AssertionError: expected '#!/usr/bin/env bash\nset -euo pipefai…' to contain 'printf "%s\n" "GITHUB_TOKEN=$EFFECTIV…' - Expected + Received - printf "%s\n" "GITHUB_TOKEN=$EFFECTIVE_GITHUB_TOKEN" >> "$SSH_ENV_PATH" + #!/usr/bin/env bash + set -euo pipefail + + REPO_URL="${REPO_URL:-}" + REPO_REF="${REPO_REF:-}" + FORK_REPO_URL="${FORK_REPO_URL:-}" + TARGET_DIR="${TARGET_DIR:-/home/dev/app}" + CLAUDE_AUTH_LABEL="${CLAUDE_AUTH_LABEL:-}" + GIT_AUTH_USER="${GIT_AUTH_USER:-${GITHUB_USER:-x-access-token}}" + GIT_AUTH_TOKEN="${GIT_AUTH_TOKEN:-${GITHUB_TOKEN:-${GH_TOKEN:-}}}" + GH_TOKEN="${GH_TOKEN:-${GIT_AUTH_TOKEN:-}}" + GITHUB_TOKEN="${GITHUB_TOKEN:-${GH_TOKEN:-}}" + GIT_USER_NAME="${GIT_USER_NAME:-}" + GIT_USER_EMAIL="${GIT_USER_EMAIL:-}" + CODEX_AUTO_UPDATE="${CODEX_AUTO_UPDATE:-1}" + MCP_PLAYWRIGHT_ENABLE="${MCP_PLAYWRIGHT_ENABLE:-0}" + MCP_PLAYWRIGHT_CDP_ENDPOINT="${MCP_PLAYWRIGHT_CDP_ENDPOINT:-}" + MCP_PLAYWRIGHT_ISOLATED="${MCP_PLAYWRIGHT_ISOLATED:-1}" + + SSH_ENV_PATH="/home/dev/.ssh/environment" + + docker_git_upsert_ssh_env() { + local key="$1" + local value="$2" + + if [[ -d "$SSH_ENV_PATH" ]]; then + mv "$SSH_ENV_PATH" "$SSH_ENV_PATH.bak-$(date +%s)" || true + fi + + mkdir -p "$(dirname "$SSH_ENV_PATH")" + touch "$SSH_ENV_PATH" + + awk -v k="$key" -F= '$1 != k { print }' "$SSH_ENV_PATH" > "$SSH_ENV_PATH.tmp" + mv "$SSH_ENV_PATH.tmp" "$SSH_ENV_PATH" + + printf "%s + " "$key=$value" >> "$SSH_ENV_PATH" + chmod 600 "$SSH_ENV_PATH" || true + chown 1000:1000 "$SSH_ENV_PATH" || true + } + + # 1) Authorized keys are mounted from host at /authorized_keys + mkdir -p /home/dev/.ssh + chmod 700 /home/dev/.ssh + + if [[ -f /authorized_keys ]]; then + cp /authorized_keys /home/dev/.ssh/authorized_keys + chmod 600 /home/dev/.ssh/authorized_keys + fi + + chown -R 1000:1000 /home/dev/.ssh + + # Ensure Codex home exists if mounted + mkdir -p /home/dev/.codex + chown -R 1000:1000 /home/dev/.codex + + # Ensure home ownership matches the dev UID/GID (volumes may be stale) + HOME_OWNER="$(stat -c "%u:%g" /home/dev 2>/dev/null || echo "")" + if [[ "$HOME_OWNER" != "1000:1000" ]]; then + chown -R 1000:1000 /home/dev || true + fi + + # Share Codex auth.json across projects (avoids refresh_token_reused) + CODEX_SHARE_AUTH="${CODEX_SHARE_AUTH:-1}" + if [[ "$CODEX_SHARE_AUTH" == "1" ]]; then + CODEX_SHARED_HOME="/home/dev/.codex-shared" + mkdir -p "$CODEX_SHARED_HOME" + chown -R 1000:1000 "$CODEX_SHARED_HOME" || true + + AUTH_FILE="/home/dev/.codex/auth.json" + SHARED_AUTH_FILE="$CODEX_SHARED_HOME/auth.json" + + # Guard against a bad bind mount creating a directory at auth.json. + if [[ -d "$AUTH_FILE" ]]; then + mv "$AUTH_FILE" "$AUTH_FILE.bak-$(date +%s)" || true + fi + if [[ -e "$AUTH_FILE" && ! -L "$AUTH_FILE" ]]; then + rm -f "$AUTH_FILE" || true + fi + + ln -sf "$SHARED_AUTH_FILE" "$AUTH_FILE" + fi + + OPENCODE_DATA_DIR="/home/dev/.local/share/opencode" + OPENCODE_AUTH_FILE="$OPENCODE_DATA_DIR/auth.json" + OPENCODE_SHARED_HOME="/home/dev/.codex-shared/opencode" + OPENCODE_SHARED_AUTH_FILE="$OPENCODE_SHARED_HOME/auth.json" + + # OpenCode: share auth.json across projects (so /connect is one-time) + OPENCODE_SHARE_AUTH="${OPENCODE_SHARE_AUTH:-1}" + if [[ "$OPENCODE_SHARE_AUTH" == "1" ]]; then + # Store in the shared auth volume to persist across projects/containers. + mkdir -p "$OPENCODE_DATA_DIR" "$OPENCODE_SHARED_HOME" + chown -R 1000:1000 "$OPENCODE_DATA_DIR" "$OPENCODE_SHARED_HOME" || true + + # Guard against a bad bind mount creating a directory at auth.json. + if [[ -d "$OPENCODE_AUTH_FILE" ]]; then + mv "$OPENCODE_AUTH_FILE" "$OPENCODE_AUTH_FILE.bak-$(date +%s)" || true + fi + + # Migrate existing per-project auth into the shared location once. + if [[ -f "$OPENCODE_AUTH_FILE" && ! -L "$OPENCODE_AUTH_FILE" ]]; then + if [[ -f "$OPENCODE_SHARED_AUTH_FILE" ]]; then + LOCAL_AUTH="$OPENCODE_AUTH_FILE" SHARED_AUTH="$OPENCODE_SHARED_AUTH_FILE" node - <<'NODE' + const fs = require("fs") + const localPath = process.env.LOCAL_AUTH + const sharedP