Update all image versions (#174)

## Description We've been running very old images. Some are multiple years old. This gets us newer versions. ## Why is this needed Fixes: # ## How Has This Been Tested? ## How are existing users impacted? What migration steps/scripts do we need? ## Checklist: I have: - [ ] updated the documentation and/or roadmap (if required) - [ ] added unit or e2e tests - [ ] provided instructions on how to upgrade
tinkerbell · Jul 21, 2023 · 3ecb713 · 3ecb713
2 parents 13ab7d7 + cca7dee
commit 3ecb713
Show file tree

Hide file tree

Showing 10 changed files with 104 additions and 145 deletions.
diff --git a/RELEASING.md b/RELEASING.md
@@ -5,7 +5,7 @@
 For version v0.x.y:
 
 1. Create the annotated tag
-   > NOTE: To use your GPG signature when pushing the tag, use `SIGN_TAG=1 ./contrib/tag-release.sh v0.x.y` instead)
+   > NOTE: To use your GPG signature when pushing the tag, use `SIGN_TAG=1 ./contrib/tag-release.sh v0.x.y` instead
    - `./contrib/tag-release.sh v0.x.y`
 1. Push the tag to the GitHub repository. This will automatically trigger a [Github Action](https://github.com/tinkerbell/hook/actions) to create a release.
    > NOTE: `origin` should be the name of the remote pointing to `github.com/tinkerbell/boots`

diff --git a/contrib/tag-release.sh b/contrib/tag-release.sh
@@ -13,7 +13,7 @@ new_tag=${1-}
 	exit 1
 )
 
-if [[ $(git symbolic-ref HEAD) != refs/heads/main ]] && [[ -z ${ALLOW_NON_MAIN:-} ]]; then
+if [[ $(git symbolic-ref HEAD) != refs/heads/main ]] && [[ -z ${ALLOW_NON_MAIN-} ]]; then
 	echo "Must be on main branch" >&2
 	exit 1
 fi

diff --git a/hook-bootkit/Dockerfile b/hook-bootkit/Dockerfile
@@ -1,12 +1,8 @@
-# syntax=docker/dockerfile:experimental
-
-FROM golang:1.17-alpine as dev
+FROM golang:1.20-alpine as dev
 COPY . /src/
 WORKDIR /src
-ENV GO111MODULE=on
-RUN --mount=type=cache,sharing=locked,id=gomod,target=/go/pkg/mod/cache \
-    --mount=type=cache,sharing=locked,id=goroot,target=/root/.cache/go-build \
-    CGO_ENABLED=0 go build -a -ldflags '-w -extldflags "-static"' -o /bootkit
+RUN go mod download
+RUN CGO_ENABLED=0 go build -a -ldflags '-w -extldflags "-static"' -o /bootkit
 
 FROM scratch
 COPY --from=dev /bootkit .

diff --git a/hook-bootkit/go.mod b/hook-bootkit/go.mod
@@ -2,30 +2,32 @@ module github.com/tinkerbell/hook/hook-bootkit
 
 go 1.17
 
-require github.com/docker/docker v20.10.2+incompatible
+require (
+	github.com/cenkalti/backoff/v4 v4.2.1
+	github.com/docker/docker v24.0.4+incompatible
+)
 
 require (
-	github.com/Microsoft/go-winio v0.4.16 // indirect
-	github.com/cenkalti/backoff/v4 v4.1.3 // indirect
-	github.com/containerd/containerd v1.4.3 // indirect
-	github.com/docker/distribution v2.7.1+incompatible // indirect
+	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
+	github.com/Microsoft/go-winio v0.6.1 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/docker/distribution v2.8.2+incompatible // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
-	github.com/docker/go-units v0.4.0 // indirect
+	github.com/docker/go-units v0.5.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/protobuf v1.4.2 // indirect
-	github.com/google/go-cmp v0.5.5 // indirect
-	github.com/gorilla/mux v1.8.0 // indirect
-	github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
+	github.com/moby/term v0.5.0 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.0.1 // indirect
+	github.com/opencontainers/image-spec v1.0.2 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/sirupsen/logrus v1.7.0 // indirect
-	golang.org/x/net v0.0.0-20201021035429-f5854403a974 // indirect
-	golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 // indirect
-	golang.org/x/time v0.0.0-20220411224347-583f2d630306 // indirect
-	google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 // indirect
-	google.golang.org/grpc v1.34.0 // indirect
-	google.golang.org/protobuf v1.25.0 // indirect
-	gotest.tools/v3 v3.2.0 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/stretchr/objx v0.5.0 // indirect
+	github.com/stretchr/testify v1.8.4 // indirect
+	golang.org/x/mod v0.8.0 // indirect
+	golang.org/x/net v0.12.0 // indirect
+	golang.org/x/sys v0.10.0 // indirect
+	golang.org/x/time v0.3.0 // indirect
+	golang.org/x/tools v0.6.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	gotest.tools/v3 v3.5.0 // indirect
 )
diff --git a/hook-bootkit/go.sum b/hook-bootkit/go.sum
diff --git a/hook-bootkit/main.go b/hook-bootkit/main.go
@@ -15,6 +15,7 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/mount"
+	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/client"
 )
 
@@ -111,7 +112,7 @@ func main() {
 		Privileged:  true,
 	}
 
-	authConfig := types.AuthConfig{
+	authConfig := registry.AuthConfig{
 		Username: cfg.username,
 		Password: strings.TrimSuffix(cfg.password, "\n"),
 	}

diff --git a/hook-docker/Dockerfile b/hook-docker/Dockerfile
@@ -1,14 +1,9 @@
-# syntax=docker/dockerfile:experimental
-
-FROM golang:1.17-alpine as dev
+FROM golang:1.20-alpine as dev
 COPY . /src/
 WORKDIR /src
-ENV GO111MODULE=on
-RUN --mount=type=cache,sharing=locked,id=gomod,target=/go/pkg/mod/cache \
-    --mount=type=cache,sharing=locked,id=goroot,target=/root/.cache/go-build \
-    CGO_ENABLED=0 go build -a -ldflags '-w -extldflags "-static"' -o /hook-docker
+RUN CGO_ENABLED=0 go build -a -ldflags '-w -extldflags "-static"' -o /hook-docker
 
-FROM docker:20.10.15-dind
+FROM docker:24.0.4-dind
 RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories
 RUN apk update; apk add kexec-tools
 COPY --from=dev /hook-docker .

diff --git a/hook.yaml b/hook.yaml
@@ -3,17 +3,18 @@ kernel:
   cmdline: "console=tty0 console=ttyS0 console=ttyAMA0 console=ttysclp0"
 
 init:
-  - linuxkit/init:v0.8
+  - linuxkit/init:144c9cee8aed9e30a16940f2bf1d3813883aceda
+  # can't use the latest version of runc because it has a bug that prevents docker from starting containers properly.
   - linuxkit/runc:v0.8
-  - linuxkit/containerd:v0.8
-  - linuxkit/ca-certificates:v0.8
+  - linuxkit/containerd:d445de33c7f08470187b068d247b1c0dea240f0a
+  - linuxkit/ca-certificates:c1c73ef590dffb6a0138cf758fe4a4305c9864f4
 
 onboot:
   - name: sysctl
-    image: linuxkit/sysctl:v0.8
+    image: linuxkit/sysctl:a88a50c104d538b58da5e1441f6f0b4b738f76a6
 
   - name: sysfs
-    image: linuxkit/sysfs:v0.8
+    image: linuxkit/sysfs:5fd982d39ff7bec8e480c67a110acb2d3794c291
 
   - name: vlan
     image: linuxkit/ip:6cc44dd4e18ddb02de01bc4b34b5799971b6a7bf
@@ -22,7 +23,7 @@ onboot:
     command: ["/etc/ip/vlan.sh"]
 
   - name: dhcpcd
-    image: linuxkit/dhcpcd:v0.8
+    image: linuxkit/dhcpcd:52d2c4df0311b182e99241cdc382ff726755c450
     command: ["/etc/ip/dhcp.sh", "true"]
     binds.add:
       - /var/lib/dhcpcd:/var/lib/dhcpcd
@@ -35,17 +36,18 @@ onboot:
 
 services:
   - name: getty
-    image: linuxkit/getty:v0.8
+    image: linuxkit/getty:76951a596aa5e0867a38e28f0b94d620e948e3e8
     binds.add:
       - /etc/profile.d/local.sh:/etc/profile.d/local.sh
+      - /etc/motd:/etc/motd
     env:
       - INSECURE=true
 
   - name: rngd
-    image: linuxkit/rngd:v0.8
+    image: linuxkit/rngd:310c16ec5315bd07d4b8f5332cfa7dc5cbc7d368
 
   - name: dhcpcd
-    image: linuxkit/dhcpcd:v0.8
+    image: linuxkit/dhcpcd:52d2c4df0311b182e99241cdc382ff726755c450
     command: ["/etc/ip/dhcp.sh", "false"]
     binds.add:
       - /var/lib/dhcpcd:/var/lib/dhcpcd
@@ -57,7 +59,7 @@ services:
         - /var/lib/dhcpcd
 
   - name: ntpd
-    image: linuxkit/openntpd:v0.8
+    image: linuxkit/openntpd:d6c36ac367ed26a6eeffd8db78334d9f8041b038
     binds:
       - /var/run:/var/run
 
@@ -108,6 +110,21 @@ files:
       alias docker-shell='ctr -n services.linuxkit tasks exec --tty --exec-id shell hook-docker sh'
     mode: "0644"
 
+  - path: etc/motd
+    mode: "0644"
+    contents: |
+      Welcome to HookOS! Your Tinkerbell operating system installation environment.
+
+      ██   ██  ██████   ██████  ██   ██  ██████  ███████
+      ██   ██ ██    ██ ██    ██ ██  ██  ██    ██ ██
+      ███████ ██    ██ ██    ██ █████   ██    ██ ███████
+      ██   ██ ██    ██ ██    ██ ██  ██  ██    ██      ██
+      ██   ██  ██████   ██████  ██   ██  ██████  ███████
+
+      - Press `enter` to get a prompt.
+      - Use `docker` commands to access the tink worker/agent container and workflow action containers.
+      - Logs are located in the `/var/log/` directory.
+
   - path: etc/ip/vlan.sh
     source: "files/vlan.sh"
     mode: "0777"

diff --git a/lint.mk b/lint.mk
@@ -20,7 +20,7 @@ endif
 LINTERS :=
 FIXERS :=
 
-SHELLCHECK_VERSION ?= v0.8.0
+SHELLCHECK_VERSION ?= v0.9.0
 SHELLCHECK_BIN := $(LINT_ROOT)/out/linters/shellcheck-$(SHELLCHECK_VERSION)-$(LINT_ARCH)
 $(SHELLCHECK_BIN):
 	mkdir -p $(LINT_ROOT)/out/linters
@@ -40,7 +40,7 @@ FIXERS += shellcheck-fix
 shellcheck-fix: $(SHELLCHECK_BIN)
 	$(SHELLCHECK_BIN) $(shell find . -name "*.sh") -f diff | { read -t 1 line || exit 0; { echo "$$line" && cat; } | git apply -p2; }
 
-HADOLINT_VERSION ?= v2.8.0
+HADOLINT_VERSION ?= v2.12.0
 HADOLINT_BIN := $(LINT_ROOT)/out/linters/hadolint-$(HADOLINT_VERSION)-$(LINT_ARCH)
 $(HADOLINT_BIN):
 	mkdir -p $(LINT_ROOT)/out/linters
@@ -54,7 +54,7 @@ hadolint-lint: $(HADOLINT_BIN)
 	$(HADOLINT_BIN) --no-fail $(shell find . -name "*Dockerfile")
 
 GOLANGCI_LINT_CONFIG := $(LINT_ROOT)/.golangci.yml
-GOLANGCI_LINT_VERSION ?= v1.50.0
+GOLANGCI_LINT_VERSION ?= v1.53.3
 GOLANGCI_LINT_BIN := $(LINT_ROOT)/out/linters/golangci-lint-$(GOLANGCI_LINT_VERSION)-$(LINT_ARCH)
 $(GOLANGCI_LINT_BIN):
 	mkdir -p $(LINT_ROOT)/out/linters
@@ -70,7 +70,7 @@ FIXERS += golangci-lint-fix
 golangci-lint-fix: $(GOLANGCI_LINT_BIN)
 	find . -name go.mod -execdir "$(GOLANGCI_LINT_BIN)" run -c "$(GOLANGCI_LINT_CONFIG)" --fix \;
 
-YAMLLINT_VERSION ?= 1.26.3
+YAMLLINT_VERSION ?= 1.32.0
 YAMLLINT_ROOT := $(LINT_ROOT)/out/linters/yamllint-$(YAMLLINT_VERSION)
 YAMLLINT_BIN := $(YAMLLINT_ROOT)/dist/bin/yamllint
 $(YAMLLINT_BIN):

diff --git a/shell.nix b/shell.nix
@@ -2,33 +2,22 @@ let _pkgs = import <nixpkgs> { };
 in { pkgs ? import (_pkgs.fetchFromGitHub {
   owner = "NixOS";
   repo = "nixpkgs";
-  #branch@date: nixpkgs-unstable@2022-05-09
-  rev = "51d859cdab1ef58755bd342d45352fc607f5e59b";
-  sha256 = "02wi4nll9ninm3szny31r5a40lpg8vgmqr2n87gxyysb50c17w4i";
+  #branch@date: nixpkgs-unstable@2023-03-11T16:44:21-05:00
+  rev = "8ad5e8132c5dcf977e308e7bf5517cc6cc0bf7d8";
+  sha256 = "17v6wigks04x1d63a2wcd7cc4z9ca6qr0f4xvw1pdw83f8a3c0nj";
 }) { } }:
 
 with pkgs;
 let
-  docker-ov = docker.override { buildxSupport = true; };
-
-  linuxkit-ov = linuxkit.overrideAttrs (oldAttrs: rec {
-    version = "unstable-g${builtins.substring 0 9 src.rev}";
-    src = fetchFromGitHub {
-      owner = "linuxkit";
-      repo = "linuxkit";
-      rev = "b710224cdf9a8425a7129cdcb84fc1af00f926d7";
-      sha256 = "sha256-UqPX+r3by7v+PL+/xUiSZVsB7EO7VUr3aDfVIhQDEgY=";
-    };
-  });
 
 in mkShell {
   buildInputs = [
-    docker-ov
+    docker
     git
     gnumake
     gnused
     go
-    linuxkit-ov
+    linuxkit
     ncurses
     nixfmt
     nodePackages.prettier
@@ -38,5 +27,6 @@ in mkShell {
     python3Packages.wheel
     shfmt
     util-linux
+    curl
   ];
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -13,7 +13,7 @@ new_tag=${1-} @@
     	exit 1
     )
-    if [[ $(git symbolic-ref HEAD) != refs/heads/main ]] && [[ -z ${ALLOW_NON_MAIN:-} ]]; then
+    if [[ $(git symbolic-ref HEAD) != refs/heads/main ]] && [[ -z ${ALLOW_NON_MAIN-} ]]; then
     	echo "Must be on main branch" >&2
     	exit 1
     fi
@@ Expand Down @@