fix: use env var injection for squid config to support DinD environments

Replace the squid.conf file bind mount with a base64-encoded environment
variable (AWF_SQUID_CONFIG_B64) to support Docker-in-Docker environments
like ARC self-hosted runners.

In DinD, the Docker daemon runs in a separate container and cannot access
files on the host filesystem. File bind mounts fail with "not a directory"
errors because the daemon creates a directory at the non-existent path.

Instead of bind-mounting squid.conf, the config is:
1. Base64-encoded and passed as AWF_SQUID_CONFIG_B64 env var
2. Decoded by an entrypoint override before squid starts

This works universally because env vars are part of the container spec
sent via the Docker API, bypassing filesystem sharing entirely.

The startup flow (docker compose up -d) is unchanged, so all existing
integration tests and behavior remain compatible.

Fixes github/gh-aw#18385

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: Mossaka

src/docker-manager.test.ts

@@ -477,12 +477,29 @@ describe('docker-manager', () => {
       const squid = result.services['squid-proxy'];
 
       expect(squid.container_name).toBe('awf-squid');
-      expect(squid.volumes).toContain('/tmp/awf-test/squid.conf:/etc/squid/squid.conf:ro');
+      // squid.conf is NOT bind-mounted; it's injected via AWF_SQUID_CONFIG_B64 env var
+      expect(squid.volumes).not.toContainEqual(expect.stringContaining('squid.conf'));
       expect(squid.volumes).toContain('/tmp/awf-test/squid-logs:/var/log/squid:rw');
       expect(squid.healthcheck).toBeDefined();
       expect(squid.ports).toContain('3128:3128');
     });
 
+    it('should inject squid config via base64 env var when content is provided', () => {
+      const squidConfig = 'http_port 3128\nacl allowed_domains dstdomain .github.com\n';
+      const result = generateDockerCompose(mockConfig, mockNetworkConfig, undefined, squidConfig);
+      const squid = result.services['squid-proxy'] as any;
+
+      // Should have AWF_SQUID_CONFIG_B64 env var with base64-encoded config
+      expect(squid.environment.AWF_SQUID_CONFIG_B64).toBe(
+        Buffer.from(squidConfig).toString('base64')
+      );
+
+      // Should override entrypoint to decode config before starting squid
+      expect(squid.entrypoint).toBeDefined();
+      expect(squid.entrypoint[2]).toContain('base64 -d > /etc/squid/squid.conf');
+      expect(squid.entrypoint[2]).toContain('entrypoint.sh');
+    });
+
     it('should configure agent container with proxy settings', () => {
       const result = generateDockerCompose(mockConfig, mockNetworkConfig);
       const agent = result.services.agent;

src/docker-manager.ts

@@ -230,7 +230,8 @@ export interface SslConfig {
 export function generateDockerCompose(
   config: WrapperConfig,
   networkConfig: { subnet: string; squidIp: string; agentIp: string; proxyIp?: string },
-  sslConfig?: SslConfig
+  sslConfig?: SslConfig,
+  squidConfigContent?: string
 ): DockerComposeConfig {
   const projectRoot = path.join(__dirname, '..');
 
@@ -249,8 +250,12 @@ export function generateDockerCompose(
     : path.join(config.workDir, 'api-proxy-logs');
 
   // Build Squid volumes list
+  // Note: squid.conf is NOT bind-mounted. Instead, it's passed as a base64-encoded
+  // environment variable (AWF_SQUID_CONFIG_B64) and decoded by the entrypoint override.
+  // This supports Docker-in-Docker (DinD) environments where the Docker daemon runs
+  // in a separate container and cannot access files on the host filesystem.
+  // See: https://github.com/github/gh-aw/issues/18385
   const squidVolumes = [
-    `${config.workDir}/squid.conf:/etc/squid/squid.conf:ro`,
     `${squidLogsPath}:/var/log/squid:rw`,
   ];
 
@@ -292,6 +297,26 @@ export function generateDockerCompose(
     ],
   };
 
+  // Inject squid.conf via environment variable instead of bind mount.
+  // In Docker-in-Docker (DinD) environments, the Docker daemon runs in a separate
+  // container and cannot access files on the host filesystem. Bind-mounting
+  // squid.conf fails because the daemon creates a directory at the missing path.
+  // Passing the config as a base64-encoded env var works universally because
+  // env vars are part of the container spec sent via the Docker API.
+  if (squidConfigContent) {
+    const configB64 = Buffer.from(squidConfigContent).toString('base64');
+    squidService.environment = {
+      ...squidService.environment,
+      AWF_SQUID_CONFIG_B64: configB64,
+    };
+    // Override entrypoint to decode the config before starting squid.
+    // The original entrypoint (/usr/local/bin/entrypoint.sh) is called after decoding.
+    squidService.entrypoint = [
+      '/bin/bash', '-c',
+      'echo "$AWF_SQUID_CONFIG_B64" | base64 -d > /etc/squid/squid.conf && exec /usr/local/bin/entrypoint.sh',
+    ];
+  }
+
   // Only enable host.docker.internal when explicitly requested via --enable-host-access
   // This allows containers to reach services on the host machine (e.g., MCP gateways)
   // Security note: When combined with allowing host.docker.internal domain,
@@ -1260,7 +1285,7 @@ export async function writeConfigs(config: WrapperConfig): Promise<void> {
   // Write Docker Compose config
   // Uses mode 0o600 (owner-only read/write) because this file contains sensitive
   // environment variables (tokens, API keys) in plaintext
-  const dockerCompose = generateDockerCompose(config, networkConfig, sslConfig);
+  const dockerCompose = generateDockerCompose(config, networkConfig, sslConfig, squidConfig);
   const dockerComposePath = path.join(config.workDir, 'docker-compose.yml');
   fs.writeFileSync(dockerComposePath, yaml.dump(dockerCompose), { mode: 0o600 });
   logger.debug(`Docker Compose config written to: ${dockerComposePath}`);