disinto/docker/agents/Dockerfile

FROM debian:bookworm-slim

RUN apt-get update && apt-get install -y --no-install-recommends \
    bash curl git jq tmux cron python3 openssh-client ca-certificates \
    && rm -rf /var/lib/apt/lists/*

# tea CLI — official Gitea/Forgejo CLI for issue/label/comment operations
# Checksum from https://dl.gitea.com/tea/0.9.2/tea-0.9.2-linux-amd64.sha256
RUN curl -sL https://dl.gitea.com/tea/0.9.2/tea-0.9.2-linux-amd64 -o /usr/local/bin/tea \
    && echo "be10cdf9a619e3c0f121df874960ed19b53e62d1c7036cf60313a28b5227d54d  /usr/local/bin/tea" | sha256sum -c - \
    && chmod +x /usr/local/bin/tea

# Claude CLI is mounted from the host via docker-compose volume.
# No internet access to cli.anthropic.com required at build time.

# Non-root user
RUN useradd -m -u 1000 -s /bin/bash agent

COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

# Entrypoint runs as root to start the cron daemon;
# cron jobs execute as the agent user (crontab -u agent).
WORKDIR /home/agent

ENTRYPOINT ["/entrypoint.sh"]
fix: Containerize full stack with docker-compose (#618) Add docker-compose.yml generation, agent Dockerfile, and new CLI commands (up/down/logs/shell) so the full stack runs containerized. The --bare flag preserves the current bare-metal setup. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-24 18:53:55 +00:00			`FROM debian:bookworm-slim`

			`RUN apt-get update && apt-get install -y --no-install-recommends \`
			`bash curl git jq tmux cron python3 openssh-client ca-certificates \`
			`&& rm -rf /var/lib/apt/lists/*`

feat: integrate tea CLI for forge issue/label/comment operations (#666) - Add lib/tea-helpers.sh with tea_file_issue, tea_relabel, tea_comment, tea_close — thin wrappers preserving secret scanning on write ops - Add tea 0.9.2 binary to docker/agents/Dockerfile - Configure tea login in docker/agents/entrypoint.sh from FORGE_TOKEN/FORGE_URL - Derive TEA_LOGIN in lib/env.sh (codeberg vs local forgejo) - Source tea-helpers.sh conditionally when tea binary is available - Migrate predictor formula from inline curl to tea CLI commands - Register tea-helpers.sh in smoke test function resolution Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-25 12:20:15 +00:00			`# tea CLI — official Gitea/Forgejo CLI for issue/label/comment operations`
fix: tea_relabel uses edit subcommand, add sha256 checksum for tea binary (#666) - tea_relabel: use `tea issues edit` instead of `tea issues labels` (the latter is the list subcommand and ignores --labels) - Dockerfile: verify tea binary sha256 after download Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-25 13:34:58 +00:00			`# Checksum from https://dl.gitea.com/tea/0.9.2/tea-0.9.2-linux-amd64.sha256`
feat: integrate tea CLI for forge issue/label/comment operations (#666) - Add lib/tea-helpers.sh with tea_file_issue, tea_relabel, tea_comment, tea_close — thin wrappers preserving secret scanning on write ops - Add tea 0.9.2 binary to docker/agents/Dockerfile - Configure tea login in docker/agents/entrypoint.sh from FORGE_TOKEN/FORGE_URL - Derive TEA_LOGIN in lib/env.sh (codeberg vs local forgejo) - Source tea-helpers.sh conditionally when tea binary is available - Migrate predictor formula from inline curl to tea CLI commands - Register tea-helpers.sh in smoke test function resolution Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-25 12:20:15 +00:00			`RUN curl -sL https://dl.gitea.com/tea/0.9.2/tea-0.9.2-linux-amd64 -o /usr/local/bin/tea \`
fix: tea_relabel uses edit subcommand, add sha256 checksum for tea binary (#666) - tea_relabel: use `tea issues edit` instead of `tea issues labels` (the latter is the list subcommand and ignores --labels) - Dockerfile: verify tea binary sha256 after download Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-25 13:34:58 +00:00			`&& echo "be10cdf9a619e3c0f121df874960ed19b53e62d1c7036cf60313a28b5227d54d /usr/local/bin/tea" \| sha256sum -c - \`
feat: integrate tea CLI for forge issue/label/comment operations (#666) - Add lib/tea-helpers.sh with tea_file_issue, tea_relabel, tea_comment, tea_close — thin wrappers preserving secret scanning on write ops - Add tea 0.9.2 binary to docker/agents/Dockerfile - Configure tea login in docker/agents/entrypoint.sh from FORGE_TOKEN/FORGE_URL - Derive TEA_LOGIN in lib/env.sh (codeberg vs local forgejo) - Source tea-helpers.sh conditionally when tea binary is available - Migrate predictor formula from inline curl to tea CLI commands - Register tea-helpers.sh in smoke test function resolution Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-25 12:20:15 +00:00			`&& chmod +x /usr/local/bin/tea`

fix: agents Dockerfile fails to build — cli.anthropic.com DNS does not resolve (#637) - Remove curl\|sh Claude CLI download from Dockerfile (no internet needed) - Mount host Claude CLI binary into container via docker-compose volume - generate_compose() resolves host claude path at init time - entrypoint.sh fails fast with clear error if claude CLI is missing Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-24 22:26:26 +00:00			`# Claude CLI is mounted from the host via docker-compose volume.`
			`# No internet access to cli.anthropic.com required at build time.`
fix: Containerize full stack with docker-compose (#618) Add docker-compose.yml generation, agent Dockerfile, and new CLI commands (up/down/logs/shell) so the full stack runs containerized. The --bare flag preserves the current bare-metal setup. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-24 18:53:55 +00:00
			`# Non-root user`
			`RUN useradd -m -u 1000 -s /bin/bash agent`

			`COPY entrypoint.sh /entrypoint.sh`
			`RUN chmod +x /entrypoint.sh`

fix: Start cron daemon in agent container entrypoint (#618) The entrypoint installed a crontab but never started a cron daemon, leaving the container idle. Fix by running as root in the entrypoint (cron requires it), installing the crontab for the agent user via `crontab -u agent`, and starting cron in the foreground with `cron -f`. Remove `USER agent` from the Dockerfile and `user: "1000:1000"` from the compose template accordingly — cron jobs still execute as UID 1000. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-24 20:30:44 +00:00			`# Entrypoint runs as root to start the cron daemon;`
			`# cron jobs execute as the agent user (crontab -u agent).`
fix: Containerize full stack with docker-compose (#618) Add docker-compose.yml generation, agent Dockerfile, and new CLI commands (up/down/logs/shell) so the full stack runs containerized. The --bare flag preserves the current bare-metal setup. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-24 18:53:55 +00:00			`WORKDIR /home/agent`

			`ENTRYPOINT ["/entrypoint.sh"]`