gib/spoon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Trying to build worker images
Build and Push Spoon Images / quality (push) Successful in 1m52s
Details
Build and Push Spoon Images / build-images (push) Successful in 8m19s
Details

Browse Source
This commit is contained in:
Gabriel Brown
2026-06-22 20:29:10 -04:00
parent 7e7bec56d5
commit f33f76d874
6 changed files with 80 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+50
View File
@@ -156,6 +156,56 @@ or job container.
</details>
<details>
<summary><strong>Production agent runtime images</strong></summary>
Gitea CI builds and pushes three production images:
```txt
git.gbrown.org/gib/spoon-next:latest
git.gbrown.org/gib/spoon-agent-worker:latest
git.gbrown.org/gib/spoon-agent-job:latest
```
The worker image is the long-running service that polls Convex. The job image is
the isolated workbench that the worker launches for each agent job. For the MVP,
production should use the repo-provided JS/TS workbench image:
```env
SPOON_AGENT_JOB_IMAGE="git.gbrown.org/gib/spoon-agent-job:latest"
```
The job image includes Node 22, Bun, package managers through Corepack, git,
ripgrep, Python, build tools, and the OpenCode CLI. It is not the forked
project's production runtime; it is the agent execution environment.
Production worker runtime requirements:
- `spoon-agent-worker` must run as a separate service.
- The worker needs `/var/run/docker.sock` mounted so it can launch job
containers.
- The production Docker host must be logged into `git.gbrown.org` so worker jobs
can pull the private `spoon-agent-job` image.
- `SPOON_WORKER_TOKEN` must match the value stored in Convex production env.
- `spoon-next` needs `SPOON_AGENT_WORKER_URL=http://spoon-agent-worker:3921` and
`SPOON_AGENT_WORKER_INTERNAL_TOKEN` so Next API routes can proxy workspace
file, diff, message, command, and draft PR actions.
- `spoon-agent-worker` also needs `GITHUB_APP_ID` and `GITHUB_APP_PRIVATE_KEY`.
Useful production checks:
```sh
docker logs --tail=200 spoon-agent-worker
curl -H "Authorization: Bearer $SPOON_AGENT_WORKER_INTERNAL_TOKEN" \
http://spoon-agent-worker:3921/health
```
For the first production run, use an API-key based AI provider profile. Stored
OpenCode/Codex `auth.json` profiles are supported in settings, but worker-side
auth-file injection is still a follow-up before they can execute jobs.
</details>
## Architecture
<details open>