Skip to content

feat(docker): Phase 4 reproducible experiment VM (4.1+4.2+4.3)#1617

Open
nextlevelshit wants to merge 4 commits into
mainfrom
feat/phase4-docker-vm
Open

feat(docker): Phase 4 reproducible experiment VM (4.1+4.2+4.3)#1617
nextlevelshit wants to merge 4 commits into
mainfrom
feat/phase4-docker-vm

Conversation

@nextlevelshit
Copy link
Copy Markdown
Collaborator

@nextlevelshit nextlevelshit commented Apr 30, 2026

Summary

Phase 4 of Epic #1565 — Dockerized Wave experiment VM that boots against any Codeberg/Gitea target repo, runs onboard-project on first contact, and serves the webui on :8080. End-to-end smoke (4.4) lands as a follow-up once a real Codeberg target + Anthropic key are wired.

What lands

  • 4.1 `docker/Dockerfile.experiment` — multi-stage build:
    • Stage 1: `golang:1.22-bookworm` builds wave with `-tags=webui_preview`
    • Stage 2: `debian:bookworm-slim` fetches `tea` v0.11.1 binary
    • Stage 3: `node:22-bookworm-slim` runtime with `@anthropic-ai/claude-code` via npm + `git`, `gh`, `curl`, `jq`, `sqlite3`, `tini`
    • Drops to non-root `wave` user, EXPOSE 8080, tini PID 1.
  • 4.2 `docker/entrypoint.sh` — bash (`#!/usr/bin/env bash`, deliberately no `set -o pipefail` after the dash-incompat hit on feat(pipelines): add pipeline-evolve meta-pipeline #1611). Idempotent: clone via tea/git, `wave init`, `wave run onboard-project` if no sentinel, then `exec wave serve`. Restarts reuse the clone.
  • 4.3 `docker/docker-compose.experiment.yml` + `docker/.env.experiment.example` — single service, two named volumes:
    • `wave-work` → `/work` (clone + state.db survives rebuilds)
    • `wave-config` → `/home/wave/.config` (claude OAuth + tea login persist)
    • healthcheck hits `/health`, restart=unless-stopped.
    • `.env.experiment` is gitignored; the example file is the template.

Test plan

  • `bash -n docker/entrypoint.sh` — syntax clean
  • `docker compose -f docker/docker-compose.experiment.yml --env-file docker/.env.experiment build` — build succeeds
  • First boot against a fresh Codeberg target — clones, onboards, sentinel written, webui reachable on :8080
  • Restart container — entrypoint short-circuits clone + init + onboard, just boots
  • 4.4 End-to-end smoke against `code-crispies` (the canonical walkthrough target). Tracked separately.

Why no `set -o pipefail` in entrypoint

#1611 shipped `set -o pipefail` in pipeline-evolve.yaml scripts; CI's `sh` (dash) doesn't support it and tests failed. Lesson banked: bash-shebang makes pipefail safe to add later, but the entrypoint here doesn't pipe-chain anywhere it matters, so I'm leaving it off rather than adding a safety I don't need.

Related

@nextlevelshit nextlevelshit mentioned this pull request Apr 30, 2026
Open
45 tasks
nextlevelshit and others added 4 commits May 2, 2026 14:51
@nextlevelshit
feat(docker): Phase 4 reproducible experiment VM (Dockerfile + entryp…
80ada87 
…oint + compose)

Phase 4 of Epic #1565 — boots Wave + Claude Code + tea against any
Codeberg/Gitea target repo, runs onboard-project on first contact, and
exposes the webui on :8080.

Files:
- docker/Dockerfile.experiment — multi-stage: golang to build wave with
  webui_preview, debian to fetch tea, node:22-bookworm runtime with
  claude-code via npm.
- docker/entrypoint.sh — bash (#!/usr/bin/env bash; no `set -o pipefail`
  per the dash-incompatibility hit on #1611). Idempotent clone, init,
  onboard, then exec wave serve.
- docker/docker-compose.experiment.yml — single service, two named
  volumes (wave-work + wave-config) so OAuth/clone survive rebuilds.
- docker/.env.experiment.example — required env template; the real
  .env.experiment is gitignored.

Pending: 4.4 end-to-end smoke on a real Codeberg target. Will run after
Anthropic API key + Codeberg token are wired in .env.experiment.
@nextlevelshit
fix(docker): mkdir /out before tea fetch + map ANTHROPIC_TOKEN env
513ea7e
@nextlevelshit
fix(docker): golang:1.25, drop tini+gh, reuse node user
c481e7c 
- golang:1.22→1.25 (go.mod requires >=1.25.5)
- remove tini from apt (node:22-bookworm-slim lacks it; compose init:true handles PID1)
- remove gh from apt (not needed for Codeberg/Gitea target; tea handles clone)
- drop useradd (passwd pkg absent in slim); reuse pre-existing node user (UID 1000)
- update ENTRYPOINT to call entrypoint.sh directly
@nextlevelshit
docs: next-session plan for Phase 4 docker smoke
6cec4e7
@nextlevelshit nextlevelshit force-pushed the feat/phase4-docker-vm branch from d46290c to 6cec4e7 Compare May 2, 2026 12:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nextlevelshit