perso/opencode
4
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: perso/opencode:5a683538f1386d8ff2bec6ada64f00944910874f
Branches Tags
perso/opencode:main perso/opencode:renovate/node-26.x
perso/opencode:v0.0.4 perso/opencode:v0.0.3 perso/opencode:v0.0.2 perso/opencode:0.0.1
..
compare: perso/opencode:renovate/node-26.x
Branches Tags
perso/opencode:main perso/opencode:renovate/node-26.x
perso/opencode:v0.0.4 perso/opencode:v0.0.3 perso/opencode:v0.0.2 perso/opencode:0.0.1

2 Commits
5a683538f1 .. renovate/node-26.x

Author SHA1 Message Date
jcabillot 06ac591ece Merge branch 'main' into renovate/node-26.x
Docker Build and Push / build (pull_request) Failing after 6m1s
Details
2026-05-29 15:50:35 -04:00
renovate b2ba38180a chore(deps): update node docker tag to v26
perso/opencode/pipeline/head There was a failure building this commit
Details
perso/opencode/pipeline/pr-main There was a failure building this commit
Details
2026-05-27 00:41:34 +00:00
8 changed files with 60 additions and 207 deletions
Expand all files Collapse all files
.gitea/workflows/cron.yaml
-52
View File
@@ -1,52 +0,0 @@
name: Nightly Rebuild
on:
schedule:
- cron: '0 0 * * *'
jobs:
hadolint:
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
with:
dockerfile: Dockerfile
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
- run: docker build -t ci-image:${{ github.sha }} .
build-push:
needs: [test]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
fetch-depth: 0
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
- uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- id: get-latest-tag
run: |
TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "")
echo "tag=$TAG" >> $GITHUB_OUTPUT
- id: meta
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
with:
images: jcabillot/opencode
tags: |
type=raw,value=${{ steps.get-latest-tag.outputs.tag }}-latest,enable=${{ steps.get-latest-tag.outputs.tag != '' }}
- uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
pull: true
.gitea/workflows/docker-build.yaml
+46
View File
@@ -0,0 +1,46 @@
name: Docker Build and Push
on:
pull_request:
branches: [main]
push:
branches: [main]
schedule:
- cron: '0 0 * * *'
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v4
- name: Login to Docker Hub
if: github.event_name != 'pull_request'
uses: docker/login-action@v4
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Docker metadata
id: meta
uses: docker/metadata-action@v6
with:
images: jcabillot/opencode
tags: |
#type=ref,event=branch
#type=ref,event=pr
#type=sha
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
- name: Build and push
uses: docker/build-push-action@v7
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
pull: true
.gitea/workflows/main.yaml
-43
View File
@@ -1,43 +0,0 @@
name: Main Release
on:
push:
branches: [main]
jobs:
hadolint:
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
with:
dockerfile: Dockerfile
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
- run: docker build -t ci-image:${{ github.sha }} .
build:
needs: [test]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
- run: docker build -t jcabillot/opencode:${{ github.sha }} .
tag:
needs: [build]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
fetch-depth: 0
- name: Configure git auth
run: |
git remote set-url origin "https://x-access-token:${{ secrets.SA_TOKEN_ACTION_PUSH_TAGS }}@scm.cabillot.eu/perso/opencode.git"
- uses: anothrNick/github-tag-action@4ed44965e0db8dab2b466a16da04aec3cc312fd8 # v1.75.0
env:
GITHUB_TOKEN: ${{ secrets.SA_TOKEN_ACTION_PUSH_TAGS }}
DEFAULT_BUMP: patch
RELEASE_BRANCHES: main
WITH_V: true
GIT_API_TAGGING: false
.gitea/workflows/pr.yaml
-21
View File
@@ -1,21 +0,0 @@
name: PR Checks
on:
pull_request:
branches: [main]
jobs:
hadolint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
with:
dockerfile: Dockerfile
build-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
- run: docker build -t ci-image:${{ github.sha }} .
.gitea/workflows/tag.yaml
-47
View File
@@ -1,47 +0,0 @@
name: Tag Release
on:
push:
tags: ['*']
jobs:
hadolint:
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
with:
dockerfile: Dockerfile
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
- run: docker build -t ci-image:${{ github.sha }} .
build-push:
needs: [test]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
- uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- id: meta
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
with:
images: jcabillot/opencode
tags: |
type=ref,event=tag
type=ref,event=tag,suffix=-latest
- uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
pull: true
AGENTS.md
+11 -18
View File
@@ -2,40 +2,33 @@
## Project overview
This repository builds and publishes a Docker image for [OpenCode](https://opencode.ai), the open source AI coding agent. The image runs OpenCode in headless server mode (`opencode serve`) and is automatically rebuilt and pushed to Docker Hub (`jcabillot/opencode`) every night by a Gitea Actions pipeline.
This repository builds and publishes a Docker image for [OpenCode](https://opencode.ai), the open source AI coding agent. The image runs OpenCode in headless server mode (`opencode serve`) and is automatically rebuilt and pushed to Docker Hub (`jcabillot/opencode`) every night by a Jenkins pipeline.
## Repository structure
```
.
├── Dockerfile # Image definition
├── .gitea/workflows/docker-build.yaml # CI/CD pipeline (Gitea Actions)
├── renovate.json # Dependency update automation (Renovatebot)
── opencode-attach # Helper script for attaching to a running server
└── README.md # Usage documentation
├── Dockerfile # Image definition
├── Jenkinsfile # CI/CD pipeline (nightly build + Docker Hub push)
├── opencode-attach # Helper script for attaching to a running server
── README.md # Usage documentation
```
## Dependency management
- **Always pin versions** in the Dockerfile `npm install` command (e.g. `opencode-ai@1.16.2 n2-soul@9.0.9`). Never leave packages unpinned.
- **Update renovate customManagers** when adding, removing, or renaming a dependency tracked in the Dockerfile. Each pinned package must have a corresponding `customManager` entry in `renovate.json` with a regex `matchStrings` pattern that captures the version. If a dependency is added without a renovate entry, Renovatebot will not open automated PRs for it.
- **apt packages** (apt-get install lines in Dockerfile) and **COPY --from** image references are not currently tracked by Renovate. Pinning these manually is acceptable for now but adding renovate managers for them is encouraged.
## Dockerfile conventions
- **Base image**: `node:24` — Debian-based Node.js image (not Alpine, needed for apt packages).
- **Install**: `npm i -g opencode-ai@<version> n2-soul@<version>` — installs OpenCode and Soul globally, both pinned.
- **Install**: `npm i -g opencode-ai n2-soul@<version>` — installs OpenCode and Soul globally.
- **Version check**: `RUN opencode --version` after install to validate the build and record the installed version in build logs.
- **Dedicated user**: a non-root `opencode` user and group are created with `groupadd`/`useradd` (UID/GID 1000). All runtime steps run as this user.
- **Cluster tooling**: `kubectl` is copied from the official `registry.k8s.io/kubectl` image (multi-stage COPY).
- **Entrypoint**: `["opencode"]` — arguments are passed at runtime (e.g. `serve`).
## CI/CD conventions (Gitea Actions)
## Jenkinsfile conventions
- Pipeline triggers on push to `main`, PRs targeting `main`, and a nightly cron (`cron: '0 0 * * *'`).
- Image is pushed to Docker Hub only on non-PR events (main branch pushes and cron runs).
- Docker Hub credentials are stored in Gitea Actions secrets (`DOCKERHUB_USERNAME`, `DOCKERHUB_TOKEN`).
- The image is published as `jcabillot/opencode:latest` with digest and branch tags.
- The pipeline runs on a `@midnight` cron trigger for nightly rebuilds.
- Build uses `--no-cache --pull` to always fetch the latest base image and package version.
- Docker Hub credentials are stored under the `dockerhub_jcabillot` Jenkins credential ID.
- The image is published as `jcabillot/opencode` (no explicit tag = `latest`).
## Useful commands
Dockerfile
+3 -3
View File
@@ -1,4 +1,4 @@
FROM node:24-trixie
FROM node:26-trixie
ENV NPM_CONFIG_UPDATE_NOTIFIER=false \
NPM_CONFIG_LOGLEVEL=warn \
@@ -12,12 +12,12 @@ RUN apt-get update && \
groupadd -g 1000 opencode; \
useradd -m -u 1000 -g 1000 -s /usr/bin/bash opencode; \
npm update -g --no-fund --no-audit && \
npm install -g --no-fund --no-audit opencode-ai@1.16.2 n2-soul@9.0.9 && \
npm install -g --no-fund --no-audit opencode-ai n2-soul@9.0.9 && \
npm cache clean --force && \
chown -R 1000:1000 /usr/local/lib/node_modules/n2-soul/
COPY --chmod=755 opencode-attach /usr/local/bin/opencode-attach
COPY --from=registry.k8s.io/kubectl:v1.36.2 /bin/kubectl /usr/local/bin/kubectl
COPY --from=registry.k8s.io/kubectl:v1.36.1 /bin/kubectl /usr/local/bin/kubectl
USER opencode
WORKDIR /home/opencode
renovate.json
-23
View File
@@ -1,23 +0,0 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"customManagers": [
{
"customType": "regex",
"description": "Track n2-soul npm package pinned in Dockerfile RUN command",
"managerFilePatterns": ["/^Dockerfile$/"],
"matchStrings": ["n2-soul@(?<currentValue>[^\\s]+)"],
"depNameTemplate": "n2-soul",
"datasourceTemplate": "npm",
"versioningTemplate": "npm"
},
{
"customType": "regex",
"description": "Track opencode-ai npm package pinned in Dockerfile RUN command",
"managerFilePatterns": ["/^Dockerfile$/"],
"matchStrings": ["opencode-ai@(?<currentValue>[^\\s]+)"],
"depNameTemplate": "opencode-ai",
"datasourceTemplate": "npm",
"versioningTemplate": "npm"
}
]
}