Revert "Get RUN_AS_DEVIN working with app sandbox (#1426)"

This reverts commit ccbbaba.
All-Hands-AI · May 1, 2024 · d214ff4 · d214ff4
1 parent 545327c
commit d214ff4
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 71 deletions.
diff --git a/.github/workflows/ghcr.yml b/.github/workflows/ghcr.yml
@@ -42,21 +42,8 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Free Disk Space (Ubuntu)
-        uses: jlumbroso/free-disk-space@main
-        with:
-          # this might remove tools that are actually needed,
-          # if set to "true" but frees about 6 GB
-          tool-cache: true
-
-          # all of these default to true, but feel free to set to
-          # "false" if necessary for your workflow
-          android: true
-          dotnet: true
-          haskell: true
-          large-packages: true
-          docker-images: false
-          swap-storage: true
+      - name: Delete huge unnecessary tools folder
+        run: rm -rf /opt/hostedtoolcache
 
       - name: Build and push ${{ matrix.image }}
         if: github.event.pull_request.head.repo.full_name == github.repository

diff --git a/containers/app/Dockerfile b/containers/app/Dockerfile
@@ -32,32 +32,21 @@ FROM python:3.12-slim as runtime
 
 WORKDIR /app
 
-ENV RUN_AS_DEVIN=true
-ENV SANDBOX_USER_ID=1000
+ENV RUN_AS_DEVIN=false
 ENV USE_HOST_NETWORK=false
 ENV SSH_HOSTNAME=host.docker.internal
 ENV WORKSPACE_BASE=/opt/workspace_base
 ENV OPEN_DEVIN_BUILD_VERSION=$OPEN_DEVIN_BUILD_VERSION
 RUN mkdir -p $WORKSPACE_BASE
 
 RUN apt-get update -y \
-    && apt-get install -y curl ssh sudo
-
-RUN useradd -m -u $SANDBOX_USER_ID -s /bin/bash opendevin && \
-    usermod -aG sudo opendevin && \
-    echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
-RUN chown -R opendevin:opendevin /app
-USER opendevin
+    && apt-get install -y curl ssh
 
 ENV VIRTUAL_ENV=/app/.venv \
     PATH="/app/.venv/bin:$PATH" \
     PYTHONPATH='/app'
 
 COPY --from=backend-builder ${VIRTUAL_ENV} ${VIRTUAL_ENV}
-# change ownership of the virtual environment to the sandbox user
-USER root
-RUN chown -R opendevin:opendevin ${VIRTUAL_ENV}
-USER opendevin
 
 COPY ./opendevin ./opendevin
 COPY ./agenthub ./agenthub
@@ -66,17 +55,4 @@ RUN playwright install --with-deps chromium
 
 COPY --from=frontend-builder /app/dist ./frontend/dist
 
-USER root
-RUN chown -R opendevin:opendevin /app
-# make group permissions the same as user permissions
-RUN chmod -R g=u /app
-USER opendevin
-
-# change ownership of the app directory to the sandbox user
-COPY ./containers/app/entrypoint.sh /app/entrypoint.sh
-
-# run the script as root
-USER root
-RUN chown opendevin:opendevin /app/entrypoint.sh
-RUN chmod 777 /app/entrypoint.sh
-CMD ["/app/entrypoint.sh"]
+CMD ["uvicorn", "opendevin.server.listen:app", "--host", "0.0.0.0", "--port", "3000"]
diff --git a/containers/app/entrypoint.sh b/containers/app/entrypoint.sh
diff --git a/opendevin/config.py b/opendevin/config.py
@@ -52,7 +52,6 @@
     ConfigType.USE_HOST_NETWORK: 'false',
     ConfigType.SSH_HOSTNAME: 'localhost',
     ConfigType.DISABLE_COLOR: 'false',
-    ConfigType.SANDBOX_USER_ID: os.getuid() if hasattr(os, 'getuid') else None,
     ConfigType.SANDBOX_TIMEOUT: 120,
     ConfigType.GITHUB_TOKEN: None,
     ConfigType.SANDBOX_USER_ID: None

diff --git a/opendevin/sandbox/docker/ssh_box.py b/opendevin/sandbox/docker/ssh_box.py
@@ -41,6 +41,7 @@
 elif hasattr(os, 'getuid'):
     USER_ID = os.getuid()
 
+
 class DockerSSHBox(Sandbox):
     instance_id: str
     container_image: str
@@ -61,7 +62,6 @@ def __init__(
         timeout: int = 120,
         sid: str | None = None,
     ):
-        logger.info(f'SSHBox is running as {"opendevin" if RUN_AS_DEVIN else "root"} user with USER_ID={USER_ID} in the sandbox')
         # Initialize docker client. Throws an exception if Docker is not reachable.
         try:
             self.docker_client = docker.from_env()
@@ -150,10 +150,8 @@ def setup_user(self):
                 workdir=SANDBOX_WORKSPACE_DIR,
             )
             if exit_code != 0:
-                # This is not a fatal error, just a warning
-                logger.warning(
-                    f'Failed to chown workspace directory for opendevin in sandbox: {logs}. But this should be fine if the {SANDBOX_WORKSPACE_DIR=} is mounted by the app docker container.'
-                )
+                raise Exception(
+                    f'Failed to chown workspace directory for opendevin in sandbox: {logs}')
         else:
             exit_code, logs = self.container.exec_run(
                 # change password for root
@@ -376,6 +374,7 @@ def restart_docker_container(self):
                 **network_kwargs,
                 working_dir=SANDBOX_WORKSPACE_DIR,
                 name=self.container_name,
+                hostname='opendevin_sandbox',
                 detach=True,
                 volumes={
                     mount_dir: {