From eef216a3ab3e337cdefd67a12f2d85e30c7406c6 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 9 May 2026 01:58:33 +0000 Subject: [PATCH 1/8] Add aiden-runner Dockerfile and image workflow Agent-Logs-Url: https://github.com/stackgenhq/homebrew-stackgen/sessions/b05362ea-97f6-4934-af21-3fd6a34aea8c Co-authored-by: sks <570239+sks@users.noreply.github.com> --- .github/workflows/aiden-runner.yaml | 103 ++++++++++++++++++++++++++++ aiden-runner/Dockerfile | 30 ++++++++ 2 files changed, 133 insertions(+) create mode 100644 .github/workflows/aiden-runner.yaml create mode 100644 aiden-runner/Dockerfile diff --git a/.github/workflows/aiden-runner.yaml b/.github/workflows/aiden-runner.yaml new file mode 100644 index 0000000..730248e --- /dev/null +++ b/.github/workflows/aiden-runner.yaml @@ -0,0 +1,103 @@ +# a pipeline to create container image on changes to aiden-runner.rb file +name: aiden-runner +on: + push: + branches: + - main + paths: + - 'aiden-runner.rb' + - aiden-runner/Dockerfile + - .github/workflows/aiden-runner.yaml +env: + REGISTRY: ghcr.io + IMAGE_NAME: stackgenhq/aiden-runner +jobs: + build: + outputs: + image_tag: ${{ steps.meta.outputs.tags }} + version: ${{ steps.version.outputs.VERSION }} + permissions: + contents: read + packages: write + strategy: + fail-fast: false + matrix: + include: + - platform: linux/amd64 + runner: ubuntu-latest + tag-suffix: -amd + - platform: linux/arm64 + runner: ubuntu-22.04-arm + tag-suffix: -arm + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 1 + sparse-checkout: | + aiden-runner + aiden-runner.rb + - name: Get aiden-runner version + id: version + run: | + echo "VERSION=$(grep 'version' aiden-runner.rb | awk '{print $NF}' | tr -d '"')" >> $GITHUB_OUTPUT + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=raw,value=${{ steps.version.outputs.VERSION }} + type=raw,value=latest + flavor: | + suffix=${{ matrix.tag-suffix }},onlatest=false + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Docker Build and push + uses: docker/build-push-action@v6 + with: + context: ./aiden-runner + platforms: ${{ matrix.platform }} + tags: ${{ steps.meta.outputs.tags }} + push: true + provenance: false + labels: ${{ steps.meta.outputs.labels }} + build-args: |- + AIDEN_RUNNER_VERSION=${{ steps.version.outputs.VERSION }} + + create_manifest: + name: Create manifest + runs-on: ubuntu-22.04 + needs: build + permissions: + contents: read + packages: write + steps: + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Create manifest + run: | + docker buildx imagetools create \ + -t ghcr.io/stackgenhq/aiden-runner:latest \ + ghcr.io/stackgenhq/aiden-runner:latest-amd \ + ghcr.io/stackgenhq/aiden-runner:latest-arm + + docker buildx imagetools create \ + -t ghcr.io/stackgenhq/aiden-runner:${{ needs.build.outputs.version }} \ + ghcr.io/stackgenhq/aiden-runner:${{ needs.build.outputs.version }}-amd \ + ghcr.io/stackgenhq/aiden-runner:${{ needs.build.outputs.version }}-arm diff --git a/aiden-runner/Dockerfile b/aiden-runner/Dockerfile new file mode 100644 index 0000000..0331ae0 --- /dev/null +++ b/aiden-runner/Dockerfile @@ -0,0 +1,30 @@ +FROM alpine AS download_binary + +ARG AIDEN_RUNNER_VERSION +ARG TARGETOS +ARG TARGETARCH + +# install wget +RUN apk update && \ + apk add --no-cache wget && \ + rm -rf /var/cache/apk/* + +RUN wget -O aiden-runner.tar.gz \ + https://releases.stackgen.com/binaries/aios-remote/v${AIDEN_RUNNER_VERSION}/aiden-runner_${AIDEN_RUNNER_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz && \ + tar -xzf aiden-runner.tar.gz && \ + mv aiden-runner /tmp/aiden-runner + +FROM alpine:latest + +RUN apk update && \ + apk add --no-cache ca-certificates && \ + rm -rf /var/cache/apk/* && \ + addgroup -S stackgen && adduser -S stackgen -G stackgen -u 1000 -h /home/stackgen + +USER stackgen + +COPY --from=download_binary --chown=stackgen:stackgen /tmp/aiden-runner /usr/local/bin/aiden-runner + +RUN chmod +x /usr/local/bin/aiden-runner + +ENTRYPOINT ["/usr/local/bin/aiden-runner"] From bdfcfcb0572712050d17d15f1173b693a20e034d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 9 May 2026 01:59:22 +0000 Subject: [PATCH 2/8] Fix runner matrix usage and Dockerfile permission step Agent-Logs-Url: https://github.com/stackgenhq/homebrew-stackgen/sessions/b05362ea-97f6-4934-af21-3fd6a34aea8c Co-authored-by: sks <570239+sks@users.noreply.github.com> --- .github/workflows/aiden-runner.yaml | 2 +- aiden-runner/Dockerfile | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/aiden-runner.yaml b/.github/workflows/aiden-runner.yaml index 730248e..a522386 100644 --- a/.github/workflows/aiden-runner.yaml +++ b/.github/workflows/aiden-runner.yaml @@ -29,7 +29,7 @@ jobs: - platform: linux/arm64 runner: ubuntu-22.04-arm tag-suffix: -arm - runs-on: ubuntu-latest + runs-on: ${{ matrix.runner }} steps: - name: Checkout uses: actions/checkout@v4 diff --git a/aiden-runner/Dockerfile b/aiden-runner/Dockerfile index 0331ae0..3ecb70c 100644 --- a/aiden-runner/Dockerfile +++ b/aiden-runner/Dockerfile @@ -12,7 +12,8 @@ RUN apk update && \ RUN wget -O aiden-runner.tar.gz \ https://releases.stackgen.com/binaries/aios-remote/v${AIDEN_RUNNER_VERSION}/aiden-runner_${AIDEN_RUNNER_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz && \ tar -xzf aiden-runner.tar.gz && \ - mv aiden-runner /tmp/aiden-runner + mv aiden-runner /tmp/aiden-runner && \ + chmod +x /tmp/aiden-runner FROM alpine:latest @@ -25,6 +26,4 @@ USER stackgen COPY --from=download_binary --chown=stackgen:stackgen /tmp/aiden-runner /usr/local/bin/aiden-runner -RUN chmod +x /usr/local/bin/aiden-runner - ENTRYPOINT ["/usr/local/bin/aiden-runner"] From 2ba7aa4b36ca06396f168c82b94073fdb0c30bcc Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 9 May 2026 01:59:52 +0000 Subject: [PATCH 3/8] Adjust Dockerfile copy before non-root user switch Agent-Logs-Url: https://github.com/stackgenhq/homebrew-stackgen/sessions/b05362ea-97f6-4934-af21-3fd6a34aea8c Co-authored-by: sks <570239+sks@users.noreply.github.com> --- aiden-runner/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aiden-runner/Dockerfile b/aiden-runner/Dockerfile index 3ecb70c..6fe8e40 100644 --- a/aiden-runner/Dockerfile +++ b/aiden-runner/Dockerfile @@ -22,8 +22,8 @@ RUN apk update && \ rm -rf /var/cache/apk/* && \ addgroup -S stackgen && adduser -S stackgen -G stackgen -u 1000 -h /home/stackgen -USER stackgen - COPY --from=download_binary --chown=stackgen:stackgen /tmp/aiden-runner /usr/local/bin/aiden-runner +USER stackgen + ENTRYPOINT ["/usr/local/bin/aiden-runner"] From 525e367b2c84aa622e35168471f86c1d41bd3775 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 9 May 2026 02:00:19 +0000 Subject: [PATCH 4/8] Refine aiden-runner workflow tag suffixes and image refs Agent-Logs-Url: https://github.com/stackgenhq/homebrew-stackgen/sessions/b05362ea-97f6-4934-af21-3fd6a34aea8c Co-authored-by: sks <570239+sks@users.noreply.github.com> --- .github/workflows/aiden-runner.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/aiden-runner.yaml b/.github/workflows/aiden-runner.yaml index a522386..07a41a4 100644 --- a/.github/workflows/aiden-runner.yaml +++ b/.github/workflows/aiden-runner.yaml @@ -25,10 +25,10 @@ jobs: include: - platform: linux/amd64 runner: ubuntu-latest - tag-suffix: -amd + tag-suffix: -amd64 - platform: linux/arm64 runner: ubuntu-22.04-arm - tag-suffix: -arm + tag-suffix: -arm64 runs-on: ${{ matrix.runner }} steps: - name: Checkout @@ -93,11 +93,11 @@ jobs: - name: Create manifest run: | docker buildx imagetools create \ - -t ghcr.io/stackgenhq/aiden-runner:latest \ - ghcr.io/stackgenhq/aiden-runner:latest-amd \ - ghcr.io/stackgenhq/aiden-runner:latest-arm + -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest \ + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-amd64 \ + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-arm64 docker buildx imagetools create \ - -t ghcr.io/stackgenhq/aiden-runner:${{ needs.build.outputs.version }} \ - ghcr.io/stackgenhq/aiden-runner:${{ needs.build.outputs.version }}-amd \ - ghcr.io/stackgenhq/aiden-runner:${{ needs.build.outputs.version }}-arm + -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.build.outputs.version }} \ + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.build.outputs.version }}-amd64 \ + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.build.outputs.version }}-arm64 From 94daa330b4128a324b59c8be7c7052e0bfebce24 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 9 May 2026 02:00:51 +0000 Subject: [PATCH 5/8] Harden aiden-runner download and version extraction Agent-Logs-Url: https://github.com/stackgenhq/homebrew-stackgen/sessions/b05362ea-97f6-4934-af21-3fd6a34aea8c Co-authored-by: sks <570239+sks@users.noreply.github.com> --- .github/workflows/aiden-runner.yaml | 4 +++- aiden-runner/Dockerfile | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/aiden-runner.yaml b/.github/workflows/aiden-runner.yaml index 07a41a4..e2711dc 100644 --- a/.github/workflows/aiden-runner.yaml +++ b/.github/workflows/aiden-runner.yaml @@ -41,7 +41,9 @@ jobs: - name: Get aiden-runner version id: version run: | - echo "VERSION=$(grep 'version' aiden-runner.rb | awk '{print $NF}' | tr -d '"')" >> $GITHUB_OUTPUT + VERSION="$(awk '$1 == \"version\" { print $2; exit }' aiden-runner.rb | tr -d '\"')" + test -n "$VERSION" + echo "VERSION=$VERSION" >> "$GITHUB_OUTPUT" - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx diff --git a/aiden-runner/Dockerfile b/aiden-runner/Dockerfile index 6fe8e40..e5a5bd0 100644 --- a/aiden-runner/Dockerfile +++ b/aiden-runner/Dockerfile @@ -9,7 +9,7 @@ RUN apk update && \ apk add --no-cache wget && \ rm -rf /var/cache/apk/* -RUN wget -O aiden-runner.tar.gz \ +RUN wget --fail -O aiden-runner.tar.gz \ https://releases.stackgen.com/binaries/aios-remote/v${AIDEN_RUNNER_VERSION}/aiden-runner_${AIDEN_RUNNER_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz && \ tar -xzf aiden-runner.tar.gz && \ mv aiden-runner /tmp/aiden-runner && \ From c4d502d4b29da34a447ba3cff1713c9a310a9927 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 9 May 2026 02:01:23 +0000 Subject: [PATCH 6/8] Tighten workflow error message and Dockerfile cleanup Agent-Logs-Url: https://github.com/stackgenhq/homebrew-stackgen/sessions/b05362ea-97f6-4934-af21-3fd6a34aea8c Co-authored-by: sks <570239+sks@users.noreply.github.com> --- .github/workflows/aiden-runner.yaml | 2 +- aiden-runner/Dockerfile | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/aiden-runner.yaml b/.github/workflows/aiden-runner.yaml index e2711dc..b18ee8f 100644 --- a/.github/workflows/aiden-runner.yaml +++ b/.github/workflows/aiden-runner.yaml @@ -42,7 +42,7 @@ jobs: id: version run: | VERSION="$(awk '$1 == \"version\" { print $2; exit }' aiden-runner.rb | tr -d '\"')" - test -n "$VERSION" + test -n "$VERSION" || { echo "Error: Failed to extract version from aiden-runner.rb"; exit 1; } echo "VERSION=$VERSION" >> "$GITHUB_OUTPUT" - name: Set up QEMU uses: docker/setup-qemu-action@v3 diff --git a/aiden-runner/Dockerfile b/aiden-runner/Dockerfile index e5a5bd0..b3519ed 100644 --- a/aiden-runner/Dockerfile +++ b/aiden-runner/Dockerfile @@ -13,7 +13,8 @@ RUN wget --fail -O aiden-runner.tar.gz \ https://releases.stackgen.com/binaries/aios-remote/v${AIDEN_RUNNER_VERSION}/aiden-runner_${AIDEN_RUNNER_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz && \ tar -xzf aiden-runner.tar.gz && \ mv aiden-runner /tmp/aiden-runner && \ - chmod +x /tmp/aiden-runner + chmod +x /tmp/aiden-runner && \ + rm -f aiden-runner.tar.gz FROM alpine:latest From 9ee338c0e7fdc45d3ec980d57e228f1f5db5cf7d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 9 May 2026 02:02:00 +0000 Subject: [PATCH 7/8] Add stronger download and version validation checks Agent-Logs-Url: https://github.com/stackgenhq/homebrew-stackgen/sessions/b05362ea-97f6-4934-af21-3fd6a34aea8c Co-authored-by: sks <570239+sks@users.noreply.github.com> --- .github/workflows/aiden-runner.yaml | 1 + aiden-runner/Dockerfile | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/aiden-runner.yaml b/.github/workflows/aiden-runner.yaml index b18ee8f..36b6290 100644 --- a/.github/workflows/aiden-runner.yaml +++ b/.github/workflows/aiden-runner.yaml @@ -43,6 +43,7 @@ jobs: run: | VERSION="$(awk '$1 == \"version\" { print $2; exit }' aiden-runner.rb | tr -d '\"')" test -n "$VERSION" || { echo "Error: Failed to extract version from aiden-runner.rb"; exit 1; } + echo "$VERSION" | grep -Eq '^[0-9]+\.[0-9]+\.[0-9]+([.-][0-9A-Za-z.-]+)?$' || { echo "Error: Extracted version is not valid semver: $VERSION"; exit 1; } echo "VERSION=$VERSION" >> "$GITHUB_OUTPUT" - name: Set up QEMU uses: docker/setup-qemu-action@v3 diff --git a/aiden-runner/Dockerfile b/aiden-runner/Dockerfile index b3519ed..0a1f7e2 100644 --- a/aiden-runner/Dockerfile +++ b/aiden-runner/Dockerfile @@ -9,8 +9,8 @@ RUN apk update && \ apk add --no-cache wget && \ rm -rf /var/cache/apk/* -RUN wget --fail -O aiden-runner.tar.gz \ - https://releases.stackgen.com/binaries/aios-remote/v${AIDEN_RUNNER_VERSION}/aiden-runner_${AIDEN_RUNNER_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz && \ +RUN URL="https://releases.stackgen.com/binaries/aios-remote/v${AIDEN_RUNNER_VERSION}/aiden-runner_${AIDEN_RUNNER_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz" && \ + wget --fail -O aiden-runner.tar.gz "$URL" || { echo "Error: failed to download aiden-runner from $URL" >&2; exit 1; } && \ tar -xzf aiden-runner.tar.gz && \ mv aiden-runner /tmp/aiden-runner && \ chmod +x /tmp/aiden-runner && \ From fbc19767aa4fc8166d1057878cc016a9aa9c8da2 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 9 May 2026 02:02:35 +0000 Subject: [PATCH 8/8] Add archive and stricter semver validation Agent-Logs-Url: https://github.com/stackgenhq/homebrew-stackgen/sessions/b05362ea-97f6-4934-af21-3fd6a34aea8c Co-authored-by: sks <570239+sks@users.noreply.github.com> --- .github/workflows/aiden-runner.yaml | 2 +- aiden-runner/Dockerfile | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/aiden-runner.yaml b/.github/workflows/aiden-runner.yaml index 36b6290..670329e 100644 --- a/.github/workflows/aiden-runner.yaml +++ b/.github/workflows/aiden-runner.yaml @@ -43,7 +43,7 @@ jobs: run: | VERSION="$(awk '$1 == \"version\" { print $2; exit }' aiden-runner.rb | tr -d '\"')" test -n "$VERSION" || { echo "Error: Failed to extract version from aiden-runner.rb"; exit 1; } - echo "$VERSION" | grep -Eq '^[0-9]+\.[0-9]+\.[0-9]+([.-][0-9A-Za-z.-]+)?$' || { echo "Error: Extracted version is not valid semver: $VERSION"; exit 1; } + echo "$VERSION" | grep -Eq '^[0-9]+\.[0-9]+\.[0-9]+(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?(\+[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?$' || { echo "Error: Extracted version is not valid semver: $VERSION"; exit 1; } echo "VERSION=$VERSION" >> "$GITHUB_OUTPUT" - name: Set up QEMU uses: docker/setup-qemu-action@v3 diff --git a/aiden-runner/Dockerfile b/aiden-runner/Dockerfile index 0a1f7e2..b1fa374 100644 --- a/aiden-runner/Dockerfile +++ b/aiden-runner/Dockerfile @@ -12,6 +12,7 @@ RUN apk update && \ RUN URL="https://releases.stackgen.com/binaries/aios-remote/v${AIDEN_RUNNER_VERSION}/aiden-runner_${AIDEN_RUNNER_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz" && \ wget --fail -O aiden-runner.tar.gz "$URL" || { echo "Error: failed to download aiden-runner from $URL" >&2; exit 1; } && \ tar -xzf aiden-runner.tar.gz && \ + test -f aiden-runner || { echo "Error: extracted archive does not contain aiden-runner binary" >&2; exit 1; } && \ mv aiden-runner /tmp/aiden-runner && \ chmod +x /tmp/aiden-runner && \ rm -f aiden-runner.tar.gz