thelab/sandbox-base-image
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9 Commits 1 Branch 0 Tags
995403bf11cc1c43b561b8647c23f1d09b362c68
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Marcus A. 995403bf11
Some checks failed
Build and Push Sandbox Base Image / build (push) Failing after 2m7s
Details
CI: fix registry usage - separate registry hostname and repo name
2026-04-07 23:32:01 +00:00
.gitea/workflows
CI: fix registry usage - separate registry hostname and repo name
2026-04-07 23:32:01 +00:00
Dockerfile
Install tmux in sandbox base image
2026-04-07 23:23:39 +00:00
README.md
Add README and CI pipeline for Docker image build and push to Gitea registry
2026-04-07 03:51:57 +00:00

README.md

OpenClaw Sandbox Base Image

Base Docker image for OpenClaw agent sandboxes. Provides a consistent, preconfigured environment with essential tooling for development, scripting, and automation.

Features

  • OS: Ubuntu 24.04 (LTS)
  • Languages & Runtimes:
    • Node.js 25.9.0 (official binaries)
    • Go 1.26.0 (official binaries)
    • Python 3.12 + pip + venv
    • Rust/cargo via workspace install (if needed)
  • Tooling: git, curl, wget, jq, ripgrep, rsync, sudo, tini, unzip, xz-utils, file
  • User setup: Creates sandbox user with UID/GID matching host (configurable)
  • Workspace layout:
    • HOME=/workspace
    • GOPATH=/workspace/go
    • NPM_CONFIG_PREFIX=/workspace/.local
    • PATH includes /workspace/.local/bin, /workspace/.cargo/bin, /workspace/go/bin

Build Args

Arg Default Description
SANDBOX_UID 1001 UID for the sandbox user (match host)
SANDBOX_GID 1001 GID for the sandbox group (match host)
TARGETARCH (auto) Target architecture (amd64 or arm64). Set by Docker buildx.

Usage

Build locally

docker build \
  --build-arg SANDBOX_UID=$(id -u) \
  --build-arg SANDBOX_GID=$(id -g) \
  --build-arg TARGETARCH=$(docker info --format '{{.Architecture}}') \
  -t sandbox-base-image:latest .

Run

docker run -d \
  --name openclaw-sandbox \
  -v /workspace:/workspace \
  -e SANDBOX_UID=$(id -u) \
  -e SANDBOX_GID=$(id -g) \
  sandbox-base-image:latest

The entrypoint prepares the workspace and drops into the user environment. Default command is sleep infinity so you can docker exec -it into it.

Entrypoint behavior

/usr/local/bin/sandbox-entrypoint.sh ensures:

  • HOME, GOPATH, NPM_CONFIG_PREFIX, PATH are set
  • standard dirs exist (~/.local, ~/.config, ~/.npm, ~/.cargo/bin, ~/go/bin)
  • npm prefix/cache are coerced into the workspace home via ~/.npmrc
  • then execs the command (default: sleep infinity)

Container Registry

Images are built and pushed to the Gitea container registry by CI:

  • Registry: git.danhenry.dev:5050
  • Repository: TheLab/sandbox-base-image
  • Tags: latest, plus commit SHAs for non-main branches; on main also stable

Development

  • Adjust versions via ARG NODE_VERSION and ARG GO_VERSION in the Dockerfile.
  • Keep apt package list minimal; add only what agents actually use.

Notes

  • The image intentionally avoids global npm/yarn/global installs; prefix is /workspace/.local to keep all user-installed tools inside the mounted workspace.
  • Sudo is configured for passwordless operation for the sandbox user.
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 41 KiB
Languages
Dockerfile 100%