fix: pin OpenCode CLI version in Kubeflow Dockerfile#225
Conversation
Add ARG OPENCODE_VERSION=1.2.6 to docker/kubeflow/Dockerfile and pass --version flag to the install script, matching the pattern already used in docker/Dockerfile. Also pass --build-arg OPENCODE_VERSION=1.2.6 in the CI workflow to ensure reproducible builds. Closes #215
There was a problem hiding this comment.
Pull request overview
Pins the OpenCode CLI version used in the Kubeflow notebook image build to avoid non-reproducible builds and silent breaking changes, aligning it with the already-pinned generic Docker image.
Changes:
- Add
OPENCODE_VERSIONbuild arg todocker/kubeflow/Dockerfileand pass it to the OpenCode install script. - Update the CI Docker build command to pass
--build-arg OPENCODE_VERSION=1.2.6. - Add inline comments pointing to the OpenCode CLI releases and upgrade guidance.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| docker/kubeflow/Dockerfile | Pins OpenCode CLI installation to a versioned build arg for reproducible Kubeflow image builds. |
| .github/workflows/pk-opencode.yml | Ensures CI builds the Kubeflow image with an explicit OpenCode CLI version build arg. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| rm -rf /root/.bun | ||
|
|
||
| # Install OpenCode CLI | ||
| # Pin version to ensure reproducible builds. Update by changing OPENCODE_VERSION. |
There was a problem hiding this comment.
The upgrade note here is potentially misleading because CI overrides the Dockerfile default via --build-arg OPENCODE_VERSION=... in .github/workflows/pk-opencode.yml. To avoid someone updating only this ARG and still getting the old version in CI, please either (a) mention that the workflow build-arg must be updated too, or (b) centralize the version in one place (e.g., workflow env var) so the Dockerfile comment stays accurate.
| # Pin version to ensure reproducible builds. Update by changing OPENCODE_VERSION. | |
| # Pin version to ensure reproducible builds. | |
| # NOTE: CI overrides this default with `--build-arg OPENCODE_VERSION=...` in | |
| # `.github/workflows/pk-opencode.yml`, so upgrades must keep both values in sync. |
| -t $LATEST_TAG \ | ||
| -f docker/kubeflow/Dockerfile \ | ||
| --platform linux/amd64 \ | ||
| --build-arg OPENCODE_VERSION=1.2.6 \ |
There was a problem hiding this comment.
OPENCODE_VERSION is now hardcoded here as well as in docker/kubeflow/Dockerfile (ARG default). This duplication can drift and reintroduce the “silent version change” problem during upgrades. Consider defining OPENCODE_VERSION once (e.g., as a workflow-level env var) and referencing it from the build command, and ensure the Dockerfile default is kept in sync for local builds.
There was a problem hiding this comment.
Acknowledged. This duplication pattern is consistent with how S6_OVERLAY_VERSION is handled in the same workflow and Dockerfile — it's a deliberate choice that keeps local builds working (using the ARG default) while CI can override. The comment fix in the latest commit now explicitly warns that both values must be kept in sync, which mitigates the drift risk.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Summary
ARG OPENCODE_VERSION=1.2.6todocker/kubeflow/Dockerfileand pass--version "${OPENCODE_VERSION}"to the install script, matching the pattern already used indocker/Dockerfile--build-arg OPENCODE_VERSION=1.2.6to the CI workflow's docker build commandCloses #215