5043e1d4a1
Init container that fetches the deployable JAR from a signed URL into the shared /app/jars/ volume before the main runtime container starts. Pairs with the controller (Task 7) and DockerRuntimeOrchestrator (Task 10). - Dockerfile: busybox:1.37-musl, non-root USER (UID 1000) - entrypoint.sh: POSIX sh, set -eu, required env vars (ARTIFACT_URL, ARTIFACT_EXPECTED_SIZE), wget with retries/timeout, size verification - README: build instructions and runtime contract Smoke-tested locally (docker build + happy-path fetch + size-mismatch). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
20 lines
719 B
Markdown
20 lines
719 B
Markdown
# cameleer-runtime-loader
|
|
|
|
Init container that fetches the deployable JAR into a shared volume before the
|
|
main runtime container starts. Pairs with `DockerRuntimeOrchestrator` /
|
|
(future) K8s init-container deploys.
|
|
|
|
## Build
|
|
|
|
docker build -t gitea.siegeln.net/cameleer/cameleer-runtime-loader:<tag> .
|
|
docker push gitea.siegeln.net/cameleer/cameleer-runtime-loader:<tag>
|
|
|
|
## Contract
|
|
|
|
- Env: `ARTIFACT_URL` (signed download URL), `ARTIFACT_EXPECTED_SIZE` (bytes).
|
|
- Volume: writes `/app/jars/app.jar`.
|
|
- Exit 0 on success; non-zero on fetch/size failure.
|
|
- Runs as UID 1000 (loader user), drops all caps, read-only rootfs except `/app/jars`.
|
|
|
|
See `docs/superpowers/plans/2026-04-27-init-container-jar-fetch.md`.
|