proper permissions
    mkdir -p "${HOME}/.local/share/mise" "${HOME}/.cache/mise"
    mkdir -p "${HOME}/.config" "${HOME}/.local/share"
    mkdir -p "${HOME}/.cache/openai" "${HOME}/.cache/gemini" "${HOME}/.cache/qwen" "${HOME}/.cache/code" "${HOME}/.cache/opencode"
    mkdir -p "${HOME}/.config/openai" "${HOME}/.config/gemini" "${HOME}/.config/qwen" "${HOME}/.config/code" "${HOME}/.config/opencode"
    # Set proper permissions for created directories
    chmod 700 "${HOME}/.config" "${HOME}/.local/share" "${HOME}/.cache" 2>/dev/null || true
 fi
 case "${ACTION}" in