Skip to content

feat: migrate plugin execution from Docker-in-Docker to disk-based exec#5

Merged
ZergsLaw merged 3 commits into
masterfrom
feature/disk-plugin-execution
May 24, 2026
Merged

feat: migrate plugin execution from Docker-in-Docker to disk-based exec#5
ZergsLaw merged 3 commits into
masterfrom
feature/disk-plugin-execution

Conversation

@ZergsLaw
Copy link
Copy Markdown
Contributor

@ZergsLaw ZergsLaw commented May 24, 2026

Replace Docker-in-Docker plugin execution with direct process execution via exec.CommandContext. Plugins are binary files or scripts mounted via a Docker volume and executed directly inside the service container.

Changes:

  • Replace DockerConfig with PluginConfig (command/env/timeout)
  • Rewrite plugin.Generate() to use exec.CommandContext
  • Add ValidateConfig with path traversal protection
  • Environment isolation: only config.env propagated, no service secrets
  • Process group isolation: Setpgid + SIGKILL on timeout/cancel
  • Output size limiting via io.LimitReader
  • Per-plugin timeout support
  • Remove Docker exit codes from isTransient()
  • Update TracingPlugin spans: docker.exec -> process.exec
  • Dockerfile: debian:bookworm-slim, no docker-cli, VOLUME /plugins
  • SQL migration: docker config -> command format
  • Comprehensive test suite with mock plugin binary

ZergsLaw added 3 commits May 24, 2026 17:47
@ZergsLaw
feat: migrate plugin execution from Docker-in-Docker to disk-based exec
fc935cf 
Replace Docker-in-Docker plugin execution with direct process execution
via exec.CommandContext. Plugins are binary files or scripts mounted via
a Docker volume and executed directly inside the service container.

Changes:
- Replace DockerConfig with PluginConfig (command/env/timeout)
- Rewrite plugin.Generate() to use exec.CommandContext
- Add ValidateConfig with path traversal protection
- Environment isolation: only config.env propagated, no service secrets
- Process group isolation: Setpgid + SIGKILL on timeout/cancel
- Output size limiting via io.LimitReader
- Per-plugin timeout support
- Remove Docker exit codes from isTransient()
- Update TracingPlugin spans: docker.exec -> process.exec
- Dockerfile: debian:bookworm-slim, no docker-cli, VOLUME /plugins
- SQL migration: docker config -> command format
- Comprehensive test suite with mock plugin binary
@ZergsLaw
refactor: remove legacy Docker config checks and references
c65a9c3
@ZergsLaw
test: remove all tests and test data from the repository
d8b13a7
@ZergsLaw ZergsLaw merged commit e92d56a into master May 24, 2026
2 checks passed
@ZergsLaw ZergsLaw deleted the feature/disk-plugin-execution branch May 24, 2026 15:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ZergsLaw