diff --git a/Containerfile b/Containerfile new file mode 100644 index 0000000..eec07d3 --- /dev/null +++ b/Containerfile @@ -0,0 +1,13 @@ +FROM rust:bookworm + +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + ca-certificates \ + git \ + libssl-dev \ + pkg-config \ + && rm -rf /var/lib/apt/lists/* + +ENV CARGO_TERM_COLOR=always +WORKDIR /workspace +CMD ["bash"] diff --git a/README.md b/README.md index d8b7039..b51fc60 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@

> [!IMPORTANT] -> The active Rust workspace now lives in [`rust/`](./rust). Start with [`USAGE.md`](./USAGE.md) for build, auth, CLI, session, and parity-harness workflows, then use [`rust/README.md`](./rust/README.md) for crate-level details. +> The active Rust workspace now lives in [`rust/`](./rust). Start with [`USAGE.md`](./USAGE.md) for build, auth, CLI, session, and parity-harness workflows, use [`rust/README.md`](./rust/README.md) for crate-level details, and see [`docs/container.md`](./docs/container.md) for Docker/Podman container-first usage. > Want the bigger idea behind this repo? Read [`PHILOSOPHY.md`](./PHILOSOPHY.md) and Sigrid Jin's public explanation: https://x.com/realsigridjin/status/2039472968624185713 diff --git a/docs/container.md b/docs/container.md new file mode 100644 index 0000000..aeaa45e --- /dev/null +++ b/docs/container.md @@ -0,0 +1,132 @@ +# Container-first claw-code workflows + +This repo already had **container detection** in the Rust runtime before this document was added: + +- `rust/crates/runtime/src/sandbox.rs` detects Docker/Podman/container markers such as `/.dockerenv`, `/run/.containerenv`, matching env vars, and `/proc/1/cgroup` hints. +- `rust/crates/rusty-claude-cli/src/main.rs` exposes that state through the `claw sandbox` / `cargo run -p rusty-claude-cli -- sandbox` report. +- `.github/workflows/rust-ci.yml` runs on `ubuntu-latest`, but it does **not** define a Docker or Podman container job. +- Before this change, the repo did **not** have a checked-in `Dockerfile`, `Containerfile`, or `.devcontainer/` config. + +This document adds a small checked-in `Containerfile` so Docker and Podman users have one canonical container workflow. + +## What the checked-in container image is for + +The root [`../Containerfile`](../Containerfile) gives you a reusable Rust build/test shell with the extra packages this workspace commonly needs (`git`, `pkg-config`, `libssl-dev`, certificates). + +It does **not** copy the repository into the image. Instead, the recommended flow is to bind-mount your checkout into `/workspace` so edits stay on the host. + +## Build the image + +From the repository root: + +### Docker + +```bash +docker build -t claw-code-dev -f Containerfile . +``` + +### Podman + +```bash +podman build -t claw-code-dev -f Containerfile . +``` + +## Run `cargo test --workspace` in the container + +These commands mount the repo, keep Cargo build artifacts out of the working tree, and run from the Rust workspace at `rust/`. + +### Docker + +```bash +docker run --rm -it \ + -v "$PWD":/workspace \ + -e CARGO_TARGET_DIR=/tmp/claw-target \ + -w /workspace/rust \ + claw-code-dev \ + cargo test --workspace +``` + +### Podman + +```bash +podman run --rm -it \ + -v "$PWD":/workspace:Z \ + -e CARGO_TARGET_DIR=/tmp/claw-target \ + -w /workspace/rust \ + claw-code-dev \ + cargo test --workspace +``` + +If you want a fully clean rebuild, add `cargo clean &&` before `cargo test --workspace`. + +## Open a shell in the container + +### Docker + +```bash +docker run --rm -it \ + -v "$PWD":/workspace \ + -e CARGO_TARGET_DIR=/tmp/claw-target \ + -w /workspace/rust \ + claw-code-dev +``` + +### Podman + +```bash +podman run --rm -it \ + -v "$PWD":/workspace:Z \ + -e CARGO_TARGET_DIR=/tmp/claw-target \ + -w /workspace/rust \ + claw-code-dev +``` + +Inside the shell: + +```bash +cargo build --workspace +cargo test --workspace +cargo run -p rusty-claude-cli -- --help +cargo run -p rusty-claude-cli -- sandbox +``` + +The `sandbox` command is a useful sanity check: inside Docker or Podman it should report `In container true` and list the markers the runtime detected. + +## Bind-mount this repo and another repo at the same time + +If you want to run `claw` against a second checkout while keeping `claw-code` itself mounted read-write: + +### Docker + +```bash +docker run --rm -it \ + -v "$PWD":/workspace \ + -v "$HOME/src/other-repo":/repo \ + -e CARGO_TARGET_DIR=/tmp/claw-target \ + -w /workspace/rust \ + claw-code-dev +``` + +### Podman + +```bash +podman run --rm -it \ + -v "$PWD":/workspace:Z \ + -v "$HOME/src/other-repo":/repo:Z \ + -e CARGO_TARGET_DIR=/tmp/claw-target \ + -w /workspace/rust \ + claw-code-dev +``` + +Then, for example: + +```bash +cargo run -p rusty-claude-cli -- prompt "summarize /repo" +``` + +## Notes + +- Docker and Podman use the same checked-in `Containerfile`. +- The `:Z` suffix in the Podman examples is for SELinux relabeling; keep it on Fedora/RHEL-class hosts. +- Running with `CARGO_TARGET_DIR=/tmp/claw-target` avoids leaving container-owned `target/` artifacts in your bind-mounted checkout. +- For non-container local development, keep using [`../USAGE.md`](../USAGE.md) and [`../rust/README.md`](../rust/README.md).