lair/containers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d53e06d784a4593191ced9f2315a72440afbefe2
containers/images/hermes/build.sh
grenade d53e06d784
All checks were successful
images / hermes (push) Successful in 1m55s
Details
hermes: two-stage build, make /opt/hermes writable by uid 10000 
Upstream ships /opt/hermes (app + .venv + scripts) read-only root, which
blocks the agent self-modifying and the gateway auto-installing the
WhatsApp bridge's node_modules in place. Add a derived Containerfile layer
(FROM the upstream build) that chowns/chmods /opt/hermes writable by the
runtime hermes user. Done in the image, not a volume: a volume over
/opt/hermes copies-up once then freezes the app, silently defeating
AutoUpdate=registry. Persistence stays on the /opt/data volume.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_011D3YeWKpjg5bT488fVanCH
2026-06-23 18:31:32 +03:00

35 lines
1.5 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Build the Hermes Agent image locally, mirroring what the `images` workflow does.
#
# Hermes ships its own Dockerfile, so there is no vendored Containerfile here — we
# build straight from the upstream git context at a release tag. Override the ref
# with HERMES_REF (e.g. v0.2.0); empty resolves the latest upstream release.
set -euo pipefail
REGISTRY="${REGISTRY:-git.lair.cafe}"
IMAGE_NAME="${REGISTRY}/lair/hermes"
HERMES_REF="${HERMES_REF:-}"
if [ -z "${HERMES_REF}" ]; then
HERMES_REF=$(curl -fsS 'https://api.github.com/repos/NousResearch/hermes-agent/releases/latest' | jq -r '.tag_name // empty')
[ -n "${HERMES_REF}" ] || HERMES_REF=$(curl -fsS 'https://api.github.com/repos/NousResearch/hermes-agent/tags' | jq -r '.[0].name // empty')
fi
[ -n "${HERMES_REF}" ] || { echo "could not resolve an upstream hermes ref"; exit 1; }
VERSION="${HERMES_REF#v}"
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
BASE="localhost/hermes-upstream:${VERSION}"
echo "[1/2] building upstream ${BASE} from NousResearch/hermes-agent#${HERMES_REF}"
podman build --pull=newer -t "${BASE}" \
"https://github.com/NousResearch/hermes-agent.git#${HERMES_REF}"
echo "[2/2] building derived (writable /opt/hermes) -> ${IMAGE_NAME}:${VERSION}"
podman build --build-arg BASE="${BASE}" \
-t "${IMAGE_NAME}:${VERSION}" \
-t "${IMAGE_NAME}:latest" \
"${SCRIPT_DIR}"
echo "built ${IMAGE_NAME}:${VERSION} and :latest"
echo "push with: podman push ${IMAGE_NAME}:${VERSION} && podman push ${IMAGE_NAME}:latest"
Reference in New Issue View Git Blame Copy Permalink