Spaces:
Running on CPU Upgrade
Running on CPU Upgrade
Commit ·
45e517a
1
Parent(s): 3605afc
Fix sandbox HF_TOKEN not available inside container
Browse filesSecret was injected after the Space was already running, so the env var
was never present in the container. Move secret injection to before the
build/start cycle. Also bump OAuth token lifetime to 30 days.
- README.md +1 -0
- agent/tools/sandbox_client.py +8 -0
- agent/tools/sandbox_tool.py +1 -3
README.md
CHANGED
|
@@ -6,6 +6,7 @@ colorTo: purple
|
|
| 6 |
sdk: docker
|
| 7 |
app_port: 7860
|
| 8 |
hf_oauth: true
|
|
|
|
| 9 |
hf_oauth_scopes:
|
| 10 |
- read-repos
|
| 11 |
- write-repos
|
|
|
|
| 6 |
sdk: docker
|
| 7 |
app_port: 7860
|
| 8 |
hf_oauth: true
|
| 9 |
+
hf_oauth_expiration_minutes: 43200
|
| 10 |
hf_oauth_scopes:
|
| 11 |
- read-repos
|
| 12 |
- write-repos
|
agent/tools/sandbox_client.py
CHANGED
|
@@ -519,6 +519,7 @@ class Sandbox:
|
|
| 519 |
private: bool = False,
|
| 520 |
sleep_time: int | None = None,
|
| 521 |
token: str | None = None,
|
|
|
|
| 522 |
wait_timeout: int = WAIT_TIMEOUT,
|
| 523 |
log: "Callable[[str], object] | None" = None,
|
| 524 |
cancel_event: "Any | None" = None,
|
|
@@ -579,6 +580,13 @@ class Sandbox:
|
|
| 579 |
|
| 580 |
_check_cancel()
|
| 581 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 582 |
# Upload sandbox server and Dockerfile (triggers rebuild)
|
| 583 |
cls._setup_server(space_id, api, log=_log)
|
| 584 |
|
|
|
|
| 519 |
private: bool = False,
|
| 520 |
sleep_time: int | None = None,
|
| 521 |
token: str | None = None,
|
| 522 |
+
secrets: dict[str, str] | None = None,
|
| 523 |
wait_timeout: int = WAIT_TIMEOUT,
|
| 524 |
log: "Callable[[str], object] | None" = None,
|
| 525 |
cancel_event: "Any | None" = None,
|
|
|
|
| 580 |
|
| 581 |
_check_cancel()
|
| 582 |
|
| 583 |
+
# Inject secrets BEFORE uploading server files (which triggers rebuild).
|
| 584 |
+
# Secrets added after a Space is running aren't available until restart,
|
| 585 |
+
# so they must be set before the build/start cycle.
|
| 586 |
+
if secrets:
|
| 587 |
+
for key, val in secrets.items():
|
| 588 |
+
api.add_space_secret(space_id, key, val)
|
| 589 |
+
|
| 590 |
# Upload sandbox server and Dockerfile (triggers rebuild)
|
| 591 |
cls._setup_server(space_id, api, log=_log)
|
| 592 |
|
agent/tools/sandbox_tool.py
CHANGED
|
@@ -124,6 +124,7 @@ async def _ensure_sandbox(
|
|
| 124 |
"owner": owner,
|
| 125 |
"hardware": hardware,
|
| 126 |
"token": token,
|
|
|
|
| 127 |
"log": _log,
|
| 128 |
"cancel_event": cancel_flag,
|
| 129 |
**create_kwargs,
|
|
@@ -150,9 +151,6 @@ async def _ensure_sandbox(
|
|
| 150 |
token=token,
|
| 151 |
)
|
| 152 |
|
| 153 |
-
# Inject the OAuth token into the sandbox so Hub operations work inside it
|
| 154 |
-
await asyncio.to_thread(api.add_space_secret, sb.space_id, "HF_TOKEN", token)
|
| 155 |
-
|
| 156 |
await session.send_event(
|
| 157 |
Event(
|
| 158 |
event_type="tool_log",
|
|
|
|
| 124 |
"owner": owner,
|
| 125 |
"hardware": hardware,
|
| 126 |
"token": token,
|
| 127 |
+
"secrets": {"HF_TOKEN": token},
|
| 128 |
"log": _log,
|
| 129 |
"cancel_event": cancel_flag,
|
| 130 |
**create_kwargs,
|
|
|
|
| 151 |
token=token,
|
| 152 |
)
|
| 153 |
|
|
|
|
|
|
|
|
|
|
| 154 |
await session.send_event(
|
| 155 |
Event(
|
| 156 |
event_type="tool_log",
|