disinto/docker/agents/Dockerfile

FROM debian:bookworm-slim

RUN apt-get update && apt-get install -y --no-install-recommends \
    bash curl git jq tmux nodejs npm python3 python3-pip openssh-client ca-certificates age shellcheck procps gosu \
    && pip3 install --break-system-packages networkx tomlkit \
    && rm -rf /var/lib/apt/lists/*

# Pre-built binaries (copied from docker/agents/bin/)
# SOPS — encrypted data decryption tool
# Download sops binary (replaces manual COPY of vendored binary)
ARG SOPS_VERSION=3.9.4
RUN curl -fsSL "https://github.com/getsops/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.linux.amd64" \
    -o /usr/local/bin/sops && chmod +x /usr/local/bin/sops

# tea CLI — official Gitea/Forgejo CLI for issue/label/comment operations
# Download tea binary (replaces manual COPY of vendored binary)
ARG TEA_VERSION=0.9.2
RUN curl -fsSL "https://dl.gitea.com/tea/${TEA_VERSION}/tea-${TEA_VERSION}-linux-amd64" \
    -o /usr/local/bin/tea && chmod +x /usr/local/bin/tea

# Install Claude Code CLI — agent runtime for all LLM backends (llama, Claude API).
# The CLI is the execution environment; ANTHROPIC_BASE_URL selects the model provider.
RUN npm install -g @anthropic-ai/claude-code@2.1.84

# Non-root user
RUN useradd -m -u 1000 -s /bin/bash agent

# Copy disinto code into the image
COPY . /home/agent/disinto

COPY docker/agents/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

# Entrypoint runs polling loop directly, dropping to agent user via gosu.
# All scripts execute as the agent user (UID 1000) while preserving env vars.
VOLUME /home/agent/data
VOLUME /home/agent/repos

WORKDIR /home/agent/disinto

ENTRYPOINT ["/entrypoint.sh"]
fix: Containerize full stack with docker-compose (#618) Add docker-compose.yml generation, agent Dockerfile, and new CLI commands (up/down/logs/shell) so the full stack runs containerized. The --bare flag preserves the current bare-metal setup. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-24 18:53:55 +00:00			`FROM debian:bookworm-slim`

			`RUN apt-get update && apt-get install -y --no-install-recommends \`
fix: [nomad-step-4] S4-fix-6 — bake Claude CLI into agents Docker image (remove host bind-mount) (#984) 2026-04-18 05:34:46 +00:00			`bash curl git jq tmux nodejs npm python3 python3-pip openssh-client ca-certificates age shellcheck procps gosu \`
fix: add tomlkit to Dockerfile for comment-preserving TOML editing (#886) 2026-04-16 16:21:07 +00:00			`&& pip3 install --break-system-packages networkx tomlkit \`
fix: Containerize full stack with docker-compose (#618) Add docker-compose.yml generation, agent Dockerfile, and new CLI commands (up/down/logs/shell) so the full stack runs containerized. The --bare flag preserves the current bare-metal setup. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-24 18:53:55 +00:00			`&& rm -rf /var/lib/apt/lists/*`

fix: bug: agents Dockerfile build fails — SOPS checksum download unreachable (#120) 2026-04-01 18:14:18 +00:00			`# Pre-built binaries (copied from docker/agents/bin/)`
			`# SOPS — encrypted data decryption tool`
fix: [nomad-step-4] S4-fix-3 — Dockerfile COPY sops fails on fresh clone (download instead) (#974) 2026-04-17 16:08:41 +00:00			`# Download sops binary (replaces manual COPY of vendored binary)`
			`ARG SOPS_VERSION=3.9.4`
			`RUN curl -fsSL "https://github.com/getsops/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.linux.amd64" \`
			`-o /usr/local/bin/sops && chmod +x /usr/local/bin/sops`
fix: bug: agents Dockerfile build fails — SOPS checksum download unreachable (#120) 2026-04-01 18:14:18 +00:00
fix: restore tea CLI and add sops checksum verification (#30) 2026-03-28 19:57:19 +00:00			`# tea CLI — official Gitea/Forgejo CLI for issue/label/comment operations`
fix: [nomad-step-4] S4-fix-4 — Dockerfile COPY tea fails on fresh clone (download instead) (#976) 2026-04-17 16:28:43 +00:00			`# Download tea binary (replaces manual COPY of vendored binary)`
			`ARG TEA_VERSION=0.9.2`
			`RUN curl -fsSL "https://dl.gitea.com/tea/${TEA_VERSION}/tea-${TEA_VERSION}-linux-amd64" \`
			`-o /usr/local/bin/tea && chmod +x /usr/local/bin/tea`
fix: restore tea CLI and add sops checksum verification (#30) 2026-03-28 19:57:19 +00:00
fix: [nomad-step-4] S4-fix-6 — bake Claude CLI into agents Docker image (remove host bind-mount) (#984) 2026-04-18 05:34:46 +00:00			`# Install Claude Code CLI — agent runtime for all LLM backends (llama, Claude API).`
			`# The CLI is the execution environment; ANTHROPIC_BASE_URL selects the model provider.`
			`RUN npm install -g @anthropic-ai/claude-code@2.1.84`
fix: Containerize full stack with docker-compose (#618) Add docker-compose.yml generation, agent Dockerfile, and new CLI commands (up/down/logs/shell) so the full stack runs containerized. The --bare flag preserves the current bare-metal setup. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-24 18:53:55 +00:00
			`# Non-root user`
			`RUN useradd -m -u 1000 -s /bin/bash agent`

fix: feat: versioned releases — vault-gated tag, image build, and deploy (#112) 2026-04-01 13:51:19 +00:00			`# Copy disinto code into the image`
			`COPY . /home/agent/disinto`

fix: correct entrypoint.sh COPY path for root build context 2026-04-01 18:28:45 +00:00			`COPY docker/agents/entrypoint.sh /entrypoint.sh`
fix: Containerize full stack with docker-compose (#618) Add docker-compose.yml generation, agent Dockerfile, and new CLI commands (up/down/logs/shell) so the full stack runs containerized. The --bare flag preserves the current bare-metal setup. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-24 18:53:55 +00:00			`RUN chmod +x /entrypoint.sh`

fix: fix: replace cron with while-true loop and gosu in agents entrypoint (#379) 2026-04-08 04:57:57 +00:00			`# Entrypoint runs polling loop directly, dropping to agent user via gosu.`
			`# All scripts execute as the agent user (UID 1000) while preserving env vars.`
feat: publish versioned agent images — compose should use image: not build: (#429) - Generated compose now uses `image: ghcr.io/disinto/{agents,edge}` instead of `build:` directives; `disinto init --build` restores local-build mode - Add VOLUME declarations to agents, reproduce, and edge Dockerfiles - Add CI pipeline (.woodpecker/publish-images.yml) to build and push images to ghcr.io/disinto on tag events - Mount projects/, .env, and state/ into agents container for runtime config - Skip pre-build binary download when compose uses registry images Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-15 09:24:05 +00:00			`VOLUME /home/agent/data`
			`VOLUME /home/agent/repos`

fix: feat: versioned releases — vault-gated tag, image build, and deploy (#112) 2026-04-01 13:51:19 +00:00			`WORKDIR /home/agent/disinto`
fix: Containerize full stack with docker-compose (#618) Add docker-compose.yml generation, agent Dockerfile, and new CLI commands (up/down/logs/shell) so the full stack runs containerized. The --bare flag preserves the current bare-metal setup. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-24 18:53:55 +00:00
			`ENTRYPOINT ["/entrypoint.sh"]`