feat: make GEMINI_AUTH=oauth authenticate in Docker
Some checks failed
Release / semantic-release (push) Successful in 25s
tests / Unit tests (Linux, Python 3.11) (push) Failing after 5m17s
Release / build-linux (push) Failing after 7m8s
Release / build-windows (push) Has been cancelled
Release / build-macos (arm64, macos-latest) (push) Has been cancelled
Release / build-macos (x64, macos-15-intel) (push) Has been cancelled
Release / release-main (push) Has been cancelled
Release / release-develop (push) Has been cancelled
Some checks failed
Release / semantic-release (push) Successful in 25s
tests / Unit tests (Linux, Python 3.11) (push) Failing after 5m17s
Release / build-linux (push) Failing after 7m8s
Release / build-windows (push) Has been cancelled
Release / build-macos (arm64, macos-latest) (push) Has been cancelled
Release / build-macos (x64, macos-15-intel) (push) Has been cancelled
Release / release-main (push) Has been cancelled
Release / release-develop (push) Has been cancelled
OAuth cannot be done interactively in the headless container, so the login
must be seeded into the mounted ~/.gemini. Three problems are fixed:
- Mount fragility on the Windows Docker Desktop target: the creds mount
defaulted to ${HOME}/.config/javis/gemini, but ${HOME} is often unset when
compose runs outside a WSL shell, silently mounting the wrong dir. Default is
now the project-local ./docker/gemini-oauth (cross-platform), GEMINI_OAUTH_DIR
still overrides.
- No visibility: when oauth is selected but no login is seeded, the path
silently degraded to DDG/Brave. Added gemini_oauth_ready() + a one-time debug
hint and a startup entrypoint warning (skipped on the browser role, fail-open).
- Seeding guidance: oauth_creds.json is the essential credential (refresh token;
GOOGLE_GENAI_USE_GCA=true forces OAuth), which is what the readiness check and
warning verify; docs recommend copying the whole ~/.gemini for convenience.
Adds docker/gemini-oauth/ seed dir (.gitkeep) with the login files gitignored,
GEMINI_OAUTH_DIR in .env.example, and updates DEPLOY.md, stream_browser_modes.md
and llm_contexts.md. Covered by 3 new tests (10 passed total).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -67,5 +67,19 @@ fi
|
||||
# --- Ensure the Piper voice exists (best effort) ---
|
||||
bash /app/docker/download-piper.sh || echo "[entrypoint] piper download failed; TTS may be unavailable"
|
||||
|
||||
# --- Gemini OAuth login check (GEMINI_AUTH=oauth real-time search) ---
|
||||
# The browser-only role never runs the reply engine / web search, so skip the
|
||||
# check there. Otherwise warn (don't fail) when oauth is selected but no login
|
||||
# has been seeded into the mounted ~/.gemini, since the path silently degrades
|
||||
# to the DDG/Brave cascade.
|
||||
if [ "${JARVIS_ROLE:-full}" != "browser" ] \
|
||||
&& [ "${GEMINI_AUTH:-oauth}" = "oauth" ] \
|
||||
&& [ ! -f /root/.gemini/oauth_creds.json ]; then
|
||||
echo "[entrypoint] 🔑 GEMINI_AUTH=oauth but no Gemini login at /root/.gemini/oauth_creds.json"
|
||||
echo "[entrypoint] Real-time search will fall back to DDG/Brave until you seed the login."
|
||||
echo "[entrypoint] Seed it: copy a logged-in ~/.gemini into the host's gemini-oauth dir"
|
||||
echo "[entrypoint] (default ./docker/gemini-oauth, or set GEMINI_OAUTH_DIR). See docs/DEPLOY.md."
|
||||
fi
|
||||
|
||||
echo "[entrypoint] display=$DISPLAY ollama=$OLLAMA_BASE_URL whisper=$WHISPER_MODEL/$WHISPER_DEVICE"
|
||||
exec supervisord -c /app/docker/supervisord.conf
|
||||
|
||||
4
docker/gemini-oauth/.gitkeep
Normal file
4
docker/gemini-oauth/.gitkeep
Normal file
@@ -0,0 +1,4 @@
|
||||
# Seed directory for the Gemini CLI OAuth login used by GEMINI_AUTH=oauth.
|
||||
# docker-compose bind-mounts this dir into the container's ~/.gemini.
|
||||
# Seed it once (see docker-compose.yml): cp -r ~/.gemini/. docker/gemini-oauth/
|
||||
# The login files themselves are gitignored (they contain account tokens).
|
||||
Reference in New Issue
Block a user