Conversation
There was a problem hiding this comment.
Pull request overview
Adds a GitHub Actions workflow to build a reusable Python environment artifact for agent/container use, and updates agent container setup scripts to download and use that prebuilt venv instead of installing the full dependency set inside the container.
Changes:
- Introduces a new workflow to build, pack, upload, and prune a “hyrax-agent-venv-main” artifact.
- Updates Codex and Claude container setup scripts to download/extract the artifact into a configurable venv directory and then install Hyrax in editable mode.
- Hardens the setup scripts with
set -euo pipefailand more robust repo-root detection.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 11 comments.
| File | Description |
|---|---|
agent_scripts/codex_setup_container.sh |
Downloads/extracts a prebuilt venv artifact and installs Hyrax dev editable in the container. |
agent_scripts/claude_code_web_setup_container.sh |
Same artifact-based venv bootstrap flow for Claude Code container setup. |
.github/workflows/build-agent-env-artifact.yml |
New workflow to build and publish the prebuilt venv artifact and delete older artifacts with the same name. |
| ARTIFACT_ID=$(curl -fsSL "https://api.github.com/repos/${ARTIFACT_REPO}/actions/artifacts?per_page=100" | jq -r ".artifacts[] | select(.name == \"${ARTIFACT_NAME}\") | .id" | head -n1) | ||
| curl -fsSL "https://api.github.com/repos/${ARTIFACT_REPO}/actions/artifacts/${ARTIFACT_ID}/zip" -o /tmp/hyrax-agent-venv.zip | ||
|
|
||
| rm -rf "$VENV_DIR" | ||
| mkdir -p "$VENV_DIR" | ||
| rm -rf /tmp/hyrax-agent-venv | ||
| unzip -q /tmp/hyrax-agent-venv.zip -d /tmp/hyrax-agent-venv | ||
| TARBALL_PATH=$(find /tmp/hyrax-agent-venv -name '*.tar.gz' | head -n1) | ||
| tar -xzf "$TARBALL_PATH" -C "$VENV_DIR" |
There was a problem hiding this comment.
If the artifact name can't be resolved to an ID (or the zip doesn't contain a .tar.gz), ARTIFACT_ID/TARBALL_PATH will be empty and the script will fail later without context. Add explicit validation after computing ARTIFACT_ID and TARBALL_PATH with a clear error message before proceeding.
1. Download: curl was forwarding the GitHub Bearer token to the Azure Blob Storage redirect target, causing 503. Fix by extracting the signed redirect URL first (without following it), then downloading from Azure without auth headers. 2. Activation: script called `conda info --base` and `conda activate`, but conda is not installed in the Claude Code web environment. The packed env is self-contained — use `source "$ENV_DIR/bin/activate"` instead. https://claude.ai/code/session_012Xfp2h6KyrbZ3VXL3jRj2b Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #882 +/- ##
=======================================
Coverage 66.71% 66.71%
=======================================
Files 63 63
Lines 6553 6553
=======================================
Hits 4372 4372
Misses 2181 2181 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
mtauraso
changed the title
* Restrict env artifact workflow to main and add setup docs * Document internet and domain allow-list requirements * Condense allow-list instructions for web providers
drewoldag
left a comment
drewoldag
left a comment
There was a problem hiding this comment.
This seems pretty cool, can we use the packed conda environment for anything else? build-docs, or pre-commit? I suppose the risk is that the deps have changed and the packed venv might be out of date with pre-commit or build-docs?
Either way, this part seems quite useful.
Motivation
mainto ensure consistent dev dependencies across agent sessions.Description
/.github/workflows/build-agent-env-artifact.ymlthat sets up Python 3.11, creates a venv, runspip install -e '.[dev]', runspip check, packs the venv into a tarball, uploads it as artifacthyrax-agent-venv-main, and deletes older artifacts with the same name.agent_scripts/claude_code_web_setup_container.shto download the artifact zip via the GitHub Actions API, extract the contained tarball into a configurableVENV_DIR, activate the venv, and install the repo in editable dev mode; addset -euo pipefailand robust repo root detection.agent_scripts/codex_setup_container.shwith the same artifact-download-and-extract flow, activation of the prebuilt venv, andset -euo pipefail, and make artifact repo/name and venv dir configurable viaHYRAX_*env vars.Testing
pip checkstep which will validate installed package dependencies when the workflow runs on CI.Codex Task