-
Notifications
You must be signed in to change notification settings - Fork 3.6k
Expand file tree
/
Copy pathentrypoint.sh
More file actions
executable file
·122 lines (103 loc) · 2.87 KB
/
entrypoint.sh
File metadata and controls
executable file
·122 lines (103 loc) · 2.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
#!/usr/bin/env bash
set -euo pipefail
log() {
printf '[opencode-entrypoint] %s\n' "$*"
}
validate_port() {
local port="$1"
if [[ ! "$port" =~ ^[0-9]+$ ]]; then
log "OPENCODE_PORT must be a numeric TCP port"
exit 1
fi
}
write_runtime_env() {
local env_file="/home/opencode/.config/opencode/runtime-env.sh"
local vars=(
HOME
PATH
OPENCODE_REPOS
OPENCODE_REPOSITORY_ROOT
GIT_USERNAME
GIT_TOKEN
GITHUB_TOKEN
OPENAI_API_KEY
ANTHROPIC_API_KEY
GEMINI_API_KEY
GOOGLE_GENERATIVE_AI_API_KEY
)
umask 077
: >"$env_file"
for name in "${vars[@]}"; do
if [[ -v "$name" ]]; then
printf 'export %s=%q\n' "$name" "${!name}" >>"$env_file"
fi
done
chown opencode:opencode "$env_file"
}
write_global_config() {
cat >/home/opencode/.config/opencode/opencode.json <<EOF
{
"\$schema": "https://opencode.ai/config.json",
"server": {
"port": ${OPENCODE_PORT},
"hostname": "0.0.0.0"
},
"permission": {
"*": "deny",
"read": {
"*": "allow",
"*.env": "deny",
"*.env.*": "deny",
"*.env.example": "allow"
},
"grep": "allow",
"glob": "allow",
"list": "allow",
"edit": "deny",
"bash": "deny",
"webfetch": "deny",
"task": "deny",
"todowrite": "deny",
"websearch": "deny",
"codesearch": "deny"
}
}
EOF
chown opencode:opencode /home/opencode/.config/opencode/opencode.json
}
install_cron() {
cat >/etc/cron.d/opencode-sync <<'EOF'
SHELL=/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
*/15 * * * * opencode /usr/local/bin/sync-repos.sh >> /proc/1/fd/1 2>> /proc/1/fd/2
EOF
chmod 0644 /etc/cron.d/opencode-sync
}
main() {
: "${OPENCODE_PORT:=4096}"
: "${OPENCODE_SERVER_USERNAME:=opencode}"
: "${OPENCODE_REPOSITORY_ROOT:=/app/repos}"
if [[ -z "${OPENCODE_SERVER_PASSWORD:-}" ]]; then
log "OPENCODE_SERVER_PASSWORD is required"
exit 1
fi
if [[ -z "${GOOGLE_GENERATIVE_AI_API_KEY:-}" && -n "${GEMINI_API_KEY:-}" ]]; then
export GOOGLE_GENERATIVE_AI_API_KEY="${GEMINI_API_KEY}"
fi
validate_port "${OPENCODE_PORT}"
mkdir -p "${OPENCODE_REPOSITORY_ROOT}" /home/opencode/.config/opencode /home/opencode/.local/share/opencode /home/opencode/.local/state
chown -R opencode:opencode "${OPENCODE_REPOSITORY_ROOT}" /home/opencode/.config /home/opencode/.local/share /home/opencode/.local/state
write_runtime_env
write_global_config
install_cron
if [[ -z "${OPENAI_API_KEY:-}" && -z "${ANTHROPIC_API_KEY:-}" && -z "${GEMINI_API_KEY:-}" && -z "${GOOGLE_GENERATIVE_AI_API_KEY:-}" ]]; then
log "No provider API key detected in environment; server will start but prompts may fail"
fi
if ! gosu opencode /usr/local/bin/sync-repos.sh; then
log "Repository sync completed with errors"
fi
cron
cd /app
exec gosu opencode opencode serve --hostname 0.0.0.0 --port "${OPENCODE_PORT}"
}
main "$@"