chore: restore docker-compose and entrypoint script to upstream

Removing LS-related environment variables and configurations: - ANTIGRAVITY_LS_MODE - ANTIGRAVITY_LS_PROXY / STRATEGY / REPLICAS - GATEWAY_ANTIGRAVITY_LS_WORKER_* settings - Docker socket mount for LS worker Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
2026-04-09 00:43:23 +08:00 · 2026-04-09 00:43:23 +08:00 · ac0f69165c
commit ac0f69165c
parent d6100ae39e
2 changed files with 2 additions and 43 deletions
--- a/deploy/docker-compose.yml
+++ b/deploy/docker-compose.yml
@ -16,8 +16,7 @@ services:
  # Sub2API Application
  # ===========================================================================
  sub2api:
-    # Override with SUB2API_IMAGE to use a private registry or pinned tag.
-    image: ${SUB2API_IMAGE:-weishaw/sub2api:latest}
+    image: weishaw/sub2api:latest
    container_name: sub2api
    restart: unless-stopped
    ulimits:
@ -29,7 +28,6 @@ services:
    volumes:
      # Data persistence (config.yaml will be auto-generated here)
      - sub2api_data:/app/data
-      - /var/run/docker.sock:/var/run/docker.sock
      # Optional: Mount custom config.yaml (uncomment and create the file first)
      # Copy config.example.yaml to config.yaml, modify it, then uncomment:
      # - ./config.yaml:/app/data/config.yaml
@ -122,26 +120,6 @@ services:
      - GEMINI_CLI_OAUTH_CLIENT_SECRET=${GEMINI_CLI_OAUTH_CLIENT_SECRET:-}
      - ANTIGRAVITY_OAUTH_CLIENT_SECRET=${ANTIGRAVITY_OAUTH_CLIENT_SECRET:-}

-      # =======================================================================
-      # Language Server Pool Mode (Enhanced Security)
-      # =======================================================================
-      # Enable to route requests through real LS binary (Google's own code)
-      # This makes upstream traffic indistinguishable from real IDE
-      - ANTIGRAVITY_LS_MODE=${ANTIGRAVITY_LS_MODE:-false}
-      - ANTIGRAVITY_APP_ROOT=/app/ls
-      # SOCKS5/HTTP proxy fallback used when account has no dedicated LS proxy
-      - ANTIGRAVITY_LS_PROXY=${ANTIGRAVITY_LS_PROXY:-}
-      - ANTIGRAVITY_LS_STRATEGY=${ANTIGRAVITY_LS_STRATEGY:-js-parity}
-      - ANTIGRAVITY_LS_REPLICAS_PER_ACCOUNT=${ANTIGRAVITY_LS_REPLICAS_PER_ACCOUNT:-5}
-      # Keep the worker image aligned with the main image release when overriding.
-      - GATEWAY_ANTIGRAVITY_LS_WORKER_IMAGE=${GATEWAY_ANTIGRAVITY_LS_WORKER_IMAGE:-weishaw/sub2api-lsworker:latest}
-      - GATEWAY_ANTIGRAVITY_LS_WORKER_NETWORK=${GATEWAY_ANTIGRAVITY_LS_WORKER_NETWORK:-sub2api-network}
-      - GATEWAY_ANTIGRAVITY_LS_WORKER_DOCKER_SOCKET=${GATEWAY_ANTIGRAVITY_LS_WORKER_DOCKER_SOCKET:-unix:///var/run/docker.sock}
-      - GATEWAY_ANTIGRAVITY_LS_WORKER_IDLE_TTL=${GATEWAY_ANTIGRAVITY_LS_WORKER_IDLE_TTL:-15m}
-      - GATEWAY_ANTIGRAVITY_LS_WORKER_MAX_ACTIVE=${GATEWAY_ANTIGRAVITY_LS_WORKER_MAX_ACTIVE:-50}
-      - GATEWAY_ANTIGRAVITY_LS_WORKER_STARTUP_TIMEOUT=${GATEWAY_ANTIGRAVITY_LS_WORKER_STARTUP_TIMEOUT:-45s}
-      - GATEWAY_ANTIGRAVITY_LS_WORKER_REQUEST_TIMEOUT=${GATEWAY_ANTIGRAVITY_LS_WORKER_REQUEST_TIMEOUT:-60s}
-
      # =======================================================================
      # Security Configuration (URL Allowlist)
      # =======================================================================
@ -256,5 +234,4 @@ volumes:
 # =============================================================================
 networks:
  sub2api-network:
-    name: sub2api-network
    driver: bridge
--- a/deploy/docker-entrypoint.sh
+++ b/deploy/docker-entrypoint.sh
@ -8,27 +8,9 @@ if [ "$(id -u)" = "0" ]; then
    mkdir -p /app/data
    # Use || true to avoid failure on read-only mounted files (e.g. config.yaml:ro)
    chown -R sub2api:sub2api /app/data 2>/dev/null || true
-    if [ -S /var/run/docker.sock ]; then
-        DOCKER_GID="$(stat -c '%g' /var/run/docker.sock 2>/dev/null || true)"
-        if [ -n "${DOCKER_GID}" ]; then
-            DOCKER_GROUP="$(getent group "${DOCKER_GID}" | cut -d: -f1 || true)"
-            if [ -z "${DOCKER_GROUP}" ]; then
-                DOCKER_GROUP="dockersock"
-                groupadd -for -g "${DOCKER_GID}" "${DOCKER_GROUP}" 2>/dev/null || true
-            fi
-            usermod -aG "${DOCKER_GROUP}" sub2api 2>/dev/null || true
-        fi
-    fi
    # Re-invoke this script as sub2api so the flag-detection below
    # also runs under the correct user.
-    # Use gosu if available (Debian), fall back to su-exec (Alpine)
-    if command -v gosu >/dev/null 2>&1; then
-        exec gosu sub2api "$0" "$@"
-    elif command -v su-exec >/dev/null 2>&1; then
    exec su-exec sub2api "$0" "$@"
-    else
-        exec su -s /bin/sh sub2api -c "exec $0 $*"
-    fi
 fi

 # Compatibility: if the first arg looks like a flag (e.g. --help),