From dc2bf13b2beb73e43f5570c3a0e9921a7b3972cf Mon Sep 17 00:00:00 2001 From: ajayk Date: Thu, 18 Jan 2024 14:00:00 -0800 Subject: [PATCH] revert image digests to sdk version sha256:5e5f5db761209c250b5fd5670ed9820efcca39d87889c93fe3eeae4873f43c14 --- .github/workflows/build-world.yaml | 2 +- .github/workflows/build.yaml | 6 +++--- .github/workflows/ci-build.yaml | 8 ++++---- .github/workflows/lint-world.yaml | 2 +- .github/workflows/withdraw-packages.yaml | 2 +- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build-world.yaml b/.github/workflows/build-world.yaml index 6673e0f234d..5309c57095f 100644 --- a/.github/workflows/build-world.yaml +++ b/.github/workflows/build-world.yaml @@ -24,7 +24,7 @@ jobs: # permissions: container: - image: ghcr.io/wolfi-dev/sdk:latest@sha256:23b783a9420d2a659e0517718dfbc58b6d3c6b1503334fa20781d4edebd7f850 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:5e5f5db761209c250b5fd5670ed9820efcca39d87889c93fe3eeae4873f43c14 # TODO: Deprivilege options: | --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 79af994ea04..9e168d150b4 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -29,7 +29,7 @@ jobs: contents: read container: - image: ghcr.io/wolfi-dev/sdk:latest@sha256:23b783a9420d2a659e0517718dfbc58b6d3c6b1503334fa20781d4edebd7f850 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:5e5f5db761209c250b5fd5670ed9820efcca39d87889c93fe3eeae4873f43c14 # TODO: Deprivilege options: | --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined @@ -142,7 +142,7 @@ jobs: container: # NOTE: This step only signs and uploads, so it doesn't need any privileges - image: ghcr.io/wolfi-dev/sdk:latest@sha256:23b783a9420d2a659e0517718dfbc58b6d3c6b1503334fa20781d4edebd7f850 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:5e5f5db761209c250b5fd5670ed9820efcca39d87889c93fe3eeae4873f43c14 steps: - uses: actions/checkout@v4 @@ -241,7 +241,7 @@ jobs: container: # NOTE: This step only signs and uploads, so it doesn't need any privileges - image: ghcr.io/wolfi-dev/sdk:latest@sha256:23b783a9420d2a659e0517718dfbc58b6d3c6b1503334fa20781d4edebd7f850 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:5e5f5db761209c250b5fd5670ed9820efcca39d87889c93fe3eeae4873f43c14 steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index cd1e66b20d1..fa01e29d9e4 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -33,7 +33,7 @@ jobs: run: | # Copy wolfictl out of the wolfictl image and onto PATH TMP=$(mktemp -d) - docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:23b783a9420d2a659e0517718dfbc58b6d3c6b1503334fa20781d4edebd7f850 -c "cp /usr/bin/wolfictl /out" + docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:5e5f5db761209c250b5fd5670ed9820efcca39d87889c93fe3eeae4873f43c14 -c "cp /usr/bin/wolfictl /out" echo "$TMP" >> $GITHUB_PATH # Assuming that we have a list of changed files such as `foo.yaml` and `bar.yaml`, this @@ -70,7 +70,7 @@ jobs: group: wolfi-builder-${{ matrix.arch }} needs: changes container: - image: ghcr.io/wolfi-dev/sdk:latest@sha256:23b783a9420d2a659e0517718dfbc58b6d3c6b1503334fa20781d4edebd7f850 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:5e5f5db761209c250b5fd5670ed9820efcca39d87889c93fe3eeae4873f43c14 options: | --cap-add NET_ADMIN --cap-add SYS_ADMIN --security-opt seccomp=unconfined --security-opt apparmor:unconfined outputs: @@ -155,7 +155,7 @@ jobs: name: "ABI Compatibility check" runs-on: ubuntu-latest container: - image: ghcr.io/wolfi-dev/sdk:latest@sha256:23b783a9420d2a659e0517718dfbc58b6d3c6b1503334fa20781d4edebd7f850 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:5e5f5db761209c250b5fd5670ed9820efcca39d87889c93fe3eeae4873f43c14 needs: build if: needs.build.outputs.packages_were_built == 'true' @@ -193,7 +193,7 @@ jobs: name: "Scan packages for CVEs" runs-on: ubuntu-latest container: - image: ghcr.io/wolfi-dev/sdk:latest@sha256:23b783a9420d2a659e0517718dfbc58b6d3c6b1503334fa20781d4edebd7f850 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:5e5f5db761209c250b5fd5670ed9820efcca39d87889c93fe3eeae4873f43c14 needs: build if: needs.build.outputs.packages_were_built == 'true' diff --git a/.github/workflows/lint-world.yaml b/.github/workflows/lint-world.yaml index 8c7ebcf87ac..8558f1ed3b0 100644 --- a/.github/workflows/lint-world.yaml +++ b/.github/workflows/lint-world.yaml @@ -29,7 +29,7 @@ jobs: group: wolfi-os-builder-${{ matrix.arch }} container: - image: ghcr.io/wolfi-dev/sdk:latest@sha256:23b783a9420d2a659e0517718dfbc58b6d3c6b1503334fa20781d4edebd7f850 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:5e5f5db761209c250b5fd5670ed9820efcca39d87889c93fe3eeae4873f43c14 steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/withdraw-packages.yaml b/.github/workflows/withdraw-packages.yaml index 79eaedf05c3..98b6b9fe994 100644 --- a/.github/workflows/withdraw-packages.yaml +++ b/.github/workflows/withdraw-packages.yaml @@ -22,7 +22,7 @@ jobs: run: | # Copy wolfictl out of the wolfictl image and onto PATH TMP=$(mktemp -d) - docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:23b783a9420d2a659e0517718dfbc58b6d3c6b1503334fa20781d4edebd7f850 -c "cp /usr/bin/wolfictl /out" + docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:5e5f5db761209c250b5fd5670ed9820efcca39d87889c93fe3eeae4873f43c14 -c "cp /usr/bin/wolfictl /out" echo "$TMP" >> $GITHUB_PATH - name: 'Authenticate to Google Cloud'