#!/bin/sh set -e # ── SSH authorized key ──────────────────────────────────────────────── # HUSKIES_SSH_PUBKEY is set by `new project` when it generates a keypair. # Write it to authorized_keys so the user can connect with the matching # private key stored at ~/.huskies//id_ed25519 on the host. if [ -n "$HUSKIES_SSH_PUBKEY" ]; then mkdir -p /home/huskies/.ssh chmod 700 /home/huskies/.ssh printf '%s\n' "$HUSKIES_SSH_PUBKEY" > /home/huskies/.ssh/authorized_keys chmod 600 /home/huskies/.ssh/authorized_keys fi # ── SSH daemon ──────────────────────────────────────────────────────── # Start sshd in the background so the container accepts SSH connections. # Uses sudo (huskies has NOPASSWD for /usr/sbin/sshd in sudoers.d). sudo /usr/sbin/sshd -D -e & # ── Git identity ───────────────────────────────────────────────────── # Agents commit code inside the container. Without a git identity, # commits fail or use garbage defaults. Fail loudly at startup so the # operator knows immediately. if [ -z "$GIT_USER_NAME" ]; then echo "FATAL: GIT_USER_NAME is not set. Export it in your environment or docker-compose.yml." >&2 exit 1 fi if [ -z "$GIT_USER_EMAIL" ]; then echo "FATAL: GIT_USER_EMAIL is not set. Export it in your environment or docker-compose.yml." >&2 exit 1 fi # Set git identity globally so it persists for all shells (docker exec, etc.), # not just the entrypoint process tree. git config --global user.name "$GIT_USER_NAME" git config --global user.email "$GIT_USER_EMAIL" # Also set env vars for backwards compatibility. export GIT_AUTHOR_NAME="$GIT_USER_NAME" export GIT_COMMITTER_NAME="$GIT_USER_NAME" export GIT_AUTHOR_EMAIL="$GIT_USER_EMAIL" export GIT_COMMITTER_EMAIL="$GIT_USER_EMAIL" # ── Git credential helper (HTTPS push) ──────────────────────────────────── # If GIT_PUSH_TOKEN is supplied at container creation time, configure git's # built-in credential store so `git push` over HTTPS authenticates without # user interaction. GIT_CLONE_URL provides the host portion of the URL used # as the key in ~/.git-credentials. if [ -n "$GIT_PUSH_TOKEN" ] && [ -n "$GIT_CLONE_URL" ]; then _scheme=$(echo "$GIT_CLONE_URL" | cut -d':' -f1) _host=$(echo "$GIT_CLONE_URL" | sed 's|^https\?://||' | cut -d'/' -f1) git config --global credential.helper store printf '%s://x-access-token:%s@%s\n' "$_scheme" "$GIT_PUSH_TOKEN" "$_host" \ > /home/huskies/.git-credentials chmod 600 /home/huskies/.git-credentials fi # ── Frontend native deps ──────────────────────────────────────────── # The project repo is bind-mounted from the host, so node_modules/ # may contain native binaries for the wrong platform (e.g. darwin # binaries on a Linux container). Reinstall to get the right ones. if [ -d /workspace/frontend ] && [ -f /workspace/frontend/package.json ]; then echo "Installing frontend dependencies for container platform..." cd /workspace/frontend && npm ci --prefer-offline 2>/dev/null || true cd /workspace fi exec "$@"