From 561628d76d679d987ec556fc3affb9f7a92e31e9 Mon Sep 17 00:00:00 2001 From: "fangyaozheng@bytedance.com" Date: Thu, 18 Jun 2026 22:43:27 +0800 Subject: [PATCH] fix(harness): pin codex deps so the harness image builds on glibc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The harness Dockerfile installed `openai-codex` unpinned, which failed the build: it is prerelease-only (uv rejects it without an explicit version), and the aliyun mirror lagged the prerelease and fell back to an older `openai-codex-cli-bin` that ships no manylinux wheel — a platform mismatch on the glibc (bookworm) base. Pin both to exact versions: an exact `==` pin auto-enables that prerelease in uv, and forces `openai-codex-cli-bin==0.137.0a4`, whose manylinux x86_64/aarch64 wheel matches the glibc image. aliyun now mirrors the prerelease, so it all installs from the single fast domestic mirror in one step. Also set UV_HTTP_TIMEOUT for the large (86MB) codex engine binary + google-adk on slow build networks. Verified end-to-end: cloud build succeeds, runtime reaches Ready, and a `--runtime codex` invoke executes a shell-tool command inside the container. Co-Authored-By: Claude Opus 4.8 --- agentkit/toolkit/executors/init_executor.py | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/agentkit/toolkit/executors/init_executor.py b/agentkit/toolkit/executors/init_executor.py index 6509f55..4b83fe1 100644 --- a/agentkit/toolkit/executors/init_executor.py +++ b/agentkit/toolkit/executors/init_executor.py @@ -143,11 +143,20 @@ # Container image for the harness server. The base image's apt mirror is an # unreachable internal host, so apt is repointed at aliyun; the source branch is # cloned via the ghfast proxy with a github fallback; uv installs from aliyun. -# `openai-codex` is installed alongside veadk so the `codex` runtime works -# (it bundles the Codex CLI binary); without it `--runtime codex` fails. +# +# Codex runtime: veadk's `--runtime codex` does `import openai_codex`, which pins +# the Codex engine binary `openai-codex-cli-bin`. Both are prereleases, so they are +# pinned to exact versions — an exact `==` pin auto-enables that prerelease in uv, +# so no global `--prerelease=allow` is needed. aliyun mirrors both (including the +# `openai-codex-cli-bin==0.137.0a4` manylinux x86_64/aarch64 wheel that matches this +# glibc image), so everything installs from the fast domestic mirror in one step. +# `openai-codex`'s only other runtime dep, `pydantic>=2.12`, is satisfied by veadk. _HARNESS_DOCKERFILE = """\ FROM agentkit-cn-beijing.cr.volces.com/base/py-simple:python3.12-bookworm-slim-latest ENV PYTHONUNBUFFERED=1 +# Large wheels (google-adk, the 86MB Codex engine binary) can exceed uv's 30s +# default HTTP timeout on a slow build network; give them more headroom. +ENV UV_HTTP_TIMEOUT=300 RUN set -eux; \\ rm -f /etc/apt/sources.list.d/*; \\ printf 'deb http://mirrors.aliyun.com/debian bookworm main contrib non-free non-free-firmware\\n\\ @@ -168,7 +177,8 @@ done; \\ test -d src/veadk RUN uv pip install --system --index-url https://mirrors.aliyun.com/pypi/simple/ \\ - ./src fastapi "uvicorn[standard]" openai-codex + ./src fastapi "uvicorn[standard]" \\ + openai-codex==0.1.0b3 openai-codex-cli-bin==0.137.0a4 EXPOSE 8000 CMD ["python", "-m", "uvicorn", "veadk.cloud.harness_app.app:app", "--host", "0.0.0.0", "--port", "8000"] """