feat: publish root Dockerfile to our image registry (#599)

scripts/build_sandbox.sh

@@ -26,7 +26,7 @@ fi
 CMD=$(scripts/sandbox_command.sh)
 echo "using $CMD for sandboxing"
 
-IMAGE=gemini-code-sandbox
+IMAGE=gemini-code-sandbox:latest
 DOCKERFILE=Dockerfile
 
 SKIP_NPM_INSTALL_BUILD=false

scripts/prepare-cli-packagejson.js

@@ -0,0 +1,66 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import fs from 'fs';
+import path from 'path';
+import { fileURLToPath } from 'url';
+
+// ES module equivalent of __dirname
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+
+const cliPackageJsonPath = path.resolve(
+  __dirname,
+  '../packages/cli/package.json',
+);
+const cliPackageJson = JSON.parse(fs.readFileSync(cliPackageJsonPath, 'utf8'));
+
+// Get version from root package.json (accessible via env var in npm scripts)
+const version = process.env.npm_package_version;
+
+// Get Docker registry and image name directly from PUBLISH_ environment variables.
+// These are expected to be set by the CI/build environment.
+const dockerRegistry = process.env.SANDBOX_IMAGE_REGISTRY;
+const dockerImageName = process.env.SANDBOX_IMAGE_NAME;
+
+if (!version || !dockerRegistry || !dockerImageName) {
+  console.error(
+    'Error: Missing required environment variables. Need: ' +
+      'npm_package_version, SANDBOX_IMAGE_REGISTRY, and SANDBOX_IMAGE_NAME.',
+  );
+  console.error(
+    'These should be passed from the CI environment (e.g., Cloud Build substitutions) ' +
+      'to the npm publish:release script.',
+  );
+  process.exit(1);
+}
+
+const dockerImageUri = `${dockerRegistry}/${dockerImageName}:${version}`;
+
+// Add or update fields in cliPackageJson.config to store this information
+if (!cliPackageJson.config) {
+  cliPackageJson.config = {};
+}
+cliPackageJson.config.dockerImageUri = dockerImageUri;
+cliPackageJson.config.dockerRegistry = dockerRegistry;
+cliPackageJson.config.dockerImageName = dockerImageName;
+
+// Remove 'prepublishOnly' from scripts if it exists
+if (cliPackageJson.scripts && cliPackageJson.scripts.prepublishOnly) {
+  delete cliPackageJson.scripts.prepublishOnly;
+  console.log('Removed prepublishOnly script from packages/cli/package.json');
+}
+
+fs.writeFileSync(
+  cliPackageJsonPath,
+  JSON.stringify(cliPackageJson, null, 2) + '\n',
+);
+console.log(
+  `Updated ${path.relative(process.cwd(), cliPackageJsonPath)} with Docker image details:`,
+);
+console.log(`  URI: ${dockerImageUri}`);
+console.log(`  Registry: ${dockerRegistry}`);
+console.log(`  Image Name: ${dockerImageName}`);

scripts/publish-sandbox.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -euo pipefail
+
+# Ensure required environment variables are set
+if [ -z "${SANDBOX_IMAGE_REGISTRY}" ]; then
+  echo "Error: SANDBOX_IMAGE_REGISTRY environment variable is not set." >&2
+  exit 1
+fi
+
+if [ -z "${SANDBOX_IMAGE_NAME}" ]; then
+  echo "Error: SANDBOX_IMAGE_NAME environment variable is not set." >&2
+  exit 1
+fi
+
+if [ -z "${npm_package_version}" ]; then
+  echo "Error: npm_package_version environment variable is not set (should be run via npm)." >&2
+  exit 1
+fi
+
+IMAGE_URI="${SANDBOX_IMAGE_REGISTRY}/${SANDBOX_IMAGE_NAME}:${npm_package_version}"
+
+if [ -n "${DOCKER_DRY_RUN:-}" ]; then
+  echo "DRY RUN: Would execute: docker push \"${IMAGE_URI}\""
+else
+  echo "Executing: docker push \"${IMAGE_URI}\""
+  docker push "${IMAGE_URI}"
+fi