feat: Add multi-stage docker build support for custom sandbox.Dockerfile (#746)

scripts/build_sandbox.sh

@@ -26,20 +26,26 @@ fi
 CMD=$(scripts/sandbox_command.sh)
 echo "using $CMD for sandboxing"
 
-IMAGE=gemini-cli-sandbox
-DOCKERFILE=Dockerfile
+BASE_IMAGE=gemini-cli-sandbox
+CUSTOM_IMAGE=''
+BASE_DOCKERFILE=Dockerfile
+CUSTOM_DOCKERFILE=''
 
 SKIP_NPM_INSTALL_BUILD=false
-while getopts "sf:" opt; do
+while getopts "sf:i:" opt; do
     case ${opt} in
     s) SKIP_NPM_INSTALL_BUILD=true ;;
     f)
-        DOCKERFILE=$OPTARG
+        CUSTOM_DOCKERFILE=$OPTARG
+        ;;
+    i)
+        CUSTOM_IMAGE=$OPTARG
         ;;
     \?)
         echo "usage: $(basename "$0") [-s] [-f <dockerfile>]"
         echo "  -s: skip npm install + npm run build"
-        echo "  -f <dockerfile>: use <dockerfile>"
+        echo "  -f <dockerfile>: use <dockerfile> for custom image"
+        echo "  -i <image>: use <image> name for custom image"
         exit 1
         ;;
     esac
@@ -64,9 +70,6 @@ npm pack -w @gemini-code/core --pack-destination ./packages/core/dist &>/dev/nul
 # give node user (used during installation, see Dockerfile) access to these files
 chmod 755 packages/*/dist/gemini-code-*.tgz
 
-# build container image & prune older unused images
-echo "building $IMAGE ... (can be slow first time)"
-
 # redirect build output to /dev/null unless VERBOSE is set
 BUILD_STDOUT="/dev/null"
 if [ -n "${VERBOSE:-}" ]; then
@@ -76,17 +79,34 @@ fi
 # initialize build arg array from BUILD_SANDBOX_FLAGS
 read -r -a build_args <<<"${BUILD_SANDBOX_FLAGS:-}"
 
-# append common build args
-build_args+=(-f "$DOCKERFILE" -t "$IMAGE" .)
+build_image() {
+    local -n build_args=$1
 
-if [[ "$CMD" == "podman" ]]; then
-    # use empty --authfile to skip unnecessary auth refresh overhead
-    $CMD build --authfile=<(echo '{}') "${build_args[@]}" >$BUILD_STDOUT
-elif [[ "$CMD" == "docker" ]]; then
-    # use config directory to skip unnecessary auth refresh overhead
-    $CMD --config=".docker" buildx build "${build_args[@]}" >$BUILD_STDOUT
-else
-    $CMD build "${build_args[@]}" >$BUILD_STDOUT
+    if [[ "$CMD" == "podman" ]]; then
+        # use empty --authfile to skip unnecessary auth refresh overhead
+        $CMD build --authfile=<(echo '{}') "${build_args[@]}" >$BUILD_STDOUT
+    elif [[ "$CMD" == "docker" ]]; then
+        # use config directory to skip unnecessary auth refresh overhead
+        $CMD --config=".docker" buildx build "${build_args[@]}" >$BUILD_STDOUT
+    else
+        $CMD build "${build_args[@]}" >$BUILD_STDOUT
+    fi
+}
+
+# build container images & prune older unused images
+
+echo "building $BASE_IMAGE ... (can be slow first time)"
+base_image_build_args=(${build_args[@]})
+base_image_build_args+=(-f "$BASE_DOCKERFILE" -t "$BASE_IMAGE" .)
+build_image base_image_build_args
+echo "built $BASE_IMAGE"
+
+if [[ -n "$CUSTOM_DOCKERFILE" && -n "$CUSTOM_IMAGE" ]]; then
+    echo "building $CUSTOM_IMAGE ... (can be slow first time)"
+    custom_image_build_args=(${build_args[@]})
+    custom_image_build_args+=(-f "$CUSTOM_DOCKERFILE" -t "$CUSTOM_IMAGE" .)
+    build_image custom_image_build_args
+    echo "built $CUSTOM_IMAGE"
 fi
+
 $CMD image prune -f >/dev/null
-echo "built $IMAGE"