Merge commit '20a35c59f630d6d3251053c053c4f5f25855007d' into security…

…_analyzer
invariantlabs-ai · Aug 13, 2024 · 3ae5a10 · 3ae5a10
2 parents b332dce + 20a35c5
commit 3ae5a10
Show file tree

Hide file tree

Showing 84 changed files with 1,129 additions and 2,192 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -20,3 +20,8 @@ updates:
     schedule:
       interval: "daily"
     open-pull-requests-limit: 20
+
+groups:
+  docusaurus:
+    patterns:
+    - "*docusaurus*"
diff --git a/.github/workflows/ghcr.yml b/.github/workflows/ghcr.yml
@@ -12,11 +12,6 @@ on:
     tags:
       - '*'
   pull_request:
-    paths-ignore:
-      - '**.md'
-      - 'docs/**'
-      - 'frontend/**'
-      - 'evaluation/**'
   workflow_dispatch:
     inputs:
       reason:
@@ -86,7 +81,7 @@ jobs:
     strategy:
       matrix:
         image: ['od_runtime']
-        base_image: ['ubuntu:22.04']
+        base_image: ['nikolaik/python-nodejs:python3.11-nodejs22']
         platform: ['amd64', 'arm64']
     steps:
       - name: Checkout
@@ -120,7 +115,7 @@ jobs:
       - name: Install Python dependencies using Poetry
         run: make install-python-dependencies
       - name: Create source distribution and Dockerfile
-        run: poetry run python3 opendevin/runtime/utils/runtime_build.py --base_image ${{ matrix.base_image }} --build_folder containers/runtime
+        run: poetry run python3 opendevin/runtime/utils/runtime_build.py --base_image ${{ matrix.base_image }} --build_folder containers/runtime --force_rebuild
       - name: Build and export image
         id: build
         run: |
@@ -130,7 +125,7 @@ jobs:
           else
             echo 'No Dockerfile detected which means an exact image is already built. Pulling the image and saving it to a tar file...'
             source containers/runtime/config.sh
-            echo '$DOCKER_IMAGE_TAG $DOCKER_IMAGE_HASH_TAG' >> tags.txt
+            echo "$DOCKER_IMAGE_TAG $DOCKER_IMAGE_HASH_TAG" >> tags.txt
             echo "Pulling image $DOCKER_IMAGE/$DOCKER_IMAGE_HASH_TAG to /tmp/${{ matrix.image }}_image_${{ matrix.platform }}.tar"
             docker pull $DOCKER_IMAGE:$DOCKER_IMAGE_HASH_TAG
             docker save $DOCKER_IMAGE:$DOCKER_IMAGE_HASH_TAG -o /tmp/${{ matrix.image }}_image_${{ matrix.platform }}.tar
@@ -310,7 +305,7 @@ jobs:
     needs: [ghcr_build_runtime, test_runtime, runtime_integration_tests_on_linux]
     if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')
     env:
-      tags: ${{ needs.ghcr_build_runtime.outputs.tags }}
+      RUNTIME_TAGS: ${{ needs.ghcr_build_runtime.outputs.tags }}
     permissions:
       contents: read
       packages: write
@@ -354,16 +349,15 @@ jobs:
             exit 1
           fi
           echo "loaded image = $loaded_image"
-          tags=$(echo ${tags} | tr ' ' '\n')
           image_name=$(echo "ghcr.io/${{ github.repository_owner }}/${{ matrix.image }}" | tr '[:upper:]' '[:lower:]')
           echo "image name = $image_name"
-          for tag in $tags; do
+          echo "$RUNTIME_TAGS" | tr ' ' '\n' | while read -r tag; do
             echo "tag = $tag"
-            if [ -n "$image_name" ]; then
+            if [ -n "$image_name" ] && [ -n "$tag" ]; then
               docker tag $loaded_image $image_name:${tag}_${{ matrix.platform }}
               docker push $image_name:${tag}_${{ matrix.platform }}
             else
-              echo "Skipping tag and push due to empty image_name"
+              echo "Skipping tag and push due to empty image_name or tag"
             fi
           done
 

diff --git a/.github/workflows/review-pr.yml b/.github/workflows/review-pr.yml
@@ -53,7 +53,6 @@ jobs:
       env:
         LLM_API_KEY: ${{ secrets.LLM_API_KEY }}
         LLM_MODEL: ${{ vars.LLM_MODEL }}
-        SANDBOX_BOX_TYPE: ssh
       run: |
         # Append path to launch poetry
         export PATH="/github/home/.local/bin:$PATH"

diff --git a/.github/workflows/run-unit-tests.yml b/.github/workflows/run-unit-tests.yml
@@ -113,7 +113,7 @@ jobs:
       - name: Build Environment
         run: make build
       - name: Run Tests
-        run: poetry run pytest --forked --cov=agenthub --cov=opendevin --cov-report=xml ./tests/unit -k "not test_sandbox.py and not test_runtime.py"
+        run: poetry run pytest --forked --cov=agenthub --cov=opendevin --cov-report=xml ./tests/unit -k "not test_runtime.py"
       - name: Upload coverage to Codecov
         uses: codecov/codecov-action@v4
         env:
@@ -142,7 +142,7 @@ jobs:
       - name: Build Environment
         run: make build
       - name: Run Tests
-        run: poetry run pytest --forked --cov=agenthub --cov=opendevin --cov-report=xml ./tests/unit -k "not test_sandbox.py and not test_runtime.py"
+        run: poetry run pytest --forked --cov=agenthub --cov=opendevin --cov-report=xml ./tests/unit -k "not test_runtime.py"
       - name: Upload coverage to Codecov
         uses: codecov/codecov-action@v4
         env:

diff --git a/.github/workflows/solve-issue.yml b/.github/workflows/solve-issue.yml
@@ -45,7 +45,6 @@ jobs:
         ISSUE_BODY: ${{ github.event.issue.body }}
         LLM_API_KEY: ${{ secrets.OPENAI_API_KEY }}
         OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
-        SANDBOX_BOX_TYPE: ssh
       run: |
         # Append path to launch poetry
         export PATH="/github/home/.local/bin:$PATH"

diff --git a/agenthub/micro/commit_writer/README.md b/agenthub/micro/commit_writer/README.md
@@ -3,7 +3,7 @@
 CommitWriterAgent can help write git commit message. Example:
 
 ```bash
-WORKSPACE_MOUNT_PATH="`PWD`" SANDBOX_BOX_TYPE="ssh" \
+WORKSPACE_MOUNT_PATH="`PWD`" \
   poetry run python opendevin/core/main.py -t "dummy task" -c CommitWriterAgent -d ./
 ```
 

diff --git a/config.template.toml b/config.template.toml
@@ -55,22 +55,11 @@ workspace_base = "./workspace"
 # Path to rewrite the workspace mount path to
 #workspace_mount_rewrite = ""
 
-
 # Run as devin
 #run_as_devin = true
 
 # Runtime environment
-#runtime = "server"
-
-# SSH hostname for the sandbox
-#ssh_hostname = "localhost"
-
-# SSH password for the sandbox
-#ssh_password = ""
-
-# SSH port for the sandbox
-#ssh_port = 63710
-
+#runtime = "eventstream"
 
 # Name of the default agent
 #default_agent = "CodeActAgent"
@@ -181,14 +170,11 @@ llm_config = 'gpt3'
 # Sandbox timeout in seconds
 #timeout = 120
 
-# Sandbox type (ssh, e2b, local)
-#box_type = "ssh"
-
 # Sandbox user ID
 #user_id = 1000
 
 # Container image to use for the sandbox
-#container_image = "ghcr.io/opendevin/sandbox:main"
+#container_image = "nikolaik/python-nodejs:python3.11-nodejs22"
 
 # Use host network
 #use_host_network = false

diff --git a/containers/app/Dockerfile b/containers/app/Dockerfile
@@ -37,17 +37,19 @@ ARG OPEN_DEVIN_BUILD_VERSION #re-declare for this section
 ENV RUN_AS_DEVIN=true
 # A random number--we need this to be different from the user's UID on the host machine
 ENV OPENDEVIN_USER_ID=42420
+ENV SANDBOX_API_HOSTNAME=host.docker.internal
 ENV USE_HOST_NETWORK=false
-ENV SSH_HOSTNAME=host.docker.internal
 ENV WORKSPACE_BASE=/opt/workspace_base
 ENV OPEN_DEVIN_BUILD_VERSION=$OPEN_DEVIN_BUILD_VERSION
 RUN mkdir -p $WORKSPACE_BASE
 
 RUN apt-get update -y \
     && apt-get install -y curl ssh sudo
 
-RUN sed -i 's/^UID_MIN.*/UID_MIN 499/' /etc/login.defs # Default is 1000, but OSX is often 501
-RUN sed -i 's/^UID_MAX.*/UID_MAX 1000000/' /etc/login.defs # Default is 60000, but we've seen up to 200000
+# Default is 1000, but OSX is often 501
+RUN sed -i 's/^UID_MIN.*/UID_MIN 499/' /etc/login.defs
+# Default is 60000, but we've seen up to 200000
+RUN sed -i 's/^UID_MAX.*/UID_MAX 1000000/' /etc/login.defs
 
 RUN groupadd app
 RUN useradd -l -m -u $OPENDEVIN_USER_ID -s /bin/bash opendevin && \
@@ -68,6 +70,9 @@ RUN playwright install --with-deps chromium
 COPY --chown=opendevin:app --chmod=770 ./opendevin ./opendevin
 COPY --chown=opendevin:app --chmod=777 ./opendevin/runtime/plugins ./opendevin/runtime/plugins
 COPY --chown=opendevin:app --chmod=770 ./agenthub ./agenthub
+COPY --chown=opendevin:app --chmod=770 ./pyproject.toml ./pyproject.toml
+COPY --chown=opendevin:app --chmod=770 ./poetry.lock ./poetry.lock
+COPY --chown=opendevin:app --chmod=770 ./README.md ./README.md
 
 RUN python opendevin/core/download.py # No-op to download assets
 RUN chown -R opendevin:app /app/logs && chmod -R 770 /app/logs # This gets created by the download.py script

diff --git a/containers/runtime/config.sh b/containers/runtime/config.sh
@@ -1,6 +1,7 @@
 DOCKER_REGISTRY=ghcr.io
 DOCKER_ORG=opendevin
 DOCKER_BASE_DIR="./containers/runtime"
-# These two variables will be appended by the runtime_build.py script
+# These variables will be appended by the runtime_build.py script
 # DOCKER_IMAGE=
 # DOCKER_IMAGE_TAG=
+# DOCKER_IMAGE_HASH_TAG=
diff --git a/docs/i18n/fr/docusaurus-plugin-content-docs/current/usage/custom_sandbox_guide.md b/docs/i18n/fr/docusaurus-plugin-content-docs/current/usage/custom_sandbox_guide.md
@@ -41,7 +41,6 @@ Créez un fichier ```config.toml``` dans le répertoire OpenDevin et entrez ces
 ```toml
 [core]
 workspace_base="./workspace"
-persist_sandbox=false
 run_as_devin=true
 sandbox_container_image="image_personnalisée"
 ```
@@ -92,7 +91,6 @@ Si vous voyez cette erreur dans la sortie de la console, il s'agit du fait que O
 ```toml
 [core]
 workspace_base="./workspace"
-persist_sandbox=false
 run_as_devin=true
 sandbox_container_image="image_personnalisée"
 sandbox_user_id="1001"

diff --git a/docs/i18n/fr/docusaurus-plugin-content-docs/current/usage/intro.mdx b/docs/i18n/fr/docusaurus-plugin-content-docs/current/usage/intro.mdx
@@ -72,8 +72,6 @@ WORKSPACE_BASE=$(pwd)/workspace
 docker run -it \
     --pull=always \
     -e SANDBOX_USER_ID=$(id -u) \
-    -e PERSIST_SANDBOX="true" \
-    -e SSH_PASSWORD="make something up here" \
     -e WORKSPACE_MOUNT_PATH=$WORKSPACE_BASE \
     -v $WORKSPACE_BASE:/opt/workspace_base \
     -v /var/run/docker.sock:/var/run/docker.sock \

diff --git a/...8n/zh-Hans/docusaurus-plugin-content-docs/current/usage/custom_sandbox_guide.md b/...8n/zh-Hans/docusaurus-plugin-content-docs/current/usage/custom_sandbox_guide.md
@@ -40,7 +40,6 @@ docker build -t custom_image .
 ```
 [core]
 workspace_base="./workspace"
-persist_sandbox=false
 run_as_devin=true
 sandbox_container_image="custom_image"
 ```
@@ -92,7 +91,6 @@ dockerfile_content = (
 ```
 [core]
 workspace_base="./workspace"
-persist_sandbox=false
 run_as_devin=true
 sandbox_container_image="custom_image"
 sandbox_user_id="1001"

diff --git a/docs/i18n/zh-Hans/docusaurus-plugin-content-docs/current/usage/intro.mdx b/docs/i18n/zh-Hans/docusaurus-plugin-content-docs/current/usage/intro.mdx
@@ -72,8 +72,6 @@ WORKSPACE_BASE=$(pwd)/workspace
 docker run -it \
     --pull=always \
     -e SANDBOX_USER_ID=$(id -u) \
-    -e PERSIST_SANDBOX="true" \
-    -e SSH_PASSWORD="make something up here" \
     -e WORKSPACE_MOUNT_PATH=$WORKSPACE_BASE \
     -v $WORKSPACE_BASE:/opt/workspace_base \
     -v /var/run/docker.sock:/var/run/docker.sock \

diff --git a/docs/modules/usage/custom_sandbox_guide.md b/docs/modules/usage/custom_sandbox_guide.md
@@ -70,7 +70,6 @@ Create a `config.toml` file in the OpenDevin directory and enter these contents:
 ```toml
 [core]
 workspace_base="./workspace"
-persist_sandbox=false
 run_as_devin=true
 sandbox_container_image="custom_image"
 ```
@@ -129,7 +128,6 @@ If you see this error in the console output it is because OpenDevin is trying to
 ```toml
 [core]
 workspace_base="./workspace"
-persist_sandbox=false
 run_as_devin=true
 sandbox_container_image="custom_image"
 sandbox_user_id="1001"

diff --git a/docs/modules/usage/openshift-example.md b/docs/modules/usage/openshift-example.md
@@ -158,8 +158,6 @@ spec:
     env:
     - name: SANDBOX_USER_ID
       value: "1000"
-    - name: SANDBOX_BOX_TYPE
-      value: 'local'
     - name: WORKSPACE_MOUNT_PATH
       value: "/opt/workspace_base"
     volumeMounts: