fix(harness): pin codex deps so the harness image builds on glibc#85
Open
yaozheng-fang wants to merge 1 commit into
Open
fix(harness): pin codex deps so the harness image builds on glibc#85yaozheng-fang wants to merge 1 commit into
yaozheng-fang wants to merge 1 commit into
Conversation
The harness Dockerfile installed `openai-codex` unpinned, which failed the build: it is prerelease-only (uv rejects it without an explicit version), and the aliyun mirror lagged the prerelease and fell back to an older `openai-codex-cli-bin` that ships no manylinux wheel — a platform mismatch on the glibc (bookworm) base. Pin both to exact versions: an exact `==` pin auto-enables that prerelease in uv, and forces `openai-codex-cli-bin==0.137.0a4`, whose manylinux x86_64/aarch64 wheel matches the glibc image. aliyun now mirrors the prerelease, so it all installs from the single fast domestic mirror in one step. Also set UV_HTTP_TIMEOUT for the large (86MB) codex engine binary + google-adk on slow build networks. Verified end-to-end: cloud build succeeds, runtime reaches Ready, and a `--runtime codex` invoke executes a shell-tool command inside the container. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The harness Dockerfile (
init_executor._HARNESS_DOCKERFILE) installedopenai-codexunpinned, which failed the cloud build:openai-codexis prerelease-only (0.1.0bX) → uv rejects it without an explicit version (pre-releases weren't enabled).--index-urlpointed only at the aliyun mirror, which lagged the prerelease ofopenai-codex-cli-binand fell back to an older0.132.0that ships no manylinux wheel → platform mismatch on the glibc (bookworm) base.Fix
Pin both to exact versions:
==pin auto-enables that prerelease in uv (no global--prerelease=allow).openai-codex-cli-bin==0.137.0a4, whosemanylinux_2_17x86_64/aarch64 wheel matches the glibc image. aliyun now mirrors this prerelease, so everything installs from the single fast domestic mirror in one step (no pypi.org fallback / no bandwidth contention).ENV UV_HTTP_TIMEOUT=300for the large (86MB) codex engine binary + google-adk on slow build networks.Verified end-to-end (cloud)
--runtime codexinvoke works: returned2for "1+1", and on request executed shell commands inside the container (whoami→ root,$HOME→ /root,pwd→ /app) — confirmingimport openai_codex+ the cli-bin engine + tool execution all work.🤖 Generated with Claude Code