Reapply "[image-builder-bob] bump up buildkit (#20690)" (#20693)

[iQQBot]

This reverts commit 7137833.

Tool: gitpod/catfood.gitpod.cloud

Description

This pid is actually thread id, it should be safe if we use in thread-self

see doc link

workspace integration test are success https://github.com/gitpod-io/gitpod/actions/runs/13993623337/job/39183946713?pr=20694

Related Issue(s)

Fixes CLC-1252

How to test

Documentation

Preview status

Gitpod was successfully deployed to your preview environment.

• 🏷️ Name - pd-upgrade-buildkit
• 🔗 URL - pd-upgrade-buildkit.preview.gitpod-dev.com/workspaces.
• 📚 Documentation - See our internal documentation for information on how to interact with your preview environment.
• 📦 Version - pd-upgrade-buildkit-gha.31961
• 🗒️ Logs - GCP Logs Explorer

Build Options

Build

• /werft with-werft
  Run the build with werft instead of GHA
• leeway-no-cache
• /werft no-test
  Run Leeway with --dont-test

Publish

• /werft publish-to-npm
• /werft publish-to-jb-marketplace

Installer

• analytics=segment
• with-dedicated-emulation
• workspace-feature-flags
  Add desired feature flags to the end of the line above, space separated

Preview Environment / Integration Tests

• /werft with-local-preview
  If enabled this will build install/preview
• /werft with-preview
• /werft with-large-vm
• /werft with-gce-vm
  If enabled this will create the environment on GCE infra
• /werft preemptible
  Saves cost. Untick this only if you're really sure you need a non-preemtible machine.
• with-integration-tests=all
  Valid options are all, workspace, webapp, ide, jetbrains, vscode, ssh. If enabled, with-preview and with-large-vm will be enabled.
• with-monitoring

/hold

[kylos101]

👋 @iQQBot , nice find! It would be good to get a review from a SME for workspacekit

[kylos101]

How does this change impact regular workspaces, and prebuilds?

[kylos101]

I see tests were failing, and assume this is the intended fix:

--- FAIL: TestBaseImageBuild (50.03s)
--- FAIL: TestBaseImageBuild/database (0.00s)
--- FAIL: TestBaseImageBuild/database/it_should_build_a_base_image (50.03s)

--- FAIL: TestParallelBaseImageBuild (28.78s)
--- FAIL: TestParallelBaseImageBuild/image-builder (0.00s)
--- FAIL: TestParallelBaseImageBuild/image-builder/it_should_allow_parallel_build_of_images (28.78s)

[kylos101]

It would be good, I think, to get a review for this file from @Furisto @aledbf or @csweichel .

[iQQBot]

We previously did not handle thread-self, so it would fallback to nsenter, using the tid/pid of nsenter at that time. Handling it here actually increases some security.