container builds: opt-in extension deps via OPENCLAW_EXTENSIONS build arg#32223
container builds: opt-in extension deps via OPENCLAW_EXTENSIONS build arg#32223vincentkoc merged 4 commits intoopenclaw:mainfrom
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 84b2c14c0f
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| # layer so pnpm resolves their deps before the full source copy. | ||
| # Example: docker build --build-arg OPENCLAW_EXTENSIONS="diagnostics-otel matrix" . | ||
| ARG OPENCLAW_EXTENSIONS="" | ||
| RUN --mount=type=bind,source=extensions,target=/tmp/extensions \ |
There was a problem hiding this comment.
This new RUN --mount=... instruction is BuildKit-only syntax, so builds now depend on BuildKit even when OPENCLAW_EXTENSIONS is unset. In environments that still run docker build with BuildKit disabled (for example DOCKER_BUILDKIT=0 in older CI/self-hosted setups), the Dockerfile will fail before the extension loop executes, which is a regression for the default image path. Add a fallback (or explicitly enforce BuildKit in the setup scripts/workflow) so baseline builds keep working.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
To work around this for plain docker, need to cp the whole extensions/ dir to a temp location, cherry-pick just the package.json files we need, then clean up. It works on both Docker (with or without BuildKit) and Podman.
The tradeoff vs the --mount approach: this adds the full extensions/ directory to the build context (not in the final image). But since the rm -rf /tmp/extensions is in the same RUN instruction, the temp files won't be included in the final layer nor in the final image.
Greptile SummaryAdded
The approach is solid for K8s/immutable deployments where runtime npm install would fail or cause cold-start penalties. Confidence Score: 4/5
Last reviewed commit: 84b2c14 |
openclaw-barnacle
bot
added
docs
sallyom
force-pushed
the
dockerfile-update
branch
from
84b2c14 to
8104b3c
Compare
sallyom
force-pushed
the
dockerfile-update
branch
5 times, most recently
from
652ec09 to
397c356
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 397c35668f
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
sallyom
force-pushed
the
dockerfile-update
branch
from
397c356 to
6e5a8bb
Compare
|
I dug into the dependency concern here because at first glance it looks like What I found:
So the distinction is:
That means the build arg is coherent: it is an opt-in for baking selected extension dependency trees into the image while keeping the default image smaller. My remaining concern is CI coverage, not package metadata:
So I would not treat the missing core dep as a blocker, but I do think we should either:
That clarification should be in the thread before merge. |
Co-Authored-By: Claude Opus 4.6 <[email protected]> Signed-off-by: sallyom <[email protected]>
vincentkoc
force-pushed
the
dockerfile-update
branch
from
c8f2ee8 to
acae177
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: acae177f0d
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
… arg (openclaw#32223) * Docker: opt-in extension deps via OPENCLAW_EXTENSIONS build arg Co-Authored-By: Claude Opus 4.6 <[email protected]> Signed-off-by: sallyom <[email protected]> * CI: clarify extension smoke scope * Tests: allow digest-pinned multi-stage FROM lines * Changelog: note container extension preinstall option --------- Signed-off-by: sallyom <[email protected]> Co-authored-by: Claude Opus 4.6 <[email protected]> Co-authored-by: Vincent Koc <[email protected]>
… arg (openclaw#32223) * Docker: opt-in extension deps via OPENCLAW_EXTENSIONS build arg Co-Authored-By: Claude Opus 4.6 <[email protected]> Signed-off-by: sallyom <[email protected]> * CI: clarify extension smoke scope * Tests: allow digest-pinned multi-stage FROM lines * Changelog: note container extension preinstall option --------- Signed-off-by: sallyom <[email protected]> Co-authored-by: Claude Opus 4.6 <[email protected]> Co-authored-by: Vincent Koc <[email protected]>
… arg (openclaw#32223) * Docker: opt-in extension deps via OPENCLAW_EXTENSIONS build arg Co-Authored-By: Claude Opus 4.6 <[email protected]> Signed-off-by: sallyom <[email protected]> * CI: clarify extension smoke scope * Tests: allow digest-pinned multi-stage FROM lines * Changelog: note container extension preinstall option --------- Signed-off-by: sallyom <[email protected]> Co-authored-by: Claude Opus 4.6 <[email protected]> Co-authored-by: Vincent Koc <[email protected]>
2 participants
Summary
OPENCLAW_EXTENSIONSbuild arg to the Dockerfile so users can pre-install extension npm dependencies at image build time (e.g.--build-arg OPENCLAW_EXTENSIONS="diagnostics-otel matrix")docker-setup.shandsetup-podman.shMotivation
Extensions with their own
package.json(33 of 41) install deps on first load at runtime. This adds a cold-start penalty in containers. With this change, users can opt in to baking those deps into the image layer for faster startup.The 3 default extensions (
device-pair,phone-control,talk-voice) have nopackage.json, so the default image is unchanged.Kubernetes deployments
This change is particularly valuable for K8s environments where image immutability matters:
npm installwill fail if pods can't reach the npm registryrollback
Change Type (select all)
Scope (select all touched areas)
User-visible / Behavior Changes
NoneSecurity Impact (required)
No)No)No)No)No)Yes, explain risk + mitigation:Repro + Verification
Environment
Steps
docker build .— no extensions, same behavior as beforedocker build --build-arg OPENCLAW_EXTENSIONS="diagnostics-otel" .— extension deps installed in imagepodman build --build-arg OPENCLAW_EXTENSIONS="diagnostics-otel" .— same with Podman