v1.0: server-ready — GHCR image, PUID/PGID, pull install, compose#86
Merged
Conversation
Make squarebox a first-class citizen on servers / VPS / Unraid for the v1.0 push, while keeping the desktop install path behaviour-identical. - CI/release: publish a multi-arch (amd64+arm64) image to GHCR, gated on the full E2E suite passing on the tag (e2e.yml `publish` job needs every test job). Consolidate release-asset creation there and drop the ungated release.yml. build.yml gains an arm64 build smoke at PR time. - install.sh: pull the prebuilt image by default (no local build / toolchain); --build / --edge build from source. Add SQUAREBOX_DIR / SQUAREBOX_WORKSPACE (durable installs where $HOME is volatile, e.g. Unraid), PUID/PGID forwarding, and non-interactive provisioning via SQUAREBOX_AI/SDKS/EDITORS/TUIS/ MULTIPLEXERS (+ SQUAREBOX_GIT_NAME/EMAIL), reusing the existing /workspace/.squarebox config-file contract. - Dockerfile: root entrypoint (setpriv) remaps `dev` to PUID/PGID then drops privileges. Default 1000:1000 is a no-op — process still runs as dev, so every existing behavioural test is unaffected. Validated incl. Unraid 99:100. - Add docker-compose.yml + .env.example for long-lived server use. - README: pull-mode, server/Unraid section, full env-var reference, sqrbx-setup section list (+ README-audit fixes). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Makes squarebox a first-class citizen on servers / VPS / Unraid for the v1.0 push, while keeping the desktop install path behaviour-identical (default
PUID/PGID=1000⇒ the new root→setpriv→deventrypoint is a no-op equivalent to the oldUSER dev).What's in here (items 1–5, 7 from the planning session)
e2e.ymlgains apublishjob thatneedsevery test job and only runs onv*tags, so a tag can never publish a broken image or advertise a release for one. It pushesghcr.io/squarewavesystems/squarebox:<ver>(+:latestfor stable) forlinux/amd64,linux/arm64and creates the GitHub release withinstall.sh/install.ps1/uninstall.sh. The old ungatedrelease.ymlis removed.build.ymlgains an arm64 build smoke at PR time.install.shpulls the prebuilt image by default (no local Docker build / toolchain);--build/--edgebuild from source. It still clones the repo for config + thesqrbxhelpers (git is already a prereq), so all existing bind-mount / shell-init logic is reused unchanged.scripts/squarebox-entrypoint.shremapsdevtoPUID/PGIDviasetprivthen drops privileges; honours Unraid's99:100. Existing hardened cap set already covers the remap.SQUAREBOX_DIR/SQUAREBOX_WORKSPACEfor durable installs where$HOMEis volatile (Unraid/roottmpfs).docker-compose.yml+.env.examplefor long-lived server / NAS use (named volume,restart: unless-stopped, mirrored cap set,-u devexec).SQUAREBOX_AI/SDKS/EDITORS/TUIS/MULTIPLEXERS(+SQUAREBOX_GIT_NAME/EMAIL) pre-seed the existing/workspace/.squareboxconfig files and run a one-off setup — reusing the contractdevcontainer-postcreate.sh(fix(devcontainer): open the cloned repo and install a default toolset #85) already established. Nosetup.shchanges needed.Validation done locally (amd64, docker 29.5.1)
uid=1000(dev);PUID=99 PGID=100→uid=99 gid=100(users),/workspacewrites owned99:100.DEVCONTAINER=1skips setup,/home/dev+/workspacewrites persist — i.e. the assertionsbuild.yml/e2e.ymlmake still hold through the new entrypoint.build-arm64, and the tag's E2E).Follow-ups (not in this PR)
install.ps1still builds locally (Windows isn't the server target); pull-mode for it is a later change.docker pull.🤖 Generated with Claude Code