From 30bc296255d2197550a91e3a05b87092a8ad0969 Mon Sep 17 00:00:00 2001 From: Codex Date: Sat, 27 Jun 2026 16:45:02 +0000 Subject: [PATCH] fix(agentrun): split image build container proxy --- config/agentrun.yaml | 42 +++++++++++++++++++++++++++++++ scripts/src/agentrun-lanes.ts | 14 +++++++++++ scripts/src/agentrun/yaml-lane.ts | 23 +++++++++++++---- 3 files changed, 74 insertions(+), 5 deletions(-) diff --git a/config/agentrun.yaml b/config/agentrun.yaml index af87711b..bb8a0924 100644 --- a/config/agentrun.yaml +++ b/config/agentrun.yaml @@ -133,6 +133,20 @@ controlPlane: - .cluster.local - hyueapi.com - .hyueapi.com + buildContainerProxy: + httpProxy: http://127.0.0.1:10808 + httpsProxy: http://127.0.0.1:10808 + noProxy: + - localhost + - 127.0.0.1 + - ::1 + - 127.0.0.1:5000 + - localhost:5000 + - .svc + - .svc.cluster.local + - .cluster.local + - hyueapi.com + - .hyueapi.com envIdentityFiles: - deploy/container/Containerfile - deploy/runtime/boot/agentrun-boot.sh @@ -328,6 +342,20 @@ controlPlane: - .cluster.local - hyueapi.com - .hyueapi.com + buildContainerProxy: + httpProxy: http://127.0.0.1:18789 + httpsProxy: http://127.0.0.1:18789 + noProxy: + - localhost + - 127.0.0.1 + - ::1 + - 127.0.0.1:5000 + - localhost:5000 + - .svc + - .svc.cluster.local + - .cluster.local + - hyueapi.com + - .hyueapi.com envIdentityFiles: - deploy/container/Containerfile - deploy/runtime/boot/agentrun-boot.sh @@ -605,6 +633,20 @@ controlPlane: - .cluster.local - hyueapi.com - .hyueapi.com + buildContainerProxy: + httpProxy: null + httpsProxy: null + noProxy: + - localhost + - 127.0.0.1 + - ::1 + - 127.0.0.1:5000 + - localhost:5000 + - .svc + - .svc.cluster.local + - .cluster.local + - hyueapi.com + - .hyueapi.com envIdentityFiles: - deploy/container/Containerfile - deploy/runtime/boot/agentrun-boot.sh diff --git a/scripts/src/agentrun-lanes.ts b/scripts/src/agentrun-lanes.ts index d66e12f6..00345ead 100644 --- a/scripts/src/agentrun-lanes.ts +++ b/scripts/src/agentrun-lanes.ts @@ -179,6 +179,11 @@ export interface AgentRunImageBuildSpec { readonly httpProxy: string | null; readonly httpsProxy: string | null; readonly noProxy: readonly string[]; + readonly buildContainerProxy: { + readonly httpProxy: string | null; + readonly httpsProxy: string | null; + readonly noProxy: readonly string[]; + }; readonly envIdentityFiles: readonly string[]; readonly timeoutSeconds: number; readonly pollSeconds: number; @@ -314,6 +319,9 @@ export function agentRunLaneSummary(spec: AgentRunLaneSpec): Record, path: string): } function parseImageBuild(input: Record, path: string): AgentRunImageBuildSpec { + const buildContainerProxy = recordField(input, "buildContainerProxy", path); return { context: relativePathField(input, "context", path), containerfile: relativePathField(input, "containerfile", path), @@ -688,6 +697,11 @@ function parseImageBuild(input: Record, path: string): AgentRun httpProxy: optionalStringField(input, "httpProxy", path) ?? null, httpsProxy: optionalStringField(input, "httpsProxy", path) ?? null, noProxy: stringArrayField(input, "noProxy", path), + buildContainerProxy: { + httpProxy: optionalStringField(buildContainerProxy, "httpProxy", `${path}.buildContainerProxy`) ?? null, + httpsProxy: optionalStringField(buildContainerProxy, "httpsProxy", `${path}.buildContainerProxy`) ?? null, + noProxy: stringArrayField(buildContainerProxy, "noProxy", `${path}.buildContainerProxy`), + }, envIdentityFiles: stringArrayField(input, "envIdentityFiles", path).map((item, index) => { if (item.startsWith("/") || item.includes("..")) throw new Error(`${path}.envIdentityFiles[${index}] must be a relative path without ..`); return item; diff --git a/scripts/src/agentrun/yaml-lane.ts b/scripts/src/agentrun/yaml-lane.ts index 885cc0d2..c658f9f9 100644 --- a/scripts/src/agentrun/yaml-lane.ts +++ b/scripts/src/agentrun/yaml-lane.ts @@ -742,11 +742,17 @@ export function yamlLaneSourceRestoreScript(spec: AgentRunLaneSpec): string { export function yamlLaneBuildImageSubmitScript(spec: AgentRunLaneSpec, sourceCommit: string): string { const build = spec.deployment.manager.imageBuild; const noProxy = build.noProxy.join(","); + const buildContainerNoProxy = build.buildContainerProxy.noProxy.join(","); const imageRepository = `${spec.ci.registryPrefix}/${build.repository}`; const stateDir = `/tmp/unidesk-agentrun-build-${spec.nodeId}-${spec.lane}`; const buildArgs = Object.entries(build.buildArgs) .sort(([left], [right]) => left.localeCompare(right)) .map(([key, value]) => `${key}=${value}`); + const buildContainerProxyIdentity = [ + `HTTP_PROXY=${build.buildContainerProxy.httpProxy ?? ""}`, + `HTTPS_PROXY=${build.buildContainerProxy.httpsProxy ?? ""}`, + `NO_PROXY=${buildContainerNoProxy}`, + ]; const script = [ "set -eu", `workspace=${shQuote(spec.source.workspace)}`, @@ -759,18 +765,23 @@ export function yamlLaneBuildImageSubmitScript(spec: AgentRunLaneSpec, sourceCom `http_proxy_value=${build.httpProxy === null ? "''" : shQuote(build.httpProxy)}`, `https_proxy_value=${build.httpsProxy === null ? "''" : shQuote(build.httpsProxy)}`, `no_proxy_value=${shQuote(noProxy)}`, + `build_container_http_proxy_value=${build.buildContainerProxy.httpProxy === null ? "''" : shQuote(build.buildContainerProxy.httpProxy)}`, + `build_container_https_proxy_value=${build.buildContainerProxy.httpsProxy === null ? "''" : shQuote(build.buildContainerProxy.httpsProxy)}`, + `build_container_no_proxy_value=${shQuote(buildContainerNoProxy)}`, `env_identity_files=${shQuote(JSON.stringify(build.envIdentityFiles))}`, `build_args_json=${shQuote(JSON.stringify(buildArgs))}`, + `build_container_proxy_identity_json=${shQuote(JSON.stringify(buildContainerProxyIdentity))}`, "mkdir -p \"$state_dir\"", "git config --global --add safe.directory \"$workspace\" 2>/dev/null || true", "cd \"$workspace\"", "git checkout \"$source_commit\"", - "env_identity=$(ENV_IDENTITY_FILES=\"$env_identity_files\" BUILD_ARGS_JSON=\"$build_args_json\" node <<'NODE'", + "env_identity=$(ENV_IDENTITY_FILES=\"$env_identity_files\" BUILD_ARGS_JSON=\"$build_args_json\" BUILD_CONTAINER_PROXY_IDENTITY_JSON=\"$build_container_proxy_identity_json\" node <<'NODE'", "const { createHash } = require('node:crypto');", "const { readFileSync, existsSync, lstatSync, readdirSync } = require('node:fs');", "const { join } = require('node:path');", "const files = JSON.parse(process.env.ENV_IDENTITY_FILES || '[]');", "const buildArgs = JSON.parse(process.env.BUILD_ARGS_JSON || '[]');", + "const buildContainerProxyIdentity = JSON.parse(process.env.BUILD_CONTAINER_PROXY_IDENTITY_JSON || '[]');", "const hash = createHash('sha256');", "const skipDirNames = new Set(['.git', '.worktree', '.state', 'node_modules', 'coverage', 'tmp', '.tmp']);", "function collectIdentityFiles(input) {", @@ -793,6 +804,7 @@ export function yamlLaneBuildImageSubmitScript(spec: AgentRunLaneSpec, sourceCom " return out.sort((left, right) => left.path.localeCompare(right.path));", "}", "for (const item of buildArgs) { hash.update('build-arg'); hash.update('\\0'); hash.update(item); hash.update('\\0'); }", + "for (const item of buildContainerProxyIdentity) { hash.update('build-container-proxy'); hash.update('\\0'); hash.update(item); hash.update('\\0'); }", "for (const file of files) {", " for (const entry of collectIdentityFiles(file)) {", " hash.update(entry.path); hash.update('\\0');", @@ -827,10 +839,11 @@ export function yamlLaneBuildImageSubmitScript(spec: AgentRunLaneSpec, sourceCom " if [ -n \"$all_proxy_value\" ]; then export ALL_PROXY=\"$all_proxy_value\" all_proxy=\"$all_proxy_value\"; fi", " if [ -n \"$no_proxy_value\" ]; then export NO_PROXY=\"$no_proxy_value\" no_proxy=\"$no_proxy_value\"; fi", " args=\"--network $network\"", - " if [ -n \"$http_proxy_value\" ]; then args=\"$args --build-arg HTTP_PROXY=$http_proxy_value --build-arg http_proxy=$http_proxy_value\"; fi", - " if [ -n \"$https_proxy_value\" ]; then args=\"$args --build-arg HTTPS_PROXY=$https_proxy_value --build-arg https_proxy=$https_proxy_value\"; fi", - " if [ -n \"$all_proxy_value\" ]; then args=\"$args --build-arg ALL_PROXY=$all_proxy_value --build-arg all_proxy=$all_proxy_value\"; fi", - " if [ -n \"$no_proxy_value\" ]; then args=\"$args --build-arg NO_PROXY=$no_proxy_value --build-arg no_proxy=$no_proxy_value\"; fi", + " build_container_all_proxy_value=${build_container_https_proxy_value:-$build_container_http_proxy_value}", + " if [ -n \"$build_container_http_proxy_value\" ]; then args=\"$args --build-arg HTTP_PROXY=$build_container_http_proxy_value --build-arg http_proxy=$build_container_http_proxy_value\"; fi", + " if [ -n \"$build_container_https_proxy_value\" ]; then args=\"$args --build-arg HTTPS_PROXY=$build_container_https_proxy_value --build-arg https_proxy=$build_container_https_proxy_value\"; fi", + " if [ -n \"$build_container_all_proxy_value\" ]; then args=\"$args --build-arg ALL_PROXY=$build_container_all_proxy_value --build-arg all_proxy=$build_container_all_proxy_value\"; fi", + " if [ -n \"$build_container_no_proxy_value\" ]; then args=\"$args --build-arg NO_PROXY=$build_container_no_proxy_value --build-arg no_proxy=$build_container_no_proxy_value\"; fi", " build_arg_values=$(BUILD_ARGS_JSON=\"$build_args_json\" node <<'NODE'", "const values = JSON.parse(process.env.BUILD_ARGS_JSON || '[]');", "for (const value of values) console.log(value);",