Skip to content

update Dockerfile of base sandbox to last version of OpenCode#52

Open
didier-durand wants to merge 1 commit intoNVIDIA:mainfrom
didier-durand:opencode-update-version
Open

update Dockerfile of base sandbox to last version of OpenCode#52
didier-durand wants to merge 1 commit intoNVIDIA:mainfrom
didier-durand:opencode-update-version

Conversation

@didier-durand
Copy link
Copy Markdown

@didier-durand didier-durand commented Mar 25, 2026

Hi,
As per title: last stable version of OpenCode is now 1.3.2.
Updating base Dockerfile to this version
Didier

@didier-durand didier-durand changed the title update base Dockerfile to last version of OpenCode update Dockerfile of base sandbox to last version of OpenCode Mar 25, 2026
@minhdqdev
Copy link
Copy Markdown
Contributor

minhdqdev commented Mar 26, 2026

Hi sir @didier-durand, is there a specific feature or fix we need from 1.3.2? Given the recent supply chain attack to LiteLLM, I’m a bit cautious about jumping to the latest versions for the base image. Moving forward, maybe we should implement a weekly GitHub Action to stage these updates as PRs?

@didier-durand
Copy link
Copy Markdown
Author

didier-durand commented Mar 26, 2026

@minhdqdev :
Hi, I understand your caution after the LiteLLM attack.

But, if you look at https://github.com/anomalyco/opencode/releases you will see that a massive amount of features has added since the 1.2.18 (currently installed version in Docker image). I need some of those new features in my use cases of OpenCode.

BTW, if you look at Opencode releases, you will see that they appear very fast. It will be hard for the base images to not being updated frequently: they will become obsolete very fast

Didier

@BenediktBurger
Copy link
Copy Markdown

BenediktBurger commented Mar 26, 2026

Thanks for updating the base image. Definitevely, a lot changed in the mean time, so an update would be appreciated.

Moving forward, maybe we should implement a weekly GitHub Action to stage these updates as PRs?

That sounds good to me.

@didier-durand
Copy link
Copy Markdown
Author

didier-durand commented Mar 26, 2026

@BenediktBurger : thanks for the approval. Didier

factory-octavian pushed a commit to factory-octavian/OpenShell-Community that referenced this pull request Apr 1, 2026
@drew
feat(platform): cleanup api surface area and mtls flows (!39)
2d85338 
Closes NVIDIA#48, NVIDIA#52

## Summary
- Replace the envoy-gateway-based TLS setup with inline PKI generation during cluster bootstrap, generating CA, server, and client certificates directly in the `navigator-bootstrap` crate
- Remove all envoy gateway Helm templates (`gateway.yaml`, `gatewayclass.yaml`, `grpcroute.yaml`, PKI job, traffic policies) and the `Dockerfile.pki-job`
- Add native mTLS support to the navigator server with `tokio-rustls`, mounting client TLS certs as volumes into sandbox pods
- Update cluster entrypoint, healthcheck, and deploy scripts to work with the new direct-TLS architecture
- Add TLS security e2e test and fix formatting/clippy warnings

## Test Plan
- All unit tests pass (`cargo test --workspace`)
- Clippy clean (`cargo clippy --workspace --all-targets`)
- Format clean (`cargo fmt --all -- --check`)
- Python tests pass (`uv run pytest python/`)
- Full `mise run pre-commit` passes
factory-octavian pushed a commit to factory-octavian/OpenShell-Community that referenced this pull request Apr 1, 2026
@drew
fix(cli): pass cluster name to ssh-proxy child process for correct TL…
e102808 
…S path resolution (NVIDIA#52)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@didier-durand @minhdqdev @BenediktBurger