generated from coulomb/repo-seed
tegwick
cec0fc6348
Add SandboxExtension base class, extension SDK docs, vm-packer attach mode for build-machines VMs, profile.vm-haskell-build, SSH port support, tests, and migration docs.
1.9 KiB
1.9 KiB
Migration — build-machines → ext.vm-packer
Maps the-custodian/infra/build-machines/ to sand-boxer profile.vm-haskell-build.
What moved
| Legacy (build-machines) | sand-boxer v0 |
|---|---|
| Packer OVA build | Unchanged — operator runs Packer in the-custodian |
| VM boot + build-agent registration | Unchanged — systemd agent on VM |
make remote-build PROJECT= |
sandboxer create + SSH into reachability.remote_dir |
Isolated workspace /build/<project> |
/build/sbx-<sandbox_id>/ per create |
make bridge-status |
ssh -p 12222 build@localhost or sandboxer inspect (future) |
v0 attach workflow
- Build/import VM per build-machines README.
- Ensure tunnel is up (
make bridge-statusin build-machines). - Create sand-boxer workspace:
export SANDBOXER_VM_TUNNEL_PORT=12222 # or use SSH alias
sandboxer create \
--profile profile.vm-haskell-build \
--input vm=haskell-build \
--input repo=~/projects/my-haskell-app \
--host localhost
- Run builds on VM:
ssh haskell-build "cd <remote_dir> && source ~/.ghcup/env && cabal build all"
- Destroy workspace (VM stays running):
sandboxer destroy <sandbox_id>
Inputs
| Input | Purpose |
|---|---|
vm |
SSH config alias (e.g. haskell-build) |
ssh_target |
Alias for vm |
tunnel_port |
Local reverse-tunnel port (default via SANDBOXER_VM_TUNNEL_PORT) |
repo |
Optional rsync source to workspace |
workspace_dir |
Override workspace path on VM |
Not migrated yet
- Automated Packer
createtrigger from sand-boxer API - State Hub capability-catalog sync from build-agent (agent unchanged)
- Port registry automation (
port-registry.yml) make remote-buildMakefile targets in the-custodian (add shim in follow-on if needed)
Runbook
docs/runbooks/profile-vm-haskell-build.md