Drop docker-compose fork, use upstream with dockerd MTU propagation

The gitpod-io/compose fork's only change — reading MTU from ceth0 to
set it on compose-created networks — has been broken since Feb 2023
when the workspace interface was renamed from ceth0 to eth0 (40830a8).
The MTU override has been silently skipped for 3+ years.

Instead of maintaining the fork, propagate MTU to compose-created
networks via dockerd's --default-network-opt flag (supported since
Docker 27.0; we ship 27.5.1). docker-up already reads the correct
MTU from eth0 for --mtu and --network-control-plane-mtu.

Changes:
- docker-up: add --default-network-opt=bridge=com.docker.network.driver.mtu
- WORKSPACE.yaml: update dockerComposeVersion to upstream 2.40.3
- dependencies.sh: download from docker/compose instead of gitpod-io/compose

This eliminates the critical grpc CVE (GHSA-p77j-4mvh-x3m3) in the
forked docker-compose binary and restores the MTU behavior that was
silently broken.

Co-authored-by: Ona <no-reply@ona.com>

Author: 2 people

WORKSPACE.yaml

@@ -24,7 +24,7 @@ defaultArgs:
   rustroverDownloadUrl: "https://download.jetbrains.com/rustrover/RustRover-2025.1.2.tar.gz"
   jbBackendVersion: "latest"
   dockerVersion: "27.5.1"
-  dockerComposeVersion: "2.34.0-gitpod.1"
+  dockerComposeVersion: "2.40.3"
   ipfsKuboVersion: "v0.18.0"
   ipfsClusterVersion: "v1.0.8"
   schedulerExtenderVersion: "c1925d8"

components/docker-up/dependencies.sh

@@ -9,10 +9,10 @@ RUNC_VERSION=v1.1.9
 
 # DOCKER_VERSION and DOCKER_COMPOSE_VERSION are defined in WORKSPACE.yaml
 curl -o docker.tgz      -fsSL "https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz"
-# Docker Compose is forked, we have to override the MTU
-curl -o docker-compose  -fsSL "https://github.com/gitpod-io/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-linux-x86_64"
-curl -o docker-compose-linux-x86_64.provenance.json -fsSL "https://github.com/gitpod-io/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-linux-x86_64.provenance.json"
-curl -o docker-compose-linux-x86_64.sbom.json -fsSL "https://github.com/gitpod-io/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-linux-x86_64.sbom.json"
-curl -o checksums.txt  -fsSL "https://github.com/gitpod-io/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/checksums.txt"
+# Docker Compose — using upstream; MTU is propagated via dockerd --default-network-opt
+curl -o docker-compose  -fsSL "https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-linux-x86_64"
+curl -o docker-compose-linux-x86_64.provenance.json -fsSL "https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-linux-x86_64.provenance.json"
+curl -o docker-compose-linux-x86_64.sbom.json -fsSL "https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-linux-x86_64.sbom.json"
+curl -o checksums.txt  -fsSL "https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/checksums.txt"
 
 curl -o runc            -fsSL "https://github.com/opencontainers/runc/releases/download/${RUNC_VERSION}/runc.amd64"

components/docker-up/docker-up/main.go

@@ -135,6 +135,8 @@ func runWithinNetns() (err error) {
 	args = append(args, fmt.Sprintf("--mtu=%v", netIface.Attrs().MTU))
 	// configure docker0 MTU (used as control plane, not related to containers)
 	args = append(args, fmt.Sprintf("--network-control-plane-mtu=%v", netIface.Attrs().MTU))
+	// propagate MTU to all newly created bridge networks (e.g. docker-compose project networks)
+	args = append(args, fmt.Sprintf("--default-network-opt=bridge=com.docker.network.driver.mtu=%v", netIface.Attrs().MTU))
 
 	// cmp. ENT-324: Required to run dockerd >= 26.1 in a Gitpod workspace
 	os.Setenv("DOCKER_ALLOW_IPV6_ON_IPV4_INTERFACE", "1")