docs(zh): 完善 Codex sandbox 技术文档 #5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Real E2E Tests | |
| permissions: | |
| contents: read | |
| on: | |
| pull_request: | |
| branches: [ main ] | |
| paths: | |
| - 'server/opensandbox_server/**' | |
| - 'components/execd/**' | |
| - 'components/egress/**' | |
| - 'sdks/code-interpreter/**' | |
| - 'sdks/sandbox/**' | |
| - 'tests/**' | |
| push: | |
| branches: [ main ] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| python-e2e: | |
| name: Python E2E (docker bridge) | |
| runs-on: self-hosted | |
| env: | |
| UV_BIN: /home/admin/.local/bin | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Set up uv PATH and verify | |
| run: | | |
| echo "${UV_BIN}" >> "$GITHUB_PATH" | |
| export PATH="${UV_BIN}:${PATH}" | |
| uv --version | |
| uv run python --version | |
| - name: Clean up previous E2E resources | |
| run: | | |
| docker ps -aq --filter "label=opensandbox" | xargs -r docker rm -f || true | |
| # Remove root-owned files from previous sandbox runs by mounting parent dir | |
| docker run --rm -v /tmp:/host_tmp alpine rm -rf /host_tmp/opensandbox-e2e || true | |
| docker image prune -f || true | |
| - name: Build local egress image | |
| run: docker build -t opensandbox/egress:local -f components/egress/Dockerfile . | |
| - name: Run tests | |
| run: | | |
| set -e | |
| # Create config file | |
| cat <<EOF > ~/.sandbox.toml | |
| [server] | |
| host = "127.0.0.1" | |
| port = 8080 | |
| log_level = "INFO" | |
| api_key = "" | |
| [runtime] | |
| type = "docker" | |
| execd_image = "opensandbox/execd:local" | |
| [egress] | |
| image = "opensandbox/egress:local" | |
| mode = "dns" | |
| [docker] | |
| network_mode = "bridge" | |
| [storage] | |
| allowed_host_paths = ["/tmp/opensandbox-e2e"] | |
| [renew_intent] | |
| enabled = true | |
| min_interval_seconds = 60 | |
| EOF | |
| ./scripts/python-e2e.sh | |
| - name: Eval server logs | |
| if: ${{ always() }} | |
| run: cat server/server.log | |
| - name: Upload execd logs | |
| if: always() | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: execd-log-for-python-e2e | |
| path: /tmp/opensandbox-e2e/logs/ | |
| retention-days: 5 | |
| - name: Clean up after E2E | |
| if: always() | |
| run: | | |
| docker ps -aq --filter "label=opensandbox" | xargs -r docker rm -f || true | |
| docker run --rm -v /tmp:/host_tmp alpine rm -rf /host_tmp/opensandbox-e2e || true | |
| pkill -f "python -m opensandbox_server.main" || true | |
| java-e2e: | |
| name: Java E2E (docker bridge) | |
| runs-on: self-hosted | |
| env: | |
| UV_BIN: /home/admin/.local/bin | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Set up uv PATH and verify | |
| run: | | |
| echo "${UV_BIN}" >> "$GITHUB_PATH" | |
| export PATH="${UV_BIN}:${PATH}" | |
| uv --version | |
| uv run python --version | |
| - name: Set up JDK 8 | |
| uses: actions/setup-java@v5 | |
| with: | |
| distribution: temurin | |
| java-version: "8" | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v5 | |
| with: | |
| distribution: temurin | |
| java-version: "17" | |
| - name: Clean up previous E2E resources | |
| run: | | |
| docker ps -aq --filter "label=opensandbox" | xargs -r docker rm -f || true | |
| docker run --rm -v /tmp:/host_tmp alpine rm -rf /host_tmp/opensandbox-e2e || true | |
| docker image prune -f || true | |
| - name: Build local egress image | |
| run: docker build -t opensandbox/egress:local -f components/egress/Dockerfile . | |
| - name: Run tests | |
| env: | |
| GRADLE_USER_HOME: ${{ github.workspace }}/.gradle-user-home | |
| run: | | |
| set -e | |
| export GRADLE_OPTS="-Dorg.gradle.java.installations.auto-detect=true -Dorg.gradle.java.installations.auto-download=false -Dorg.gradle.java.installations.paths=${JAVA_HOME_8_X64},${JAVA_HOME_17_X64}" | |
| # Create config file | |
| cat <<EOF > ~/.sandbox.toml | |
| [server] | |
| host = "127.0.0.1" | |
| port = 8080 | |
| log_level = "INFO" | |
| api_key = "" | |
| [runtime] | |
| type = "docker" | |
| execd_image = "opensandbox/execd:local" | |
| [egress] | |
| image = "opensandbox/egress:local" | |
| mode = "dns+nft" | |
| [docker] | |
| network_mode = "bridge" | |
| [storage] | |
| allowed_host_paths = ["/tmp/opensandbox-e2e"] | |
| EOF | |
| bash ./scripts/java-e2e.sh | |
| - name: Eval server logs | |
| if: ${{ always() }} | |
| run: cat server/server.log | |
| - name: Upload Test Report | |
| if: always() | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: java-test-report | |
| path: tests/java/build/reports/tests/test/ | |
| retention-days: 5 | |
| - name: Upload execd logs | |
| if: always() | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: execd-log-for-java-e2e | |
| path: /tmp/opensandbox-e2e/logs/ | |
| retention-days: 5 | |
| - name: Clean up after E2E | |
| if: always() | |
| run: | | |
| docker ps -aq --filter "label=opensandbox" | xargs -r docker rm -f || true | |
| docker run --rm -v /tmp:/host_tmp alpine rm -rf /host_tmp/opensandbox-e2e || true | |
| pkill -f "python -m opensandbox_server.main" || true | |
| javascript-e2e: | |
| name: JavaScript E2E (docker bridge) | |
| runs-on: self-hosted | |
| env: | |
| UV_BIN: /home/admin/.local/bin | |
| NODE_VERSION: "20.19.0" | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Set up uv PATH and verify | |
| run: | | |
| echo "${UV_BIN}" >> "$GITHUB_PATH" | |
| export PATH="${UV_BIN}:${PATH}" | |
| uv --version | |
| uv run python --version | |
| - name: Set up Node.js | |
| run: | | |
| NODE_DIR="/home/admin/.local/node-v${NODE_VERSION}-linux-x64" | |
| if [ -x "${NODE_DIR}/bin/node" ]; then | |
| echo "Node.js ${NODE_VERSION} already cached" | |
| else | |
| echo "Downloading Node.js ${NODE_VERSION}..." | |
| mkdir -p /home/admin/.local | |
| curl -fsSL "https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-x64.tar.xz" \ | |
| | tar -xJ -C /home/admin/.local/ | |
| fi | |
| echo "${NODE_DIR}/bin" >> "$GITHUB_PATH" | |
| export PATH="${NODE_DIR}/bin:${PATH}" | |
| node --version | |
| npm --version | |
| - name: Clean up previous E2E resources | |
| run: | | |
| docker ps -aq --filter "label=opensandbox" | xargs -r docker rm -f || true | |
| docker run --rm -v /tmp:/host_tmp alpine rm -rf /host_tmp/opensandbox-e2e || true | |
| docker image prune -f || true | |
| - name: Build local egress image | |
| run: docker build -t opensandbox/egress:local -f components/egress/Dockerfile . | |
| - name: Run tests | |
| run: | | |
| set -e | |
| # Create config file (match other E2E jobs) | |
| cat <<EOF > ~/.sandbox.toml | |
| [server] | |
| host = "127.0.0.1" | |
| port = 8080 | |
| log_level = "INFO" | |
| api_key = "" | |
| [runtime] | |
| type = "docker" | |
| execd_image = "opensandbox/execd:local" | |
| [egress] | |
| image = "opensandbox/egress:local" | |
| [docker] | |
| network_mode = "bridge" | |
| [storage] | |
| allowed_host_paths = ["/tmp/opensandbox-e2e"] | |
| EOF | |
| bash ./scripts/javascript-e2e.sh | |
| - name: Eval server logs | |
| if: ${{ always() }} | |
| run: cat server/server.log | |
| - name: Upload Test Report | |
| if: always() | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: javascript-test-report | |
| path: tests/javascript/build/test-results/junit.xml | |
| retention-days: 5 | |
| - name: Upload execd logs | |
| if: always() | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: execd-log-for-js-e2e | |
| path: /tmp/opensandbox-e2e/logs/ | |
| retention-days: 5 | |
| - name: Clean up after E2E | |
| if: always() | |
| run: | | |
| docker ps -aq --filter "label=opensandbox" | xargs -r docker rm -f || true | |
| docker run --rm -v /tmp:/host_tmp alpine rm -rf /host_tmp/opensandbox-e2e || true | |
| pkill -f "python -m opensandbox_server.main" || true | |
| csharp-e2e: | |
| name: C# E2E (docker bridge) | |
| runs-on: self-hosted | |
| env: | |
| UV_BIN: /home/admin/.local/bin | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Set up uv PATH and verify | |
| run: | | |
| echo "${UV_BIN}" >> "$GITHUB_PATH" | |
| export PATH="${UV_BIN}:${PATH}" | |
| uv --version | |
| uv run python --version | |
| - name: Set up .NET SDK | |
| uses: actions/setup-dotnet@v5 | |
| env: | |
| DOTNET_INSTALL_DIR: /home/admin/.local/dotnet | |
| with: | |
| dotnet-version: "10.0.x" | |
| - name: Clean up previous E2E resources | |
| run: | | |
| docker ps -aq --filter "label=opensandbox" | xargs -r docker rm -f || true | |
| docker run --rm -v /tmp:/host_tmp alpine rm -rf /host_tmp/opensandbox-e2e || true | |
| docker image prune -f || true | |
| - name: Build local egress image | |
| run: docker build -t opensandbox/egress:local -f components/egress/Dockerfile . | |
| - name: Run tests | |
| run: | | |
| set -e | |
| cat <<EOF > ~/.sandbox.toml | |
| [server] | |
| host = "127.0.0.1" | |
| port = 8080 | |
| log_level = "INFO" | |
| api_key = "" | |
| [runtime] | |
| type = "docker" | |
| execd_image = "opensandbox/execd:local" | |
| [egress] | |
| image = "opensandbox/egress:local" | |
| [docker] | |
| network_mode = "bridge" | |
| [storage] | |
| allowed_host_paths = ["/tmp/opensandbox-e2e"] | |
| EOF | |
| bash ./scripts/csharp-e2e.sh | |
| - name: Eval server logs | |
| if: ${{ always() }} | |
| run: cat server/server.log | |
| - name: Upload Test Report | |
| if: always() | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: csharp-test-report | |
| path: tests/csharp/build/test-results/ | |
| retention-days: 5 | |
| - name: Upload execd logs | |
| if: always() | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: execd-log-for-csharp-e2e | |
| path: /tmp/opensandbox-e2e/logs/ | |
| retention-days: 5 | |
| - name: Clean up after E2E | |
| if: always() | |
| run: | | |
| docker ps -aq --filter "label=opensandbox" | xargs -r docker rm -f || true | |
| docker run --rm -v /tmp:/host_tmp alpine rm -rf /host_tmp/opensandbox-e2e || true | |
| pkill -f "python -m opensandbox_server.main" || true |