|
| 1 | +#!/usr/bin/env bash |
| 2 | +set -euo pipefail |
| 3 | + |
| 4 | +# Sandbox npm Install Script |
| 5 | +# Installs node_modules on local ext4 filesystem and symlinks into the workspace. |
| 6 | +# This avoids native binary crashes (esbuild, lightningcss, rollup) on virtiofs. |
| 7 | + |
| 8 | +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" |
| 9 | +REPO_ROOT="$(cd "$SCRIPT_DIR/../../.." && pwd)" |
| 10 | + |
| 11 | +DEPS_DIR="/home/agent/project-deps" |
| 12 | +WORKSPACE_CLIENT="" |
| 13 | +INSTALL_PLAYWRIGHT="false" |
| 14 | +VERIFY_BINARIES="true" |
| 15 | + |
| 16 | +usage() { |
| 17 | + cat <<EOF |
| 18 | +Usage: $(basename "$0") [options] |
| 19 | +
|
| 20 | +Options: |
| 21 | + --workspace <path> Client workspace containing package.json |
| 22 | + --deps-dir <path> Local ext4 install directory (default: /home/agent/project-deps) |
| 23 | + --playwright Install Playwright Chromium browser |
| 24 | + --no-verify Skip native binary verification |
| 25 | + --help Show this help message |
| 26 | +
|
| 27 | +Examples: |
| 28 | + bash scripts/install.sh |
| 29 | + bash scripts/install.sh --workspace app/client --playwright |
| 30 | +EOF |
| 31 | +} |
| 32 | + |
| 33 | +while [[ $# -gt 0 ]]; do |
| 34 | + case "$1" in |
| 35 | + --workspace) |
| 36 | + WORKSPACE_CLIENT="${2:-}" |
| 37 | + shift 2 |
| 38 | + ;; |
| 39 | + --deps-dir) |
| 40 | + DEPS_DIR="${2:-}" |
| 41 | + shift 2 |
| 42 | + ;; |
| 43 | + --playwright) |
| 44 | + INSTALL_PLAYWRIGHT="true" |
| 45 | + shift |
| 46 | + ;; |
| 47 | + --no-verify) |
| 48 | + VERIFY_BINARIES="false" |
| 49 | + shift |
| 50 | + ;; |
| 51 | + --help|-h) |
| 52 | + usage |
| 53 | + exit 0 |
| 54 | + ;; |
| 55 | + *) |
| 56 | + echo "Unknown option: $1" |
| 57 | + usage |
| 58 | + exit 1 |
| 59 | + ;; |
| 60 | + esac |
| 61 | +done |
| 62 | + |
| 63 | +if [[ -z "$WORKSPACE_CLIENT" ]]; then |
| 64 | + if [[ -f "$REPO_ROOT/package.json" ]]; then |
| 65 | + WORKSPACE_CLIENT="$REPO_ROOT" |
| 66 | + elif [[ -f "$PWD/package.json" ]]; then |
| 67 | + WORKSPACE_CLIENT="$PWD" |
| 68 | + fi |
| 69 | +fi |
| 70 | + |
| 71 | +WORKSPACE_CLIENT="$(cd "$WORKSPACE_CLIENT" 2>/dev/null && pwd || true)" |
| 72 | + |
| 73 | +if [[ -z "$WORKSPACE_CLIENT" || ! -f "$WORKSPACE_CLIENT/package.json" ]]; then |
| 74 | + echo "Could not find a valid workspace client path containing package.json." |
| 75 | + echo "Use --workspace <path> to specify it explicitly." |
| 76 | + exit 1 |
| 77 | +fi |
| 78 | + |
| 79 | +# Validate deps directory path to prevent accidental damage |
| 80 | +DEPS_DIR="$(realpath -m "$DEPS_DIR" 2>/dev/null || echo "$DEPS_DIR")" |
| 81 | +case "$DEPS_DIR" in |
| 82 | + /|/bin|/boot|/dev|/etc|/lib*|/opt|/proc|/root|/run|/sbin|/srv|/sys|/usr|/usr/*|/var) |
| 83 | + echo "Error: deps directory '$DEPS_DIR' is a system path. Provide a safe subdirectory." |
| 84 | + exit 1 |
| 85 | + ;; |
| 86 | +esac |
| 87 | +if [[ -z "$DEPS_DIR" || "$DEPS_DIR" == "/home" || "$DEPS_DIR" == "/home/agent" || "$DEPS_DIR" == "/tmp" ]]; then |
| 88 | + echo "Error: deps directory '$DEPS_DIR' is too broad. Provide a dedicated subdirectory." |
| 89 | + exit 1 |
| 90 | +fi |
| 91 | + |
| 92 | +echo "=== Sandbox npm Install ===" |
| 93 | +echo "Workspace: $WORKSPACE_CLIENT" |
| 94 | +echo "Deps dir: $DEPS_DIR" |
| 95 | + |
| 96 | +# Step 1: Prepare local deps directory |
| 97 | +echo "→ Preparing $DEPS_DIR..." |
| 98 | +rm -rf "$DEPS_DIR" |
| 99 | +mkdir -p "$DEPS_DIR" |
| 100 | +cp "$WORKSPACE_CLIENT/package.json" "$DEPS_DIR/" |
| 101 | + |
| 102 | +if [[ -f "$WORKSPACE_CLIENT/package-lock.json" ]]; then |
| 103 | + cp "$WORKSPACE_CLIENT/package-lock.json" "$DEPS_DIR/" |
| 104 | + INSTALL_CMD=(npm ci) |
| 105 | +else |
| 106 | + echo "! package-lock.json not found; falling back to npm install" |
| 107 | + INSTALL_CMD=(npm install) |
| 108 | +fi |
| 109 | + |
| 110 | +# Step 2: Install on local ext4 |
| 111 | +echo "→ Running ${INSTALL_CMD[*]} on local ext4..." |
| 112 | +cd "$DEPS_DIR" && "${INSTALL_CMD[@]}" |
| 113 | + |
| 114 | +# Step 3: Symlink into workspace |
| 115 | +echo "→ Symlinking node_modules into workspace..." |
| 116 | +cd "$WORKSPACE_CLIENT" |
| 117 | +rm -rf node_modules |
| 118 | +ln -s "$DEPS_DIR/node_modules" node_modules |
| 119 | + |
| 120 | +has_dep() { |
| 121 | + local dep="$1" |
| 122 | + node -e " |
| 123 | + const pkg=require(process.argv[1]); |
| 124 | + const deps={...(pkg.dependencies||{}),...(pkg.devDependencies||{})}; |
| 125 | + process.exit(deps[process.argv[2]] ? 0 : 1); |
| 126 | + " "$WORKSPACE_CLIENT/package.json" "$dep" |
| 127 | +} |
| 128 | + |
| 129 | +verify_one() { |
| 130 | + local label="$1" |
| 131 | + shift |
| 132 | + if "$@" >/dev/null 2>&1; then |
| 133 | + echo " ✓ $label OK" |
| 134 | + return 0 |
| 135 | + fi |
| 136 | + |
| 137 | + echo " ✗ $label FAIL" |
| 138 | + return 1 |
| 139 | +} |
| 140 | + |
| 141 | +if [[ "$VERIFY_BINARIES" == "true" ]]; then |
| 142 | + # Step 4: Verify native binaries when present in this project |
| 143 | + echo "→ Verifying native binaries..." |
| 144 | + FAIL=0 |
| 145 | + |
| 146 | + if has_dep esbuild; then |
| 147 | + verify_one "esbuild" node -e "require('esbuild').transform('const x: number = 1',{loader:'ts'}).catch(()=>process.exit(1))" || FAIL=1 |
| 148 | + fi |
| 149 | + |
| 150 | + if has_dep rollup; then |
| 151 | + verify_one "rollup" node -e "import('rollup').catch(()=>process.exit(1))" || FAIL=1 |
| 152 | + fi |
| 153 | + |
| 154 | + if has_dep lightningcss; then |
| 155 | + verify_one "lightningcss" node -e "try{require('lightningcss')}catch(_){process.exit(1)}" || FAIL=1 |
| 156 | + fi |
| 157 | + |
| 158 | + if has_dep vite; then |
| 159 | + verify_one "vite" node -e "import('vite').catch(()=>process.exit(1))" || FAIL=1 |
| 160 | + fi |
| 161 | + |
| 162 | + if [ "$FAIL" -ne 0 ]; then |
| 163 | + echo "✗ Binary verification failed. Try running the script again (crashes can be intermittent)." |
| 164 | + exit 1 |
| 165 | + fi |
| 166 | +fi |
| 167 | + |
| 168 | +# Step 5: Optionally install Playwright |
| 169 | +if [[ "$INSTALL_PLAYWRIGHT" == "true" ]]; then |
| 170 | + echo "→ Installing Playwright browsers..." |
| 171 | + npx playwright install --with-deps chromium |
| 172 | +fi |
| 173 | + |
| 174 | +echo "" |
| 175 | +echo "=== ✓ Sandbox npm install complete ===" |
| 176 | +echo "Run 'npm run dev' to start the dev server." |
0 commit comments