Tags: jetify-com/devbox
Tags
[docker image] set filter-syscalls = false in nix.conf to workaround … …missing `seccomp BPF program` in arm64 linux (#2665) ## Summary The docker-image is failing to build in GHA: https://github.com/jetify-com/devbox/actions/runs/16204700194/job/47358742840 The error indicates that the seccomp (secure computing mode) BPF (Berkeley Packet Filter) program that Nix tries to load is incompatible with the Docker container environment on ARM64. When filter-syscalls = true (the default), Nix uses seccomp BPF to filter system calls for security sandboxing. Setting filter-syscalls = false disables Nix's syscall filtering, which bypasses the seccomp BPF program entirely and prevents the error. This PR uses the approach from #1811 to fix this for arm64 platforms. ## How was it tested? `docker build --platform linux/arm64 -t devbox-image-arm64 -f /Users/savil/code/jetpack/devbox/internal/devbox/generate/tmpl/DevboxImageDockerfile .` `docker build --platform linux/arm64 -t devbox-image-arm64 -f /Users/savil/code/jetpack/devbox/internal/devbox/generate/tmpl/DevboxImageDockerfileRootUser .` BEFORE: these failed with the error seen in the GHA above AFTER: build successfully Also confirmed that --platform linux/amd64 would build successfully ## Community Contribution License All community contributions in this pull request are licensed to the project maintainers under the terms of the [Apache 2 License](https://www.apache.org/licenses/LICENSE-2.0). By creating this pull request, I represent that I have the right to license the contributions to the project maintainers under the Apache 2 License as stated in the [Community Contribution License](https://github.com/jetify-com/opensource/blob/main/CONTRIBUTING.md#community-contribution-license).
[compliance] Update dependencies in some devbox examples (#2661) ## Summary - Updates `form-data` dependency from `^4.0.0` to `^4.0.4` in the VS Code extension - Updates `packageManager` from `pnpm@9.12.1` to `pnpm@10.13.1` in the documentation app ## How was it tested? N/A didn't change any core devbox functionality ## Community Contribution License All community contributions in this pull request are licensed to the project maintainers under the terms of the [Apache 2 License](https://www.apache.org/licenses/LICENSE-2.0). By creating this pull request, I represent that I have the right to license the contributions to the project maintainers under the Apache 2 License as stated in the [Community Contribution License](https://github.com/jetify-com/opensource/blob/main/CONTRIBUTING.md#community-contribution-license).
Update packages to address vulnerabilities (#2648) ## Summary Update packages in devbox repo to address any vulnerabilities: - Updated drupal and other devbox examples - Update to typeid/v2 - Update to latest dependencies on opensource/pkg (and by extension update the transitive extract/v3 dependency to extract/v4) ## How was it tested? Ran all tests but ... tests do seem to be hanging and timing out. Hoping someone has run into this issue to help debug and make sure the tests do pass. ## Community Contribution License All community contributions in this pull request are licensed to the project maintainers under the terms of the [Apache 2 License](https://www.apache.org/licenses/LICENSE-2.0). By creating this pull request, I represent that I have the right to license the contributions to the project maintainers under the Apache 2 License as stated in the [Community Contribution License](https://github.com/jetify-com/opensource/blob/main/CONTRIBUTING.md#community-contribution-license).
Update packages to address vulnerabilities (#2648) ## Summary Update packages in devbox repo to address any vulnerabilities: - Updated drupal and other devbox examples - Update to typeid/v2 - Update to latest dependencies on opensource/pkg (and by extension update the transitive extract/v3 dependency to extract/v4) ## How was it tested? Ran all tests but ... tests do seem to be hanging and timing out. Hoping someone has run into this issue to help debug and make sure the tests do pass. ## Community Contribution License All community contributions in this pull request are licensed to the project maintainers under the terms of the [Apache 2 License](https://www.apache.org/licenses/LICENSE-2.0). By creating this pull request, I represent that I have the right to license the contributions to the project maintainers under the Apache 2 License as stated in the [Community Contribution License](https://github.com/jetify-com/opensource/blob/main/CONTRIBUTING.md#community-contribution-license).
release lock on global process-compose before attaching (#2645) ## Summary After running `devbox services attach` all other `devbox services ...` commands hang until the attached UI is exited. This is because there's a lock put on the global process-compose file while it's being read and it's not released until the program exits. You can see in `devbox services up` the lockfile is released, looks like it was just missed in attach. https://github.com/jetify-com/devbox/blob/dd069a42b8cae746d93e2cd7ad5665b722a1973f/internal/services/manager.go#L188-L189 ## How was it tested? (repro steps, hangs without this PR, works as expected with it) In one terminal, in a devbox repo with process(es) ```sh devbox services up -b devbox services attach ``` In another terminal, in the same dir or any other devbox repo> ```sh devbox services ls # or any services ... sub command # will hang until <ctrl-c> in above terminal ``` ## Other note The `lock()` function has a timeout and error handling, why doesn't it work? https://github.com/jetify-com/devbox/blob/dd069a42b8cae746d93e2cd7ad5665b722a1973f/internal/services/manager.go#L374-L394 The line that hangs is 391, when we're trying to close the file after the timeout, the file can't be closed because another process has it open and/or locked. I did investigate adding a timeout `file.Close()` but could not get it to work reliably for myself. ## Community Contribution License All community contributions in this pull request are licensed to the project maintainers under the terms of the [Apache 2 License](https://www.apache.org/licenses/LICENSE-2.0). By creating this pull request, I represent that I have the right to license the contributions to the project maintainers under the Apache 2 License as stated in the [Community Contribution License](https://github.com/jetify-com/opensource/blob/main/CONTRIBUTING.md#community-contribution-license).
Auto Assign Reviewers for PRs (#2643) ## Summary TSIA, add myself + 1 random reviewer from our eng org. ## How was it tested? ## Community Contribution License All community contributions in this pull request are licensed to the project maintainers under the terms of the [Apache 2 License](https://www.apache.org/licenses/LICENSE-2.0). By creating this pull request, I represent that I have the right to license the contributions to the project maintainers under the Apache 2 License as stated in the [Community Contribution License](https://github.com/jetify-com/opensource/blob/main/CONTRIBUTING.md#community-contribution-license). --------- Signed-off-by: John Lago <750845+Lagoja@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
[runx] Use standard github token env name (#2635) ## Summary ## How was it tested? ## Community Contribution License All community contributions in this pull request are licensed to the project maintainers under the terms of the [Apache 2 License](https://www.apache.org/licenses/LICENSE-2.0). By creating this pull request, I represent that I have the right to license the contributions to the project maintainers under the Apache 2 License as stated in the [Community Contribution License](https://github.com/jetify-com/opensource/blob/main/CONTRIBUTING.md#community-contribution-license).
[completion] Fix shell completion when specifying --config flag (#2632) ## Summary Narrow fix to completion when passing `-c`, `--config` flags. ## How was it tested? Used tab completion when using `-c` flag and it worked. ## Community Contribution License All community contributions in this pull request are licensed to the project maintainers under the terms of the [Apache 2 License](https://www.apache.org/licenses/LICENSE-2.0). By creating this pull request, I represent that I have the right to license the contributions to the project maintainers under the Apache 2 License as stated in the [Community Contribution License](https://github.com/jetify-com/opensource/blob/main/CONTRIBUTING.md#community-contribution-license).
PreviousNext