From bc3a44433ce66ec865ffc4c644c0eb1665e9a44b Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 19 Jul 2024 14:29:17 +0000 Subject: [PATCH] Update images digests --- .github/actions/docker-run/action.yaml | 2 +- .github/workflows/build-beta.yaml | 2 +- .github/workflows/build-old.yaml | 6 +++--- .github/workflows/build-world.yaml | 2 +- .github/workflows/build.yaml | 6 +++--- .github/workflows/lint-world.yaml | 2 +- .github/workflows/postsubmit-bundle-build.yaml | 4 ++-- Makefile | 4 ++-- 8 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/actions/docker-run/action.yaml b/.github/actions/docker-run/action.yaml index 3c45a8a4479..0f184fc1a37 100644 --- a/.github/actions/docker-run/action.yaml +++ b/.github/actions/docker-run/action.yaml @@ -6,7 +6,7 @@ inputs: required: true image: description: "The image to use" - default: "ghcr.io/wolfi-dev/sdk:latest@sha256:b71f2abafddf032f3c42f36984fa12a8f8eaa2197ef23dfaa5b3b0bbacdb2932" + default: "ghcr.io/wolfi-dev/sdk:latest@sha256:e31b8c84d690b75dfabda55f609bb9f9bac59c59930d6952719a00a47a0400e5" required: false workdir: description: "The images working directory" diff --git a/.github/workflows/build-beta.yaml b/.github/workflows/build-beta.yaml index a1e3f23091d..955cee42d47 100644 --- a/.github/workflows/build-beta.yaml +++ b/.github/workflows/build-beta.yaml @@ -152,7 +152,7 @@ jobs: container: # NOTE: This step only signs and uploads, so it doesn't need any privileges - image: ghcr.io/wolfi-dev/sdk:latest@sha256:b71f2abafddf032f3c42f36984fa12a8f8eaa2197ef23dfaa5b3b0bbacdb2932 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:e31b8c84d690b75dfabda55f609bb9f9bac59c59930d6952719a00a47a0400e5 steps: - name: Harden Runner diff --git a/.github/workflows/build-old.yaml b/.github/workflows/build-old.yaml index 442375f1e84..1211a511b9c 100644 --- a/.github/workflows/build-old.yaml +++ b/.github/workflows/build-old.yaml @@ -26,7 +26,7 @@ jobs: contents: read container: - image: ghcr.io/wolfi-dev/sdk:latest@sha256:b71f2abafddf032f3c42f36984fa12a8f8eaa2197ef23dfaa5b3b0bbacdb2932 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:e31b8c84d690b75dfabda55f609bb9f9bac59c59930d6952719a00a47a0400e5 # TODO: Deprivilege options: | --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined @@ -139,7 +139,7 @@ jobs: container: # NOTE: This step only signs and uploads, so it doesn't need any privileges - image: ghcr.io/wolfi-dev/sdk:latest@sha256:b71f2abafddf032f3c42f36984fa12a8f8eaa2197ef23dfaa5b3b0bbacdb2932 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:e31b8c84d690b75dfabda55f609bb9f9bac59c59930d6952719a00a47a0400e5 steps: - name: Harden Runner @@ -262,7 +262,7 @@ jobs: container: # NOTE: This step only signs and uploads, so it doesn't need any privileges - image: ghcr.io/wolfi-dev/sdk:latest@sha256:b71f2abafddf032f3c42f36984fa12a8f8eaa2197ef23dfaa5b3b0bbacdb2932 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:e31b8c84d690b75dfabda55f609bb9f9bac59c59930d6952719a00a47a0400e5 steps: - name: Harden Runner diff --git a/.github/workflows/build-world.yaml b/.github/workflows/build-world.yaml index ebb231e2897..2435aea1010 100644 --- a/.github/workflows/build-world.yaml +++ b/.github/workflows/build-world.yaml @@ -27,7 +27,7 @@ jobs: # permissions: container: - image: ghcr.io/wolfi-dev/sdk:latest@sha256:b71f2abafddf032f3c42f36984fa12a8f8eaa2197ef23dfaa5b3b0bbacdb2932 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:e31b8c84d690b75dfabda55f609bb9f9bac59c59930d6952719a00a47a0400e5 # TODO: Deprivilege options: | --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 0f33c565f45..e1b1f444d24 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -29,7 +29,7 @@ jobs: contents: read container: - image: ghcr.io/wolfi-dev/sdk:latest@sha256:b71f2abafddf032f3c42f36984fa12a8f8eaa2197ef23dfaa5b3b0bbacdb2932 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:e31b8c84d690b75dfabda55f609bb9f9bac59c59930d6952719a00a47a0400e5 # TODO: Deprivilege options: | --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined @@ -175,7 +175,7 @@ jobs: container: # NOTE: This step only signs and uploads, so it doesn't need any privileges - image: ghcr.io/wolfi-dev/sdk:latest@sha256:b71f2abafddf032f3c42f36984fa12a8f8eaa2197ef23dfaa5b3b0bbacdb2932 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:e31b8c84d690b75dfabda55f609bb9f9bac59c59930d6952719a00a47a0400e5 steps: - name: Harden Runner @@ -303,7 +303,7 @@ jobs: container: # NOTE: This step only signs and uploads, so it doesn't need any privileges - image: ghcr.io/wolfi-dev/sdk:latest@sha256:b71f2abafddf032f3c42f36984fa12a8f8eaa2197ef23dfaa5b3b0bbacdb2932 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:e31b8c84d690b75dfabda55f609bb9f9bac59c59930d6952719a00a47a0400e5 steps: - name: Harden Runner diff --git a/.github/workflows/lint-world.yaml b/.github/workflows/lint-world.yaml index 991c3d8a1b6..38dc5f7debc 100644 --- a/.github/workflows/lint-world.yaml +++ b/.github/workflows/lint-world.yaml @@ -32,7 +32,7 @@ jobs: group: wolfi-os-builder-${{ matrix.arch }} container: - image: ghcr.io/wolfi-dev/sdk:latest@sha256:b71f2abafddf032f3c42f36984fa12a8f8eaa2197ef23dfaa5b3b0bbacdb2932 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:e31b8c84d690b75dfabda55f609bb9f9bac59c59930d6952719a00a47a0400e5 steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 diff --git a/.github/workflows/postsubmit-bundle-build.yaml b/.github/workflows/postsubmit-bundle-build.yaml index f3a6833d46a..9e88d3bfc42 100644 --- a/.github/workflows/postsubmit-bundle-build.yaml +++ b/.github/workflows/postsubmit-bundle-build.yaml @@ -25,7 +25,7 @@ jobs: runs-on: ubuntu-latest container: - image: ghcr.io/wolfi-dev/sdk:latest@sha256:b71f2abafddf032f3c42f36984fa12a8f8eaa2197ef23dfaa5b3b0bbacdb2932 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:e31b8c84d690b75dfabda55f609bb9f9bac59c59930d6952719a00a47a0400e5 permissions: id-token: write @@ -108,7 +108,7 @@ jobs: ) BUNDLE=$(wolfictl bundle \ - --bundle-base ghcr.io/wolfi-dev/sdk:latest@sha256:b71f2abafddf032f3c42f36984fa12a8f8eaa2197ef23dfaa5b3b0bbacdb2932 \ + --bundle-base ghcr.io/wolfi-dev/sdk:latest@sha256:e31b8c84d690b75dfabda55f609bb9f9bac59c59930d6952719a00a47a0400e5 \ --bundle-repo "${BUNDLE_REPO}" \ ${COMMON_FLAGS} \ --runner bubblewrap \ diff --git a/Makefile b/Makefile index 9d416662acd..9c8b6957d37 100644 --- a/Makefile +++ b/Makefile @@ -141,7 +141,7 @@ dev-container: -v "${PWD}:${PWD}" \ -w "${PWD}" \ -e SOURCE_DATE_EPOCH=0 \ - ghcr.io/wolfi-dev/sdk:latest@sha256:b71f2abafddf032f3c42f36984fa12a8f8eaa2197ef23dfaa5b3b0bbacdb2932 + ghcr.io/wolfi-dev/sdk:latest@sha256:e31b8c84d690b75dfabda55f609bb9f9bac59c59930d6952719a00a47a0400e5 PACKAGES_CONTAINER_FOLDER ?= /work/packages TMP_REPOSITORIES_DIR := $(shell mktemp -d) @@ -206,6 +206,6 @@ dev-container-wolfi: --mount type=bind,source="${PWD}/local-melange.rsa.pub",destination="/etc/apk/keys/local-melange.rsa.pub",readonly \ --mount type=bind,source="$(TMP_REPOSITORIES_FILE)",destination="/etc/apk/repositories",readonly \ -w "$(PACKAGES_CONTAINER_FOLDER)" \ - ghcr.io/wolfi-dev/sdk:latest@sha256:b71f2abafddf032f3c42f36984fa12a8f8eaa2197ef23dfaa5b3b0bbacdb2932 + ghcr.io/wolfi-dev/sdk:latest@sha256:e31b8c84d690b75dfabda55f609bb9f9bac59c59930d6952719a00a47a0400e5 @rm "$(TMP_REPOSITORIES_FILE)" @rmdir "$(TMP_REPOSITORIES_DIR)"