86f12c126f
Build & push image / build-and-push (push) Successful in 28s
Phase 1: a second review engine alongside the majordomo agent loop. For each lens, shell out to the Claude Code CLI (`claude -p --output-format json`) inside the checked-out repo so it verifies findings with its own read tools, then reuse gadfly's verdict-parse + recheck + consolidate + emit pipeline. Select via GADFLY_MODELS `claude-code`/`claude-code/<model>`; auth via CLAUDE_CODE_OAUTH_TOKEN (no --bare) else ANTHROPIC_API_KEY; read-only by default; GADFLY_CLAUDE_* knobs. Dockerfile bundles Node + @anthropic-ai/claude-code. Also bumped the dogfood pin to the status-board image (PR #2 was the first dogfood with the live board + full fleet). Folded in the swarm's own review findings: minimal subprocess env (no GITEA_TOKEN leak to the CLI), runPass robustness (ctx/empty-result/runErr), process-group cleanup on timeout, rune-safe error truncation, and engine-neutral prompts (also de-mort-ified the recheck prompt). 66 findings graded via the gadfly MCP. gofmt clean, go vet quiet, go build + go test -race green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Co-authored-by: Steve Dudenhoeffer <steve@stevedudenhoeffer.com> Co-committed-by: Steve Dudenhoeffer <steve@stevedudenhoeffer.com>
38 lines
1.7 KiB
Docker
38 lines
1.7 KiB
Docker
# syntax=docker/dockerfile:1
|
|
#
|
|
# Multi-stage so the private-module credentials (used to fetch the majordomo
|
|
# dependency) live ONLY in the build stage via BuildKit secrets and never land
|
|
# in the final image. Mirrors mort's Dockerfile secret idiom.
|
|
|
|
FROM golang:1.26 AS build
|
|
ARG GIT_HOST=gitea.stevedudenhoeffer.com
|
|
ENV CGO_ENABLED=0 \
|
|
GOFLAGS=-mod=mod \
|
|
GOSUMDB=off \
|
|
GOTOOLCHAIN=auto
|
|
ENV GOPRIVATE=${GIT_HOST}/* GONOSUMDB=${GIT_HOST}/*
|
|
WORKDIR /src
|
|
COPY go.mod go.sum ./
|
|
RUN --mount=type=secret,id=REGISTRY_USER \
|
|
--mount=type=secret,id=REGISTRY_PASSWORD \
|
|
--mount=type=cache,target=/go/pkg/mod \
|
|
git config --global url."https://$(cat /run/secrets/REGISTRY_USER):$(cat /run/secrets/REGISTRY_PASSWORD)@${GIT_HOST}/".insteadOf "https://${GIT_HOST}/" \
|
|
&& go mod download
|
|
COPY . .
|
|
RUN --mount=type=cache,target=/go/pkg/mod \
|
|
--mount=type=cache,target=/root/.cache/go-build \
|
|
go build -trimpath -ldflags="-s -w" -o /out/gadfly ./cmd/gadfly
|
|
|
|
FROM alpine:3.20
|
|
RUN apk add --no-cache bash git curl jq ca-certificates nodejs npm
|
|
# Bundle the Claude Code CLI so the `claude-code` review engine works out of the
|
|
# box (GADFLY_MODELS=claude-code or claude-code/<model>). This adds Node + the
|
|
# CLI to the image (notably larger); ollama-only users pay the size but nothing
|
|
# else. Auth is provided at runtime via CLAUDE_CODE_OAUTH_TOKEN / ANTHROPIC_API_KEY.
|
|
RUN npm install -g @anthropic-ai/claude-code && npm cache clean --force
|
|
COPY --from=build /out/gadfly /usr/local/bin/gadfly
|
|
COPY scripts /app/scripts
|
|
COPY entrypoint.sh /entrypoint.sh
|
|
RUN chmod +x /entrypoint.sh /app/scripts/run.sh /app/scripts/status-board.sh /usr/local/bin/gadfly
|
|
ENTRYPOINT ["/entrypoint.sh"]
|