v2.0.0: remove pi, relocate npm-global prefix, bump opencode 1.17.2->1.17.4

PR-5 (per docs/CLEANUP-v2.0.0.md). Major release with two breaking changes: 1. pi fully removed (deprecated in v1.17.2). Gone: INSTALL_PI + all PI_* build args; with-pi/omos-with-pi/pi-only variants; base-pi-only publish job; all ~/.pi entrypoint wiring; the 3 pi smoke/validate/build-variant CI jobs. Only base + omos variants remain (4 tags/release). 2. NPM_CONFIG_PREFIX relocated ~/.pi/npm-global -> ~/.config/opencode/npm-global (persistent in both compose files). entrypoint-user.sh gains a one-time migration shim that copies old global npm packages forward. Also: opencode 1.17.2->1.17.4; DOCKER_HUB.md gains {{OPENCODE_VERSION}} placeholder filled by CI at publish time (mirrors pi-devbox); full docs drift sweep across README/AGENTS/.gitea-README/.env.example/manual-host-publish; DOCKER_HUB.md regenerated + --check passes; both workflows YAML-valid; all shell scripts pass bash -n.
2026-06-13 16:59:40 +02:00
parent c8217814c8
commit 72298ae77e
17 changed files with 334 additions and 1210 deletions
@@ -3,37 +3,29 @@
 # FROMs a base-<hash> image produced by Dockerfile.base and adds only
 # the variant-specific tools (opencode, pi, oh-my-opencode-slim, Go).
 #
-# The four published variants are produced from THIS Dockerfile by
+# The two published variants are produced from THIS Dockerfile by
 # varying build args:
 #
-#   variant            INSTALL_OPENCODE  INSTALL_OMOS  INSTALL_PI
-#   ─────────────────  ────────────────  ────────────  ──────────
-#   base               true              false         false
-#   omos               true              true          false
-#   with-pi *DEPR*     true              false         true
-#   omos-with-pi*DEPR* true              true          true
-#   pi-only *DEPR*     false             false         true
+#   variant   INSTALL_OPENCODE  INSTALL_OMOS
+#   ────────  ────────────────  ────────────
+#   base      true              false
+#   omos      true              true
 #
-# DEPRECATION (since v1.17.2): the three pi-bearing variants (with-pi,
-# omos-with-pi, pi-only) and the INSTALL_PI build path are DEPRECATED and
-# will be REMOVED in v2.0.0. pi now ships from its own self-contained image:
-# joakimp/pi-devbox:latest (https://gitea.jordbo.se/joakimp/pi-devbox).
-# See docs/CLEANUP-v2.0.0.md for the removal plan.
-#
-# Until v2.0.0 the `pi-only` variant remains the source of truth for the
-# legacy pi build (pi + companions, no opencode); pi-devbox v1.0.0+ no
-# longer FROMs it.
+# pi was removed in v2.0.0 (it had been deprecated since v1.17.2). It now
+# ships from its own self-contained image: joakimp/pi-devbox:latest
+# (https://gitea.jordbo.se/joakimp/pi-devbox). See docs/CLEANUP-v2.0.0.md
+# for the removal history.
 #
 # Pass `--build-arg BASE_IMAGE=<repo>:base-<hash>` to select the base.
 # The CI workflow computes the base hash from Dockerfile.base + rootfs/
 # + entrypoint*.sh and feeds it in.
 #
 # IMPORTANT: the base image sets NPM_CONFIG_PREFIX to
-# /home/developer/.pi/npm-global so runtime `pi install npm:...` and
-# `npm install -g` by the developer user lands on the named volume.
-# At BUILD time we want the baked binaries on /usr so they survive the
-# volume mount. Each `npm install -g` below therefore prefixes the
-# command with `NPM_CONFIG_PREFIX=/usr`.
+# /home/developer/.config/opencode/npm-global so runtime `npm install -g`
+# by the developer user lands on the named volume. At BUILD time we want
+# the baked binaries on /usr so they survive the volume mount. Each
+# `npm install -g` below therefore prefixes the command with
+# `NPM_CONFIG_PREFIX=/usr`.

 ARG BASE_IMAGE
 FROM ${BASE_IMAGE}
@@ -47,91 +39,12 @@ ARG USER_NAME=developer
 # edit, so the cache-hit class of bug that bit pi-devbox v0.74.0..
 # v0.75.5 cannot apply here.
 ARG INSTALL_OPENCODE=true
-ARG OPENCODE_VERSION=1.17.2
+ARG OPENCODE_VERSION=1.17.4
 RUN if [ "${INSTALL_OPENCODE}" = "true" ]; then \
      NPM_CONFIG_PREFIX=/usr npm install -g opencode-ai@${OPENCODE_VERSION} && \
      opencode --version ; \
    fi

-# ── Optional: pi coding-agent ────────────────────────────────────────
-# pi-toolkit and pi-extensions are cloned into /opt/. entrypoint-user.sh
-# runs each repo's install.sh on container start so symlinks land under
-# ~/.pi/agent/ on the named volume.
-# PI_VERSION should be passed explicitly by CI as a concrete version
-# (resolved from `npm view @earendil-works/pi-coding-agent version`,
-# see .gitea/workflows/docker-publish-split.yml § resolve-versions).
-# The default `latest` is for local dev convenience only — it has a
-# known cache-hit footgun when used in registry-cached CI builds: the
-# resulting build-arg string is byte-identical across builds, the
-# layer-hash is identical, and the registry buildcache silently reuses
-# the layer from whatever pi version was current when the cache was
-# first populated. Currently masked here because OPENCODE_VERSION (a
-# parent layer) bumps every release; will manifest the moment a
-# vN.N.Nb opencode-version-unchanged release ships. See pi-devbox
-# v0.75.5b 2026-05-23 for the discovery + canonical fix.
-ARG INSTALL_PI=false
-ARG PI_VERSION=latest
-ARG PI_TOOLKIT_REF=main
-ARG PI_EXTENSIONS_REF=main
-# pi-fork (fork tool) + pi-observational-memory (recall tool) live on GitHub
-# under elpapi42. Refs default to the tracked branch for local dev; CI resolves
-# them to concrete commit SHAs (see resolve-versions in docker-publish-split.yml)
-# so the build-arg string changes when upstream moves — same registry-buildcache
-# cache-hit footgun the PI_VERSION/OMOS_VERSION pins guard against. The clone
-# helper for these uses `git fetch <ref>` (not `--branch`) so it accepts both
-# branch names and raw commit SHAs.
-ARG PI_FORK_REPO=https://github.com/elpapi42/pi-fork.git
-ARG PI_FORK_REF=master
-ARG PI_OBSMEM_REPO=https://github.com/elpapi42/pi-observational-memory.git
-ARG PI_OBSMEM_REF=master
-RUN if [ "${INSTALL_PI}" = "true" ]; then \
-      set -e && \
-      printf '%s\n' \
-        "===========================================================" \
-        "DEPRECATION WARNING: INSTALL_PI is deprecated in opencode-devbox" \
-        "(since v1.17.2) and will be REMOVED in v2.0.0. Use the dedicated" \
-        "image joakimp/pi-devbox:latest instead." \
-        "See https://gitea.jordbo.se/joakimp/pi-devbox" \
-        "===========================================================" >&2 && \
-      git_clone_retry() { \
-        url="$1"; ref="$2"; dest="$3"; \
-        for i in 1 2 3 4 5; do \
-          if git clone --depth 1 --branch "$ref" "$url" "$dest"; then return 0; fi; \
-          rm -rf "$dest"; \
-          echo "git clone $url failed (attempt $i/5), retrying in $((i*5))s..."; \
-          sleep $((i*5)); \
-        done; \
-        return 1; \
-      } && \
-      git_fetch_ref() { \
-        url="$1"; ref="$2"; dest="$3"; \
-        rm -rf "$dest"; mkdir -p "$dest"; \
-        git -C "$dest" init -q && git -C "$dest" remote add origin "$url" && \
-        for i in 1 2 3 4 5; do \
-          if git -C "$dest" fetch --depth 1 origin "$ref" && git -C "$dest" checkout -q FETCH_HEAD; then return 0; fi; \
-          echo "git fetch $url@$ref failed (attempt $i/5), retrying in $((i*5))s..."; \
-          sleep $((i*5)); \
-        done; \
-        return 1; \
-      } && \
-      if [ "${PI_VERSION}" = "latest" ]; then \
-        NPM_CONFIG_PREFIX=/usr npm install -g @earendil-works/pi-coding-agent ; \
-      else \
-        NPM_CONFIG_PREFIX=/usr npm install -g @earendil-works/pi-coding-agent@${PI_VERSION} ; \
-      fi && \
-      pi --version && \
-      git_clone_retry https://gitea.jordbo.se/joakimp/pi-toolkit.git "${PI_TOOLKIT_REF}" /opt/pi-toolkit && \
-      git_clone_retry https://gitea.jordbo.se/joakimp/pi-extensions.git "${PI_EXTENSIONS_REF}" /opt/pi-extensions && \
-      git_fetch_ref "${PI_FORK_REPO}"   "${PI_FORK_REF}"   /opt/pi-fork && \
-      git_fetch_ref "${PI_OBSMEM_REPO}" "${PI_OBSMEM_REF}" /opt/pi-observational-memory && \
-      (cd /opt/pi-fork && npm install --omit=dev --no-audit --no-fund) && \
-      (cd /opt/pi-observational-memory && npm install --omit=dev --no-audit --no-fund) && \
-      echo "pi-toolkit at $(cd /opt/pi-toolkit && git rev-parse --short HEAD)" && \
-      echo "pi-extensions at $(cd /opt/pi-extensions && git rev-parse --short HEAD)" && \
-      echo "pi-fork at $(cd /opt/pi-fork && git rev-parse --short HEAD)" && \
-      echo "pi-observational-memory at $(cd /opt/pi-observational-memory && git rev-parse --short HEAD)" ; \
-    fi
-
 # ── Optional: Go ─────────────────────────────────────────────────────
 ARG INSTALL_GO=false
 ARG GO_VERSION=latest
@@ -151,10 +64,13 @@ RUN if [ "${INSTALL_GO}" = "true" ]; then \

 # ── Optional: oh-my-opencode-slim (multi-agent orchestration) ────────
 # Installs Bun runtime and the oh-my-opencode-slim npm package.
-# OMOS_VERSION shares the same cache-hit footgun as PI_VERSION when
-# left at the `latest` default in registry-cached CI builds. CI
-# resolves it via `npm view oh-my-opencode-slim version` and passes
-# the concrete value as a build-arg. See PI_VERSION block above.
+# OMOS_VERSION has a cache-hit footgun when left at the `latest` default
+# in registry-cached CI builds: the resulting build-arg string is byte-
+# identical across builds, so the layer-hash is identical, so the
+# registry buildcache silently reuses the layer from whatever omos
+# version was current when the cache was first populated. CI resolves it
+# via `npm view oh-my-opencode-slim version` and passes the concrete
+# value as a build-arg (see resolve-versions in docker-publish-split.yml).
 ARG INSTALL_OMOS=false
 ARG OMOS_VERSION=latest
 RUN if [ "${INSTALL_OMOS}" = "true" ]; then \