Merge branch 'main' into feat/add-project-nodes-to-user-node

.github/workflows/ci.yml

@@ -376,7 +376,7 @@ jobs:
         pants list --filter-tag-regex='checksum' '::' | xargs -n 1 pants run
         # Merge checksums into a single file
         cat dist/*.sha256 > dist/checksum.txt
-        sort -u dist/checksum.txt -o dist/checksum.txt
+        mv dist/checksum.txt dist/checksum-${platform_suffix}.txt
         rm dist/*.sha256
     - name: Upload scies
       uses: actions/upload-artifact@v4
@@ -501,6 +501,10 @@ jobs:
         pattern: scies-*
         path: dist
         merge-multiple: true
+    - name: Merge checksum files into one
+      run: |
+        cat dist/checksum-*.txt > dist/checksum.txt
+        sort -u -k2 dist/checksum.txt -o dist/checksum.txt
     - name: Download SBOM report
       uses: actions/download-artifact@v4
       with:

changes/2937.fix.md

@@ -0,0 +1 @@
+Add reject middleware for web security

changes/3000.feature.md

@@ -0,0 +1 @@
+Update tmux version from 3.4 to 3.5a

changes/3199.fix.md

@@ -0,0 +1 @@
+Optimize the route selection in App Proxy using `random.choices()` based on the native C implementation in CPython

changes/3352.feature.md

@@ -0,0 +1 @@
+Enable per-user UID/GID set for containers via user creation and update GraphQL APIs

changes/3361.feature.md

@@ -0,0 +1 @@
+Update SDK and CLI to support per-user UID/GID configuration

changes/3412.feature.md

@@ -0,0 +1 @@
+Add timeout configuration for Docker image push

changes/3461.fix.md

@@ -0,0 +1 @@
+Fix GQL `vfolder_mounts` field resolver of `compute_session` type

changes/3510.feature.md

@@ -0,0 +1 @@
+Add configurable directory permission for vfolders to support mount vfolders on customized UID/GID containers

changes/3513.fix.md

@@ -0,0 +1 @@
+Fix empty tag image scan error in docker registry.

changes/3546.feature.md

@@ -0,0 +1 @@
+Add force delete API for VFolder that bypasses the trash bin

changes/3548.feature.md

@@ -0,0 +1 @@
+Add storage-watcher API to delete VFolders with elevated permissions

changes/3570.fix.md

@@ -0,0 +1 @@
+Fixed "permission denied" error by creating the `grafana-data` directory with 757 permissions

changes/3572.fix.md

@@ -0,0 +1 @@
+Fix Broken CSS by allowing `unsafe-inline` content security policy.

changes/3574.fix.md

@@ -0,0 +1 @@
+Updated route pattern to allow any path ending with "login/" for POST requests to `/pipeline/{path:.*login/$}`

changes/3581.fix.md

@@ -0,0 +1 @@
+Fix vfolder delete SDK function to call 'delete by id' API rather than 'delete by name' API

changes/3583.fix.md

@@ -0,0 +1 @@
+Check intrinsic time files exist before mount

docker-compose.halfstack-2409.yml

@@ -67,6 +67,7 @@ services:
 
   backendai-half-grafana:
     image: grafana/grafana-enterprise:11.4.0
+    restart: unless-stopped
     networks:
       - half
     ports:
@@ -81,6 +82,7 @@ services:
 
   backendai-half-pyroscope:
     image: grafana/pyroscope:1.9.2
+    restart: unless-stopped
     networks:
       - half
     ports:
@@ -90,6 +92,7 @@ services:
 
   backendai-half-prometheus:
     image: prom/prometheus:v3.1.0
+    restart: unless-stopped
     networks:
       - half
     volumes:

docs/manager/graphql-reference/schema.graphql

@@ -732,6 +732,21 @@ type UserNode implements Node {
   totp_activated: Boolean
   totp_activated_at: DateTime
   sudo_session_enabled: Boolean
+
+  """
+  Added in 25.2.0. The user ID (UID) assigned to processes running inside the container.
+  """
+  container_uid: Int
+
+  """
+  Added in 25.2.0. The primary group ID (GID) assigned to processes running inside the container.
+  """
+  container_main_gid: Int
+
+  """
+  Added in 25.2.0. Supplementary group IDs assigned to processes running inside the container.
+  """
+  container_gids: [Int]
 }
 
 """Added in 24.03.0"""
@@ -835,6 +850,21 @@ type User implements Item {
   Added in 24.03.0. Used as the default authentication credential for password-based logins and sets the user's total resource usage limit. User's main_access_key cannot be deleted, and only super-admin can replace main_access_key.
   """
   main_access_key: String
+
+  """
+  Added in 25.2.0. The user ID (UID) assigned to processes running inside the container.
+  """
+  container_uid: Int
+
+  """
+  Added in 25.2.0. The primary group ID (GID) assigned to processes running inside the container.
+  """
+  container_main_gid: Int
+
+  """
+  Added in 25.2.0. Supplementary group IDs assigned to processes running inside the container.
+  """
+  container_gids: [Int]
   groups: [UserGroup]
 }
 
@@ -2131,6 +2161,21 @@ input UserInput {
   totp_activated: Boolean = false
   resource_policy: String = "default"
   sudo_session_enabled: Boolean = false
+
+  """
+  Added in 25.2.0. The user ID (UID) assigned to processes running inside the container.
+  """
+  container_uid: Int
+
+  """
+  Added in 25.2.0. The primary group ID (GID) assigned to processes running inside the container.
+  """
+  container_main_gid: Int
+
+  """
+  Added in 25.2.0. Supplementary group IDs assigned to processes running inside the container.
+  """
+  container_gids: [Int]
 }
 
 type ModifyUser {
@@ -2155,6 +2200,21 @@ input ModifyUserInput {
   resource_policy: String
   sudo_session_enabled: Boolean
   main_access_key: String
+
+  """
+  Added in 25.2.0. The user ID (UID) assigned to processes running inside the container.
+  """
+  container_uid: Int
+
+  """
+  Added in 25.2.0. The primary group ID (GID) assigned to processes running inside the container.
+  """
+  container_main_gid: Int
+
+  """
+  Added in 25.2.0. Supplementary group IDs assigned to processes running inside the container.
+  """
+  container_gids: [Int]
 }
 
 """

docs/manager/rest-reference/openapi.json

@@ -3,7 +3,7 @@
   "info": {
     "title": "Backend.AI Manager API",
     "description": "Backend.AI Manager REST API specification",
-    "version": "24.12.1",
+    "version": "25.1.1",
     "contact": {
       "name": "Lablup Inc.",
       "url": "https://docs.backend.ai",
@@ -3385,6 +3385,35 @@
         "description": "\nDelete `delete-pending` vfolders in storage proxy\n\n\n**Preconditions:**\n* User privilege required.\n"
       }
     },
+    "/folders/{name}/force": {
+      "delete": {
+        "operationId": "folders.force_delete",
+        "tags": [
+          "folders"
+        ],
+        "responses": {
+          "200": {
+            "description": "Successful response"
+          }
+        },
+        "security": [
+          {
+            "TokenAuth": []
+          }
+        ],
+        "parameters": [
+          {
+            "name": "name",
+            "in": "path",
+            "required": true,
+            "schema": {
+              "type": "string"
+            }
+          }
+        ],
+        "description": "\n**Preconditions:**\n* User privilege required.\n* Manager status required: RUNNING\n"
+      }
+    },
     "/folders/invitations/list-sent": {
       "get": {
         "operationId": "folders.list_sent_invitations",