feat: make GEMINI_AUTH=oauth authenticate in Docker
Some checks failed
Release / semantic-release (push) Successful in 25s
tests / Unit tests (Linux, Python 3.11) (push) Failing after 5m17s
Release / build-linux (push) Failing after 7m8s
Release / build-windows (push) Has been cancelled
Release / build-macos (arm64, macos-latest) (push) Has been cancelled
Release / build-macos (x64, macos-15-intel) (push) Has been cancelled
Release / release-main (push) Has been cancelled
Release / release-develop (push) Has been cancelled
Some checks failed
Release / semantic-release (push) Successful in 25s
tests / Unit tests (Linux, Python 3.11) (push) Failing after 5m17s
Release / build-linux (push) Failing after 7m8s
Release / build-windows (push) Has been cancelled
Release / build-macos (arm64, macos-latest) (push) Has been cancelled
Release / build-macos (x64, macos-15-intel) (push) Has been cancelled
Release / release-main (push) Has been cancelled
Release / release-develop (push) Has been cancelled
OAuth cannot be done interactively in the headless container, so the login
must be seeded into the mounted ~/.gemini. Three problems are fixed:
- Mount fragility on the Windows Docker Desktop target: the creds mount
defaulted to ${HOME}/.config/javis/gemini, but ${HOME} is often unset when
compose runs outside a WSL shell, silently mounting the wrong dir. Default is
now the project-local ./docker/gemini-oauth (cross-platform), GEMINI_OAUTH_DIR
still overrides.
- No visibility: when oauth is selected but no login is seeded, the path
silently degraded to DDG/Brave. Added gemini_oauth_ready() + a one-time debug
hint and a startup entrypoint warning (skipped on the browser role, fail-open).
- Seeding guidance: oauth_creds.json is the essential credential (refresh token;
GOOGLE_GENAI_USE_GCA=true forces OAuth), which is what the readiness check and
warning verify; docs recommend copying the whole ~/.gemini for convenience.
Adds docker/gemini-oauth/ seed dir (.gitkeep) with the login files gitignored,
GEMINI_OAUTH_DIR in .env.example, and updates DEPLOY.md, stream_browser_modes.md
and llm_contexts.md. Covered by 3 new tests (10 passed total).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -59,7 +59,12 @@ entry) and falls back to the master flag so behaviour is unchanged.
|
||||
login (not API-key auth) and fails fast when no login exists rather than
|
||||
erroring on "no auth method". The CLI is resolved from `PATH` or
|
||||
`~/.local/bin/gemini`; install with `npm i -g @google/gemini-cli` and sign
|
||||
in once via interactive `gemini` ("Sign in with Google").
|
||||
in once via interactive `gemini` ("Sign in with Google"). In Docker the login
|
||||
can't be done interactively in the headless container: seed it instead by
|
||||
copying a logged-in `~/.gemini` into the project-local `docker/gemini-oauth`
|
||||
bind mount (or set `GEMINI_OAUTH_DIR`); the container reads/refreshes the
|
||||
token there. `gemini_oauth_ready()` gates an actionable log hint, and the
|
||||
entrypoint warns on startup, when oauth is selected but no login is seeded.
|
||||
- `apikey`: the REST endpoint (`generativelanguage.googleapis.com`) via stdlib
|
||||
`urllib` with the `google_search` grounding tool - no SDK dependency.
|
||||
- Both Gemini paths and the browser path return the same
|
||||
|
||||
Reference in New Issue
Block a user