From 57a73fdf368b40f3d00d94135532edd42fbc82c6 Mon Sep 17 00:00:00 2001
From: Robert Brennan <contact@rbren.io>
Date: Mon, 29 Apr 2024 09:21:47 -0400
Subject: [PATCH 01/18] build docker on pull request

---
 .github/workflows/ghcr.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/ghcr.yml b/.github/workflows/ghcr.yml
index 3b131d97466..2c1c2021cd8 100644
--- a/.github/workflows/ghcr.yml
+++ b/.github/workflows/ghcr.yml
@@ -2,6 +2,9 @@ name: Publish Docker Image
 
 on:
   push:
+    branches:
+    - main
+  pull_request:
   workflow_dispatch:
     inputs:
       reason:

From 91fcc420607a3dc4f928da78e48b10c211881b7f Mon Sep 17 00:00:00 2001
From: Robert Brennan <contact@rbren.io>
Date: Mon, 29 Apr 2024 09:26:18 -0400
Subject: [PATCH 02/18] run docker build on PRs

---
 .github/workflows/ghcr.yml | 2 +-
 containers/build.sh        | 7 ++++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ghcr.yml b/.github/workflows/ghcr.yml
index 2c1c2021cd8..124aec2a02d 100644
--- a/.github/workflows/ghcr.yml
+++ b/.github/workflows/ghcr.yml
@@ -40,7 +40,7 @@ jobs:
       - name: Build and push ${{ matrix.image }}
         run: |
           ORG_NAME=$(echo "${{ github.repository }}" | tr '[A-Z]' '[a-z]' | cut -d '/' -f 1)
-          ./containers/build.sh ${{ matrix.image }} $ORG_NAME --push
+          ./containers/build.sh ${{ matrix.image }} $ORG_NAME ${{ github.actor }} --push
 
   docker_build_success:
     name: Docker Build Success
diff --git a/containers/build.sh b/containers/build.sh
index 33de89fa19a..c8405f58fde 100755
--- a/containers/build.sh
+++ b/containers/build.sh
@@ -3,6 +3,7 @@ set -eo pipefail
 
 image_name=$1
 org_name=$2
+tag_prefix="$3-"
 push=0
 if [[ $3 == "--push" ]]; then
   push=1
@@ -22,6 +23,10 @@ if [[ -n $GITHUB_REF_NAME ]]; then
     major_version=$(echo $GITHUB_REF_NAME | cut -d. -f1)
     minor_version=$(echo $GITHUB_REF_NAME | cut -d. -f1,2)
     tags+=($major_version $minor_version)
+    tag_prefix="" # don't prefix version tags
+  fi
+  if [[ $GITHUB_REF_NAME == "main" ]]; then
+    tag_prefix="" # don't prefix main tag
   fi
   sanitized=$(echo $GITHUB_REF_NAME | sed 's/[^a-zA-Z0-9.-]\+/-/g')
   OPEN_DEVIN_BUILD_VERSION=$sanitized
@@ -49,7 +54,7 @@ echo "Base dir: $DOCKER_BASE_DIR"
 
 args=""
 for tag in ${tags[@]}; do
-  args+=" -t $DOCKER_REPOSITORY:$tag"
+  args+=" -t $DOCKER_REPOSITORY:$tag_prefix$tag"
 done
 if [[ $push -eq 1 ]]; then
   args+=" --push"

From 662214250f5d79501e620e4c67200136527619cb Mon Sep 17 00:00:00 2001
From: Robert Brennan <contact@rbren.io>
Date: Mon, 29 Apr 2024 09:31:59 -0400
Subject: [PATCH 03/18] remove if

---
 .github/workflows/ghcr.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/ghcr.yml b/.github/workflows/ghcr.yml
index 124aec2a02d..f0b38b9c56b 100644
--- a/.github/workflows/ghcr.yml
+++ b/.github/workflows/ghcr.yml
@@ -15,7 +15,6 @@ on:
 jobs:
   ghcr_build_and_push:
     runs-on: ubuntu-latest
-    if: github.event_name == 'push' || github.event.inputs.reason != ''
     strategy:
       matrix:
         image: ["app", "evaluation", "sandbox"]

From da2896cd15a87f8881339cea27dbe18d8bbe9319 Mon Sep 17 00:00:00 2001
From: Robert Brennan <contact@rbren.io>
Date: Mon, 29 Apr 2024 09:34:42 -0400
Subject: [PATCH 04/18] add permissions

---
 .github/workflows/ghcr.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/ghcr.yml b/.github/workflows/ghcr.yml
index f0b38b9c56b..392e7267e1a 100644
--- a/.github/workflows/ghcr.yml
+++ b/.github/workflows/ghcr.yml
@@ -15,6 +15,11 @@ on:
 jobs:
   ghcr_build_and_push:
     runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: write
+
     strategy:
       matrix:
         image: ["app", "evaluation", "sandbox"]

From cf80c3a810c74ba7487ea03b39146999c38669d8 Mon Sep 17 00:00:00 2001
From: Robert Brennan <contact@rbren.io>
Date: Mon, 29 Apr 2024 09:44:28 -0400
Subject: [PATCH 05/18] change ghcr login

---
 .github/workflows/ghcr.yml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ghcr.yml b/.github/workflows/ghcr.yml
index 392e7267e1a..da430d057bd 100644
--- a/.github/workflows/ghcr.yml
+++ b/.github/workflows/ghcr.yml
@@ -35,8 +35,12 @@ jobs:
         id: buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Log-in to ghcr.io
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+      - name: Login to ghcr
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Delete huge unnecessary tools folder
         run: rm -rf /opt/hostedtoolcache

From 78fac52cc04b3d2a0070aceb87ee439df68b7c0c Mon Sep 17 00:00:00 2001
From: Robert Brennan <contact@rbren.io>
Date: Mon, 29 Apr 2024 09:49:19 -0400
Subject: [PATCH 06/18] empty commit


From 0073d2c08869caf5f2c09a23f71b28b75684317e Mon Sep 17 00:00:00 2001
From: Robert Brennan <contact@rbren.io>
Date: Mon, 29 Apr 2024 09:51:04 -0400
Subject: [PATCH 07/18] always use opendevin as org

---
 .github/workflows/ghcr.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/ghcr.yml b/.github/workflows/ghcr.yml
index da430d057bd..903677b90fa 100644
--- a/.github/workflows/ghcr.yml
+++ b/.github/workflows/ghcr.yml
@@ -47,8 +47,7 @@ jobs:
 
       - name: Build and push ${{ matrix.image }}
         run: |
-          ORG_NAME=$(echo "${{ github.repository }}" | tr '[A-Z]' '[a-z]' | cut -d '/' -f 1)
-          ./containers/build.sh ${{ matrix.image }} $ORG_NAME ${{ github.actor }} --push
+          ./containers/build.sh ${{ matrix.image }} OpenDevin ${{ github.actor }} --push
 
   docker_build_success:
     name: Docker Build Success

From 9a0205c7a0c2e7485dd5f3cd82e5d0dbd0df8475 Mon Sep 17 00:00:00 2001
From: Robert Brennan <contact@rbren.io>
Date: Mon, 29 Apr 2024 09:52:16 -0400
Subject: [PATCH 08/18] lowercase

---
 .github/workflows/ghcr.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ghcr.yml b/.github/workflows/ghcr.yml
index 903677b90fa..812904c71d6 100644
--- a/.github/workflows/ghcr.yml
+++ b/.github/workflows/ghcr.yml
@@ -47,7 +47,7 @@ jobs:
 
       - name: Build and push ${{ matrix.image }}
         run: |
-          ./containers/build.sh ${{ matrix.image }} OpenDevin ${{ github.actor }} --push
+          ./containers/build.sh ${{ matrix.image }} opendevin ${{ github.actor }} --push
 
   docker_build_success:
     name: Docker Build Success

From 54da15faa5bc18863fb45203fe988eb5d0b87229 Mon Sep 17 00:00:00 2001
From: Robert Brennan <contact@rbren.io>
Date: Mon, 29 Apr 2024 11:34:11 -0400
Subject: [PATCH 09/18] no client token

---
 .github/workflows/ghcr.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/ghcr.yml b/.github/workflows/ghcr.yml
index 812904c71d6..8e821c12afc 100644
--- a/.github/workflows/ghcr.yml
+++ b/.github/workflows/ghcr.yml
@@ -46,6 +46,8 @@ jobs:
         run: rm -rf /opt/hostedtoolcache
 
       - name: Build and push ${{ matrix.image }}
+        env:
+          BUILDKIT_NO_CLIENT_TOKEN: "true"
         run: |
           ./containers/build.sh ${{ matrix.image }} opendevin ${{ github.actor }} --push
 

From 5deda4775bc85b47e92b85ab11e1bf4c6ce06337 Mon Sep 17 00:00:00 2001
From: Robert Brennan <contact@rbren.io>
Date: Mon, 29 Apr 2024 11:41:10 -0400
Subject: [PATCH 10/18] dont push on forks

---
 .github/workflows/ghcr.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/ghcr.yml b/.github/workflows/ghcr.yml
index 8e821c12afc..33f60a107d2 100644
--- a/.github/workflows/ghcr.yml
+++ b/.github/workflows/ghcr.yml
@@ -46,11 +46,19 @@ jobs:
         run: rm -rf /opt/hostedtoolcache
 
       - name: Build and push ${{ matrix.image }}
+        if: github.event.pull_request.head.repo.full_name == github.repository
         env:
           BUILDKIT_NO_CLIENT_TOKEN: "true"
         run: |
           ./containers/build.sh ${{ matrix.image }} opendevin ${{ github.actor }} --push
 
+      - name: Build ${{ matrix.image }}
+        if: github.event.pull_request.head.repo.full_name != github.repository
+        env:
+          BUILDKIT_NO_CLIENT_TOKEN: "true"
+        run: |
+          ./containers/build.sh ${{ matrix.image }} opendevin ${{ github.actor }}
+
   docker_build_success:
     name: Docker Build Success
     runs-on: ubuntu-latest

From 61f05fa96291a106314abc51c05b6d996457a350 Mon Sep 17 00:00:00 2001
From: Robert Brennan <contact@rbren.io>
Date: Mon, 29 Apr 2024 11:41:37 -0400
Subject: [PATCH 11/18] remove env

---
 .github/workflows/ghcr.yml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/.github/workflows/ghcr.yml b/.github/workflows/ghcr.yml
index 33f60a107d2..82e6ddf9b04 100644
--- a/.github/workflows/ghcr.yml
+++ b/.github/workflows/ghcr.yml
@@ -47,15 +47,11 @@ jobs:
 
       - name: Build and push ${{ matrix.image }}
         if: github.event.pull_request.head.repo.full_name == github.repository
-        env:
-          BUILDKIT_NO_CLIENT_TOKEN: "true"
         run: |
           ./containers/build.sh ${{ matrix.image }} opendevin ${{ github.actor }} --push
 
       - name: Build ${{ matrix.image }}
         if: github.event.pull_request.head.repo.full_name != github.repository
-        env:
-          BUILDKIT_NO_CLIENT_TOKEN: "true"
         run: |
           ./containers/build.sh ${{ matrix.image }} opendevin ${{ github.actor }}
 

From a5dd72872bfa1b4d6b0a2a58ca155d37a27e2d09 Mon Sep 17 00:00:00 2001
From: Robert Brennan <contact@rbren.io>
Date: Mon, 29 Apr 2024 11:43:21 -0400
Subject: [PATCH 12/18] only cache-to if pushing

---
 containers/build.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/containers/build.sh b/containers/build.sh
index c8405f58fde..af7ed7d650b 100755
--- a/containers/build.sh
+++ b/containers/build.sh
@@ -58,12 +58,12 @@ for tag in ${tags[@]}; do
 done
 if [[ $push -eq 1 ]]; then
   args+=" --push"
+  args+=" --cache-to=type=registry,ref=$DOCKER_REPOSITORY:$cache_tag,mode=max"
 fi
 
 docker buildx build \
   $args \
   --build-arg OPEN_DEVIN_BUILD_VERSION=$OPEN_DEVIN_BUILD_VERSION \
-  --cache-to=type=registry,ref=$DOCKER_REPOSITORY:$cache_tag,mode=max \
   --cache-from=type=registry,ref=$DOCKER_REPOSITORY:$cache_tag \
   --cache-from=type=registry,ref=$DOCKER_REPOSITORY:$cache_tag_base-main \
   --platform linux/amd64,linux/arm64 \

From 315129bea7058eeb7f574a7ab1b9d4a5ea8d5c58 Mon Sep 17 00:00:00 2001
From: Robert Brennan <contact@rbren.io>
Date: Mon, 29 Apr 2024 11:46:10 -0400
Subject: [PATCH 13/18] fix org name

---
 .github/workflows/ghcr.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ghcr.yml b/.github/workflows/ghcr.yml
index 82e6ddf9b04..35fd75e6b48 100644
--- a/.github/workflows/ghcr.yml
+++ b/.github/workflows/ghcr.yml
@@ -48,12 +48,14 @@ jobs:
       - name: Build and push ${{ matrix.image }}
         if: github.event.pull_request.head.repo.full_name == github.repository
         run: |
-          ./containers/build.sh ${{ matrix.image }} opendevin ${{ github.actor }} --push
+          ORG_NAME=$(echo "${{ github.repository }}" | tr '[A-Z]' '[a-z]' | cut -d '/' -f 1)
+          ./containers/build.sh ${{ matrix.image }} $ORG_NAME ${{ github.actor }} --push
 
       - name: Build ${{ matrix.image }}
         if: github.event.pull_request.head.repo.full_name != github.repository
         run: |
-          ./containers/build.sh ${{ matrix.image }} opendevin ${{ github.actor }}
+          ORG_NAME=$(echo "${{ github.repository }}" | tr '[A-Z]' '[a-z]' | cut -d '/' -f 1)
+          ./containers/build.sh ${{ matrix.image }} $ORG_NAME ${{ github.actor }}
 
   docker_build_success:
     name: Docker Build Success

From a7cc2e3d48ffa06eb1d2ba98eb2e882244033be7 Mon Sep 17 00:00:00 2001
From: Robert Brennan <contact@rbren.io>
Date: Mon, 29 Apr 2024 11:47:00 -0400
Subject: [PATCH 14/18] fix owner

---
 .github/workflows/ghcr.yml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ghcr.yml b/.github/workflows/ghcr.yml
index 35fd75e6b48..ed6eac5a204 100644
--- a/.github/workflows/ghcr.yml
+++ b/.github/workflows/ghcr.yml
@@ -48,14 +48,12 @@ jobs:
       - name: Build and push ${{ matrix.image }}
         if: github.event.pull_request.head.repo.full_name == github.repository
         run: |
-          ORG_NAME=$(echo "${{ github.repository }}" | tr '[A-Z]' '[a-z]' | cut -d '/' -f 1)
-          ./containers/build.sh ${{ matrix.image }} $ORG_NAME ${{ github.actor }} --push
+          ./containers/build.sh ${{ matrix.image }} ${{ github.repository_owner }} ${{ github.actor }} --push
 
       - name: Build ${{ matrix.image }}
         if: github.event.pull_request.head.repo.full_name != github.repository
         run: |
-          ORG_NAME=$(echo "${{ github.repository }}" | tr '[A-Z]' '[a-z]' | cut -d '/' -f 1)
-          ./containers/build.sh ${{ matrix.image }} $ORG_NAME ${{ github.actor }}
+          ./containers/build.sh ${{ matrix.image }} ${{ github.repository_owner }} ${{ github.actor }}
 
   docker_build_success:
     name: Docker Build Success

From 003d92a9d59f1ddc66b0786ff631bcd1c1596729 Mon Sep 17 00:00:00 2001
From: Robert Brennan <accounts@rbren.io>
Date: Mon, 29 Apr 2024 14:04:25 -0400
Subject: [PATCH 15/18] Update containers/build.sh

Co-authored-by: Graham Neubig <neubig@gmail.com>
---
 containers/build.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/containers/build.sh b/containers/build.sh
index af7ed7d650b..50d2918d271 100755
--- a/containers/build.sh
+++ b/containers/build.sh
@@ -5,7 +5,7 @@ image_name=$1
 org_name=$2
 tag_prefix="$3-"
 push=0
-if [[ $3 == "--push" ]]; then
+if [[ $4 == "--push" ]]; then
   push=1
 fi
 

From 68c81dc0d28d4c132706f9b92de42c7a47b99182 Mon Sep 17 00:00:00 2001
From: Robert Brennan <contact@rbren.io>
Date: Mon, 29 Apr 2024 14:06:09 -0400
Subject: [PATCH 16/18] lowercase

---
 containers/build.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/containers/build.sh b/containers/build.sh
index af7ed7d650b..b3cc5b2d253 100755
--- a/containers/build.sh
+++ b/containers/build.sh
@@ -4,6 +4,7 @@ set -eo pipefail
 image_name=$1
 org_name=$2
 tag_prefix="$3-"
+tag_prefix=${tag_prefix,,}
 push=0
 if [[ $3 == "--push" ]]; then
   push=1

From 36065b68127c59998246ae671fea49a20fb51e86 Mon Sep 17 00:00:00 2001
From: Robert Brennan <contact@rbren.io>
Date: Mon, 29 Apr 2024 14:07:13 -0400
Subject: [PATCH 17/18] remove tag prefix

---
 .github/workflows/ghcr.yml |  4 ++--
 containers/build.sh        | 10 ++--------
 2 files changed, 4 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/ghcr.yml b/.github/workflows/ghcr.yml
index ed6eac5a204..d6cb826edc2 100644
--- a/.github/workflows/ghcr.yml
+++ b/.github/workflows/ghcr.yml
@@ -48,12 +48,12 @@ jobs:
       - name: Build and push ${{ matrix.image }}
         if: github.event.pull_request.head.repo.full_name == github.repository
         run: |
-          ./containers/build.sh ${{ matrix.image }} ${{ github.repository_owner }} ${{ github.actor }} --push
+          ./containers/build.sh ${{ matrix.image }} ${{ github.repository_owner }} --push
 
       - name: Build ${{ matrix.image }}
         if: github.event.pull_request.head.repo.full_name != github.repository
         run: |
-          ./containers/build.sh ${{ matrix.image }} ${{ github.repository_owner }} ${{ github.actor }}
+          ./containers/build.sh ${{ matrix.image }} ${{ github.repository_owner }}
 
   docker_build_success:
     name: Docker Build Success
diff --git a/containers/build.sh b/containers/build.sh
index 4defcee85c9..6daecffafd3 100755
--- a/containers/build.sh
+++ b/containers/build.sh
@@ -3,10 +3,8 @@ set -eo pipefail
 
 image_name=$1
 org_name=$2
-tag_prefix="$3-"
-tag_prefix=${tag_prefix,,}
 push=0
-if [[ $4 == "--push" ]]; then
+if [[ $3 == "--push" ]]; then
   push=1
 fi
 
@@ -24,10 +22,6 @@ if [[ -n $GITHUB_REF_NAME ]]; then
     major_version=$(echo $GITHUB_REF_NAME | cut -d. -f1)
     minor_version=$(echo $GITHUB_REF_NAME | cut -d. -f1,2)
     tags+=($major_version $minor_version)
-    tag_prefix="" # don't prefix version tags
-  fi
-  if [[ $GITHUB_REF_NAME == "main" ]]; then
-    tag_prefix="" # don't prefix main tag
   fi
   sanitized=$(echo $GITHUB_REF_NAME | sed 's/[^a-zA-Z0-9.-]\+/-/g')
   OPEN_DEVIN_BUILD_VERSION=$sanitized
@@ -55,7 +49,7 @@ echo "Base dir: $DOCKER_BASE_DIR"
 
 args=""
 for tag in ${tags[@]}; do
-  args+=" -t $DOCKER_REPOSITORY:$tag_prefix$tag"
+  args+=" -t $DOCKER_REPOSITORY:$tag"
 done
 if [[ $push -eq 1 ]]; then
   args+=" --push"

From 306dd12685a4c0f896b5cfd85b4de3b57de8fc6c Mon Sep 17 00:00:00 2001
From: Robert Brennan <contact@rbren.io>
Date: Mon, 29 Apr 2024 14:07:54 -0400
Subject: [PATCH 18/18] lowercase

---
 containers/build.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/containers/build.sh b/containers/build.sh
index 6daecffafd3..51420935025 100755
--- a/containers/build.sh
+++ b/containers/build.sh
@@ -44,6 +44,7 @@ if [[ -n "$org_name" ]]; then
   DOCKER_ORG="$org_name"
 fi
 DOCKER_REPOSITORY=$DOCKER_REGISTRY/$DOCKER_ORG/$DOCKER_IMAGE
+DOCKER_REPOSITORY=${DOCKER_REPOSITORY,,} # lowercase
 echo "Repo: $DOCKER_REPOSITORY"
 echo "Base dir: $DOCKER_BASE_DIR"