Merge branch 'main' into default-test-package

Signed-off-by: Jason Hall <[email protected]>
wolfi-dev · Feb 20, 2024 · 98d3b41 · 98d3b41
2 parents 4ecff4e + e14feeb
commit 98d3b41
Show file tree

Hide file tree

Showing 19 changed files with 59 additions and 44 deletions.
diff --git a/.github/workflows/build-world.yaml b/.github/workflows/build-world.yaml
@@ -24,7 +24,7 @@ jobs:
     # permissions:
 
     container:
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
       # TODO: Deprivilege
       options: |
         --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -29,7 +29,7 @@ jobs:
       contents: read
 
     container:
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
       # TODO: Deprivilege
       options: |
         --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined
@@ -142,7 +142,7 @@ jobs:
 
     container:
       # NOTE: This step only signs and uploads, so it doesn't need any privileges
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
 
     steps:
       - uses: actions/checkout@v4
@@ -246,7 +246,7 @@ jobs:
 
     container:
       # NOTE: This step only signs and uploads, so it doesn't need any privileges
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
 
     steps:
       - uses: actions/checkout@v4

diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml
@@ -33,7 +33,7 @@ jobs:
         run: |
           # Copy wolfictl out of the wolfictl image and onto PATH
           TMP=$(mktemp -d)
-          docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41 -c "cp /usr/bin/wolfictl /out"
+          docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1 -c "cp /usr/bin/wolfictl /out"
           echo "$TMP" >> $GITHUB_PATH
 
       # Assuming that we have a list of changed files such as `foo.yaml` and `bar.yaml`, this
@@ -70,7 +70,7 @@ jobs:
       group: wolfi-builder-${{ matrix.arch }}
     needs: changes
     container:
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
       options: |
         --cap-add NET_ADMIN --cap-add SYS_ADMIN --security-opt seccomp=unconfined --security-opt apparmor:unconfined
     outputs:
@@ -192,7 +192,7 @@ jobs:
     name: "ABI Compatibility check"
     runs-on: ubuntu-latest
     container:
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
     needs: build
     if: needs.build.outputs.packages_were_built == 'true'
 
@@ -231,7 +231,7 @@ jobs:
     name: "Scan packages for CVEs"
     runs-on: ubuntu-latest
     container:
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
     needs: build
     if: needs.build.outputs.packages_were_built == 'true'
 

diff --git a/.github/workflows/lint-world.yaml b/.github/workflows/lint-world.yaml
@@ -29,7 +29,7 @@ jobs:
       group: wolfi-os-builder-${{ matrix.arch }}
 
     container:
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
 
     steps:
       - uses: actions/checkout@v4

diff --git a/.github/workflows/withdraw-packages.yaml b/.github/workflows/withdraw-packages.yaml
@@ -24,7 +24,7 @@ jobs:
         run: |
           # Copy wolfictl out of the wolfictl image and onto PATH
           TMP=$(mktemp -d)
-          docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41 -c "cp /usr/bin/wolfictl /out"
+          docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1 -c "cp /usr/bin/wolfictl /out"
           echo "$TMP" >> $GITHUB_PATH
 
       - name: 'Authenticate to Google Cloud'

diff --git a/.github/workflows/wolfictl-check-update.yaml b/.github/workflows/wolfictl-check-update.yaml
@@ -29,7 +29,7 @@ jobs:
     - name: Check
       id: check
       if: ${{ steps.files.outputs.all_changed_files != '' }}
-      uses: docker://ghcr.io/wolfi-dev/wolfictl:latest@sha256:c0ce3a26b4fe886fb2da4bfc32be3472e7ddb76ae7f3463c82f7534b1c867a27
+      uses: docker://ghcr.io/wolfi-dev/wolfictl:latest@sha256:b4e251fddf75847e3d93abcd0a9d7edd401a8eb7efde555c48a9ebd9d2c077a8
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:

diff --git a/Makefile b/Makefile
@@ -185,7 +185,7 @@ dev-container:
 	    -v "${PWD}:${PWD}" \
 	    -w "${PWD}" \
 	    -e SOURCE_DATE_EPOCH=0 \
-	    ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+	    ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
 
 PACKAGES_CONTAINER_FOLDER ?= /work/packages
 TMP_REPOSITORIES_DIR := $(shell mktemp -d)
@@ -250,6 +250,6 @@ dev-container-wolfi:
 		--mount type=bind,source="${PWD}/local-melange.rsa.pub",destination="/etc/apk/keys/local-melange.rsa.pub",readonly \
 		--mount type=bind,source="$(TMP_REPOSITORIES_FILE)",destination="/etc/apk/repositories",readonly \
 		-w "$(PACKAGES_CONTAINER_FOLDER)" \
-		ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+		ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
 	@rm "$(TMP_REPOSITORIES_FILE)"
 	@rmdir "$(TMP_REPOSITORIES_DIR)"
diff --git a/gobump.yaml b/gobump.yaml
@@ -1,6 +1,6 @@
 package:
   name: gobump
-  version: 0.7.3
+  version: 0.7.4
   epoch: 0
   description: Go tool to declaratively bump dependencies
   copyright:
@@ -11,7 +11,7 @@ pipeline:
     with:
       repository: https://github.com/chainguard-dev/gobump.git
       tag: v${{package.version}}
-      expected-commit: d7faf41b0523afab7ac3706722120fb6e09ddc8c
+      expected-commit: 8b182eb15364022c87269b5f815a3d2a78505da5
 
   - uses: go/build
     with:

diff --git a/k3d.yaml b/k3d.yaml
@@ -1,7 +1,7 @@
 package:
   name: k3d
   version: 5.6.0
-  epoch: 5
+  epoch: 6
   description: Little helper to run CNCF's k3s in Docker
   copyright:
     - license: Apache-2.0
@@ -23,6 +23,10 @@ pipeline:
       tag: v${{package.version}}
       expected-commit: 9748b1e158f3a03e807c6a989edc0fee856ff5a2
 
+  - uses: go/bump
+    with:
+      deps: golang.org/x/[email protected] github.com/docker/[email protected] golang.org/x/[email protected] github.com/opencontainers/[email protected] github.com/containerd/[email protected]
+
   - runs: |
       make build
       install -Dm755 ./bin/k3d ${{targets.destdir}}/usr/bin/k3d

diff --git a/karpenter.yaml b/karpenter.yaml
@@ -1,6 +1,6 @@
 package:
   name: karpenter
-  version: 0.34.0
+  version: 0.34.1
   epoch: 0
   description: Karpenter is a Kubernetes Node Autoscaler built for flexibility, performance, and simplicity.
   copyright:
@@ -13,7 +13,7 @@ pipeline:
     with:
       repository: https://github.com/aws/karpenter
       tag: v${{package.version}}
-      expected-commit: 17d6c05309b0bc36fb7302b09d4332190fdc0375
+      expected-commit: 596ea97071b9d51eb29fb160c8ff4adb4536dd24
 
   - uses: go/build
     with:

diff --git a/kubernetes-1.26.yaml b/kubernetes-1.26.yaml
@@ -1,7 +1,7 @@
 package:
   name: kubernetes-1.26
-  version: 1.26.13
-  epoch: 1
+  version: 1.26.14
+  epoch: 0
   description: Production-Grade Container Scheduling and Management
   copyright:
     - license: Apache-2.0
@@ -41,7 +41,7 @@ pipeline:
     with:
       repository: https://github.com/kubernetes/kubernetes
       tag: v${{package.version}}
-      expected-commit: 7ba444e261616cb572b2c9e3aa6ee8876140f46a
+      expected-commit: 6db79806d788bfb9cfc996deb7e2e178402e8b50
 
   - runs: |
       # Mitigate GHSA-hqxw-f8mx-cpmw / CVE-2023-2253

diff --git a/kubernetes-1.27.yaml b/kubernetes-1.27.yaml
@@ -1,7 +1,7 @@
 package:
   name: kubernetes-1.27
-  version: 1.27.10
-  epoch: 2
+  version: 1.27.11
+  epoch: 0
   description: Production-Grade Container Scheduling and Management
   copyright:
     - license: Apache-2.0
@@ -39,7 +39,7 @@ vars:
 pipeline:
   - uses: git-checkout
     with:
-      expected-commit: 0fa26aea1d5c21516b0d96fea95a77d8d429912e
+      expected-commit: b9e2ad67ad146db566be5a6db140d47e52c8adb2
       repository: https://github.com/kubernetes/kubernetes
       tag: v${{package.version}}
 

diff --git a/kubernetes-1.28.yaml b/kubernetes-1.28.yaml
@@ -1,7 +1,7 @@
 package:
   name: kubernetes-1.28
-  version: 1.28.6
-  epoch: 1
+  version: 1.28.7
+  epoch: 0
   description: Production-Grade Container Scheduling and Management
   copyright:
     - license: Apache-2.0
@@ -41,7 +41,7 @@ pipeline:
     with:
       repository: https://github.com/kubernetes/kubernetes
       tag: v${{package.version}}
-      expected-commit: be3af46a4654bdf05b4838fe94e95ec8c165660c
+      expected-commit: c8dcb00be9961ec36d141d2e4103f85f92bcf291
 
   - runs: |
       # Use our Go version instead of downloading another one

diff --git a/kubernetes-1.29.yaml b/kubernetes-1.29.yaml
@@ -1,7 +1,7 @@
 package:
   name: kubernetes-1.29
-  version: 1.29.1
-  epoch: 1
+  version: 1.29.2
+  epoch: 0
   description: Production-Grade Container Scheduling and Management
   copyright:
     - license: Apache-2.0
@@ -41,7 +41,7 @@ pipeline:
     with:
       repository: https://github.com/kubernetes/kubernetes
       tag: v${{package.version}}
-      expected-commit: bc401b91f2782410b3fb3f9acf43a995c4de90d2
+      expected-commit: 4b8e819355d791d96b7e9d9efe4cbafae2311c88
 
   - runs: |
       # Use our Go version instead of downloading another one

diff --git a/opensearch-dashboards-2.yaml b/opensearch-dashboards-2.yaml
@@ -1,7 +1,7 @@
 package:
   name: opensearch-dashboards-2
   version: 2.11.1
-  epoch: 1
+  epoch: 2
   description: Open source visualization dashboards for OpenSearch
   copyright:
     - license: Apache-2.0
@@ -75,14 +75,26 @@ pipeline:
       mkdir -p "${{targets.destdir}}/usr/share"
       cp -r build/opensearch-dashboards-${{package.version}}-linux-* "${{targets.destdir}}/usr/share/opensearch-dashboards"
 
+      # Remove the default config file, as it will be provided by the config package which comes from a different repository.
+      rm -r ${{targets.destdir}}/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml
+
   - uses: strip
 
 subpackages:
-  - name: ${{package.name}}-compat
+  - name: ${{package.name}}-config
     description: Compatibility package to place Docker startup scripts.
     pipeline:
+      - uses: git-checkout
+        with:
+          repository: https://github.com/opensearch-project/opensearch-build
+          tag: ${{package.version}}
+          destination: opensearch-build
+          expected-commit: dce080075c219010371c02e699e816dd4df7758f # will need to be manually updated when opensearch dashboard auto update happens
       - runs: |
-          install -Dm755 src/dev/build/tasks/os_packages/docker_generator/resources/bin/opensearch-dashboards-docker "${{targets.contextdir}}/usr/local/bin/opensearch-dashboards-docker"
+          install -Dm755 opensearch-build/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint-2.x.sh ${{targets.contextdir}}/usr/share/opensearch-dashboards/opensearch-dashboards-docker-entrypoint.sh
+          install -Dm666 opensearch-build/config/opensearch_dashboards-2.x.yml ${{targets.contextdir}}/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml
+          install -Dm666 opensearch-build/docker/release/config/opensearch-dashboards/opensearch.example.org.key ${{targets.contextdir}}/usr/share/opensearch-dashboards/config/opensearch.example.org.key
+          install -Dm666 opensearch-build/docker/release/config/opensearch-dashboards/opensearch.example.org.cert ${{targets.contextdir}}/usr/share/opensearch-dashboards/config/opensearch.example.org.cert
 
   - range: plugins
     name: ${{package.name}}-${{range.key}}
@@ -119,6 +131,9 @@ update:
 
 test:
   environment:
+    contents:
+      packages:
+        - ${{package.name}}-config
     environment:
       OSD_NODE_HOME: /usr
   pipeline:

diff --git a/pipelines/go/bump.yaml b/pipelines/go/bump.yaml
@@ -34,7 +34,3 @@ pipeline:
 
       # We use the --tidy flag to run go mod tidy before and after in some cases (if old versions of go are used, we need to update the go.mod format)
       gobump --packages "${{inputs.deps}}" --replaces "${{inputs.replaces}}" --tidy=${{inputs.tidy}} --show-diff=${{inputs.show-diff}} --go-version=${{inputs.go-version}} --compat=${{inputs.tidy-compat}}
-
-      if [ -d "./vendor" ]; then
-        go mod vendor
-      fi
diff --git a/py3-openai.yaml b/py3-openai.yaml
@@ -1,7 +1,7 @@
 # Generated from https://pypi.org/project/openai/
 package:
   name: py3-openai
-  version: 1.12.0
+  version: 1.13.0
   epoch: 0
   description: Python client library for the OpenAI API
   copyright:
@@ -36,7 +36,7 @@ pipeline:
     with:
       repository: https://github.com/openai/openai-python.git
       tag: v${{package.version}}
-      expected-commit: 7f9e85017a0959e3ba07834880d92c748f8f67ab
+      expected-commit: 8ee5f33e8776e4517ef91a1cb2fafb6af2ca9310
 
   - name: Python Build
     uses: python/build-wheel

diff --git a/reflex.yaml b/reflex.yaml
@@ -1,6 +1,6 @@
 package:
   name: reflex
-  version: 0.4.0
+  version: 0.4.1
   epoch: 0
   description: "Web apps in pure Python"
   copyright:
@@ -32,7 +32,7 @@ pipeline:
     with:
       repository: https://github.com/reflex-dev/reflex
       tag: v${{package.version}}
-      expected-commit: 899e35edbae86f97890c49528df599681308db57
+      expected-commit: 6384c62e51cc354b0c1071c8a7ffa66cabd51a17
 
   - runs: |
       poetry build

diff --git a/xterm.yaml b/xterm.yaml
@@ -1,7 +1,7 @@
 package:
   name: xterm
-  version: "389"
-  epoch: 1
+  version: "390"
+  epoch: 0
   description: X Terminal Emulator
   copyright:
     - license: MIT
@@ -34,7 +34,7 @@ environment:
 pipeline:
   - uses: fetch
     with:
-      expected-sha256: 1cd5763d94d9370fed10d804e831a089b2ace0e7a74b6f56ef5a16a766bde7be
+      expected-sha256: 75117c3cc5174a09c425ef106e69404d72f5ef05e03a5da00aaf15792d6f9c0f
       uri: https://invisible-island.net/archives/xterm/xterm-${{package.version}}.tgz
 
   - uses: autoconf/configure