[pull] main from gitpod-io:main#375
Open
pull[bot] wants to merge 4092 commits into16CentAstrology:mainfrom
Open
[pull] main from gitpod-io:main#375pull[bot] wants to merge 4092 commits into16CentAstrology:mainfrom
pull[bot] wants to merge 4092 commits into16CentAstrology:mainfrom
Conversation
Tool: gitpod/catfood.gitpod.cloud
Tool: gitpod/catfood.gitpod.cloud
* Update Platform Version of JetBrains Backend Plugin (EAP) to Tool: gitpod/catfood.gitpod.cloud * Make it build Tool: gitpod/catfood.gitpod.cloud * Fix rider Tool: gitpod/catfood.gitpod.cloud * Fix use-latest checkbox not working Tool: gitpod/catfood.gitpod.cloud --------- Co-authored-by: Robo Quat <roboquat@gitpod.io>
* squashed (- oidc/newUser) Tool: gitpod/catfood.gitpod.cloud * [server, db] Cleanup UpdateOrgSettings API handling Tool: gitpod/catfood.gitpod.cloud * [dashboard] Render WelcomeMessage based on a) user.createdAt and b) localStorage Tool: gitpod/catfood.gitpod.cloud * [api, server] Add missing update_allowed_workspace_classes field Tool: gitpod/catfood.gitpod.cloud * [dashboard] Fix updateOrgSettings API usage Tool: gitpod/catfood.gitpod.cloud * [dashboard, server] Fix duration handling/conversion Tool: gitpod/catfood.gitpod.cloud --------- Co-authored-by: Gero Posmyk-Leinemann <gero@gitpod.io>
* [JetBrains] Update IDE images to new build version * Revert gradle properties changes Tool: gitpod/catfood.gitpod.cloud --------- Co-authored-by: Huiwen <mhqnwt@gmail.com>
…P) (#20612) * Update Platform Version of JetBrains Gateway Plugin (EAP) to * Revert gradle properties changes Tool: gitpod/catfood.gitpod.cloud --------- Co-authored-by: Huiwen <mhqnwt@gmail.com>
* feat(dashboard): Enhance team onboarding with member avatar and framework selection - Add OrgMemberAvatarInput component with improved member selection using Popover and Command - Implement ComboboxDemo for framework selection - Update Button variant and add cmdk package - Improve UI components with more flexible selection and filtering Tool: gitpod/catfood.gitpod.cloud * fix(orgs): when updating org welcome msg settings, enforce updating `featuredMemberId` Tool: gitpod/catfood.gitpod.cloud * A proper fix with existing prebuild list combobox Tool: gitpod/catfood.gitpod.cloud * chore: Remove unused cmdk package and related components - Remove cmdk package from package.json - Delete Command.tsx component - Remove unused featuredMemberId state from TeamOnboarding - Clean up yarn.lock dependencies related to cmdk and radix-ui packages Tool: gitpod/catfood.gitpod.cloud * Clean up Tool: gitpod/catfood.gitpod.cloud
Tool: gitpod/catfood.gitpod.cloud
* [ipfs] rebuild components Tool: gitpod/catfood.gitpod.cloud * Fix kubo version Tool: gitpod/catfood.gitpod.cloud * Consolidate IPFS versions to workspace.yaml Tool: gitpod/catfood.gitpod.cloud * Also package scheduler-extender Tool: gitpod/catfood.gitpod.cloud
* [api, server, dashboard] Cleanup UpdateOrganizationSettings API Tool: gitpod/catfood.gitpod.cloud * Org settings partial updates improvements (#20626) Tool: gitpod/catfood.gitpod.cloud * review comment Tool: gitpod/catfood.gitpod.cloud
* [dashboard] fix toast contrast Tool: gitpod/catfood.gitpod.cloud * driveby: less `isGitpodIo` Tool: gitpod/catfood.gitpod.cloud * Align colors with info alert Tool: gitpod/catfood.gitpod.cloud
…20627) * [components] include scheduler-extender:docker in all-docker build * [.github] add missing CODEOWNERS
* [memory bank] Initialize cline memory bank Tool: gitpod/catfood.gitpod.cloud * [memory-bank] Start documenting first components (blobserve, content-service, dashboard, ws-manager-mk2) Tool: gitpod/catfood.gitpod.cloud * [memory-bank] Document more components (supervisor, ws-daemon) Tool: gitpod/catfood.gitpod.cloud * [memory-bank] More components (ide-service, registry-facade, image-builder-mk3) Tool: gitpod/catfood.gitpod.cloud * [memory-bank] Document proxy, server and ws-proxy Tool: gitpod/catfood.gitpod.cloud * [memory-bank] Document gitpod-cli and gitpod-db Tool: gitpod/catfood.gitpod.cloud * [memory-bank] Document gitpod-protocol Tool: gitpod/catfood.gitpod.cloud * [memory-bank] Document ide-proxy, ide and ws-manager-bridge Tool: gitpod/catfood.gitpod.cloud * [memory-bank] Document ide-metrics and local-app Tool: gitpod/catfood.gitpod.cloud * [memory-bank] Document public-api-serverr and usage Tool: gitpod/catfood.gitpod.cloud * [memory-bank] Document common-go and workspacekit Tool: gitpod/catfood.gitpod.cloud * [memory-bank] Document spicedb, scrubber and service-waiter Tool: gitpod/catfood.gitpod.cloud * [memory-bank] Documented docker-up, image-builder-bob, node-labeler Tool: gitpod/catfood.gitpod.cloud * [memory-bank] Documented openvsx-proxy, scheduler-extender, ipfs Tool: gitpod/catfood.gitpod.cloud * [memory-bank] Update rules to lay out the "components" structure Tool: gitpod/catfood.gitpod.cloud
* add feature flags for spicedb client options Tool: gitpod/catfood.gitpod.cloud * Add comments Tool: gitpod/catfood.gitpod.cloud * fixup Tool: gitpod/catfood.gitpod.cloud * address feedback Co-authored-by: Gero Posmyk-Leinemann <gero@gitpod.io> Tool: gitpod/catfood.gitpod.cloud * fixup Tool: gitpod/catfood.gitpod.cloud --------- Co-authored-by: Gero Posmyk-Leinemann <gero@gitpod.io>
* [ws-manager, ws-daemon] Store initializer metrics in workspace.Status.InitializerMetrics Tool: gitpod/catfood.gitpod.cloud * [ws-mananger-api, -mk2] Emit new field .Status.InitializerMetrics Tool: gitpod/catfood.gitpod.cloud * [db] Introduce DBWorkspaceInstanceMetrics and persist all metrics from ws-manager-api into it Tool: gitpod/catfood.gitpod.cloud * [api] Expose session.Metrics.InitializerMetrics Tool: gitpod/catfood.gitpod.cloud * [dashboard] Export metrics into CSV Tool: gitpod/catfood.gitpod.cloud * [content-service] Fix: emit fromBackup stats Tool: gitpod/catfood.gitpod.cloud * Update components/ws-manager-api/core.proto Co-authored-by: Filip Troníček <filip@gitpod.io> --------- Co-authored-by: Filip Troníček <filip@gitpod.io>
Tool: gitpod/catfood.gitpod.cloud
Tool: gitpod/catfood.gitpod.cloud
* [memory-bank] Tell cline how to build components Tool: gitpod/catfood.gitpod.cloud * [memory-bank] Document API components as well Tool: gitpod/catfood.gitpod.cloud * [memory-bank] Document content-service-api, ide-metrics-api, ide-service-api Tool: gitpod/catfood.gitpod.cloud * [memory-bank] Document image-builder-api, local-app-api, registry-facade-api Tool: gitpod/catfood.gitpod.cloud * [memory-bank] Document supervisor-api, usage-api, ws-daemon-api Tool: gitpod/catfood.gitpod.cloud * [memory-bank] Document ws-manager-api, ws-manager-bridge-api Tool: gitpod/catfood.gitpod.cloud
…t use deepmerge but overwrite if set) (#20646) Tool: gitpod/catfood.gitpod.cloud
Tool: gitpod/catfood.gitpod.cloud
… fetching (#20649) Tool: gitpod/catfood.gitpod.cloud
Tool: gitpod/catfood.gitpod.cloud
* Upgrade caddy 2.9.1 -> 2.10.2 Co-authored-by: Ona <no-reply@ona.com> * Upgrade proxy component to Caddy 2.10.2 - Update Dockerfile to use caddy:2.10.2-builder and caddy/caddy:2.10.2-alpine - Update all 10 plugin go.mod files from Caddy v2.7.6 to v2.10.2 - Fix sshtunnel plugin: replace deprecated caddy.Listen() with NetworkAddress.Listen() - Remove intermediate Go version upgrade stage (caddy:2.10.2-builder includes Go 1.24+) Fixes several HIGH severity vulnerabilities: - GHSA-7jwh-3vrq-q3m8 (pgproto3 SQL injection) - GHSA-m7wr-2xf7-cm9p (pgx SQL injection) - GHSA-mrww-27vc-gghv (pgx SQL injection) - GHSA-c33x-xqrf-c478 (quic-go DoS) - GHSA-vrw8-fxc6-2r93 (chi host header injection) Co-authored-by: Ona <no-reply@ona.com> * [protocol] Fix dirty git state on rebuild Co-authored-by: Ona <no-reply@ona.com> * Upgrade to Caddy 2.11.0-beta.2 to fix critical vulnerability Upgrade from Caddy 2.10.2 to 2.11.0-beta.2 to fix GHSA-h8cp-697h-8c8p (Critical - authorization bypass in smallstep/certificates ACME/SCEP). - proxy: Use caddy:builder with xcaddy build v2.11.0-beta.2 - ide-proxy, dashboard: Use caddy/caddy:2.11-alpine - Update all plugin go.mod files to Caddy v2.11.0-beta.2 Co-authored-by: Ona <no-reply@ona.com> * [proxy] Add small TODO to fix builder dependency once available Co-authored-by: Ona <no-reply@ona.com> --------- Co-authored-by: Ona <no-reply@ona.com>
Log errors with context at each failure point in the install() function to help diagnose which step is failing during preview environment setup. Co-authored-by: Ona <no-reply@ona.com>
…21248) The caddy/caddy:2.11-alpine Docker image is built from v2.11.0-beta.1 which still contains the vulnerable smallstep/certificates v0.28.4. Build Caddy from source using xcaddy to get v2.11.0-beta.2 which includes smallstep/certificates v0.29.0, fixing GHSA-h8cp-697h-8c8p. Co-authored-by: Ona <no-reply@ona.com>
Co-authored-by: Ona <no-reply@ona.com>
GitHub Actions sets HOME=/github/home when running in a container, but this directory doesn't exist in the dev-environment image. This causes previewctl install-context to fail when generating SSH keys. Restore HOME=/home/gitpod to match the original Docker-based action behavior from before commit 80317ca. Co-authored-by: Ona <no-reply@ona.com>
The previous fix (#21252) only applied HOME=/home/gitpod to the 'Deploy Gitpod' step, but the 'Install previewctl' step runs first and also needs the fix. Leeway fails with 'getwd: no such file or directory' when HOME points to a non-existent directory. Validated locally: docker run --rm --user root -e HOME=/github/home ... leeway run dev/preview/previewctl:install # Fails: getwd: no such file or directory docker run --rm --user root -e HOME=/github/home ... export HOME=/home/gitpod leeway run dev/preview/previewctl:install # Succeeds Co-authored-by: Ona <no-reply@ona.com>
Co-authored-by: Ona <no-reply@ona.com>
When terraform plan -destroy returns exit code 0 (no changes because resources were already deleted), the script exited before deleting the terraform workspace. This caused the same preview environments to appear in subsequent GC runs. Co-authored-by: Ona <no-reply@ona.com>
Co-authored-by: Ona <no-reply@ona.com>
Tasks using leeway (initGo, installLocalAppCli, buildJava) now depend on configurePreview to ensure GCP authentication is complete before they run. Without this, leeway cannot access the remote cache bucket and falls back to rebuilding all packages locally. Co-authored-by: Ona <no-reply@ona.com>
* Add minimal gitpod.io mode and redirect logging
Task 1: Add redirect logging to Caddy proxy
- New (enable_redirect_log) snippet that logs all 3xx responses
- Captures source URL, destination, status code, and user agent
- Added to http://, https://{GITPOD_DOMAIN}, and workspace blocks
Task 2: Implement minimal gitpod.io mode in dashboard
- Only active on exact "gitpod.io" domain
- Controlled by ConfigCat flag "minimal_gitpod_io_mode"
- localStorage override for testing: minimal_gitpod_io_mode=true/false
- Handles redirects without booting full React app:
- Website slugs -> www.gitpod.io
- Hash-based workspace creation -> app.ona.com
- Legacy URL formats -> app.ona.com
- App routes and root path -> minimal login page
- Unknown paths -> www.gitpod.io
- Minimal login page shows Ona branding and "Continue with Ona" button
Part of CLC-2206: Reduce Compute Engine costs
Co-authored-by: Ona <no-reply@ona.com>
* Fix ConfigCat client usage in minimal mode
Use existing getExperimentsClient() wrapper instead of raw configcat-js API.
Co-authored-by: Ona <no-reply@ona.com>
* fix: use existing isGitpodIo function
* Update minimal login page to match current PAYG layout
- Two-panel layout: white left panel with login, gradient right panel with Ona branding
- Gitpod orange logo on left panel
- 'What do you want to get done today?' subtitle
- Black outlined 'Continue with Ona' button
- Sunset notice with links to Ona
- Terms of service and privacy policy footer
- Right panel with Ona wordmark, description, and 'Try Ona' button
- Responsive: hides right panel on smaller screens
Co-authored-by: Ona <no-reply@ona.com>
* Extract minimal login page to external HTML file
- Move inline HTML template to src/minimal-login.html for easier review
- Add webpack config to import HTML as raw string
- Add TypeScript declaration for HTML imports
Co-authored-by: Ona <no-reply@ona.com>
* Add HTML files to dashboard build sources
Co-authored-by: Ona <no-reply@ona.com>
* Fix minimal login page styling
- Fix button styling: dark background with white text (matching current design)
- Remove terms of service footer (no longer applicable)
- Add ona-application.webp to public folder for the preview image
Co-authored-by: Ona <no-reply@ona.com>
---------
Co-authored-by: Ona <no-reply@ona.com>
Add description meta tag and update manifest to inform users that Gitpod is now Ona while keeping Gitpod Classic branding. Co-authored-by: Ona <no-reply@ona.com>
…lation (#21289) - Remove ConfigCat feature flag dependency for minimal mode detection - gitpod.io: always use minimal mode (synchronous, no network call) - Preview environments: use isDedicatedInstallation with localStorage caching - Dedicated/self-hosted: never use minimal mode - Replace document.write() with innerHTML to avoid deprecation issues - Change GITPOD_WITH_DEDICATED_EMU default to true in preview deployments The localStorage override (minimal_gitpod_io_mode=true/false) still works for testing. Co-authored-by: Ona <no-reply@ona.com>
Co-authored-by: Ona <no-reply@ona.com>
Migrate gitpod.io/docs JetBrains Gateway URLs to the new ona.com/docs/classic domain across IDE config files and the Gateway plugin. Co-authored-by: Ona <no-reply@ona.com>
When multiple workspaces sync globalState concurrently, the If-Match rev becomes stale between the client's GET and POST. The VS Code client retries 412 responses with no recursion limit, exhausting its 100-request/5-min budget and triggering 'Settings sync is suspended'. Retry the insert up to 3 times server-side with the current latest rev, absorbing transient concurrency conflicts before they reach the client. Co-authored-by: Ona <no-reply@ona.com>
* Fix critical vulnerabilities in Node.js and Caddy base images - Update Node.js from 22.15.1 to 22.22.0 in server, gitpod-db, ws-manager-bridge, and gitpod-web-extension Dockerfiles. Fixes CVE-2025-15467 (OpenSSL) and CVE-2025-55130 (Node.js). - Update Caddy from v2.11.0-beta.2 to v2.11.1 (stable) in proxy and ide-proxy Dockerfiles and all proxy plugin Go modules. Includes 6 security patches (CVE-2026-27585 through CVE-2026-27590). The image-builder-bob buildkit base image (ghcr.io/gitpod-io/buildkit:v0.20.1-gitpod.4) also has critical vulns (CVE-2025-15467, CVE-2025-22871, CVE-2025-68121) but requires a separate rebuild of that external image. Co-authored-by: Ona <no-reply@ona.com> * Update buildkit base image to v0.20.1-gitpod.5 Fixes CVE-2025-15467 (OpenSSL), CVE-2025-22871 and CVE-2025-68121 (Go stdlib) in the image-builder-bob Docker image. Co-authored-by: Ona <no-reply@ona.com> --------- Co-authored-by: Ona <no-reply@ona.com>
…5-68121) (#21327) * Fix CVE-2025-68121: bump Go toolchain to 1.24.13 in local-app The local-app Go binaries are embedded in the ide-proxy Docker image. They were compiled with Go 1.24.9 (from the CI environment), which contains CVE-2025-68121 (critical Go stdlib vulnerability). Bump the toolchain directive in local-app/go.mod to go1.24.13, which forces the Go tool to auto-download 1.24.13 regardless of the CI environment's installed Go version. Also add apk upgrade to the ide-proxy Dockerfile to pick up Alpine security patches at build time (matching the proxy Dockerfile pattern). The .devcontainer/Dockerfile Go version bump is included for dev environment consistency but does not affect CI builds. Co-authored-by: Ona <no-reply@ona.com> * Pin Go 1.24.13 in CI build image to fix CVE-2025-68121 The CI image (dev/image/Dockerfile) inherits Go from the base image gitpod/workspace-gitpod-dev, which ships Go 1.24.9. That version contains CVE-2025-68121 (critical Go stdlib vulnerability). Install Go 1.24.13 explicitly in the CI image so all Go binaries built in CI use a patched toolchain. Bump TRIGGER_REBUILD to force an image rebuild. Co-authored-by: Ona <no-reply@ona.com> * fix pipeline rot Co-authored-by: Ona <no-reply@ona.com> * trigger dev-environment rebuild Co-authored-by: Ona <no-reply@ona.com> * Update dev-environment to eu.gcr.io/gitpod-dev-artifact/dev/dev-environment:fix-go-1-24-13-cve-2025-68121-gha.181 --------- Co-authored-by: Ona <no-reply@ona.com>
…final image (#21329) The compress stage copied local-app binaries into /bin, then COPY --from=compress /bin pulled the entire directory — including glibc's ldconfig — into the final image. Use a dedicated /app-bin directory so only the intended binaries are included. fixes CLC-2225 Co-authored-by: Ona <no-reply@ona.com>
Co-authored-by: Ona <no-reply@ona.com>
Co-authored-by: Ona <no-reply@ona.com>
…21333) * Fix CVE-2026-22184: bump Alpine-based Dockerfiles This ensures the zlib package is updated from 1.3.1-r2 to 1.3.2-r0, fixing CVE-2026-22184 detected by the daily vulnerability scan. Co-authored-by: Ona <no-reply@ona.com> * Add tag-based base image updates to digest workflow The daily update-image-digest workflow only updated images pinned with @sha256: digests. Dockerfiles using tag-based references like node:22.22.0-alpine or caddy/caddy:2.11-alpine were not tracked, causing them to go stale and accumulate vulnerabilities. Add a new step that uses crane ls to find the latest patch release for tracked base images (node, caddy/caddy) and updates FROM lines in Dockerfiles accordingly. Co-authored-by: Ona <no-reply@ona.com> * Add apk upgrade --no-cache to Dockerfiles for immediate zlib fix Base image tags (node:22.22.1-alpine, caddy/caddy:2.11.2-alpine) still ship zlib 1.3.1-r2. The fix (1.3.2-r0) is available in Alpine repos but the upstream images haven't been rebuilt yet. Running apk upgrade in the Dockerfile ensures the fix is picked up at build time regardless. This matches the existing pattern in ide-proxy and proxy Dockerfiles. Co-authored-by: Ona <no-reply@ona.com> --------- Co-authored-by: Ona <no-reply@ona.com>
Same fix as the other Caddy-based images (dashboard, ide-proxy) from Together with the existing apk upgrade --no-cache, this resolves CVE-2026-22184 (zlib 1.3.1-r2 -> 1.3.2-r0). Co-authored-by: Ona <no-reply@ona.com>
Co-authored-by: Ona <no-reply@ona.com>
Co-authored-by: Ona <no-reply@ona.com>
pup v0.4.0 (2017) fails to compile with modern Go versions. Download the pre-built binary from GitHub releases instead, matching the approach already used in dev/image/Dockerfile. Co-authored-by: Ona <no-reply@ona.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
15 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.3)
Can you help keep this open source service alive? 💖 Please sponsor : )