feat: add sops

Add sops. Aslo bump deps. Signed-off-by: Noel Georgi <[email protected]>
siderolabs · Apr 18, 2024 · 0acc0b4 · 0acc0b4
1 parent 6b272c5
commit 0acc0b4
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 9 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,14 +1,14 @@
-ARG DOCKER=docker:25.0.2-dind
+ARG DOCKER=docker:26.0.1-dind
 
 FROM $DOCKER as docker
 
 FROM alpine:3.19.1
 
 # https://github.com/twistedpair/google-cloud-sdk/ is a mirror that replicates the gcloud sdk versions
 # renovate: datasource=github-tags depName=twistedpair/google-cloud-sdk
-ARG CLOUD_SDK_VERSION=458.0.1
+ARG CLOUD_SDK_VERSION=472.0.0
 # renovate: datasource=github-releases depName=docker/buildx
-ARG BUILDX_VERSION=v0.12.1
+ARG BUILDX_VERSION=v0.13.1
 # renovate: datasource=github-releases extractVersion=^v(?<version>.*)$ depName=hashicorp/terraform
 ARG TERRAFORM_VERSION=1.7.3
 

diff --git a/Dockerfile.actions-runner-ubuntu-22.04 b/Dockerfile.actions-runner-ubuntu-22.04
@@ -1,8 +1,10 @@
 FROM summerwind/actions-runner-dind:ubuntu-22.04
 # renovate: datasource=github-releases depName=google/go-containerregistry
-ARG CRANE_VERSION=v0.19.0
+ARG CRANE_VERSION=v0.19.1
 # renovate: datasource=github-releases depName=mikefarah/yq
-ARG YQ_VERSION=v4.40.5
+ARG YQ_VERSION=v4.43.1
+# renovate: datasource=github-releases depName=getsops/sops
+ARG SOPS_VERSION=v3.8.1
 USER root
 RUN apt update && \
 	apt upgrade -y && \
@@ -22,6 +24,7 @@ RUN apt update && \
 	diffoscope \
 	gh
 
-RUN curl -SL https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 -o /usr/bin/yq && chmod +x /usr/bin/yq
-RUN curl -SL https://github.com/google/go-containerregistry/releases/download/${CRANE_VERSION}/go-containerregistry_Linux_x86_64.tar.gz | tar xzf - -C /usr/local/bin/ crane
+RUN curl -fSL https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 -o /usr/bin/yq && chmod +x /usr/bin/yq
+RUN curl -fSL https://github.com/google/go-containerregistry/releases/download/${CRANE_VERSION}/go-containerregistry_Linux_x86_64.tar.gz | tar xzf - -C /usr/local/bin/ crane
+RUN curl -fSL https://github.com/getsops/sops/releases/download/${SOPS_VERSION}/sops-${SOPS_VERSION}.linux.amd64 -o /usr/bin/sops && chmod +x /usr/bin/sops
 USER runner
diff --git a/hack/scripts/setup-buildx-amd64-arm64 b/hack/scripts/setup-buildx-amd64-arm64
@@ -3,7 +3,7 @@
 set -eou pipefail
 
 # renovate: datasource=github-releases depName=moby/buildkit
-BUILDKIT_IMAGE="docker.io/moby/buildkit:v0.12.5"
+BUILDKIT_IMAGE="docker.io/moby/buildkit:v0.13.1"
 
 docker buildx create --driver docker-container --platform linux/amd64 --name xbuild --use --driver-opt image=${BUILDKIT_IMAGE} --config /usr/local/bin/buildkit.toml
 docker buildx create --append --name xbuild --platform linux/arm64 tcp://docker-arm64.ci.svc:2376 --driver-opt image=${BUILDKIT_IMAGE} --config /usr/local/bin/buildkit.toml
diff --git a/hack/scripts/setup-ci b/hack/scripts/setup-ci
@@ -5,7 +5,7 @@ set -ex
 export TAG=$(git log --oneline --format=%B -n 1 HEAD | head -n 1 | sed -r "/^release\(/ s/^release\((.*)\):.*$/\\1/; t; Q")
 
 # renovate: datasource=github-releases depName=moby/buildkit
-BUILDKIT_IMAGE="docker.io/moby/buildkit:v0.12.5"
+BUILDKIT_IMAGE="docker.io/moby/buildkit:v0.13.1"
 
 # setup buildkit across amd64/arm64 workers
 function setup_buildkit() {