Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update images digests #15758

Merged
merged 1 commit into from Mar 26, 2024
Merged

Update images digests #15758

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/actions/docker-run/action.yaml
View file
Open in desktop
Expand Up @@ -6,7 +6,7 @@ inputs:
required: true
image:
description: "The image to use"
default: "ghcr.io/wolfi-dev/sdk:latest@sha256:e6a5c2448f299cff0229fb20f9747a3acf8723d33103a1bf9113c50937a0baca"
default: "ghcr.io/wolfi-dev/sdk:latest@sha256:7d890587cf4912e9753f77e0e7ca81049d9172d46f17c0748bb5b7638a282ffb"
required: false
workdir:
description: "The images working directory"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/build-beta.yaml
View file
Open in desktop
Expand Up @@ -138,7 +138,7 @@ jobs:

container:
# NOTE: This step only signs and uploads, so it doesn't need any privileges
image: ghcr.io/wolfi-dev/sdk:latest@sha256:e6a5c2448f299cff0229fb20f9747a3acf8723d33103a1bf9113c50937a0baca
image: ghcr.io/wolfi-dev/sdk:latest@sha256:7d890587cf4912e9753f77e0e7ca81049d9172d46f17c0748bb5b7638a282ffb

steps:
- uses: actions/checkout@v4
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/build-old.yaml
View file
Open in desktop
Expand Up @@ -23,7 +23,7 @@ jobs:
contents: read

container:
image: ghcr.io/wolfi-dev/sdk:latest@sha256:e6a5c2448f299cff0229fb20f9747a3acf8723d33103a1bf9113c50937a0baca
image: ghcr.io/wolfi-dev/sdk:latest@sha256:7d890587cf4912e9753f77e0e7ca81049d9172d46f17c0748bb5b7638a282ffb
# TODO: Deprivilege
options: |
--cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined
Expand Down Expand Up @@ -136,7 +136,7 @@ jobs:

container:
# NOTE: This step only signs and uploads, so it doesn't need any privileges
image: ghcr.io/wolfi-dev/sdk:latest@sha256:e6a5c2448f299cff0229fb20f9747a3acf8723d33103a1bf9113c50937a0baca
image: ghcr.io/wolfi-dev/sdk:latest@sha256:7d890587cf4912e9753f77e0e7ca81049d9172d46f17c0748bb5b7638a282ffb

steps:
- uses: actions/checkout@v4
Expand Down Expand Up @@ -254,7 +254,7 @@ jobs:

container:
# NOTE: This step only signs and uploads, so it doesn't need any privileges
image: ghcr.io/wolfi-dev/sdk:latest@sha256:e6a5c2448f299cff0229fb20f9747a3acf8723d33103a1bf9113c50937a0baca
image: ghcr.io/wolfi-dev/sdk:latest@sha256:7d890587cf4912e9753f77e0e7ca81049d9172d46f17c0748bb5b7638a282ffb

steps:
- uses: actions/checkout@v4
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/build-world.yaml
View file
Open in desktop
Expand Up @@ -24,7 +24,7 @@ jobs:
# permissions:

container:
image: ghcr.io/wolfi-dev/sdk:latest@sha256:e6a5c2448f299cff0229fb20f9747a3acf8723d33103a1bf9113c50937a0baca
image: ghcr.io/wolfi-dev/sdk:latest@sha256:7d890587cf4912e9753f77e0e7ca81049d9172d46f17c0748bb5b7638a282ffb
# TODO: Deprivilege
options: |
--cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/build.yaml
View file
Open in desktop
Expand Up @@ -29,7 +29,7 @@ jobs:
contents: read

container:
image: ghcr.io/wolfi-dev/sdk:latest@sha256:e6a5c2448f299cff0229fb20f9747a3acf8723d33103a1bf9113c50937a0baca
image: ghcr.io/wolfi-dev/sdk:latest@sha256:7d890587cf4912e9753f77e0e7ca81049d9172d46f17c0748bb5b7638a282ffb
# TODO: Deprivilege
options: |
--cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined
Expand Down Expand Up @@ -170,7 +170,7 @@ jobs:

container:
# NOTE: This step only signs and uploads, so it doesn't need any privileges
image: ghcr.io/wolfi-dev/sdk:latest@sha256:e6a5c2448f299cff0229fb20f9747a3acf8723d33103a1bf9113c50937a0baca
image: ghcr.io/wolfi-dev/sdk:latest@sha256:7d890587cf4912e9753f77e0e7ca81049d9172d46f17c0748bb5b7638a282ffb

steps:
- uses: actions/checkout@v4
Expand Down Expand Up @@ -288,7 +288,7 @@ jobs:

container:
# NOTE: This step only signs and uploads, so it doesn't need any privileges
image: ghcr.io/wolfi-dev/sdk:latest@sha256:e6a5c2448f299cff0229fb20f9747a3acf8723d33103a1bf9113c50937a0baca
image: ghcr.io/wolfi-dev/sdk:latest@sha256:7d890587cf4912e9753f77e0e7ca81049d9172d46f17c0748bb5b7638a282ffb

steps:
- uses: actions/checkout@v4
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/ci-build.yaml
View file
Open in desktop
Expand Up @@ -33,7 +33,7 @@ jobs:
run: |
# Copy wolfictl out of the wolfictl image and onto PATH
TMP=$(mktemp -d)
docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:e6a5c2448f299cff0229fb20f9747a3acf8723d33103a1bf9113c50937a0baca -c "cp /usr/bin/wolfictl /out"
docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:7d890587cf4912e9753f77e0e7ca81049d9172d46f17c0748bb5b7638a282ffb -c "cp /usr/bin/wolfictl /out"
echo "$TMP" >> $GITHUB_PATH

# Assuming that we have a list of changed files such as `foo.yaml` and `bar.yaml`, this
Expand Down Expand Up @@ -236,7 +236,7 @@ jobs:
name: "ABI Compatibility check"
runs-on: ubuntu-latest
container:
image: ghcr.io/wolfi-dev/sdk:latest@sha256:e6a5c2448f299cff0229fb20f9747a3acf8723d33103a1bf9113c50937a0baca
image: ghcr.io/wolfi-dev/sdk:latest@sha256:7d890587cf4912e9753f77e0e7ca81049d9172d46f17c0748bb5b7638a282ffb
needs: build
if: needs.build.outputs.packages_were_built == 'true'

Expand Down Expand Up @@ -275,7 +275,7 @@ jobs:
name: "Scan packages for CVEs"
runs-on: ubuntu-latest
container:
image: ghcr.io/wolfi-dev/sdk:latest@sha256:e6a5c2448f299cff0229fb20f9747a3acf8723d33103a1bf9113c50937a0baca
image: ghcr.io/wolfi-dev/sdk:latest@sha256:7d890587cf4912e9753f77e0e7ca81049d9172d46f17c0748bb5b7638a282ffb
needs: build
if: needs.build.outputs.packages_were_built == 'true'

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/lint-world.yaml
View file
Open in desktop
Expand Up @@ -29,7 +29,7 @@ jobs:
group: wolfi-os-builder-${{ matrix.arch }}

container:
image: ghcr.io/wolfi-dev/sdk:latest@sha256:e6a5c2448f299cff0229fb20f9747a3acf8723d33103a1bf9113c50937a0baca
image: ghcr.io/wolfi-dev/sdk:latest@sha256:7d890587cf4912e9753f77e0e7ca81049d9172d46f17c0748bb5b7638a282ffb

steps:
- uses: actions/checkout@v4
Expand Down
4 changes: 2 additions & 2 deletions Makefile
View file
Open in desktop
Expand Up @@ -187,7 +187,7 @@ dev-container:
-v "${PWD}:${PWD}" \
-w "${PWD}" \
-e SOURCE_DATE_EPOCH=0 \
ghcr.io/wolfi-dev/sdk:latest@sha256:e6a5c2448f299cff0229fb20f9747a3acf8723d33103a1bf9113c50937a0baca
ghcr.io/wolfi-dev/sdk:latest@sha256:7d890587cf4912e9753f77e0e7ca81049d9172d46f17c0748bb5b7638a282ffb

PACKAGES_CONTAINER_FOLDER ?= /work/packages
TMP_REPOSITORIES_DIR := $(shell mktemp -d)
Expand Down Expand Up @@ -252,6 +252,6 @@ dev-container-wolfi:
--mount type=bind,source="${PWD}/local-melange.rsa.pub",destination="/etc/apk/keys/local-melange.rsa.pub",readonly \
--mount type=bind,source="$(TMP_REPOSITORIES_FILE)",destination="/etc/apk/repositories",readonly \
-w "$(PACKAGES_CONTAINER_FOLDER)" \
ghcr.io/wolfi-dev/sdk:latest@sha256:e6a5c2448f299cff0229fb20f9747a3acf8723d33103a1bf9113c50937a0baca
ghcr.io/wolfi-dev/sdk:latest@sha256:7d890587cf4912e9753f77e0e7ca81049d9172d46f17c0748bb5b7638a282ffb
@rm "$(TMP_REPOSITORIES_FILE)"
@rmdir "$(TMP_REPOSITORIES_DIR)"