Fix sandboxing

[tomkcook]

Summary

Fixes the docker commandline when launching gemini in sandboxed mode. Addresses #26964.

Details

The default docker image used for sandboxing has an entrypoint set (gemini) but gemini-cli tries to then use bash -c as the command for the docker container. Since gemini bash -c isn't a valid command, the container fails to start.

Related Issues

Fixes #26964

How to Validate

GEMINI_SANDBOX=docker npm run start -- --sandbox

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request resolves an issue where the gemini-cli failed to start in sandboxed mode due to conflicting entrypoints in the default docker image. By explicitly overriding the entrypoint, the container can now correctly execute the intended commands.

Highlights

• Docker Entrypoint Override: Added '--entrypoint' '' to the docker run commands to prevent conflicts with existing image entrypoints when launching the sandbox.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request updates packages/cli/src/utils/sandbox.ts to include the --entrypoint '' flag in the container execution arguments for both the main sandbox and the sandbox proxy. This change ensures that any default entrypoints defined in the container images are overridden, allowing for more controlled execution. No review comments were provided for this pull request, so I have no additional feedback to offer.

[tomkcook]

I'm not quite clear about the license agreement. I've signed it, but it only lists my gmail address (which is the email github has for me) not the other address which is what git commits are tagged with.

I had added the alternate address to my google account before signing the agreement so I'm not sure why the bot still says the agreement is not signed.

[tomkcook]

I've now also force-pushed an amended commit with my personal email address on it and triggered a rescan, but it doesn't seem to have helped.