zfc/sub2api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: restore docker-compose and entrypoint script to upstream

Browse Source 
Removing LS-related environment variables and configurations:
- ANTIGRAVITY_LS_MODE
- ANTIGRAVITY_LS_PROXY / STRATEGY / REPLICAS
- GATEWAY_ANTIGRAVITY_LS_WORKER_* settings
- Docker socket mount for LS worker

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit is contained in:
win 2026-04-09 00:43:23 +08:00
parent d6100ae39e
commit ac0f69165c
2 changed files with 2 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
deploy/docker-compose.yml
View File

@ -16,8 +16,7 @@ services:
# Sub2API Application # Sub2API Application
# =========================================================================== # ===========================================================================
sub2api: sub2api:
# Override with SUB2API_IMAGE to use a private registry or pinned tag. image: weishaw/sub2api:latest
image: ${SUB2API_IMAGE:-weishaw/sub2api:latest}
container_name: sub2api container_name: sub2api
restart: unless-stopped restart: unless-stopped
ulimits: ulimits:
@ -29,7 +28,6 @@ services:
volumes: volumes:
# Data persistence (config.yaml will be auto-generated here) # Data persistence (config.yaml will be auto-generated here)
- sub2api_data:/app/data - sub2api_data:/app/data
- /var/run/docker.sock:/var/run/docker.sock
# Optional: Mount custom config.yaml (uncomment and create the file first) # Optional: Mount custom config.yaml (uncomment and create the file first)
# Copy config.example.yaml to config.yaml, modify it, then uncomment: # Copy config.example.yaml to config.yaml, modify it, then uncomment:
# - ./config.yaml:/app/data/config.yaml # - ./config.yaml:/app/data/config.yaml
@ -122,26 +120,6 @@ services:
- GEMINI_CLI_OAUTH_CLIENT_SECRET=${GEMINI_CLI_OAUTH_CLIENT_SECRET:-} - GEMINI_CLI_OAUTH_CLIENT_SECRET=${GEMINI_CLI_OAUTH_CLIENT_SECRET:-}
- ANTIGRAVITY_OAUTH_CLIENT_SECRET=${ANTIGRAVITY_OAUTH_CLIENT_SECRET:-} - ANTIGRAVITY_OAUTH_CLIENT_SECRET=${ANTIGRAVITY_OAUTH_CLIENT_SECRET:-}
# =======================================================================
# Language Server Pool Mode (Enhanced Security)
# =======================================================================
# Enable to route requests through real LS binary (Google's own code)
# This makes upstream traffic indistinguishable from real IDE
- ANTIGRAVITY_LS_MODE=${ANTIGRAVITY_LS_MODE:-false}
- ANTIGRAVITY_APP_ROOT=/app/ls
# SOCKS5/HTTP proxy fallback used when account has no dedicated LS proxy
- ANTIGRAVITY_LS_PROXY=${ANTIGRAVITY_LS_PROXY:-}
- ANTIGRAVITY_LS_STRATEGY=${ANTIGRAVITY_LS_STRATEGY:-js-parity}
- ANTIGRAVITY_LS_REPLICAS_PER_ACCOUNT=${ANTIGRAVITY_LS_REPLICAS_PER_ACCOUNT:-5}
# Keep the worker image aligned with the main image release when overriding.
- GATEWAY_ANTIGRAVITY_LS_WORKER_IMAGE=${GATEWAY_ANTIGRAVITY_LS_WORKER_IMAGE:-weishaw/sub2api-lsworker:latest}
- GATEWAY_ANTIGRAVITY_LS_WORKER_NETWORK=${GATEWAY_ANTIGRAVITY_LS_WORKER_NETWORK:-sub2api-network}
- GATEWAY_ANTIGRAVITY_LS_WORKER_DOCKER_SOCKET=${GATEWAY_ANTIGRAVITY_LS_WORKER_DOCKER_SOCKET:-unix:///var/run/docker.sock}
- GATEWAY_ANTIGRAVITY_LS_WORKER_IDLE_TTL=${GATEWAY_ANTIGRAVITY_LS_WORKER_IDLE_TTL:-15m}
- GATEWAY_ANTIGRAVITY_LS_WORKER_MAX_ACTIVE=${GATEWAY_ANTIGRAVITY_LS_WORKER_MAX_ACTIVE:-50}
- GATEWAY_ANTIGRAVITY_LS_WORKER_STARTUP_TIMEOUT=${GATEWAY_ANTIGRAVITY_LS_WORKER_STARTUP_TIMEOUT:-45s}
- GATEWAY_ANTIGRAVITY_LS_WORKER_REQUEST_TIMEOUT=${GATEWAY_ANTIGRAVITY_LS_WORKER_REQUEST_TIMEOUT:-60s}
# ======================================================================= # =======================================================================
# Security Configuration (URL Allowlist) # Security Configuration (URL Allowlist)
# ======================================================================= # =======================================================================
@ -256,5 +234,4 @@ volumes:
# ============================================================================= # =============================================================================
networks: networks:
sub2api-network: sub2api-network:
name: sub2api-network
driver: bridge driver: bridge

20
deploy/docker-entrypoint.sh
View File

@ -8,27 +8,9 @@ if [ "$(id -u)" = "0" ]; then
mkdir -p /app/data mkdir -p /app/data
# Use || true to avoid failure on read-only mounted files (e.g. config.yaml:ro) # Use || true to avoid failure on read-only mounted files (e.g. config.yaml:ro)
chown -R sub2api:sub2api /app/data 2>/dev/null || true chown -R sub2api:sub2api /app/data 2>/dev/null || true
if [ -S /var/run/docker.sock ]; then
DOCKER_GID="$(stat -c '%g' /var/run/docker.sock 2>/dev/null || true)"
if [ -n "${DOCKER_GID}" ]; then
DOCKER_GROUP="$(getent group "${DOCKER_GID}" | cut -d: -f1 || true)"
if [ -z "${DOCKER_GROUP}" ]; then
DOCKER_GROUP="dockersock"
groupadd -for -g "${DOCKER_GID}" "${DOCKER_GROUP}" 2>/dev/null || true
fi
usermod -aG "${DOCKER_GROUP}" sub2api 2>/dev/null || true
fi
fi
# Re-invoke this script as sub2api so the flag-detection below # Re-invoke this script as sub2api so the flag-detection below
# also runs under the correct user. # also runs under the correct user.
# Use gosu if available (Debian), fall back to su-exec (Alpine) exec su-exec sub2api "$0" "$@"
if command -v gosu >/dev/null 2>&1; then
exec gosu sub2api "$0" "$@"
elif command -v su-exec >/dev/null 2>&1; then
exec su-exec sub2api "$0" "$@"
else
exec su -s /bin/sh sub2api -c "exec $0 $*"
fi
fi fi
# Compatibility: if the first arg looks like a flag (e.g. --help), # Compatibility: if the first arg looks like a flag (e.g. --help),