joakimp/pi-devbox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: build FROM joakimp/pi-devbox:base-pi-only (Option B)

Browse Source 
The pi-only building block now lives in this repo as the internal
base-pi-only tag (produced by opencode-devbox CI from Dockerfile.variant,
INSTALL_OPENCODE=false) instead of opencode-devbox:latest-pi-only — so an
'opencode-devbox' tag never ships without opencode.

- Dockerfile: BASE_IMAGE default joakimp/opencode-devbox:latest-pi-only
  -> joakimp/pi-devbox:base-pi-only.
- Updated README, AGENTS, DOCKER_HUB, docker-compose, CHANGELOG.
- Single source of truth unchanged (opencode-devbox/Dockerfile.variant);
  publish ordering + EXPECTED_PI_VERSION smoke guard unchanged.
This commit is contained in:
pi
2026-06-03 17:04:21 +02:00
parent 1d1283f942
commit 03629cdac7
6 changed files with 60 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files
AGENTS.md
+5 -5
View File
@@ -5,7 +5,7 @@ pi-focused image. As of 2026-06-03 it no longer installs pi itself.
## Repository layout
- `Dockerfile` — thin re-brand: `FROM opencode-devbox:latest-pi-only` (overridable via `BASE_IMAGE` arg). No install logic of its own — pi + companions are inherited from the pi-only variant (built `INSTALL_OPENCODE=false`, so **no opencode** — that's the distinction from `latest-with-pi`). This refactor removed the install-logic duplication that used to drift against `opencode-devbox/Dockerfile.variant`.
- `Dockerfile` — thin re-brand: `FROM joakimp/pi-devbox:base-pi-only` (overridable via `BASE_IMAGE` arg). No install logic of its own — pi + companions are inherited from the pi-only build (built `INSTALL_OPENCODE=false`, so **no opencode** — that's the distinction from `opencode-devbox:latest-with-pi`). The `base-pi-only` tag is produced by opencode-devbox CI (from `opencode-devbox/Dockerfile.variant`) but published into THIS repo as an internal building-block tag. This refactor removed the install-logic duplication that used to drift against `opencode-devbox/Dockerfile.variant`.
- `docker-compose.yml` — compose file for local use
- `.env.example` — environment variable template
- `scripts/smoke-test.sh` — sanity checks run by CI before pushing to Docker Hub
@@ -14,12 +14,12 @@ pi-focused image. As of 2026-06-03 it no longer installs pi itself.
## Versioning scheme
- Tags follow the pi npm version: `v{pi_version}[letter]`
- The image inherits pi from `latest-pi-only`, so the **publish ordering matters**: rebuild opencode-devbox first so `latest-pi-only` carries the target pi version, *then* tag this repo. The smoke test asserts `pi --version` matches the tag (`EXPECTED_PI_VERSION`) and fails loudly if the base is stale.
- The image inherits pi from `base-pi-only`, so the **publish ordering matters**: rebuild opencode-devbox first so `joakimp/pi-devbox:base-pi-only` carries the target pi version, *then* tag this repo. The smoke test asserts `pi --version` matches the tag (`EXPECTED_PI_VERSION`) and fails loudly if the base is stale.
- Docker Hub: `joakimp/pi-devbox:vX.Y.Z` + `joakimp/pi-devbox:latest`
## Release-day checklist
1. Ensure opencode-devbox has been released so `joakimp/opencode-devbox:latest-pi-only` carries the target pi version (and the fork/recall extensions). This is the hard prerequisite — the smoke guard enforces it.
1. Ensure opencode-devbox has been released so `joakimp/pi-devbox:base-pi-only` carries the target pi version (and the fork/recall extensions). This is the hard prerequisite — the smoke guard enforces it.
2. Update `CHANGELOG.md`: promote `Unreleased``vX.Y.Z — YYYY-MM-DD`
3. Add fresh `## Unreleased` section
4. Commit, tag `vX.Y.Z`, push tag → CI fires automatically
@@ -39,7 +39,7 @@ per version. Don't try to derive notes from the npm registry metadata
## Key facts
- **Base image**: `joakimp/opencode-devbox:latest-pi-only`the single source of truth for the pi install + companions. Rebuilt whenever opencode-devbox releases.
- **Base image**: `joakimp/pi-devbox:base-pi-only`an internal building-block tag (produced by opencode-devbox CI from `Dockerfile.variant`, the single source of truth for the pi install + companions; published into this repo, not under opencode-devbox). Rebuilt whenever opencode-devbox releases. Not for end users — they pull `joakimp/pi-devbox:latest` or a `vX.Y.Z` tag.
- **Inherited content**: pi (`/usr/bin/pi`), pi-toolkit, pi-extensions, pi-fork (`fork`), pi-observational-memory (`recall`), the mempalace bridge, the LAN-access helper, entrypoints, and all base dev tooling. The pi-only variant is built `INSTALL_OPENCODE=false`, so the image does **not** contain opencode.
- **Companion repos**: cloned to `/opt/` by the pi-only build; `entrypoint-user.sh` (inherited) deploys/registers them on container start.
- **MemPalace**: fully operational — inherited from base; bridge extension deployed by entrypoint.
@@ -49,7 +49,7 @@ per version. Don't try to derive notes from the npm registry metadata
- This repo no longer installs pi or clones companion repos — do **not** re-add that logic here. Change it in `opencode-devbox/Dockerfile.variant` (the single source of truth) instead.
- The smoke test threshold is 2750 MB (tracks the pi-only variant) — update if the image legitimately grows past it.
- The CI still resolves the tag's pi version, but only to feed `EXPECTED_PI_VERSION` to the smoke base-freshness guard — it is no longer passed as a build-arg (nothing in the Dockerfile consumes it).
- To pin a specific base build instead of tracking `latest-pi-only`, override the `BASE_IMAGE` arg (a version tag or a digest).
- To pin a specific base build instead of tracking `base-pi-only`, override the `BASE_IMAGE` arg (a `base-pi-only-vX.Y.Z` tag or a digest).
## Documentation drift sweep
CHANGELOG.md
+12 -3
View File
@@ -11,12 +11,21 @@ Tags follow the pi npm version: `v{pi_version}[letter]` — bare tag for the fir
### Changed: refactored to re-brand the opencode-devbox `pi-only` variant
pi-devbox no longer installs pi itself. The `Dockerfile` is now a thin
`FROM joakimp/opencode-devbox:latest-pi-only` (overridable via the `BASE_IMAGE`
`FROM joakimp/pi-devbox:base-pi-only` (overridable via the `BASE_IMAGE`
arg), inheriting pi + pi-toolkit + pi-extensions and all base tooling from the
single source of truth. This eliminates the install-logic duplication that
used to drift against `opencode-devbox/Dockerfile.variant`.
The `pi-only` variant is built with `INSTALL_OPENCODE=false`, so this image
The pi-only artifact is **built** by opencode-devbox's CI (from
`opencode-devbox/Dockerfile.variant` with `INSTALL_OPENCODE=false`) but is
**published into this repo** as the internal building-block tag
`joakimp/pi-devbox:base-pi-only` (+ `base-pi-only-vX.Y.Z`, where `vX.Y.Z` is
the opencode-devbox release version). This supersedes the brief approach of
publishing it as `opencode-devbox:latest-pi-only` — an "opencode-devbox" tag
with no opencode in it confused users. `base-pi-only` is internal; end users
pull `joakimp/pi-devbox:latest` or a `vX.Y.Z` tag.
The pi-only build uses `INSTALL_OPENCODE=false`, so this image
stays lean and pi-focused — it does **not** carry opencode, and remains
distinct from `opencode-devbox:latest-with-pi` (which has both).
@@ -31,7 +40,7 @@ distinct from `opencode-devbox:latest-with-pi` (which has both).
### Consequences / notes
- **Publish ordering**: release opencode-devbox first so `latest-pi-only`
- **Publish ordering**: release opencode-devbox first so `base-pi-only`
carries the target pi version, *then* tag this repo. The smoke test asserts
`pi --version` matches the tag and fails loudly if the base is stale.
- CI no longer passes `PI_VERSION` as a build-arg (the Dockerfile installs
DOCKER_HUB.md
+7 -4
View File
@@ -38,9 +38,12 @@ Full setup guide — authentication for each provider (Anthropic, OpenAI, Gemini
## What's inside
pi-devbox is a re-brand of the **opencode-devbox `pi-only` variant** — it builds
`FROM joakimp/opencode-devbox:latest-pi-only` and adds no layers of its own.
The pi-only variant is built `INSTALL_OPENCODE=false`, so this image is lean
pi-devbox is a re-brand of the **pi-only build** — it builds
`FROM joakimp/pi-devbox:base-pi-only` and adds no layers of its own. That
building-block tag is produced by opencode-devbox's CI (from
`Dockerfile.variant` with `INSTALL_OPENCODE=false`) but published here, in the
pi-devbox repo, so an opencode-devbox tag never ships without opencode.
The pi-only build is lean
and pi-focused (no opencode — use `opencode-devbox:latest-with-pi` if you want
both).
Everything below is inherited from that single source of truth.
@@ -68,7 +71,7 @@ The entrypoint deploys/registers all of these on first container start. Re-runni
## Versioning
Tags follow the pi npm version: `v0.74.0`, `v0.75.0`, etc. `latest` always points at the most recent release. The pi binary is inherited from `opencode-devbox:latest-pi-only`, so each release follows an opencode-devbox release that bakes the target pi version.
Tags follow the pi npm version: `v0.74.0`, `v0.75.0`, etc. `latest` always points at the most recent release. The pi binary is inherited from `joakimp/pi-devbox:base-pi-only`, so each release follows an opencode-devbox release that bakes the target pi version. (`base-pi-only` is an internal building-block tag — pull `latest` or a `vX.Y.Z` tag instead.)
For container-level rebuilds on the same pi version (security updates, base bumps, fixes) the tag gets a letter suffix: `v0.74.0b`, `v0.74.0c`, …
Dockerfile
+22 -17
View File
@@ -1,29 +1,34 @@
# pi-devbox — pi coding-agent container
#
# As of 2026-06-03 this image is a thin re-brand of the opencode-devbox
# "pi-only" variant, which is the SINGLE SOURCE OF TRUTH for the pi install
# and its companion repos (pi-toolkit, pi-extensions, pi-fork,
# pi-observational-memory). Previously pi-devbox/Dockerfile duplicated that
# install logic, which drifted from opencode-devbox/Dockerfile.variant; this
# refactor eliminates the duplication.
# As of 2026-06-03 this image is a thin re-brand of the "pi-only" build, which
# is the SINGLE SOURCE OF TRUTH for the pi install and its companion repos
# (pi-toolkit, pi-extensions, pi-fork, pi-observational-memory). That build is
# produced by opencode-devbox's CI (from opencode-devbox/Dockerfile.variant
# with INSTALL_OPENCODE=false), but is published as an INTERNAL building-block
# tag in THIS repo — joakimp/pi-devbox:base-pi-only — NOT under opencode-devbox.
# Rationale: an "opencode-devbox" tag containing no opencode confuses
# opencode-devbox users, so the pi-only artifact lives here instead.
# Previously pi-devbox/Dockerfile duplicated the install logic, which drifted
# from opencode-devbox/Dockerfile.variant; this refactor eliminates the dup.
#
# The "pi-only" variant is built with INSTALL_OPENCODE=false, so this image
# does NOT contain opencode — it stays a lean, pi-focused image, distinct
# from opencode-devbox:latest-with-pi (which carries both).
# The pi-only build uses INSTALL_OPENCODE=false, so this image does NOT contain
# opencode — it stays a lean, pi-focused image, distinct from
# opencode-devbox:latest-with-pi (which carries both).
#
# Everything is inherited from the pi-only image:
# Everything is inherited from the pi-only build:
# pi + pi-toolkit + pi-extensions + pi-fork (fork) + pi-observational-memory
# (recall), the mempalace bridge, the LAN-access helper, entrypoints, and
# all base dev tooling.
#
# NOTE on PUBLISH ORDERING: rebuild opencode-devbox (so `latest-pi-only`
# carries the target pi version) BEFORE tagging this repo. The smoke test
# asserts `pi --version` matches this repo's tag and fails loudly if the
# base is stale — turning the version coupling into an enforced ordering check.
# NOTE on PUBLISH ORDERING: rebuild opencode-devbox (so `base-pi-only` carries
# the target pi version) BEFORE tagging this repo. The smoke test asserts
# `pi --version` matches this repo's tag and fails loudly if the base is stale
# — turning the version coupling into an enforced ordering check.
#
# Override BASE_IMAGE to pin a specific pi-only build (e.g. a version tag or a
# digest) instead of tracking latest-pi-only.
ARG BASE_IMAGE=joakimp/opencode-devbox:latest-pi-only
# base-pi-only is an internal building-block alias (existence-only, not for
# end users — pull joakimp/pi-devbox:latest or a vX.Y.Z tag instead). Override
# BASE_IMAGE to pin a specific pi-only build (a version tag or a digest).
ARG BASE_IMAGE=joakimp/pi-devbox:base-pi-only
FROM ${BASE_IMAGE}
# WORKDIR / ENTRYPOINT / CMD and all tooling inherited from the base.
README.md
+12 -8
View File
@@ -9,10 +9,14 @@ A Docker container with [pi coding-agent](https://github.com/earendil-works/pi)
## What's inside
pi-devbox is a re-brand of the **opencode-devbox `pi-only` variant** — it `FROM`s
`opencode-devbox:latest-pi-only` and adds no layers of its own. Everything below
is inherited from that single source of truth. The pi-only variant is built with
`INSTALL_OPENCODE=false`, so this image is lean and pi-focused — no opencode.
pi-devbox is a thin re-brand of the **`pi-only` build** — it `FROM`s
`joakimp/pi-devbox:base-pi-only` and adds no layers of its own. That base build
is produced by opencode-devbox's CI (from `opencode-devbox/Dockerfile.variant`
with `INSTALL_OPENCODE=false`, the single source of truth for the pi install +
companions) but is published **into this repo** as the internal building-block
tag `base-pi-only`*not* under opencode-devbox, so an "opencode-devbox" tag
never ships without opencode. Everything below is inherited from that build,
which is lean and pi-focused — no opencode.
Base tooling:
@@ -208,7 +212,7 @@ Tags follow the pi npm package version: `v0.74.0`, `v0.75.0`, … `latest` alway
Container-level rebuilds on the same pi version (security updates, base bumps, fixes) get a letter suffix: `v0.74.0b`, `v0.74.0c`, …
The pi binary is inherited from `opencode-devbox:latest-pi-only`, so a release of this image must be preceded by an opencode-devbox release that bakes the target pi version into `latest-pi-only`. The smoke test enforces this (it asserts `pi --version` matches the tag).
The pi binary is inherited from `joakimp/pi-devbox:base-pi-only`, so a release of this image must be preceded by an opencode-devbox release that bakes the target pi version into `base-pi-only`. The smoke test enforces this (it asserts `pi --version` matches the tag).
---
@@ -221,9 +225,9 @@ the base. To pin a specific pi-only build or hack on it:
git clone https://gitea.jordbo.se/joakimp/pi-devbox
cd pi-devbox
# Default tracks latest-pi-only; override BASE_IMAGE to pin a build:
# Default tracks base-pi-only; override BASE_IMAGE to pin a build:
docker compose build \
--build-arg BASE_IMAGE=joakimp/opencode-devbox:v1.15.13-pi-only
--build-arg BASE_IMAGE=joakimp/pi-devbox:base-pi-only-v1.15.13c
docker compose up -d
```
@@ -236,7 +240,7 @@ Build args supported:
| Arg | Default | Effect |
|---|---|---|
| `BASE_IMAGE` | `joakimp/opencode-devbox:latest-pi-only` | Parent image — set to a `:vX.Y.Z-pi-only` tag or a digest for reproducible builds |
| `BASE_IMAGE` | `joakimp/pi-devbox:base-pi-only` | Parent image (internal building-block tag) — set to a `:base-pi-only-vX.Y.Z` tag or a digest for reproducible builds |
---
docker-compose.yml
+2 -2
View File
@@ -17,8 +17,8 @@ services:
# build:
# context: .
# args:
# # Pin a specific pi-only build instead of tracking latest-pi-only:
# BASE_IMAGE: "joakimp/opencode-devbox:v1.15.13-pi-only"
# # Pin a specific pi-only build instead of tracking base-pi-only:
# BASE_IMAGE: "joakimp/pi-devbox:base-pi-only-v1.15.13c"
container_name: pi-devbox
stdin_open: true
tty: true