From 3cde95473d0a0e2b2d6e9f9196f94a017062c1fa Mon Sep 17 00:00:00 2001 From: Gero Posmyk-Leinemann Date: Fri, 9 Jan 2026 10:58:24 +0000 Subject: [PATCH 1/4] [preview] Add container to GC delete job The delete job was missing the container specification, causing 'leeway: command not found' errors. Use the same dev-environment container as the stale job. Co-authored-by: Ona --- .github/workflows/preview-env-gc.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/preview-env-gc.yml b/.github/workflows/preview-env-gc.yml index ee1ebb540dea13..dc7107bffafce0 100644 --- a/.github/workflows/preview-env-gc.yml +++ b/.github/workflows/preview-env-gc.yml @@ -42,6 +42,9 @@ jobs: name: "Delete preview environment" needs: [stale] runs-on: ubuntu-latest + container: + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:gpl-npm-oidc-support-gha.42 + options: --user root if: ${{ needs.stale.outputs.count > 0 }} strategy: fail-fast: false From 7836cb35ba5b9f118fe6d5269b3b710b118b045b Mon Sep 17 00:00:00 2001 From: Gero Posmyk-Leinemann Date: Fri, 9 Jan 2026 14:02:00 +0000 Subject: [PATCH 2/4] [preview] Convert Docker actions to composite actions Convert preview-create, deploy-gitpod, and deploy-monitoring-satellite from Docker-based actions to composite actions. This fixes GCP OIDC authentication failures caused by credential file permission issues when Docker actions mount the workspace. Docker actions run in isolated containers where the credentials file path from the host doesn't match the container's filesystem, and file permissions prevent access. Composite actions run in the same context as the job, avoiding these issues. Changes: - Convert 3 Docker actions to composite actions - Add container spec to infrastructure/install/monitoring jobs in: - build.yml - branch-build.yml - ide-integration-tests.yml - workspace-integration-tests.yml - preview-env-check-regressions.yml - Remove unused inputs (infrastructure_provider, image_repo_base, previewctl_hash) from action calls Co-authored-by: Ona --- .github/actions/deploy-gitpod/Dockerfile | 4 - .github/actions/deploy-gitpod/action.yml | 79 +++++++++++++++++++ .github/actions/deploy-gitpod/entrypoint.sh | 45 ----------- .github/actions/deploy-gitpod/metadata.yml | 24 ------ .../deploy-monitoring-satellite/Dockerfile | 4 - .../deploy-monitoring-satellite/action.yml | 28 +++++++ .../deploy-monitoring-satellite/entrypoint.sh | 26 ------ .../deploy-monitoring-satellite/metadata.yml | 5 -- .github/actions/preview-create/Dockerfile | 4 - .github/actions/preview-create/action.yml | 44 +++++++++++ .github/actions/preview-create/entrypoint.sh | 21 ----- .github/actions/preview-create/metadata.yml | 24 ------ .github/workflows/branch-build.yml | 14 ++-- .github/workflows/build.yml | 14 ++-- .github/workflows/ide-integration-tests.yml | 5 +- .../preview-env-check-regressions.yml | 5 +- .../workflows/workspace-integration-tests.yml | 5 +- 17 files changed, 178 insertions(+), 173 deletions(-) delete mode 100644 .github/actions/deploy-gitpod/Dockerfile create mode 100644 .github/actions/deploy-gitpod/action.yml delete mode 100755 .github/actions/deploy-gitpod/entrypoint.sh delete mode 100644 .github/actions/deploy-gitpod/metadata.yml delete mode 100644 .github/actions/deploy-monitoring-satellite/Dockerfile create mode 100644 .github/actions/deploy-monitoring-satellite/action.yml delete mode 100755 .github/actions/deploy-monitoring-satellite/entrypoint.sh delete mode 100644 .github/actions/deploy-monitoring-satellite/metadata.yml delete mode 100644 .github/actions/preview-create/Dockerfile create mode 100644 .github/actions/preview-create/action.yml delete mode 100755 .github/actions/preview-create/entrypoint.sh delete mode 100644 .github/actions/preview-create/metadata.yml diff --git a/.github/actions/deploy-gitpod/Dockerfile b/.github/actions/deploy-gitpod/Dockerfile deleted file mode 100644 index 0cbb86fd45ba66..00000000000000 --- a/.github/actions/deploy-gitpod/Dockerfile +++ /dev/null @@ -1,4 +0,0 @@ -FROM eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:gpl-npm-oidc-support-gha.42 - -COPY entrypoint.sh /entrypoint.sh -ENTRYPOINT ["/entrypoint.sh"] diff --git a/.github/actions/deploy-gitpod/action.yml b/.github/actions/deploy-gitpod/action.yml new file mode 100644 index 00000000000000..8363fca04ab59b --- /dev/null +++ b/.github/actions/deploy-gitpod/action.yml @@ -0,0 +1,79 @@ +name: "Deploy Gitpod" +description: "Deploys Gitpod to an existing preview environment" +inputs: + name: + description: "The name of the preview environment to deploy Gitpod to" + required: false + version: + description: "The version of Gitpod to install" + required: true + with_dedicated_emu: + description: "Dedicated Config" + required: false + analytics: + description: "With analytics" + required: false + workspace_feature_flags: + description: "Workspace feature flags" + required: false + image_repo_base: + description: "The base repository for image" + required: false +outputs: + report: + description: "Preview environment report (base64 encoded)" + value: ${{ steps.deploy.outputs.report }} +runs: + using: "composite" + steps: + - name: Install previewctl + shell: bash + run: | + set -euo pipefail + leeway run dev/preview/previewctl:install + + - name: Deploy Gitpod + id: deploy + shell: bash + env: + INPUT_NAME: ${{ inputs.name }} + INPUT_VERSION: ${{ inputs.version }} + INPUT_WITH_DEDICATED_EMU: ${{ inputs.with_dedicated_emu }} + INPUT_ANALYTICS: ${{ inputs.analytics }} + INPUT_WORKSPACE_FEATURE_FLAGS: ${{ inputs.workspace_feature_flags }} + INPUT_IMAGE_REPO_BASE: ${{ inputs.image_repo_base }} + run: | + set -euo pipefail + + export VERSION="${INPUT_VERSION}" + export IMAGE_REPO_BASE="${INPUT_IMAGE_REPO_BASE}" + + echo "Downloading installer for ${VERSION}" + oci-tool fetch file -o /tmp/installer --platform=linux-amd64 "${IMAGE_REPO_BASE}/installer:${VERSION}" app/installer + chmod +x /tmp/installer + export PATH="/tmp:$PATH" + + echo "Download versions.yaml" + oci-tool fetch file -o /tmp/versions.yaml --platform=linux-amd64 "${IMAGE_REPO_BASE}/versions:${VERSION}" versions.yaml + + PREVIEW_NAME="$(previewctl get-name --branch "${INPUT_NAME}")" + export PREVIEW_NAME + + for var in WITH_DEDICATED_EMU ANALYTICS WORKSPACE_FEATURE_FLAGS; do + input_var="INPUT_${var}" + if [[ -n "${!input_var:-}" ]]; then + export "GITPOD_${var}"="${!input_var}" + fi + done + + previewctl install-context --branch "${PREVIEW_NAME}" --log-level debug --timeout 10m + leeway run dev/preview:deploy-gitpod + previewctl report --branch "${PREVIEW_NAME}" >> "${GITHUB_STEP_SUMMARY}" + + EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) + report=$(previewctl report --branch "${PREVIEW_NAME}" | base64) + { + echo "report<<$EOF" + echo "$report" + echo "$EOF" + } >> "$GITHUB_OUTPUT" diff --git a/.github/actions/deploy-gitpod/entrypoint.sh b/.github/actions/deploy-gitpod/entrypoint.sh deleted file mode 100755 index 5aa3c6b380f4f8..00000000000000 --- a/.github/actions/deploy-gitpod/entrypoint.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -export HOME=/home/gitpod -export PREVIEW_ENV_DEV_SA_KEY_PATH="$HOME/.config/gcloud/preview-environment-dev-sa.json" -# shellcheck disable=SC2155 -export LEEWAY_WORKSPACE_ROOT="$(pwd)" -export VERSION="${INPUT_VERSION}" -export IMAGE_REPO_BASE="${INPUT_IMAGE_REPO_BASE}" -export PATH="$PATH:$HOME/bin" - -mkdir $HOME/bin - -echo "Downloading installer for ${VERSION}" -oci-tool fetch file -o $HOME/bin/installer --platform=linux-amd64 "${IMAGE_REPO_BASE}/installer:${VERSION}" app/installer -chmod +x $HOME/bin/installer - -echo "Download versions.yaml" -oci-tool fetch file -o /tmp/versions.yaml --platform=linux-amd64 "${IMAGE_REPO_BASE}/versions:${VERSION}" versions.yaml - -gcloud auth login --cred-file="$GOOGLE_APPLICATION_CREDENTIALS" --activate --quiet -leeway run dev/preview/previewctl:install - -PREVIEW_NAME="$(previewctl get-name --branch "${INPUT_NAME}")" -export PREVIEW_NAME - -for var in WITH_DEDICATED_EMU ANALYTICS WORKSPACE_FEATURE_FLAGS; do - input_var="INPUT_${var}" - if [[ -n "${!input_var:-}" ]];then - export "GITPOD_${var}"="${!input_var}" - fi -done - -previewctl install-context --branch "${PREVIEW_NAME}" --log-level debug --timeout 10m -leeway run dev/preview:deploy-gitpod -previewctl report --branch "${PREVIEW_NAME}" >> "${GITHUB_STEP_SUMMARY}" - -EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) -report=$(previewctl report --branch "${PREVIEW_NAME}" | base64) -{ - echo "report<<$EOF" - echo "$report" - echo "$EOF" -} >> "$GITHUB_OUTPUT" diff --git a/.github/actions/deploy-gitpod/metadata.yml b/.github/actions/deploy-gitpod/metadata.yml deleted file mode 100644 index 1d984f12ad83a3..00000000000000 --- a/.github/actions/deploy-gitpod/metadata.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: "Deploy Gitpod" -description: "Deploys Gitpod to an existing preview environment" -inputs: - name: - description: "The name of the preview environment to deploy Gitpod to" - required: false - version: - description: "The version of Gitpod to install" - required: true - with_dedicated_emu: - description: "Dedicated Config" - required: false - analytics: - description: "With analytics" - required: false - workspace_feature_flags: - description: "Workspace feature flags" - required: false - image_repo_base: - description: "The base repository for image" - required: false -runs: - using: "docker" - image: "Dockerfile" diff --git a/.github/actions/deploy-monitoring-satellite/Dockerfile b/.github/actions/deploy-monitoring-satellite/Dockerfile deleted file mode 100644 index 0cbb86fd45ba66..00000000000000 --- a/.github/actions/deploy-monitoring-satellite/Dockerfile +++ /dev/null @@ -1,4 +0,0 @@ -FROM eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:gpl-npm-oidc-support-gha.42 - -COPY entrypoint.sh /entrypoint.sh -ENTRYPOINT ["/entrypoint.sh"] diff --git a/.github/actions/deploy-monitoring-satellite/action.yml b/.github/actions/deploy-monitoring-satellite/action.yml new file mode 100644 index 00000000000000..671234c28e6fc7 --- /dev/null +++ b/.github/actions/deploy-monitoring-satellite/action.yml @@ -0,0 +1,28 @@ +name: "Deploy monitoring satellite" +description: "Deploys monitoring satellite to an existing preview environment" +runs: + using: "composite" + steps: + - name: Install previewctl + shell: bash + run: | + set -euo pipefail + leeway run dev/preview/previewctl:install + + - name: Deploy monitoring satellite + shell: bash + run: | + set -euo pipefail + + echo "previewctl install-context" + previewctl install-context --log-level debug --timeout 10m + + echo "leeway run dev/preview:deploy-monitoring-satellite" + leeway run dev/preview:deploy-monitoring-satellite + + { + echo '

Monitoring satellite has been installed in your preview environment.

' + echo '' + } >> "${GITHUB_STEP_SUMMARY}" diff --git a/.github/actions/deploy-monitoring-satellite/entrypoint.sh b/.github/actions/deploy-monitoring-satellite/entrypoint.sh deleted file mode 100755 index e822edb3fedb0f..00000000000000 --- a/.github/actions/deploy-monitoring-satellite/entrypoint.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -export HOME=/home/gitpod -# shellcheck disable=SC2155 -export LEEWAY_WORKSPACE_ROOT="$(pwd)" -export PATH="$PATH:$HOME/bin" - -mkdir $HOME/bin - -gcloud auth login --cred-file="$GOOGLE_APPLICATION_CREDENTIALS" --activate --quiet -leeway run dev/preview/previewctl:install - -echo "previewctl install-context" -previewctl install-context --log-level debug --timeout 10m - -echo "leeway run dev/preview:deploy-monitoring-satellite" -leeway run dev/preview:deploy-monitoring-satellite - -{ - echo '

Monitoring satellite has been installed in your preview environment.

' - echo '' -} >> "${GITHUB_STEP_SUMMARY}" diff --git a/.github/actions/deploy-monitoring-satellite/metadata.yml b/.github/actions/deploy-monitoring-satellite/metadata.yml deleted file mode 100644 index cfa3e476f8e707..00000000000000 --- a/.github/actions/deploy-monitoring-satellite/metadata.yml +++ /dev/null @@ -1,5 +0,0 @@ -name: "Deploy monitoring satellite" -description: "Deploys monitoring satellite to an existing preview environment" -runs: - using: "docker" - image: "Dockerfile" diff --git a/.github/actions/preview-create/Dockerfile b/.github/actions/preview-create/Dockerfile deleted file mode 100644 index 0cbb86fd45ba66..00000000000000 --- a/.github/actions/preview-create/Dockerfile +++ /dev/null @@ -1,4 +0,0 @@ -FROM eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:gpl-npm-oidc-support-gha.42 - -COPY entrypoint.sh /entrypoint.sh -ENTRYPOINT ["/entrypoint.sh"] diff --git a/.github/actions/preview-create/action.yml b/.github/actions/preview-create/action.yml new file mode 100644 index 00000000000000..d8103b3f764fe7 --- /dev/null +++ b/.github/actions/preview-create/action.yml @@ -0,0 +1,44 @@ +name: "Create preview environment" +description: "Creates the infrastructure for a preview environment" +inputs: + name: + description: "The name of the preview environment to deploy Gitpod to" + required: false + large_vm: + description: "Whether to use a larger VM for the env" + required: false + default: "false" + preemptible: + description: "Whether to use preemptible VMs for the env" + required: false + default: "true" + recreate_vm: + description: "Whether to recreate the VM" + required: false + default: "false" +runs: + using: "composite" + steps: + - name: Install previewctl + shell: bash + run: | + set -euo pipefail + leeway run dev/preview/previewctl:install + + - name: Create preview environment + shell: bash + env: + INPUT_NAME: ${{ inputs.name }} + INPUT_LARGE_VM: ${{ inputs.large_vm }} + INPUT_PREEMPTIBLE: ${{ inputs.preemptible }} + run: | + set -euo pipefail + + TF_VAR_preview_name="$(previewctl get-name --branch "${INPUT_NAME}")" + export TF_VAR_preview_name + export TF_VAR_with_large_vm="${INPUT_LARGE_VM}" + export TF_VAR_gce_use_spot="${INPUT_PREEMPTIBLE}" + export TF_INPUT=0 + export TF_IN_AUTOMATION=true + + leeway run dev/preview:create-preview diff --git a/.github/actions/preview-create/entrypoint.sh b/.github/actions/preview-create/entrypoint.sh deleted file mode 100755 index f5a9709711e9d5..00000000000000 --- a/.github/actions/preview-create/entrypoint.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -export HOME=/home/gitpod -# shellcheck disable=SC2155 -export LEEWAY_WORKSPACE_ROOT="$(pwd)" -export PATH="$PATH:$HOME/bin" - -mkdir $HOME/bin - -gcloud auth login --cred-file="$GOOGLE_APPLICATION_CREDENTIALS" --activate --quiet -leeway run dev/preview/previewctl:install - -TF_VAR_preview_name="$(previewctl get-name --branch "${INPUT_NAME}")" -export TF_VAR_preview_name -export TF_VAR_with_large_vm="${INPUT_LARGE_VM}" -export TF_VAR_gce_use_spot="${INPUT_PREEMPTIBLE}" -export TF_INPUT=0 -export TF_IN_AUTOMATION=true -leeway run dev/preview:create-preview diff --git a/.github/actions/preview-create/metadata.yml b/.github/actions/preview-create/metadata.yml deleted file mode 100644 index 134bf610fcc708..00000000000000 --- a/.github/actions/preview-create/metadata.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: "Create preview environment" -description: "Creates the infrastructure for a preview environment" -inputs: - name: - description: "The name of the preview environment to deploy Gitpod to" - required: false - infrastructure_provider: - description: "The infrastructure provider to use" - required: true - large_vm: - description: "Whether to use a larger VM for the env" - required: true - default: false - preemptible: - description: "Whether to use preemptible VMs for the env" - required: true - default: true - recreate_vm: - description: "Whether to recreate the VM" - required: false - default: "false" -runs: - using: "docker" - image: "Dockerfile" diff --git a/.github/workflows/branch-build.yml b/.github/workflows/branch-build.yml index 3c8b0b61785238..c459b0a2b42232 100644 --- a/.github/workflows/branch-build.yml +++ b/.github/workflows/branch-build.yml @@ -134,6 +134,9 @@ jobs: (needs.configuration.outputs.is_main_branch != 'true') && (needs.configuration.outputs.is_scheduled_run != 'true') runs-on: ubuntu-latest + container: + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:gpl-npm-oidc-support-gha.42 + options: --user root concurrency: group: ${{ github.ref == 'refs/heads/main' && github.run_id || github.sha }}-infrastructure cancel-in-progress: true @@ -150,11 +153,9 @@ jobs: uses: ./.github/actions/preview-create with: name: ${{ needs.configuration.outputs.preview_name }} - previewctl_hash: ${{ needs.build-previewctl.outputs.previewctl_hash }} large_vm: ${{ needs.configuration.outputs.with_large_vm }} preemptible: ${{ needs.configuration.outputs.with_preemptible }} recreate_vm: ${{ inputs.recreate_vm }} - image_repo_base: ${{needs.configuration.outputs.image_repo_base}}/build build-gitpod: name: Build Gitpod @@ -438,6 +439,9 @@ jobs: environment: branch-build if: needs.configuration.outputs.is_scheduled_run != 'true' runs-on: ubuntu-latest + container: + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:gpl-npm-oidc-support-gha.42 + options: --user root concurrency: group: ${{ github.ref == 'refs/heads/main' && github.run_id || github.sha }}-install cancel-in-progress: ${{ needs.configuration.outputs.is_main_branch == 'false' }} @@ -488,6 +492,9 @@ jobs: needs: [ infrastructure, build-previewctl ] environment: branch-build runs-on: ubuntu-latest + container: + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:gpl-npm-oidc-support-gha.42 + options: --user root if: needs.configuration.outputs.with_monitoring == 'true' && needs.configuration.outputs.is_scheduled_run != 'true' concurrency: group: ${{ github.ref == 'refs/heads/main' && github.run_id || github.sha }}-monitoring @@ -503,9 +510,6 @@ jobs: - name: Deploy monitoring satellite to the preview environment id: deploy-monitoring-satellite uses: ./.github/actions/deploy-monitoring-satellite - with: - previewctl_hash: ${{ needs.build-previewctl.outputs.previewctl_hash }} - image_repo_base: ${{needs.configuration.outputs.image_repo_base}}/build integration-test: name: "Run integration test" diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c03e8dec3f80c8..b4b2b215297a02 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -137,6 +137,9 @@ jobs: (needs.configuration.outputs.is_main_branch != 'true') && (needs.configuration.outputs.is_scheduled_run != 'true') runs-on: ubuntu-latest + container: + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:gpl-npm-oidc-support-gha.42 + options: --user root concurrency: group: ${{ github.ref == 'refs/heads/main' && github.run_id || github.sha }}-infrastructure cancel-in-progress: true @@ -153,11 +156,9 @@ jobs: uses: ./.github/actions/preview-create with: name: ${{ needs.configuration.outputs.preview_name }} - previewctl_hash: ${{ needs.build-previewctl.outputs.previewctl_hash }} large_vm: ${{ needs.configuration.outputs.with_large_vm }} preemptible: ${{ needs.configuration.outputs.with_preemptible }} recreate_vm: ${{ inputs.recreate_vm }} - image_repo_base: ${{needs.configuration.outputs.image_repo_base}}/build build-gitpod: name: Build Gitpod @@ -441,6 +442,9 @@ jobs: environment: main-build if: needs.configuration.outputs.is_scheduled_run != 'true' runs-on: ubuntu-latest + container: + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:gpl-npm-oidc-support-gha.42 + options: --user root concurrency: group: ${{ github.ref == 'refs/heads/main' && github.run_id || github.sha }}-install cancel-in-progress: ${{ needs.configuration.outputs.is_main_branch == 'false' }} @@ -491,6 +495,9 @@ jobs: needs: [ infrastructure, build-previewctl ] environment: main-build runs-on: ubuntu-latest + container: + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:gpl-npm-oidc-support-gha.42 + options: --user root if: needs.configuration.outputs.with_monitoring == 'true' && needs.configuration.outputs.is_scheduled_run != 'true' concurrency: group: ${{ github.ref == 'refs/heads/main' && github.run_id || github.sha }}-monitoring @@ -506,9 +513,6 @@ jobs: - name: Deploy monitoring satellite to the preview environment id: deploy-monitoring-satellite uses: ./.github/actions/deploy-monitoring-satellite - with: - previewctl_hash: ${{ needs.build-previewctl.outputs.previewctl_hash }} - image_repo_base: ${{needs.configuration.outputs.image_repo_base}}/build integration-test: name: "Run integration test" diff --git a/.github/workflows/ide-integration-tests.yml b/.github/workflows/ide-integration-tests.yml index 0116a626dc7886..5a83ec38d72f4b 100644 --- a/.github/workflows/ide-integration-tests.yml +++ b/.github/workflows/ide-integration-tests.yml @@ -92,6 +92,9 @@ jobs: name: Create preview environment infrastructure needs: [configuration] runs-on: ubuntu-latest + container: + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:gpl-npm-oidc-support-gha.42 + options: --user root concurrency: group: ${{ needs.configuration.outputs.name }}-infrastructure steps: @@ -107,10 +110,8 @@ jobs: uses: ./.github/actions/preview-create with: name: ${{ needs.configuration.outputs.name }} - infrastructure_provider: gce large_vm: true preemptible: true - image_repo_base: ${{ needs.configuration.outputs.image_repo_base }} - name: Deploy Gitpod to the preview environment id: deploy-gitpod if: github.event.inputs.skip_deploy != 'true' diff --git a/.github/workflows/preview-env-check-regressions.yml b/.github/workflows/preview-env-check-regressions.yml index 6dd6f95cc8aae3..dffd058dfa97e9 100644 --- a/.github/workflows/preview-env-check-regressions.yml +++ b/.github/workflows/preview-env-check-regressions.yml @@ -59,6 +59,9 @@ jobs: name: Create preview environment infrastructure needs: [configuration] runs-on: ubuntu-latest + container: + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:gpl-npm-oidc-support-gha.42 + options: --user root concurrency: group: ${{ needs.configuration.outputs.name }}-infrastructure steps: @@ -74,10 +77,8 @@ jobs: uses: ./.github/actions/preview-create with: name: ${{ needs.configuration.outputs.name }} - infrastructure_provider: ${{ needs.configuration.outputs.infrastructure_provider }} large_vm: false preemptible: true - image_repo_base: ${{ needs.configuration.outputs.image_repo_base }} - name: Deploy Gitpod to the preview environment id: deploy-gitpod uses: ./.github/actions/deploy-gitpod diff --git a/.github/workflows/workspace-integration-tests.yml b/.github/workflows/workspace-integration-tests.yml index 638f61d126eebb..f9b4900025a326 100644 --- a/.github/workflows/workspace-integration-tests.yml +++ b/.github/workflows/workspace-integration-tests.yml @@ -125,6 +125,9 @@ jobs: infrastructure: needs: [configuration] runs-on: ubuntu-latest + container: + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:gpl-npm-oidc-support-gha.42 + options: --user root concurrency: group: ${{ needs.configuration.outputs.name }}-infrastructure steps: @@ -140,10 +143,8 @@ jobs: uses: ./.github/actions/preview-create with: name: ${{ needs.configuration.outputs.name }} - infrastructure_provider: gce large_vm: true preemptible: true - image_repo_base: ${{ needs.configuration.outputs.image_repo_base }} - name: Deploy Gitpod to the preview environment if: inputs.skip_deploy != 'true' id: deploy-gitpod From 58aa2736a02b0f5f9515bf4690568d33258889bd Mon Sep 17 00:00:00 2001 From: Gero Posmyk-Leinemann Date: Fri, 9 Jan 2026 14:22:25 +0000 Subject: [PATCH 3/4] [preview] Add container to delete jobs Add missing container specification to delete jobs in: - ide-integration-tests.yml - workspace-integration-tests.yml - preview-env-check-regressions.yml The delete-preview action is a composite action that requires leeway, which is only available in the dev-environment container. Co-authored-by: Ona --- .github/workflows/ide-integration-tests.yml | 3 +++ .github/workflows/preview-env-check-regressions.yml | 3 +++ .github/workflows/workspace-integration-tests.yml | 3 +++ 3 files changed, 9 insertions(+) diff --git a/.github/workflows/ide-integration-tests.yml b/.github/workflows/ide-integration-tests.yml index 5a83ec38d72f4b..83a63589bf3f77 100644 --- a/.github/workflows/ide-integration-tests.yml +++ b/.github/workflows/ide-integration-tests.yml @@ -215,6 +215,9 @@ jobs: needs: [configuration, infrastructure, check] if: github.event.inputs.skip_delete != 'true' && always() runs-on: ubuntu-latest + container: + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:gpl-npm-oidc-support-gha.42 + options: --user root steps: - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # pin@v4 - name: Setup Environment diff --git a/.github/workflows/preview-env-check-regressions.yml b/.github/workflows/preview-env-check-regressions.yml index dffd058dfa97e9..4a79d4ce76fd8a 100644 --- a/.github/workflows/preview-env-check-regressions.yml +++ b/.github/workflows/preview-env-check-regressions.yml @@ -170,6 +170,9 @@ jobs: needs: [configuration, infrastructure, check] if: always() runs-on: ubuntu-latest + container: + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:gpl-npm-oidc-support-gha.42 + options: --user root steps: - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # pin@v4 - name: Setup Environment diff --git a/.github/workflows/workspace-integration-tests.yml b/.github/workflows/workspace-integration-tests.yml index f9b4900025a326..581c2750a48234 100644 --- a/.github/workflows/workspace-integration-tests.yml +++ b/.github/workflows/workspace-integration-tests.yml @@ -182,6 +182,9 @@ jobs: needs: [configuration, infrastructure, check] if: inputs.skip_delete != 'true' && always() runs-on: ubuntu-latest + container: + image: eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:gpl-npm-oidc-support-gha.42 + options: --user root steps: - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # pin@v4 - name: Setup Environment From 65a48cb2677e8d86ba12163733a45110b3599de5 Mon Sep 17 00:00:00 2001 From: Gero Posmyk-Leinemann Date: Fri, 9 Jan 2026 16:01:26 +0000 Subject: [PATCH 4/4] [dev] Align leeway config between CI and workspace/environment --- WORKSPACE.yaml | 6 +++--- dev/preview/workflow/preview/build.sh | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/WORKSPACE.yaml b/WORKSPACE.yaml index b2dffa3a6fd514..ccfa8ac00bbd03 100644 --- a/WORKSPACE.yaml +++ b/WORKSPACE.yaml @@ -3,9 +3,9 @@ defaultTarget: components:all defaultArgs: imageRepoBase: "eu.gcr.io/gitpod-dev-artifact/build" coreYarnLockBase: ../.. - npmPublishTrigger: "false" - publishToNPM: true - publishToJBMarketplace: true + npmPublishTrigger: false + publishToNPM: false + publishToJBMarketplace: false localAppVersion: unknown codeCommit: bbd81e3f7202bb6b506c62afc097bf57e33bd11f codeVersion: 1.102.3 diff --git a/dev/preview/workflow/preview/build.sh b/dev/preview/workflow/preview/build.sh index a9aade83f2be0f..cbaa3da4d7ce4c 100755 --- a/dev/preview/workflow/preview/build.sh +++ b/dev/preview/workflow/preview/build.sh @@ -21,5 +21,6 @@ fi leeway build \ -Dversion="${VERSION}" \ + -DlocalAppVersion="${VERSION}" \ --dont-test \ dev/preview:deploy-dependencies