Skip to content

feat(runner): add glab CLI, pin all tool versions, add freshness workflow#1045

Closed
jeremyeder wants to merge 1 commit intomainfrom
feat/runner-glab-and-freshness-workflow
Closed

feat(runner): add glab CLI, pin all tool versions, add freshness workflow#1045
jeremyeder wants to merge 1 commit intomainfrom
feat/runner-glab-and-freshness-workflow

Conversation

@jeremyeder
Copy link
Copy Markdown
Contributor

@jeremyeder jeremyeder commented Mar 26, 2026

Summary

  • Adds glab (GitLab CLI) to the runner image
  • Pins all runner tools with explicit versions via Dockerfile ARGs, replacing unpinned installs
  • Adds a weekly CI workflow (runner-tool-versions.yml) that checks every runner component for updates and opens a PR when newer versions are available

What changed

Dockerfile

Component Before After
gh (GitHub CLI) Unpinned (dnf repo) ARG GH_VERSION=2.74.0 (binary download)
glab (GitLab CLI) Not installed ARG GLAB_VERSION=1.52.0 (binary download)
uv pip install uv (unpinned) pip install uv==0.7.8
pre-commit pip install pre-commit (unpinned) pip install pre-commit==4.2.0
gemini-cli npm install -g @google/gemini-cli (unpinned) npm install -g @google/gemini-cli@0.1.17
Base image Digest-pinned (unchanged) Same
git, jq, Node.js, Go dnf/AppStream (unchanged) Same (tied to base image)

Freshness workflow

  • Runs weekly (Monday 9 AM UTC) + manual trigger
  • Checks 6 components: base image digest (via skopeo), gh, glab, uv, pre-commit, gemini-cli
  • Opens a single PR on auto/update-runner-image with a version table when any component is outdated
  • Deduplicates against existing open PRs
  • Workflow summary page shows a freshness report for all components
  • Follows the same patterns as daily-sdk-update.yml

Test plan

  • Runner container image builds successfully with the new Dockerfile
  • gh version, glab version, uv --version, gemini --version all work inside the container
  • Workflow YAML passes actionlint / GitHub Actions validation
  • Manual workflow dispatch runs successfully

🤖 Generated with Claude Code

@jeremyeder @claude
feat(runner): add glab CLI, pin all tool versions, add freshness work…
4149db1 
…flow

- Add glab (GitLab CLI) binary to the runner image
- Pin all runner tools with explicit versions via Dockerfile ARGs:
  gh 2.74.0, glab 1.52.0, uv 0.7.8, pre-commit 4.2.0, gemini-cli 0.1.17
- Switch gh from dnf repo install to versioned binary download
- Add weekly CI workflow (runner-tool-versions.yml) that checks all
  components for updates and opens a PR when newer versions are available
- Covers: base image digest, gh, glab, uv, pre-commit, gemini-cli

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai bot commented Mar 26, 2026

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: bb2ecaa9-573f-40e3-8111-6151060e3724

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/runner-glab-and-freshness-workflow

Comment @coderabbitai help to get the list of available commands and usage tips.

@jeremyeder
Copy link
Copy Markdown
Contributor Author

jeremyeder commented Mar 26, 2026

There was an ask through feedback to add glab to the runner. So I've done that and added a job to keep the runner updated.

@ktdreyer
Copy link
Copy Markdown
Contributor

ktdreyer commented Mar 26, 2026

I think this is an ok approach.

AIPCC uses Renovate to perform these bumping operations instead. That would be a standard and secure way to do dependency management in contrast to a one-off custom GH Action.

But I don't see a problem with this particular implementation today.

@jeremyeder jeremyeder mentioned this pull request Mar 28, 2026
Merged
8 tasks
@jeremyeder
Copy link
Copy Markdown
Contributor Author

jeremyeder commented Mar 28, 2026

Superseded by #1091 which combines this PR with #845.

@jeremyeder jeremyeder closed this Mar 28, 2026
@jeremyeder jeremyeder mentioned this pull request Mar 28, 2026
Closed
7 tasks
Gkrumbach07 pushed a commit that referenced this pull request Apr 3, 2026
@jeremyeder @claude
feat(runner): upgrade to UBI 10, add glab CLI, pin versions, add fres…
8188e53 
…hness workflow (#1091)

<!-- acp:session_id=pr-fixer-1091-v2 source=ai-managed
last_action=2026-04-02T22:48:54Z retry_count=0 -->
## Summary

Combines [PR #845](#845)
and [PR #1045](#1045) into
a single PR, with improvements from code review.

### Runner / Dockerfile
- **Upgrades base image** from UBI 9 / Python 3.11 to **UBI 10 / Python
3.12**
- **Adds glab** (GitLab CLI) via pinned binary download
- **Pins all runner tools** with explicit `ARG` versions: gh, glab, uv,
pre-commit, gemini-cli
- **Merges gh + glab installs** into a single `RUN` layer (single ARCH
computation)
- Bumps Node.js 20 → 22, updates dnf usage for RHEL 10

### Dependencies
- Bumps claude-agent-sdk, anthropic, mcp, pydantic, ag-ui-protocol,
pytest, ruff, mcp-atlassian, workspace-mcp
- Regenerated uv.lock against current main

### Frontend
- Adds **ClaudeAgentOptions** form (Zod schema + React form) behind
`advanced-agent-options` Unleash flag
- Integrates agent options into the create-session dialog

### Freshness workflow
- New **weekly CI workflow** (`runner-tool-versions.yml`) that checks
all runner components for updates
- Fetches versions **concurrently** (background curl processes)
- Applies updates and opens a single PR when any component is outdated
- Simplified from original: 5 fetch steps → 1, 6 update steps → 1,
removed `eval` usage

### Version table

| Component | Before | After |
|-----------|--------|-------|
| Base image | UBI 9 / python-311 | UBI 10 / ubi |
| Python | 3.11 | 3.12 |
| Node.js | 20 | 22 |
| gh (GitHub CLI) | Unpinned (dnf) | `ARG GH_VERSION=2.74.0` |
| glab (GitLab CLI) | Not installed | `ARG GLAB_VERSION=1.52.0` |
| uv | Unpinned | `ARG UV_VERSION=0.7.8` |
| pre-commit | Unpinned | `ARG PRE_COMMIT_VERSION=4.2.0` |
| gemini-cli | Unpinned | `ARG GEMINI_CLI_VERSION=0.1.17` |

## Test plan

- [ ] Runner container image builds successfully with UBI 10
- [ ] `python3 --version` shows 3.12, `node --version` shows v22
- [ ] `gh version`, `glab version`, `uv --version`, `gemini --version`
all work inside the container
- [ ] CI unit tests pass (Python 3.12)
- [ ] Workflow YAML passes actionlint / GitHub Actions validation
- [ ] Frontend builds with agent options schema changes
- [ ] Agent options form renders when `advanced-agent-options` flag is
enabled
- [ ] Form is hidden when flag is off (default)

Supersedes #845 and #1045.

---
🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Ambient Code Bot <bot@ambient-code.local>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jeremyeder @ktdreyer