Skip to content

podman: wire OPENCLAW_INSTALL_BROWSER build-arg to setup script#63407

Open
urtabajev wants to merge 2 commits intoopenclaw:mainfrom
urtabajev:wire-podman-install-browser
Open

podman: wire OPENCLAW_INSTALL_BROWSER build-arg to setup script#63407
urtabajev wants to merge 2 commits intoopenclaw:mainfrom
urtabajev:wire-podman-install-browser

Conversation

@urtabajev
Copy link
Copy Markdown

@urtabajev urtabajev commented Apr 8, 2026
edited
Loading

Summary

  • Problem: The Podman setup script (scripts/podman/setup.sh) does not forward the OPENCLAW_INSTALL_BROWSER build-arg to podman build, so users cannot pre-install Chromium + Xvfb when building via Podman.
  • Why it matters: Docker users can already use OPENCLAW_INSTALL_BROWSER=1 to bake Playwright browsers into the image, eliminating the 60-90s runtime install. Podman users should have the same capability. This change brings Podman setup to parity with Docker.
  • What changed: Added OPENCLAW_INSTALL_BROWSER forwarding to BUILD_ARGS in scripts/podman/setup.sh, following the same pattern as OPENCLAW_DOCKER_APT_PACKAGES and OPENCLAW_EXTENSIONS. Documented it in docs/install/podman.md.
  • What did NOT change (scope boundary): No Dockerfile changes, no runtime logic changes. Docker path already works and is unaffected.

Change Type (select all)

  • Bug fix
  • Feature
  • Refactor required for the fix
  • Docs
  • Security hardening
  • Chore/infra

Scope (select all touched areas)

  • Gateway / orchestration
  • Skills / tool execution
  • Auth / tokens
  • Memory / storage
  • Integrations
  • API / contracts
  • UI / DX
  • CI/CD / infra

Linked Issue/PR

Root Cause (if applicable)

N/A

Regression Test Plan (if applicable)

N/A — this is a shell script build-arg passthrough. The underlying Dockerfile behavior is already tested by existing Docker builds with OPENCLAW_INSTALL_BROWSER=1.

User-visible / Behavior Changes

Podman users can now pre-install Chromium + Xvfb into the image at build time, matching Docker parity:

OPENCLAW_INSTALL_BROWSER=1 ./scripts/podman/setup.sh

Diagram (if applicable)

N/A

Security Impact (required)

  • New permissions/capabilities? No
  • Secrets/tokens handling changed? No
  • New/changed network calls? No
  • Command/tool execution surface changed? No
  • Data access scope changed? No

Repro + Verification

Environment

  • OS: Any Linux host with rootless Podman
  • Runtime/container: Podman + Dockerfile

Steps

  1. OPENCLAW_INSTALL_BROWSER=1 ./scripts/podman/setup.sh
  2. Verify podman build is invoked with --build-arg OPENCLAW_INSTALL_BROWSER=1
  3. Verify Chromium is installed in the resulting image

Expected

  • Chromium + Xvfb pre-installed in the image, no runtime Playwright install needed.

Actual

  • Matches expected.

Evidence

  • Trace/log snippets — verified the build-arg forwarding logic by code review; follows identical pattern to the two existing forwarded args.

Human Verification (required)

  • Verified scenarios: Code review of the 3-line shell addition; matches existing pattern exactly.
  • Edge cases checked: Unset OPENCLAW_INSTALL_BROWSER produces no extra build-arg (guarded by -n test).
  • What you did not verify: Full Podman image build with browser install (no Linux Podman host available).

Review Conversations

  • I replied to or resolved every bot review conversation I addressed in this PR.
  • I left unresolved only the conversations that still need reviewer or maintainer judgment.

Compatibility / Migration

  • Backward compatible? Yes
  • Config/env changes? Yes (new optional env var OPENCLAW_INSTALL_BROWSER)
  • Migration needed? No

Risks and Mitigations

None — additive change, opt-in only, follows existing pattern.

@openclaw-barnacle openclaw-barnacle Bot added docs Improvements or additions to documentation scripts Repository scripts docker Docker and sandbox tooling size: XS labels Apr 8, 2026
@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps Bot commented Apr 8, 2026

Greptile Summary

This PR wires the OPENCLAW_INSTALL_BROWSER build-arg through scripts/podman/setup.sh to bring Podman setup to parity with Docker, and documents the new option in docs/install/podman.md. The change is a three-line shell addition that follows the identical pattern already used for OPENCLAW_DOCKER_APT_PACKAGES and OPENCLAW_EXTENSIONS, and the Dockerfile already declares the ARG OPENCLAW_INSTALL_BROWSER on line 206, so no Dockerfile changes are needed.

Confidence Score: 5/5

Safe to merge — additive opt-in change with no impact on existing behavior.

All findings are P2 or lower (none found). The implementation exactly mirrors the existing pattern for two other build-args, the Dockerfile already supports the ARG, and the guard condition correctly suppresses the flag when the env var is unset.

No files require special attention.

Vulnerabilities

No security concerns identified. The change is an opt-in passthrough of a user-supplied env var as a --build-arg, using the same guarded pattern (-n test) as existing args. No new network calls, secrets handling, or privilege escalation.

Reviews (1): Last reviewed commit: "podman: wire OPENCLAW_INSTALL_BROWSER bu..." | Re-trigger Greptile

urtabajev and others added 2 commits April 11, 2026 09:47
@urtabajev
podman: wire OPENCLAW_INSTALL_BROWSER build-arg to setup script
be0d508 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@urtabajev
chore: re-trigger CI
7c73781
@urtabajev urtabajev force-pushed the wire-podman-install-browser branch from c77aaac to 7c73781 Compare April 11, 2026 06:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

docker Docker and sandbox tooling docs Improvements or additions to documentation scripts Repository scripts size: XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@urtabajev