Two build fixes surfaced while shipping the set-password rename:
1. erpnext/Dockerfile cloned frappe/payments unpinned; its default branch now
requires Python >=3.14 while frappe/erpnext:v15 ships 3.11, so the image
build failed with 'Package payments requires a different Python'. Pin the
clone to --branch version-15.
2. deploy.sh built the erpnext image without first staging the custom Frappe
apps into the build context (erpnext/build.sh). That meant a baked-code
change could silently ship stale code. Stage apps when erpnext is built.
- erpnext/Dockerfile: builds from frappe/erpnext:v15 base with custom apps
- erpnext/build.sh: stages custom apps into build context before docker build
- Container update script now runs build.sh pre-build + extracts assets post-build
- ERPNext will auto-rebuild nightly when base image has security patches
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
