feat(server): hash assistant runtime image for stable tag#3056
Conversation
Replace the externally-supplied --assistant-runtime-image-version flag with a build-time content hash of agents/ injected via -ldflags. The fly runtime backend now requests the runtime image at <repo>:<hash>; when a deploy doesn't touch agents/ the hash is unchanged, desiredImageRef equals the running machine's ImageRef, and maybeRecycleImage skips the machine swap entirely. Closes AGE-2478
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
Claude Code Review
This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.
Tip: disable this comment in your organization's Code Review settings.
🦋 Changeset detectedLatest commit: 378047d The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Prompt-injection risk reportCorpus: 933 cases (384 malicious / 549 benign) No main baseline artifact found yet; this comment shows the current run only. Operational Modes
L1 opt-in was not evaluated in this run: classifier URL is not set. Generated by |
🚀 Preview Environment (PR #3056)Preview URL: https://pr-3056.dev.getgram.ai
Gram Preview Bot |
Dropping hash injection from start scripts and local assistant runtime image push restores the previous workflow where dev iterates against a single :dev tag pushed on demand. CI still tags with the content hash, which is what production reads via build:server's ldflags.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 805676c398
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
build:server.sh wrapped the injected `-X` values in `\"…\"`; Go's ldflags treats the entire RHS as the string literal, so `AssistantRuntimeImageHash` shipped as `"abc123"` (with embedded quotes), which fly rejects as an OCI tag. Also let CI hand the canonical hash to build:server.sh via an env override so the server binary and the runtime image push agree even if the two CI jobs ever drift on intermediate workspace state, and fail loud if either side computes an empty hash. Small follow-ups from the same review pass: - machineConfig now calls desiredImageRef() instead of repeating its Sprintf so the two ref formats can't drift. - Drop the unreachable ImageTag-empty branch in FlyRuntimeConfig.Validate now that the field is sourced from a build-time constant.
Replaces the find|sort|xargs|shasum pipeline with `git rev-parse HEAD:agents`, which is already the canonical content hash of the tree. Also captures file mode changes (chmod-only edits) that the file-content hash missed, and ignores untracked workspace junk by construction.
danielkov
deleted the
daniel/age-2478-use-assistant-runtime-subdirectory-hash-for-runtime
branch
3 participants
Summary
--assistant-runtime-image-versionflag/env with a build-time content hash ofagents/injected via-ldflagsinto a newAssistantRuntimeImageHashpackage var.mise run hash:assistant-runtime-imagetask emits the short hash; reused by local server/admin/worker tasks, the local runtime-image build task, and the CI workflow.agents/doesn't change,desiredImageRefmatches the running machine'sImageRefandmaybeRecycleImageskips the swap.FlyRuntimeConfig.ImageVersion→ImageTagso the field name reflects its actual source.Follow-ups (out of repo)
GRAM_ASSISTANT_RUNTIME_IMAGE_VERSION; safe to drop in a later change since the server no longer reads it.Closes AGE-2478
✻ Clauded...