Files

hsiegeln 5043e1d4a1 feat(loader): add cameleer-runtime-loader image (busybox + entrypoint)

Init container that fetches the deployable JAR from a signed URL into the
shared /app/jars/ volume before the main runtime container starts. Pairs
with the controller (Task 7) and DockerRuntimeOrchestrator (Task 10).

- Dockerfile: busybox:1.37-musl, non-root USER (UID 1000)
- entrypoint.sh: POSIX sh, set -eu, required env vars (ARTIFACT_URL,
  ARTIFACT_EXPECTED_SIZE), wget with retries/timeout, size verification
- README: build instructions and runtime contract

Smoke-tested locally (docker build + happy-path fetch + size-mismatch).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-27 15:51:01 +02:00

719 B

Raw Blame History

cameleer-runtime-loader

Init container that fetches the deployable JAR into a shared volume before the main runtime container starts. Pairs with DockerRuntimeOrchestrator / (future) K8s init-container deploys.

Build

docker build -t gitea.siegeln.net/cameleer/cameleer-runtime-loader:<tag> .
docker push gitea.siegeln.net/cameleer/cameleer-runtime-loader:<tag>

Contract

Env: ARTIFACT_URL (signed download URL), ARTIFACT_EXPECTED_SIZE (bytes).
Volume: writes /app/jars/app.jar.
Exit 0 on success; non-zero on fetch/size failure.
Runs as UID 1000 (loader user), drops all caps, read-only rootfs except /app/jars.

See docs/superpowers/plans/2026-04-27-init-container-jar-fetch.md.

719 B Raw Blame History

cameleer-runtime-loader

Build

Contract

719 B

Raw Blame History