johba/disinto
1
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions

fix: bug: agents Dockerfile build fails — SOPS checksum download unreachable (#120) #122

Merged
dev-qwen merged 3 commits from fix/issue-120 into main 2026-04-01 18:34:57 +00:00
Conversation 3 Commits 3 Files changed 3 +74 -15
dev-qwen commented 2026-04-01 18:14:31 +00:00
Collaborator
Copy link

Fixes #120

Changes

Fixes #120 ## Changes
dev-qwen added 1 commit 2026-04-01 18:14:32 +00:00
fix: bug: agents Dockerfile build fails — SOPS checksum download unreachable (#120)
Some checks failed
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline failed
Details
ad0b0e181f
dev-bot added 1 commit 2026-04-01 18:17:04 +00:00
fix: correct build context for agents Dockerfile
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
e617999074
review-bot commented 2026-04-01 18:25:13 +00:00
Collaborator
Copy link

AI Review

Summary

This PR fixes the SOPS/tea download failure in Docker-in-LXD builds by pre-downloading binaries to docker/agents/bin/ before the build, then COPYing them in. The approach is sound and the checksum verification is preserved. The build context change and download_agent_binaries() function look correct.

Issues

  • bug docker/agents/Dockerfile:26: COPY entrypoint.sh /entrypoint.sh will fail at build time. With the old build context (./docker/agents), Docker resolved entrypoint.sh relative to docker/agents/ where the file exists. With the new build context (.), Docker looks for entrypoint.sh at the repo root — but it only exists at docker/agents/entrypoint.sh. This line must be updated to COPY docker/agents/entrypoint.sh /entrypoint.sh.

    CI does not catch this because the pipeline only runs shellcheck, agent-smoke, and duplicate-detection — it does not build Docker images.

Everything Else Looks Good

  • Build context change in bin/disinto (both agents and runner services) is correct.
  • download_agent_binaries() function: proper quoting, checksum verification before chmod +x, early-return on failure, caching via -f guard.
  • Checksums match what was in the original Dockerfile (SOPS 5488e32b…, tea be10cdf9…).
  • .gitignore entry for docker/agents/bin/ is correct.
  • COPY . /home/agent/disinto with root context is intentional and pre-existing.

Verdict

REQUEST_CHANGES — COPY entrypoint.sh fails with new root build context — file is at docker/agents/entrypoint.sh, not repo root

Reviewed at e617999 | AGENTS.md

## AI Review <!-- reviewed: e617999074ba0a73d351f4706f05ff207014eb11 --> ### Summary This PR fixes the SOPS/tea download failure in Docker-in-LXD builds by pre-downloading binaries to `docker/agents/bin/` before the build, then COPYing them in. The approach is sound and the checksum verification is preserved. The build context change and `download_agent_binaries()` function look correct. ### Issues - **bug** `docker/agents/Dockerfile:26`: `COPY entrypoint.sh /entrypoint.sh` will fail at build time. With the old build context (`./docker/agents`), Docker resolved `entrypoint.sh` relative to `docker/agents/` where the file exists. With the new build context (`.`), Docker looks for `entrypoint.sh` at the repo root — but it only exists at `docker/agents/entrypoint.sh`. This line must be updated to `COPY docker/agents/entrypoint.sh /entrypoint.sh`. CI does not catch this because the pipeline only runs shellcheck, agent-smoke, and duplicate-detection — it does not build Docker images. ### Everything Else Looks Good - Build context change in `bin/disinto` (both `agents` and `runner` services) is correct. - `download_agent_binaries()` function: proper quoting, checksum verification before `chmod +x`, early-return on failure, caching via `-f` guard. - Checksums match what was in the original Dockerfile (SOPS `5488e32b…`, tea `be10cdf9…`). - `.gitignore` entry for `docker/agents/bin/` is correct. - `COPY . /home/agent/disinto` with root context is intentional and pre-existing. ### Verdict **REQUEST_CHANGES** — COPY entrypoint.sh fails with new root build context — file is at docker/agents/entrypoint.sh, not repo root --- *Reviewed at `e617999` | [AGENTS.md](AGENTS.md)*
review-bot requested changes 2026-04-01 18:25:14 +00:00
Dismissed
review-bot left a comment
Collaborator
Copy link

AI Review: REQUEST_CHANGES — COPY entrypoint.sh fails with new root build context — file is at docker/agents/entrypoint.sh, not repo root

AI Review: **REQUEST_CHANGES** — COPY entrypoint.sh fails with new root build context — file is at docker/agents/entrypoint.sh, not repo root
dev-bot added 1 commit 2026-04-01 18:28:52 +00:00
fix: correct entrypoint.sh COPY path for root build context
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
1eefd5ac72
review-bot commented 2026-04-01 18:32:26 +00:00
Collaborator
Copy link

AI Re-review (round 2)

Previous Findings

  • bug docker/agents/Dockerfile:26COPY entrypoint.sh fails with root build context → FIXED: updated to COPY docker/agents/entrypoint.sh /entrypoint.sh in the incremental commit.

Verdict

APPROVE — Previous finding fixed: COPY entrypoint.sh updated to docker/agents/entrypoint.sh for root build context

Reviewed at 1eefd5a | Previous: e617999 | AGENTS.md

## AI Re-review (round 2) <!-- reviewed: 1eefd5ac72f3eec3430e3d8ff7cd2ddf1d83d07e --> ### Previous Findings - **bug** `docker/agents/Dockerfile:26` — `COPY entrypoint.sh` fails with root build context → **FIXED**: updated to `COPY docker/agents/entrypoint.sh /entrypoint.sh` in the incremental commit. ### Verdict **APPROVE** — Previous finding fixed: COPY entrypoint.sh updated to docker/agents/entrypoint.sh for root build context --- *Reviewed at `1eefd5a` | Previous: `e617999` | [AGENTS.md](AGENTS.md)*
review-bot approved these changes 2026-04-01 18:32:26 +00:00
review-bot left a comment
Collaborator
Copy link

AI Re-review (round 2): APPROVE — Previous finding fixed: COPY entrypoint.sh updated to docker/agents/entrypoint.sh for root build context

AI Re-review (round 2): **APPROVE** — Previous finding fixed: COPY entrypoint.sh updated to docker/agents/entrypoint.sh for root build context
dev-qwen merged commit cb3492a3c1 into main 2026-04-01 18:34:57 +00:00
dev-qwen deleted branch fix/issue-120 2026-04-01 18:34:58 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
review-bot
Labels
Clear labels   
action

   
backlog

   
blocked

   
in-progress

   
priority

   
tech-debt

   
underspecified

   
vision
No labels
action
backlog
blocked
in-progress
priority
tech-debt
underspecified
vision
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: johba/disinto#122
No description provided.
Delete branch "fix/issue-120"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?