jedarden/ai-code-battle
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ai-code-battle/cmd/acb-evolver/Dockerfile
jedarden 7137623f6a Evolver: Add nsjail and missing language runtimes (Rust, Java) to container 
The evolver's validation pipeline supports Rust and Java bots, but the
container image was missing rustc and javac runtimes. Additionally, nsjail
was documented as part of the sandbox stage but not installed.

Changes:
- Add nsjail package (from Alpine community repo) for sandbox isolation
- Add openjdk-17-jdk for Java bot validation
- Install Rust toolchain (rustc) via rustup to /opt/rust for shared access
- Set PATH to include Rust binaries for the acb user

The validator already had graceful fallback when nsjail wasn't found in PATH,
but with nsjail installed, the sandbox stage now provides proper CPU/memory
resource limits during smoke testing.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-22 15:16:23 -04:00

98 lines
3.1 KiB
Docker
Raw Blame History

# AI Code Battle Evolver Container
# Runs the autonomous evolution pipeline: generates candidate bots via LLM,
# validates them (syntax → schema → sandbox), runs arena tournaments,
# and promotes winners to the live bot fleet.
#
# Needs multiple language runtimes for the 3-stage validation pipeline.
# Build stage
FROM golang:1.25-alpine AS builder
WORKDIR /build
# Install git for module downloads
RUN apk --no-cache add git
# Copy go.mod and go.sum first for caching
COPY go.mod go.sum ./
RUN go mod download
# Copy engine package
COPY engine/ ./engine/
COPY metrics/ ./metrics/
# Copy bots (used as seed programs)
COPY bots/ ./bots/
# Copy evolver source
COPY cmd/acb-evolver/ ./cmd/acb-evolver/
# Copy map evolver source
COPY cmd/acb-map-evolver/ ./cmd/acb-map-evolver/
# Build the evolver binary
RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o /acb-evolver ./cmd/acb-evolver
# Build the map evolver binary
RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o /acb-map-evolver ./cmd/acb-map-evolver
# Runtime stage — needs language runtimes for validation sandbox
FROM golang:1.25-alpine
WORKDIR /app
# Install language runtimes for bot validation:
# - go (included in base image)
# - python3, nodejs (typescript), rust (rustup), java, php
# - nsjail for sandbox isolation during validation
# - ca-certificates for HTTPS (LLM calls, K8s API)
RUN apk --no-cache add \
ca-certificates \
tzdata \
python3 \
py3-pip \
nodejs \
npm \
openjdk-17-jdk \
nsjail \
curl \
bash
# Create non-root user first (before Rust installation)
RUN addgroup -g 1000 acb && adduser -D -u 1000 -G acb acb
# Install Rust toolchain (rustc) for validating Rust bots
# Install to /opt/rust so it's accessible to all users
RUN mkdir -p /opt/rust && \
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal --no-modify-path && \
cp -r /root/.cargo/* /opt/rust/ && \
rm -rf /root/.cargo && \
chown -R acb:acb /opt/rust
# Install TypeScript compiler globally
RUN npm install -g typescript ts-node
# Copy binaries from builder
COPY --from=builder /acb-evolver /app/acb-evolver
COPY --from=builder /acb-map-evolver /app/acb-map-evolver
# Set PATH to include Rust binaries and switch to non-root user
ENV PATH="/opt/rust/bin:${PATH}"
USER acb
# Environment variables (set at runtime)
# ACB_DATABASE_URL - PostgreSQL connection string
# ACB_LLM_URL - LLM proxy base URL (e.g., http://zai-proxy:8080)
# ACB_LLM_API_KEY - LLM API key (optional, for ZAI proxy)
# ACB_ENCRYPTION_KEY - AES-256-GCM key for bots table shared secrets
# ACB_KUBECTL_SERVER - kubectl API server URL for bot deployment
# ACB_REGISTRY - Container registry for evolved bot images
# ACB_REPO_DIR - Path to declarative-config repo for K8s manifest writes
# ACB_R2_ENDPOINT - R2 endpoint for live.json upload
# ACB_R2_BUCKET - R2 bucket name
# ACB_R2_ACCESS_KEY - R2 access key
# ACB_R2_SECRET_KEY - R2 secret key
# ACB_EVOLUTION_OUT - Output path for live.json (default: evolution/live.json)
ENTRYPOINT ["/app/acb-evolver"]
CMD ["run"]
Reference in a new issue View git blame Copy permalink