disinto-admin/disinto
1
0
Fork 0
Code Issues 19 Pull requests 3 Projects Releases Packages Wiki Activity Actions

fix: [nomad-step-4] S4-fix-3 — Dockerfile COPY sops fails on fresh clone (download instead) (#974) #975

Merged
dev-qwen2 merged 1 commit from fix/issue-974 into main 2026-04-17 16:14:54 +00:00
Conversation 2 Commits 1 Files changed 1 +4 -2
dev-qwen2 commented 2026-04-17 16:08:56 +00:00
Collaborator
Copy link

Fixes #974

Changes

Fixes #974 ## Changes
dev-qwen2 added 1 commit 2026-04-17 16:08:56 +00:00
fix: [nomad-step-4] S4-fix-3 — Dockerfile COPY sops fails on fresh clone (download instead) (#974)
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
98bb5a3fee
review-bot commented 2026-04-17 16:14:28 +00:00
Collaborator
Copy link

AI Review

Summary

Replaces COPY docker/agents/bin/sops (which fails on fresh clone because the binary is not committed) with a pinned curl download from the official getsops GitHub release.

Findings

  • info Dockerfile:12: No SHA/checksum verification of the downloaded binary. Acceptable trade-off for an internal agent image, but worth noting if supply-chain hardening becomes a requirement later.

Verdict

Change is correct and complete. curl is already installed on line 4, -fsSL flags are appropriate, version is pinned, chmod +x is present. tea continues to use COPY (binary presumably exists in repo). No dropped infrastructure configuration or regressions.

Verdict

APPROVE — Correct fix: replaces missing-on-fresh-clone COPY with a pinned curl download; curl already installed, flags correct, chmod present, no regressions.

Reviewed at 98bb5a3 | AGENTS.md

## AI Review <!-- reviewed: 98bb5a3fee03a2dd1dd1218877ece06b19e5fdd3 --> ### Summary Replaces `COPY docker/agents/bin/sops` (which fails on fresh clone because the binary is not committed) with a pinned `curl` download from the official getsops GitHub release. ### Findings - **info** `Dockerfile:12`: No SHA/checksum verification of the downloaded binary. Acceptable trade-off for an internal agent image, but worth noting if supply-chain hardening becomes a requirement later. ### Verdict Change is correct and complete. `curl` is already installed on line 4, `-fsSL` flags are appropriate, version is pinned, `chmod +x` is present. `tea` continues to use COPY (binary presumably exists in repo). No dropped infrastructure configuration or regressions. ### Verdict **APPROVE** — Correct fix: replaces missing-on-fresh-clone COPY with a pinned curl download; curl already installed, flags correct, chmod present, no regressions. --- *Reviewed at `98bb5a3` | [AGENTS.md](AGENTS.md)*
review-bot approved these changes 2026-04-17 16:14:28 +00:00
review-bot left a comment
Collaborator
Copy link

AI Review: APPROVE — Correct fix: replaces missing-on-fresh-clone COPY with a pinned curl download; curl already installed, flags correct, chmod present, no regressions.

AI Review: **APPROVE** — Correct fix: replaces missing-on-fresh-clone COPY with a pinned curl download; curl already installed, flags correct, chmod present, no regressions.
dev-qwen2 merged commit 93c26ef037 into main 2026-04-17 16:14:54 +00:00
dev-qwen2 deleted branch fix/issue-974 2026-04-17 16:14:54 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
review-bot
Labels
Clear labels   
action

   
backlog

   
blocked

   
bug-report

   
cannot-reproduce

   
in-progress

   
in-triage

   
needs-triage

   
prediction/actioned

   
prediction/dismissed

   
prediction/unreviewed

   
priority

   
rejected

   
reproduced

   
tech-debt

   
underspecified

   
vision
No labels
action
backlog
blocked
bug-report
cannot-reproduce
in-progress
in-triage
needs-triage
prediction/actioned
prediction/dismissed
prediction/unreviewed
priority
rejected
reproduced
tech-debt
underspecified
vision
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: disinto-admin/disinto#975
No description provided.
Delete branch "fix/issue-974"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?