Upgrade to sysbox 0.7.0

.github/workflows/ci.yaml

@@ -195,7 +195,7 @@ jobs:
         run: exit 0
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.29.0
+        uses: aquasecurity/trivy-action@0.34.2
         with:
           image-ref: envbox:latest
           format: sarif
@@ -270,6 +270,6 @@ jobs:
       - name: Tag and push envbox-preview
         run: |
           VERSION=$(./scripts/version.sh)-dev-$(git rev-parse --short HEAD)
-          BASE=ghcr.io/coder/envbox-preview
+          BASE=ghcr.io/${{ github.repository_owner }}/envbox-preview
           docker tag envbox "${BASE}:${VERSION}"
           docker push "${BASE}:${VERSION}"

.github/workflows/latest.yaml

@@ -36,10 +36,10 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Create Manifest
         run: |
-          docker manifest create ghcr.io/coder/envbox:latest \
-            --amend ghcr.io/coder/envbox:${{ github.event.inputs.tag }}-amd64 \
-            --amend ghcr.io/coder/envbox:${{ github.event.inputs.tag }}-arm64
+          docker manifest create ghcr.io/${{ github.repository_owner }}/envbox:latest \
+            --amend ghcr.io/${{ github.repository_owner }}/envbox:${{ github.event.inputs.tag }}-amd64 \
+            --amend ghcr.io/${{ github.repository_owner }}/envbox:${{ github.event.inputs.tag }}-arm64
 
       - name: Push Manifest
         run: |
-          docker manifest push ghcr.io/coder/envbox:latest
+          docker manifest push ghcr.io/${{ github.repository_owner }}/envbox:latest

.github/workflows/release.yaml

@@ -31,11 +31,11 @@ jobs:
         include:
           - os: ubuntu-22.04
             arch: linux/amd64
-            sha: b7ac389e5a19592cadf16e0ca30e40919516128f6e1b7f99e1cb4ff64554172e
+            sha: eeff273671467b8fa351ab3d40709759462dc03d9f7b50a1b207b37982ce40a9
             arch-suffix: amd64
           - os: depot-ubuntu-22.04-arm
             arch: linux/arm64
-            sha: 16d80123ba53058cf90f5a68686e297621ea97942602682e34b3352783908f91
+            sha: eae9c0e91ddd39bd1826d6a7a313a73d42a8449ef5113e9d6d118b559cb809ba
             arch-suffix: arm64
     runs-on: ${{ matrix.os }}
     steps:
@@ -79,10 +79,10 @@ jobs:
         run: make -j ARCH=${{ matrix.arch }} SYSBOX_SHA=${{ matrix.sha }} build/image/envbox
 
       - name: Tag Image
-        run: docker tag envbox ghcr.io/coder/envbox:${{ github.event.inputs.version }}-${{ matrix.arch-suffix }}
+        run: docker tag envbox ghcr.io/${{ github.repository_owner }}/envbox:${{ github.event.inputs.version }}-${{ matrix.arch-suffix }}
 
       - name: Push Image
-        run: docker push ghcr.io/coder/envbox:${{ github.event.inputs.version }}-${{ matrix.arch-suffix }}
+        run: docker push ghcr.io/${{ github.repository_owner }}/envbox:${{ github.event.inputs.version }}-${{ matrix.arch-suffix }}
   manifest:
     runs-on: ubuntu-22.04
     needs: release
@@ -100,12 +100,12 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Create Manifest
         run: |
-          docker manifest create ghcr.io/coder/envbox:${{ github.event.inputs.version }} \
-            --amend ghcr.io/coder/envbox:${{ github.event.inputs.version }}-amd64 \
-            --amend ghcr.io/coder/envbox:${{ github.event.inputs.version }}-arm64
+          docker manifest create ghcr.io/${{ github.repository_owner }}/envbox:${{ github.event.inputs.version }} \
+            --amend ghcr.io/${{ github.repository_owner }}/envbox:${{ github.event.inputs.version }}-amd64 \
+            --amend ghcr.io/${{ github.repository_owner }}/envbox:${{ github.event.inputs.version }}-arm64
       - name: Push Manifest
         run: |
-          docker manifest push ghcr.io/coder/envbox:${{ github.event.inputs.version }}
+          docker manifest push ghcr.io/${{ github.repository_owner }}/envbox:${{ github.event.inputs.version }}
 
   tag:
     runs-on: ubuntu-22.04

deploy/Dockerfile

@@ -2,11 +2,11 @@
 FROM ubuntu:jammy
 
 ARG TARGETARCH
-# This should be updated in the Makefile whenever the version is changed. 
+# This should be updated in the Makefile whenever the version is changed.
 # We don't hardcode it here because we have to be able to build both
 # amd and arm
 ARG SYSBOX_SHA
-ARG SYSBOX_VERSION="0.6.7"
+ARG SYSBOX_VERSION="0.7.0"
 ARG SYSBOX_DEB="sysbox-ce_$SYSBOX_VERSION-0.linux_$TARGETARCH.deb"
 
 # Copy configuration files to appropriate locations
@@ -20,9 +20,9 @@ LABEL \
 
 # Basic utilities
 ARG DEBIAN_FRONTEND=noninteractive
-# Pin docker to avoid any breaking API changes between the Go client and 
-# the server.
-ARG DOCKER_VERSION="5:27.3.1-1~ubuntu.22.04~jammy"
+# Pin docker to avoid any breaking API changes between the Go client and
+# the server. Use latest LTS/stable from https://download.docker.com/linux/ubuntu/dists/jammy/pool/stable/
+ARG DOCKER_VERSION="5:29.2.1-1~ubuntu.22.04~jammy"
 #   Ignore other repositories, as some require HTTPS
 RUN apt-get update --quiet --option Dir::Etc::SourceParts="" && \
     apt-get upgrade -y && \
@@ -33,7 +33,7 @@ RUN apt-get update --quiet --option Dir::Etc::SourceParts="" && \
       ca-certificates \
       curl \
       dialog \
-      fuse \
+      fuse3 \
       iproute2 \
       jq \
       kmod \

dockerutil/client.go

@@ -32,7 +32,10 @@ func WithClient(ctx context.Context, client Client) context.Context {
 func ExtractClient(ctx context.Context) (Client, error) {
 	client := ctx.Value(clientKey{})
 	if client == nil {
-		client, err := dockerclient.NewClientWithOpts(dockerclient.FromEnv)
+		client, err := dockerclient.NewClientWithOpts(
+			dockerclient.FromEnv,
+			dockerclient.WithAPIVersionNegotiation(), // use daemon's max API (e.g. 1.47) so we don't exceed it
+		)
 		if err != nil {
 			return nil, xerrors.Errorf("new env client: %w", err)
 		}