fix: handle git-based SDK deps in enterprise Docker build

Strip git-based openhands SDK dependencies from the exported requirements.txt in the enterprise Dockerfile. These packages are already installed via the base app image and cannot have their hashes verified by pip when using git branch references. Co-authored-by: openhands <openhands@all-hands.dev>
2026-03-22 13:47:19 +08:00 · 2026-03-16 19:18:46 +00:00
parent 565a5702c3
commit 90d2681e34
1 changed files with 2 additions and 1 deletions
--- a/enterprise/Dockerfile
+++ b/enterprise/Dockerfile
@@ -33,7 +33,8 @@ RUN cd /tmp/enterprise && \
    # Export only main dependencies with hashes for supply chain security
    /app/.venv/bin/poetry export --only main -o requirements.txt && \
    # Remove the local path dependency (openhands-ai is already in base image)
-    sed -i '/^-e /d; /openhands-ai/d' requirements.txt && \
+    # and git-based SDK dependencies (already installed via the base app image)
+    sed -i '/^-e /d; /openhands-ai/d; /^openhands-.*@ git+/d' requirements.txt && \
    # Install pinned dependencies from lock file
    /app/.venv/bin/pip install -r requirements.txt && \
    # Cleanup - return to /app before removing /tmp/enterprise