fix: Clean up decrypted secrets on failure, verify Claude CLI install (#618)
Add EXIT trap in disinto_up() so the plaintext .env is removed even if docker compose up fails. Previously set -euo pipefail would abort before the cleanup block, leaving secrets on disk. Replace the silent || true in the Dockerfile with an explicit claude --version check so the build fails visibly if the CLI cannot be installed. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
openhands
parent
0aa3890fb8
commit
4f99a7a26a
2 changed files with 5 additions and 3 deletions
|
|
@ -4,9 +4,10 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
|
|||
bash curl git jq tmux cron python3 openssh-client ca-certificates \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Claude CLI
|
||||
# Claude CLI — install and verify
|
||||
RUN curl -fsSL https://cli.anthropic.com/install.sh | sh \
|
||||
&& mv /root/.claude/local/claude /usr/local/bin/claude || true
|
||||
&& cp "$(find /root -name claude -type f 2>/dev/null | head -1)" /usr/local/bin/claude \
|
||||
&& claude --version
|
||||
|
||||
# Non-root user
|
||||
RUN useradd -m -u 1000 -s /bin/bash agent
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue