{"id":51309534,"url":"https://github.com/cnuahs/docker-hermes","last_synced_at":"2026-07-01T02:32:34.695Z","repository":{"id":360382652,"uuid":"1244744534","full_name":"cnuahs/docker-hermes","owner":"cnuahs","description":"Custom Docker image for the Hermes Agent.","archived":false,"fork":false,"pushed_at":"2026-05-26T06:16:15.000Z","size":7,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-26T08:17:04.427Z","etag":null,"topics":["agentic-ai","agentic-workflow","ai-agent","ai-agents","docker","docker-compose","dockerfile","hermes","hermes-agent"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cnuahs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-20T14:55:13.000Z","updated_at":"2026-05-26T06:16:19.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/cnuahs/docker-hermes","commit_stats":null,"previous_names":["cnuahs/docker-hermes"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/cnuahs/docker-hermes","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cnuahs%2Fdocker-hermes","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cnuahs%2Fdocker-hermes/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cnuahs%2Fdocker-hermes/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cnuahs%2Fdocker-hermes/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cnuahs","download_url":"https://codeload.github.com/cnuahs/docker-hermes/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cnuahs%2Fdocker-hermes/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34990845,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-01T02:00:05.325Z","response_time":130,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agentic-ai","agentic-workflow","ai-agent","ai-agents","docker","docker-compose","dockerfile","hermes","hermes-agent"],"created_at":"2026-07-01T02:32:33.863Z","updated_at":"2026-07-01T02:32:34.679Z","avatar_url":"https://github.com/cnuahs.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# docker-hermes\n\n![Docker Image CI](https://github.com/cnuahs/docker-hermes/actions/workflows/build-docker.yml/badge.svg)\n![ghcr.io](https://img.shields.io/badge/ghcr.io-enabled-brightgreen)\n\nThis repository builds and publishes a custom Docker image for [Hermes](https://github.com/NousResearch/hermes-agent) -- _\"the agent that grows with you\"_.\n\n## Base image\n\n`nousresearch/hermes-agent:main` — tracks the latest build on the `main` branch.\n\n## GHCR image\n\n`ghcr.io/cnuahs/hermes-agent:latest`\n\n## What's included\n\n- Everything from `nousresearch/hermes-agent:main`\n- `bws` (Bitwarden Secrets Manager CLI)\n\n## Secrets management\n\nSecrets (API keys, tokens) are stored in [Bitwarden Secrets Manager](https://bitwarden.com/products/secrets-manager/)\nand injected at container startup via `bws run`. No secrets are written to disk — not in\n`.env`, not in the container filesystem.\n\n## Usage\n\nSet the machine access token in your shell environment:\n\n```bash\nexport BWS_ACCESS_TOKEN=\u003ctoken\u003e\n```\n\nThen start hermes or the gateway:\n\n```bash\ndocker compose run --rm hermes                        # start session\ndocker compose run --rm hermes hermes --continue      # continue last session\ndocker compose run --rm hermes hermes --resume \u003cs\u003e    # resume session \u003cs\u003e\ndocker compose up -d gateway                          # start gateway daemon\n```\n\nA convenience wrapper, `run.sh`, is provided to perform these\nsteps, loading the token from `.env.bws` automatically:\n\n```bash\n./run.sh hermes          # start interactive chat\n./run.sh gateway         # start gateway daemon\n```\n\nTo use the wrapper, the `.env.bws` file in the working directory should provide\nthe machine access token, e.g.,\n\n```\nBWS_ACCESS_TOKEN=\u003cyour-machine-access-token\u003e\n```\n\n`.env.bws` is gitignored. Never commit it.\n\n## Updating the image\n\nThe image is built and published to GHCR by Github Actions. The workflow\nruns automatically when the Dockerfile or workflow file changes on `main`,\nor can be triggered manually via the Actions tab (`workflow_dispatch`).\n\n### Manual rebuild (no code changes needed)\n\nTo pick up the latest base image without triggering the Github workflow:\n\n1. Build locally:\n\n   ```bash\n   docker build --pull -t ghcr.io/cnuahs/hermes-agent:test .\n   ```\n\n   `--pull` ensures the latest `nousresearch/hermes-agent:main` base image\n   is used. Note `test` in the tag.\n\n2. Test locally. Use the `VERSION` env var to select the local `test` build:\n\n   ```bash\n   VERSION=test docker compose run --rm hermes\n   ```\n\n   When `VERSION` is unset, it defaults to `latest` (the GHCR image).\n\n3. If testing if successful, trigger the Github workflow:\n\n   - Go to **Actions \u003e Build and push Hermes Agent Docker image \u003e Run workflow**\n   - Or via CLI: `gh workflow run build-docker.yml`\n   - Or via REST API:\n\n     ```bash\n     curl -X POST \\\n       -H \"Authorization: token $GITHUB_TOKEN\" \\\n       -H \"Accept: application/vnd.github+json\" \\\n       https://api.github.com/repos/\u003cowner\u003e/docker-hermes/actions/workflows/build-docker.yml/dispatches \\\n       -d '{\"ref\":\"main\"}'\n     ```\n\n   The workflow builds a multi-arch image, generates an SBOM and attestation,\n   and pushes to GHCR.\n\n4. Pull the updated image:\n\n   ```bash\n   docker compose pull gateway\n   docker compose up -d gateway\n   ```\n\n### Image changes\n\nFor actual Dockerfile changes, commit and push to `main`:\n\n```bash\ngit add Dockerfile\ngit commit\ngit push origin main\n```\n\nThe workflow builds and pushes to GHCR automatically. Then pull and restart as\nin 4. above.\n\n## Checking the base image SHA\n\nEach workflow build records the exact base image digest as a label:\n\n```bash\ndocker inspect ghcr.io/cnuahs/hermes-agent:latest \\\n  --format='{{index .Config.Labels \"org.opencontainers.image.base.digest\"}}'\n```\n\nThis returns the SHA256 digest of the base image used (e.g., `sha256:abc123...`). If you need to pin to a specific base, use this SHA in the Dockerfile:\n\n```dockerfile\nFROM nousresearch/hermes-agent@sha256:abc123...\n```\n\n## Adding tools\n\nEdit the `Dockerfile`, add your `apt-get install` lines, test locally then commit and push to `main`. The workflow rebuilds and pushes automatically.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcnuahs%2Fdocker-hermes","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcnuahs%2Fdocker-hermes","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcnuahs%2Fdocker-hermes/lists"}