11 Commits

Author	SHA1	Message	Date
joakimp	f7c34091b1	CI: preventative fix for PI_VERSION/OMOS_VERSION cache-hit silent regression ... Mirrors the pi-devbox v0.75.5b fix (2026-05-23) onto the four-variant pipeline here. The with-pi, omos, and omos-with-pi variants install upstream npm packages whose *_VERSION build-args defaulted to 'latest'. When the build-arg string is byte-identical across builds, the layer hash is identical and the registry buildcache silently reuses the layer from whatever upstream version was current when the cache was first populated — same mechanism that shipped pi-devbox v0.74.0..v0.75.5 with identical image bytes. Currently masked here because OPENCODE_VERSION is a hard-coded ARG that bumps every release; parent-chain cache invalidation flushes the downstream pi/omos layers. Masking would fail on any vN.N.Nb opencode- version-unchanged release that only bumps pi or omos. Filed last night as parked followup; fixing preventatively now that #5 (AWS SSO inside tor-ms22 container) cleared. CHANGES .gitea/workflows/docker-publish-split.yml — new resolve-versions job running 'npm view @earendil-works/pi-coding-agent version' and 'npm view oh-my-opencode-slim version', exposing concrete strings as job outputs. All six affected jobs (smoke-omos, smoke-with-pi, smoke-omos-with-pi, build-variant-omos, build-variant-with-pi, build-variant-omos-with-pi) now consume them as PI_VERSION / OMOS_VERSION build-args. smoke-base / build-variant-base unaffected. scripts/smoke-test.sh — new run_expect helper asserting an expected substring in command output. The pi check uses EXPECTED_PI_VERSION; the omos check uses EXPECTED_OMOS_VERSION against npm ls -g. Both env vars are wired from resolve-versions outputs in the smoke jobs. Catches this regression class on the next release, not four releases later. Dockerfile.variant — comment blocks above OPENCODE_VERSION (source- pinned, not subject to the bug), PI_VERSION (CI-resolved), and OMOS_VERSION (CI-resolved) explaining the cache-hit footgun. AGENTS.md — new convention bullet under 'Critical conventions' naming the resolve-versions job + EXPECTED_*_VERSION wiring as the contract to keep in lockstep when modifying variant build-args. .gitea/README.md — Step 1 expanded to cover the parallel resolve- versions job alongside base-decide; pipeline diagram updated. CHANGELOG.md — Unreleased entry describing the fix, masking mechanism, and audit footprint. No image-content change expected on the next release vs what 'latest' would have resolved to anyway. Purely makes the cache invalidate correctly going forward.	2026-05-24 15:38:36 +00:00
joakimp	80e57d732b	Bump opencode 1.15.6 -> 1.15.10 + cut v1.15.10 ... Four upstream patch releases over two days. Upstream releases ship empty bodies and no CHANGELOG; the patch sequence (1.15.7-1.15.10) is fixes only per typical sst/opencode cadence. The with-pi and omos-with-pi variants will also implicitly bump pi 0.75.4 -> 0.75.5 since PI_VERSION=latest resolves at build time. omos-with-pi smoke threshold remains 3700 MB (set v1.15.4b 2026-05-18). Four opencode patches plus one pi patch typically add only a few MB across both, not expected to trip. If it does, recovery is the well-worn letter-suffix pattern (v1.15.10b with threshold bump). Cache hit expected on base-35ee5fe7861a since neither Dockerfile.base nor rootfs/ have changed since v1.14.50b. Built on the same CI path as v1.15.6 — pinned-crane install (T14), skip-promote-on-cache-hit (T15), and update-description-always-on-base-success (v1.15.4b) all expected to remain quiet on this cache-hit run.	2026-05-23 19:14:58 +02:00
joakimp	19f8c043bd	Bump opencode 1.15.4 -> 1.15.6 + cut v1.15.6 ... Two upstream patch releases since v1.15.4b. Plus this release picks up two workflow improvements that landed on main between v1.15.4b and now (b6e4d89 pycache/DS_Store filter in base-decide, 90e5a1f doc-drift sweep clause in AGENTS.md). No image-content changes beyond the version bump; cache hit expected on base-35ee5fe7861a since neither Dockerfile.base nor rootfs/ have changed. The with-pi and omos-with-pi variants will also implicitly bump pi 0.75.3 -> 0.75.4 because PI_VERSION=latest resolves at build time. The omos-with-pi smoke threshold (3700 MB after the v1.15.4b bump) should accommodate two opencode patch versions plus one pi patch without recurrence of the trip; a future bump-bump pattern would push it again. First release on the new CI path that exercises: - pinned crane install (T14, v1.15.3) - only fires on real base rebuild, cache-hit on base means it stays unexercised this run too - skip promote-base-latest on cache-hit (T15, v1.15.4) - active - update-description always-and-success-of-base wrap (v1.15.4b) - active, will run since base variant publishes	2026-05-21 00:09:15 +02:00
joakimp	60eb49469e	v1.15.4: bump opencode 1.15.3 -> 1.15.4 ... Bundles with the CI hardening landed on main since v1.15.3 (T14/T15 in the operator backlog): - Pinned crane install in promote-base-latest (replaces flaky imjasonh/setup-crane@v0.4 that depends on api.github.com/releases/latest at runtime and periodically rate-limits) - Skip promote-base-latest on cache-hit base builds (need_build='false') These will be exercised on this release run \u2014 if the base hash hasn't drifted since v1.15.3 (likely cache hit), promote-base-latest should SKIP rather than RUN, and update-description picks up the new tag.	2026-05-18 21:51:15 +02:00
joakimp	ad4a12b3ab	v1.15.3: bump opencode 1.15.0 -> 1.15.3	2026-05-16 19:54:15 +02:00
joakimp	910378fe06	v1.15.0: opencode bump + git clone retry + pi-devbox sibling mention ... - Bump OPENCODE_VERSION 1.14.50 -> 1.15.0 in Dockerfile.variant. - Wrap pi-toolkit/pi-extensions git clone in Dockerfile.variant in a 5-attempt retry loop with linear backoff (matches pi-devbox pattern). gitea.jordbo.se occasionally returns transient HTTP 500s that previously broke with-pi/omos-with-pi variant builds. - Add 'Sibling images' section to DOCKER_HUB.md mentioning joakimp/pi-devbox as the pi-only counterpart. - CHANGELOG entry for v1.15.0 with full notes.	2026-05-15 09:56:01 +02:00
joakimp	07e07ec611	Bump opencode 1.14.44 -> 1.14.50; cut over to split-base pipeline ... - Bump OPENCODE_VERSION 1.14.44 -> 1.14.50 in Dockerfile.variant - Cut over: docker-publish-split.yml now triggers on push: tags: v* (was workflow_dispatch only). RELEASE_TAG and PROMOTE_LATEST derived from github.ref_type/ref_name for tag-push; inputs still available for manual workflow_dispatch runs. - Delete docker-publish.yml (retired, replaced by split-base pipeline) - Delete Dockerfile (retired, replaced by Dockerfile.base + Dockerfile.variant) - Update CHANGELOG: promote Unreleased -> v1.14.50 - Update AGENTS.md, .gitea/README.md, validate.yml: remove all references to the old single-Dockerfile pipeline and WIP migration plan	2026-05-14 19:39:45 +02:00
joakimp	a3ff601bf0	Bump opencode 1.14.42 -> 1.14.44; close v1.14.42 omos-with-pi gap ... opencode-ai 1.14.44 published 20:26 UTC (1.14.43 skipped upstream). Bumping to 1.14.44 instead of re-running the failed v1.14.42 build gives us the same 3h CI cost and picks up upstream bug fixes. Closes the v1.14.42 omos-with-pi gap. The v1.14.42 tag's build-omos-with-pi job failed during publish: oh-my-opencode-slim@1.0.7 had been published with a dependency on @opencode-ai/sdk@1.14.44, and our build hit the npm registry within ~2 minutes of that SDK version landing -- before the tarball had propagated across npm's CDN. The manifest's dist-tags.latest pointed at 1.14.44 but a tarball fetch on /-/sdk-1.14.44.tgz returned 404. Tarball is now fully fetchable. Result on Docker Hub once v1.14.44 publishes: v1.14.42 / latest -> stable (3 of 4 variants) v1.14.42-omos / latest-omos -> stable v1.14.42-with-pi / latest-with-pi -> stable v1.14.42-omos-with-pi -> NEVER PUBLISHED (404 if pulled) latest-omos-with-pi -> still v1.14.41b until v1.14.44 v1.14.44 / latest -> NEW (replaces latest) v1.14.44-omos / latest-omos -> NEW v1.14.44-with-pi / latest-with-pi -> NEW v1.14.44-omos-with-pi / latest-omos-with-pi -> NEW (closes the gap) CHANGELOG: v1.14.44 entry added with the propagation-race rationale, v1.14.42 entry annotated with the known gap. Reverse-chrono preserved.	2026-05-09 22:33:16 +02:00
joakimp	b30ffc83bd	Bump opencode 1.14.41 -> 1.14.42 ... opencode-ai 1.14.42 was released; bump OPENCODE_VERSION default in Dockerfile and Dockerfile.variant. Container changes accumulated since v1.14.41b ride along with this tagged release: pi package rename to @earendil-works/*, npm-prefix-on-volume fix, smoke-test query fix, Hub doc rewrite, README/AGENTS docs catchup. CHANGELOG promoted: Unreleased -> v1.14.42 (2026-05-09). The split-base build pipeline note stays under a fresh Unreleased \u2014 it's merged to main but not yet validated end-to-end via dispatch test, so it does not ship with v1.14.42 (the production docker-publish.yml on tag push is still authoritative). Release contents: - Bump: opencode 1.14.41 -> 1.14.42 - Rename: @mariozechner/pi-coding-agent -> @earendil-works/pi-coding-agent - Fix: NPM_CONFIG_PREFIX on volume so 'pi install npm:<pkg>' as developer survives container recreate AND image rebuild - Fix: smoke-test queries /usr prefix for npm ls -g check - Docs: Hub doc rewrite (24997 -> 5529 bytes), README pi section catchup (6 -> 7 extensions, mcp-loader documented), AGENTS release-day checklist updates	2026-05-09 19:17:10 +02:00
joakimp	896380bb9c	Rename @mariozechner/pi-coding-agent to @earendil-works/pi-coding-agent ... Pi moved to its new home at earendil-works on 2026-05-07 (https://pi.dev/news/2026/5/7/pi-has-a-new-home). The old @mariozechner/pi-coding-agent npm package is deprecated with the explicit message 'please use @earendil-works/pi-coding-agent instead going forward', and the version stream has moved on (old top-out 0.73.1; new currently 0.74.0). Anyone npm-installing the old name today gets a deprecation warning + a stale binary, so this is a non-optional migration before the next tagged release. Sweep: - Dockerfile (production single-Dockerfile path) and Dockerfile.variant (split-base path on main): npm install -g target updated. - README, AGENTS, HUB_TEMPLATE: github.com/mariozechner/pi-coding-agent URL refs (which now 404) -> github.com/earendil-works/pi. - DOCKER_HUB.md regenerated (5529 bytes, ~78% headroom). - CHANGELOG Unreleased: rename entry added with migration context. Brew install references (`brew install pi-coding-agent`) left as-is: formula still works at 0.73.1 and a homebrew tap update is tracked upstream at earendil-works/pi#2755. Historical CHANGELOG entries: only github URL refs updated (the package name was never spelled out in those entries; we're correcting dead hyperlinks, not rewriting feature descriptions).	2026-05-09 17:58:07 +02:00
joakimp	4c27e6fd8a	feat: split-base build pipeline (parallel, manual-trigger only) ... Two-Dockerfile split-base build alongside the existing single-Dockerfile pipeline. Goal: cut CI wall clock from ~165-180min to ~30-40min on typical version-bump-only releases by reusing a base image across the four variants. Files added: - Dockerfile.base variant-independent layers (apt, locales, AWS CLI, Node.js, mempalace, gitea-mcp, user setup, chromadb prewarm, ENVs, entrypoints). - Dockerfile.variant FROMs ${BASE_IMAGE} and adds opencode / pi / omos / Go installs gated by INSTALL_* args. Each npm install -g uses NPM_CONFIG_PREFIX=/usr per-RUN to keep baked binaries off the volume- shadowed ~/.pi/npm-global path inherited from base. - .gitea/workflows/docker-publish-split.yml workflow_dispatch-only pipeline: base-decide -> build-base (conditional) -> smoke-* (4 parallel) -> build-variant-* (4 parallel) -> promote-base-latest -> update-description. Hash-driven base reuse: if base-<sha> already exists on Docker Hub, the build is skipped entirely. Inputs: release_tag (test tag suffix, default v0.0.0-split-test) and promote_latest (default false; gates latest-* aliases and Hub description update). Files unchanged: - Dockerfile, docker-publish.yml, validate.yml all left in place so the production tag-push pipeline keeps working untouched. Migration plan (in CHANGELOG Unreleased): 1. workflow_dispatch test run with promote_latest=false; verify the four variant images smoke-pass and have plausible sizes. 2. Compare manifest digests against the same-version output from the production pipeline (independent test run on the same commit). 3. Once verified across 1-2 release cycles, swap docker-publish-split.yml to on: push: tags: v* and retire docker-publish.yml. AGENTS.md and CHANGELOG.md updated with file roles and the migration plan. Production pipeline behavior is bit-for-bit unchanged on this branch.	2026-05-09 16:16:25 +02:00