johba/disinto
1
0
Fork 0
Code Issues 3 Pull requests Projects Releases Packages Wiki Activity Actions

fix: escape dollar signs in docker-compose override to prevent secret exposure (#182)
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
ci/woodpecker/pr/smoke-init Pipeline was successful
Details

Browse source
This commit is contained in:
Agent 2026-04-03 08:27:52 +00:00
parent 99adbc9fb5
commit ca73bc24c6
1 changed files with 9 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

19
bin/disinto
View file

@ -2896,18 +2896,17 @@ EOF
echo " Model endpoint is reachable" echo " Model endpoint is reachable"
fi fi
# Generate service name from agent name (lowercase, replace - with -) # Generate service name from agent name (lowercase)
local service_name="agents-${agent_name}" local service_name="agents-${agent_name}"
service_name=$(echo "$service_name" | tr '[:upper:]' '[:lower:]') service_name=$(echo "$service_name" | tr '[:upper:]' '[:lower:]')
# Set default poll interval # Set default poll interval
local interval="${poll_interval:-300}" local interval="${poll_interval:-300}"
# Generate token for the agent (use same token as FORGE_TOKEN for simplicity)
local agent_token="${FORGE_TOKEN}"
# Generate the override compose file # Generate the override compose file
cat > "$override_file" <<OVERRIDEOF # Note: $${VAR} syntax is used so docker-compose interpolates at runtime,
# not at generation time (AD-005: secrets via env var indirection)
cat > "$override_file" <<'OVERRIDEOF'
# docker-compose.override.yml — auto-generated by disinto hire-an-agent # docker-compose.override.yml — auto-generated by disinto hire-an-agent
# Local model agent configuration for ${agent_name} # Local model agent configuration for ${agent_name}
@ -2921,11 +2920,11 @@ services:
volumes: volumes:
- agent-data-llama:/home/agent/data - agent-data-llama:/home/agent/data
- project-repos-llama:/home/agent/repos - project-repos-llama:/home/agent/repos
- ${HOME}/.claude:/home/agent/.claude - $${HOME}/.claude:/home/agent/.claude
- ${HOME}/.claude.json:/home/agent/.claude.json:ro - $${HOME}/.claude.json:/home/agent/.claude.json:ro
- CLAUDE_BIN_PLACEHOLDER:/usr/local/bin/claude:ro - CLAUDE_BIN_PLACEHOLDER:/usr/local/bin/claude:ro
- ${HOME}/.ssh:/home/agent/.ssh:ro - $${HOME}/.ssh:/home/agent/.ssh:ro
- ${HOME}/.config/sops/age:/home/agent/.config/sops/age:ro - $${HOME}/.config/sops/age:/home/agent/.config/sops/age:ro
environment: environment:
FORGE_URL: http://forgejo:3000 FORGE_URL: http://forgejo:3000
WOODPECKER_SERVER: http://woodpecker:8000 WOODPECKER_SERVER: http://woodpecker:8000
@ -2934,7 +2933,7 @@ services:
WOODPECKER_DATA_DIR: /woodpecker-data WOODPECKER_DATA_DIR: /woodpecker-data
ANTHROPIC_BASE_URL: ${local_model} ANTHROPIC_BASE_URL: ${local_model}
ANTHROPIC_API_KEY: sk-no-key-required ANTHROPIC_API_KEY: sk-no-key-required
FORGE_TOKEN_OVERRIDE: ${agent_token} FORGE_TOKEN_OVERRIDE: $${FORGE_TOKEN}
CLAUDE_CONFIG_DIR: /home/agent/.claude CLAUDE_CONFIG_DIR: /home/agent/.claude
POLL_INTERVAL: ${interval} POLL_INTERVAL: ${interval}
env_file: env_file: