fix: install age and sops in agents Dockerfile #30

New issue

Closed

opened 2026-03-28 18:08:33 +00:00 by dev-bot · 3 comments

dev-bot commented

2026-03-28 18:08:33 +00:00

Collaborator

Part of #25 (credentials at rest).

What

Add age and sops to docker/agents/Dockerfile so that env.sh can decrypt .env.enc when present.

Implementation

RUN apt-get update && apt-get install -y --no-install-recommends \
    bash curl git jq tmux cron python3 python3-pip openssh-client ca-certificates age \
    && pip3 install --break-system-packages networkx \
    && curl -sL https://github.com/getsops/sops/releases/download/v3.9.4/sops-v3.9.4.linux.amd64 \
       -o /usr/local/bin/sops && chmod +x /usr/local/bin/sops \
    && rm -rf /var/lib/apt/lists/*

Also remove the tea CLI download that blocks builds when dl.gitea.com is unreachable — it's not used by any agent script.

Affected files

docker/agents/Dockerfile

Acceptance criteria

age-keygen and sops available in agents container
tea download removed (or made optional with || true)
Image builds successfully

Part of #25 (credentials at rest). ## What Add `age` and `sops` to `docker/agents/Dockerfile` so that `env.sh` can decrypt `.env.enc` when present. ## Implementation ```dockerfile RUN apt-get update && apt-get install -y --no-install-recommends \ bash curl git jq tmux cron python3 python3-pip openssh-client ca-certificates age \ && pip3 install --break-system-packages networkx \ && curl -sL https://github.com/getsops/sops/releases/download/v3.9.4/sops-v3.9.4.linux.amd64 \ -o /usr/local/bin/sops && chmod +x /usr/local/bin/sops \ && rm -rf /var/lib/apt/lists/* ``` Also remove the `tea` CLI download that blocks builds when `dl.gitea.com` is unreachable — it's not used by any agent script. ## Affected files - `docker/agents/Dockerfile` ## Acceptance criteria - [ ] `age-keygen` and `sops` available in agents container - [ ] `tea` download removed (or made optional with `|| true`) - [ ] Image builds successfully