From 8359fef94990be58ef0ab66d7f6dd88a025833cd Mon Sep 17 00:00:00 2001 From: Joakim Persson Date: Thu, 14 May 2026 20:17:37 +0200 Subject: [PATCH] Force fresh base rebuild for v1.14.50b MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add BASE_REBUILD_DATE comment to Dockerfile.base to invalidate the content hash and trigger a full base rebuild. Picks up ~5 days of Debian trixie security updates since the previous base-bf9df274db7a was built on 2026-05-09. The comment also documents the pattern for future intentional base-rebuilds without other code changes — recommended cadence is once per release for security currency. Required because v1.14.50 hash inputs were unchanged from v1.14.44, hitting the existing base-bf9df274db7a cache and shipping stale apt packages. v1.14.50 also failed mid-flight before promote-base-latest could publish base-latest to Hub — pi-devbox and other downstream images that FROM base-latest were blocked. --- CHANGELOG.md | 7 +++++++ Dockerfile.base | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a911ce0..76c645a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,13 @@ Tags follow `v{opencode_version}[letter]` — bare tag for the first build on a ## Unreleased +## v1.14.50b — 2026-05-14 + +Rebuild of v1.14.50 with two fixes — the v1.14.50 release was incomplete (smokes failed under containerd contention; build-variant jobs skipped; base-latest never promoted to Docker Hub). + +- **Force fresh base rebuild.** Added a `BASE_REBUILD_DATE` comment header to `Dockerfile.base` to invalidate the content hash and trigger a full base rebuild. Picks up ~5 days of Debian trixie security updates and other apt-tracked packages. The comment also documents the pattern for future intentional base-rebuilds without other code changes (recommended cadence: once per release). +- **First publish of `base-latest` alias.** `promote-base-latest` runs unconditionally on tag push (`PROMOTE_LATEST=true`), so this release is the first to put `joakimp/opencode-devbox:base-latest` on Docker Hub. Required before pi-devbox (and any other downstream image FROMing the base) can build. + ## v1.14.50 — 2026-05-14 opencode 1.14.44 → 1.14.50 bump. First release on the split-base build pipeline. diff --git a/Dockerfile.base b/Dockerfile.base index 65583ce..c50fff4 100644 --- a/Dockerfile.base +++ b/Dockerfile.base @@ -11,6 +11,13 @@ # changes (rootfs/, entrypoint*.sh). Version bumps to OPENCODE_VERSION, # OMOS_VERSION, PI_VERSION, etc. do NOT trigger a base rebuild. # +# To force a base rebuild for fresh apt packages without other code +# changes, bump the BASE_REBUILD_DATE comment below. The hash is +# content-addressed over this file, so any byte change invalidates the +# cache. Recommended cadence: once per release for security updates. +# +# BASE_REBUILD_DATE: 2026-05-14 (v1.14.50b — fresh apt + first promote-base-latest) +# # See the project README's "Build pipeline" section for the rationale. ARG DEBIAN_VERSION=trixie-slim