Skip to content

feat: unpack app tarballs from shadow volumes#49

Merged
deanq merged 4 commits intomainfrom
zeke/ae-1521-tarball-extraction
Jan 14, 2026
Merged

feat: unpack app tarballs from shadow volumes#49
deanq merged 4 commits intomainfrom
zeke/ae-1521-tarball-extraction

Conversation

@KAJdev
Copy link
Copy Markdown
Contributor

@KAJdev KAJdev commented Jan 13, 2026

deployed endpoints are expected to start with an empty /app and a build artifact (the flash build tarball, typically archive.tar.gz) staged on a mounted project volume.

at runtime startup, flash will:

  • find the build artifact: it prefers FLASH_BUILD_ARTIFACT_PATH if set, otherwise it uses the canonical flash project path: /root/.runpod/archive.tar.gz.
  • extract into /app: it safely extracts the tarball into /app.
  • make /app importable: it prepends /app to sys.path so the extracted local modules + deps can be imported.

Will still need to be wired up when executing locally within the worker.

from unpack_volume import maybe_unpack

maybe_unpack()

KAJdev and others added 4 commits January 13, 2026 11:33
Add unit and integration tests for unpack_volume module:

Unit Tests (tests/unit/test_unpack_volume.py):
- Path traversal prevention (malicious tar members)
- Thread safety with concurrent extraction attempts
- Environment detection (RUNPOD_POD_ID, RUNPOD_ENDPOINT_ID)
- Idempotency (multiple maybe_unpack calls)
- Error handling (missing artifacts, corrupted tarballs)
- Configuration (custom artifact paths, disable flags)

Integration Tests (tests/integration/test_unpack_volume_integration.py):
- End-to-end extraction with real tarballs
- Multi-file directory structures
- Large tarball extraction (50+ files)

Coverage: 98% for unpack_volume.py module
All 28 tests pass
Improvements to src/unpack_volume.py:
- Add thread-safe extraction with threading.Lock and double-checked locking
- Replace string-based path validation with Path.is_relative_to()
- Improve exception handling (catch specific exceptions)
- Add success logging after extraction
- Make environment variable checking case-insensitive
- Fix docstring to match actual behavior (raises, not returns False)

Move constants to src/constants.py:
- DEFAULT_APP_DIR = "/app"
- DEFAULT_ARTIFACT_PATH = "/root/.runpod/archive.tar.gz"
- Document FLASH_BUILD_ARTIFACT_PATH environment variable
- Document FLASH_DISABLE_UNPACK environment variable

These changes improve security, thread safety, and maintainability
while maintaining backward compatibility.
Add comprehensive documentation for the volume unpacking mechanism
in docs/Volume_Unpacking_System.md.

Documents:
- Runtime extraction flow with sequence diagrams
- Security features (path traversal prevention)
- Thread safety implementation (double-checked locking)
- Environment detection and configuration
- Error handling and exception hierarchy
- Usage examples and debugging techniques
- Performance characteristics
- Testing coverage (98% coverage, 28 tests)

This documentation explains how pre-packaged artifacts are
automatically extracted from shadow volumes into the runtime
environment for immediate code execution.
@deanq deanq requested a review from Copilot January 14, 2026 03:51
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR implements automatic unpacking of application build artifacts from shadow volumes into the /app directory at runtime. The system extracts tarballs from a mounted project volume when deployed endpoints start, making code and dependencies immediately available.

Changes:

  • Adds secure tarball extraction with path traversal prevention
  • Implements thread-safe, idempotent unpacking with environment detection
  • Integrates sys.path manipulation to make extracted modules importable

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file
File Description
src/unpack_volume.py Core unpacking logic with security validation and thread-safe extraction
src/constants.py Default paths and configuration constants for volume unpacking
tests/unit/test_unpack_volume.py Comprehensive unit tests for extraction, security, and edge cases
tests/integration/test_unpack_volume_integration.py End-to-end integration tests with real tarball scenarios
docs/Volume_Unpacking_System.md Complete documentation of system design, usage, and performance characteristics

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@deanq deanq merged commit 55d9cec into main Jan 14, 2026
18 checks passed
@deanq deanq deleted the zeke/ae-1521-tarball-extraction branch January 14, 2026 04:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants