This Week #7: Faster CI Builds, Secrets, Devbox Deploys

This week from the Jetpack team: cutting Devbox CI build times by 66%, plus updates on Secrets and Devbox Deploys


Rolled out a fresh version of the devbox-installer GitHub action to address issues and questions on Discord. This v0.7.0 update tackles Nix caching problems on both Linux and macOS. I had to do some serious detective work, as there were loads of open issues about the action/cache’s lack of sudo permissions.

After a few tries, I went the bash route and overwrote the default tar and gtar executable. It was not the most elegant solution, but it works. Our own opensource repo build time dropped from 3 minutes to just 1 minute!

I spent the rest of my time fine-tuning our login flow and dogfooding envsec.


This week was all about implementation. My main focus was implementing the database connection part of our deployments project. But that came with having back and forth discussions on database schema, and wether the database connection layer should be an http endpoint or a importable go package. We settled on the latter for now but I also need to build an endpoint for onboarding projects which I'm gonna focus on this week.


My week was mostly focused on fixing bugs and doing some cleanup of the search service code. Savil and I spent time integrating patchelf into the flake generated by Devbox to fix more dynamic linker issues. We're playing around with patching binaries in cases where one program depends on an older version on glibc and another depends on a newer version. Because glibc aims to be backwards-compatible, we can patch the old program to use the newer glibc so that both will play nicely in the same environment.


This week I continued working on what’s becoming our new deployments tool/product. I removed a lot of the hard-coding I had introduced in the past as part of the proof-of-concept, and generalized the settings into a configuration schema. That schema will be saved into a DB and managed by the end user through a dashboard or API (this is what Mohsen has been working on). So the next steps are to integrate our work together and start using it internally for the search service.


This past week I was focused on resolving issues with glibc dynamic linking that some devbox projects face. After trying a few different approaches, and encountering obstacles due to their limitations, Greg and I finally seem to have found a promising path forward. This involves prewarming the linker-loader cache of a binary to use newer glibc libraries. I am in the process of verifying that this works for some of the issues users have filed.


This week I focused on dogfooding our upcoming authentication and secrets flow, and logging design + workfow improvements for our envsec beta. I also analyzed and put together an initial proposal for our billing flow for the upcoming Jetpack Cloud product.

I also spent a lot of time addressing user feedback on Discord and Github:
• Updated our plugin creation docs for more clarity and accuracy.
• Helped out a user with a fairly complex PHP + SqlServer configuration
• Tested and repro'd a few issues with our upcoming nixpkg-less install flow


Spent most of the week finishing up the devbox-envsec integration. Devbox now leverages our new runx library which can install binaries released by any github repo. runx allows devbox to use envsec seamlessly without requiring a new installation or prompting the user to take any action except logging in.

Worked on a prototype dependency sync feature for Devbox that syncs all resolved dependencies in a repo which allows improves efficiency and provides more consistent versioning.

Worked on some CICD improvements, including new devbox action caching, golang caching, and also turned on integration tests for nix 2.18 which was released last week.


Worked together with Rodrigo and Mohsen on our deployments-related service. We're somewhat behind on where we want the implementation to be, but we had good conversations around the desired architecture, how it should integrate with our underlying cloud providers, etc.

Planned a couple of trips to the Bay Area, including a plan to attend the Cloud 100 celebration since we were selected as a rising star this year.