Doc: note gitleaks + git-crypt arrive via opencode-devbox base
No Dockerfile install change here — pi-devbox FROMs joakimp/opencode- devbox:base-latest which gained gitleaks (and explicit acknowledgment of git-crypt) in opencode-devbox commit adding both to the base layer. The next pi-devbox release built against a fresh base-latest digest inherits both with zero work on this side. CHANGES Dockerfile — comment block at top updated to name git-crypt + gitleaks in the 'inherited from base' toolset enumeration. Helps future readers: one less reason to think 'I need to install gitleaks here'. CHANGELOG.md — new Unreleased entry pointing at the opencode-devbox base-side change for full detail. Will be promoted whenever the next pi-devbox release ships (probably alongside the next pi npm bump past 0.75.5). Holding off on tagging — pi upstream still at 0.75.5, baseline release v0.75.5b is already current with that. Will ride along with next pi bump.
This commit is contained in:
@@ -8,6 +8,10 @@ Tags follow the pi npm version: `v{pi_version}[letter]` — bare tag for the fir
|
|||||||
|
|
||||||
## Unreleased
|
## Unreleased
|
||||||
|
|
||||||
|
### Inherited from opencode-devbox base: gitleaks + git-crypt
|
||||||
|
|
||||||
|
No Dockerfile change here — just a note that the next pi-devbox release built against a fresh `joakimp/opencode-devbox:base-latest` will include `gitleaks` (newly added to the base) and `git-crypt` (was always installed via apt; just wasn't called out). Both are useful inside the container for repos that use a gitleaks pre-commit hook or git-crypt-encrypted canonical config and don't want host-side dependencies. See opencode-devbox CHANGELOG `Unreleased` for the base-side details.
|
||||||
|
|
||||||
## v0.75.5b — 2026-05-23
|
## v0.75.5b — 2026-05-23
|
||||||
|
|
||||||
Recovery release fixing a **silent cache-hit regression** discovered in the v0.75.5 image. All four releases v0.74.0 through v0.75.5 had been shipping the same image bytes because the Dockerfile's `npm install -g @earendil-works/pi-coding-agent` (bare, when `PI_VERSION=latest`) produces an identical layer-hash across builds. Combined with the registry buildcache, Docker reused the layer from whatever pi version was current when the cache was first populated.
|
Recovery release fixing a **silent cache-hit regression** discovered in the v0.75.5 image. All four releases v0.74.0 through v0.75.5 had been shipping the same image bytes because the Dockerfile's `npm install -g @earendil-works/pi-coding-agent` (bare, when `PI_VERSION=latest`) produces an identical layer-hash across builds. Combined with the registry buildcache, Docker reused the layer from whatever pi version was current when the cache was first populated.
|
||||||
|
|||||||
+2
-1
@@ -2,7 +2,8 @@
|
|||||||
#
|
#
|
||||||
# Builds on top of the opencode-devbox base image, which provides:
|
# Builds on top of the opencode-devbox base image, which provides:
|
||||||
# Debian trixie, Node.js, AWS CLI, mempalace + MCP server, gitea-mcp,
|
# Debian trixie, Node.js, AWS CLI, mempalace + MCP server, gitea-mcp,
|
||||||
# dev tools (neovim, tmux, bat, eza, fzf, zoxide, ripgrep, uv, rustup),
|
# dev tools (neovim, tmux, bat, eza, fzf, zoxide, ripgrep, uv, rustup,
|
||||||
|
# git-crypt, gitleaks),
|
||||||
# user setup (developer/gosu), entrypoints, chromadb prewarm.
|
# user setup (developer/gosu), entrypoints, chromadb prewarm.
|
||||||
#
|
#
|
||||||
# This image adds only pi itself and its companion repos.
|
# This image adds only pi itself and its companion repos.
|
||||||
|
|||||||
Reference in New Issue
Block a user