chore(docker): wire up /opt/orb/{files,pip-cache} layout#355
Merged
Conversation
Create /opt/orb/bin and /opt/orb/pip-cache in the image, put /opt/orb/bin on PATH, and set PIP_CACHE_DIR=/opt/orb/pip-cache so startup pip installs from INSTALL_DRIVERS_PATH / INSTALL_WORKERS_PATH cache wheels and HTTP responses there. Move default_config.yaml to /usr/local/share/orb-agent/ (exposed via ORB_DEFAULT_CONFIG) so a user bind-mounting their own volume at /opt/orb cannot shadow it; the entrypoint re-creates /opt/orb/bin and /opt/orb/pip-cache at startup for the same reason. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Vulnerability Scan: PassedImage: No vulnerabilities found. Commit: 6216819 |
leoparente
requested review from
MicahParks,
grant-nbl,
jajeffries,
manrodrigues,
marc-barry,
mfiedorowicz,
paulstuart and
samiura
as code owners
samiura
approved these changes
May 14, 2026
jajeffries
approved these changes
May 15, 2026
leoparente
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Per RFC: create
/opt/orb/files/and/opt/orb/pip-cache/in the agent image, put/opt/orb/filesonPATH, and setPIP_CACHE_DIR=/opt/orb/pip-cacheso the startup pip installs fromINSTALL_DRIVERS_PATH/INSTALL_WORKERS_PATH(seeagent/docker/orb-agent-entry.sh) cache wheels and HTTP responses on disk.Two defensive details so common usage patterns don't break things:
default_config.yamlmoved out of/opt/orbto/usr/local/share/orb-agent/default_config.yaml(path exposed viaORB_DEFAULT_CONFIG). A user mounting their own volume at-v host:/opt/orbwould otherwise shadow it and break fleet mode.mkdir -p /opt/orb/files /opt/orb/pip-cacheat startup, in case the user mounted an empty host directory at/opt/orb.Behavior matrix
docker run(no mount) +docker restart/--restartpolicydocker run --rm(new container each time)-v host:/opt/orb/pip-cache-v host:/opt/orb-v host:/opt/orb+ user-suppliedrun -c /opt/orb/agent.yamlManual verification
Built the image locally with
make agent_fastand confirmed:pip3 cache dirinside the container returns/opt/orb/pip-cache.cowsaydownloads from PyPI; second container with the same-vmount showsUsing cached cowsay-6.1-py3-none-any.whland produces no network traffic.-v host:/opt/orb(cache subdir auto-created on host by the entrypoint'smkdir -p).FLEET_CLIENT_ID=...) still resolves the default config when/opt/orbis shadowed by a volume mount.run -c /opt/orb/agent.yamlwith the YAML supplied via the volume) loads the user's config correctly.Test plan
FLEET_CLIENT_ID/FLEET_CLIENT_SECRET(no--config)INSTALL_DRIVERS_PATHandINSTALL_WORKERS_PATHinstalls land in/opt/orb/pip-cacheand are reused across container recreation when the directory is bind-mounted🤖 Generated with Claude Code