Add prod deployment for the agent fleet (docker-compose.prod.yml)
- docker-compose.prod.yml + .env.prod.example: one container per agent, Quince first; deployed under /opt/gu_agents and wired into the server's start/stop.sh. - Route API + git via host-gateway (containers can't hairpin the host's public IP). - Dockerfile: drop the base image's uid-1000 user before creating quince. - entrypoint: pip install --break-system-packages (Debian bookworm PEP 668). Verified on prod: image builds, API reachable (200), PyPI egress ok, gutask installs and runs, git clone from ramanujan works via host-gateway. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Quince
+4
-1
@@ -18,7 +18,10 @@ RUN npm install -g @anthropic-ai/claude-code
|
||||
# Non-root user. Claude Code refuses --dangerously-skip-permissions as root,
|
||||
# and we want the volume owned by a stable uid the agent can write to.
|
||||
ARG QUINCE_UID=1000
|
||||
RUN useradd --create-home --uid ${QUINCE_UID} --shell /bin/bash quince
|
||||
# The node base image already has a user at uid 1000; drop it, then create quince.
|
||||
RUN existing="$(getent passwd ${QUINCE_UID} | cut -d: -f1)"; \
|
||||
if [ -n "$existing" ] && [ "$existing" != "quince" ]; then userdel -r "$existing" 2>/dev/null || true; fi; \
|
||||
useradd --create-home --uid ${QUINCE_UID} --shell /bin/bash quince
|
||||
|
||||
# Entrypoint (scheduler loop) + wake script (one awakening).
|
||||
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
|
||||
|
||||
Reference in New Issue
Block a user