Merge branch 'main' into wolfictl-4718af39-8ab0-4cd9-9e75-307041dcf345

wolfi-dev · Nov 26, 2024 · 209dd8a · 209dd8a
2 parents b12e2f3 + 6bb2b97
commit 209dd8a
Show file tree

Hide file tree

Showing 97 changed files with 1,662 additions and 176 deletions.
diff --git a/.github/actions/docker-run/action.yaml b/.github/actions/docker-run/action.yaml
@@ -6,7 +6,7 @@ inputs:
     required: true
   image:
     description: "The image to use"
-    default: "ghcr.io/wolfi-dev/sdk:latest@sha256:77da1186e7c2d9796bcaf4fb035e8675cd822d67a1d8a530cc0f1ceb5df80110"
+    default: "ghcr.io/wolfi-dev/sdk:latest@sha256:98d8669d2eb9c8d23984fa2f55a272b67a04b4bfd132c714682c4fd716a3d7be"
     required: false
   workdir:
     description: "The images working directory"

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -29,7 +29,7 @@ jobs:
       contents: read
 
     container:
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:77da1186e7c2d9796bcaf4fb035e8675cd822d67a1d8a530cc0f1ceb5df80110
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:98d8669d2eb9c8d23984fa2f55a272b67a04b4bfd132c714682c4fd716a3d7be
       # TODO: Deprivilege
       options: |
         --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined
@@ -175,7 +175,7 @@ jobs:
 
     container:
       # NOTE: This step only signs and uploads, so it doesn't need any privileges
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:77da1186e7c2d9796bcaf4fb035e8675cd822d67a1d8a530cc0f1ceb5df80110
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:98d8669d2eb9c8d23984fa2f55a272b67a04b4bfd132c714682c4fd716a3d7be
 
     steps:
       - name: Harden Runner
@@ -303,7 +303,7 @@ jobs:
 
     container:
       # NOTE: This step only signs and uploads, so it doesn't need any privileges
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:77da1186e7c2d9796bcaf4fb035e8675cd822d67a1d8a530cc0f1ceb5df80110
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:98d8669d2eb9c8d23984fa2f55a272b67a04b4bfd132c714682c4fd716a3d7be
 
     steps:
       - name: Harden Runner

diff --git a/Makefile b/Makefile
@@ -167,7 +167,7 @@ dev-container:
 	    -v "${PWD}:${PWD}" \
 	    -w "${PWD}" \
 	    -e SOURCE_DATE_EPOCH=0 \
-	    ghcr.io/wolfi-dev/sdk:latest@sha256:77da1186e7c2d9796bcaf4fb035e8675cd822d67a1d8a530cc0f1ceb5df80110
+	    ghcr.io/wolfi-dev/sdk:latest@sha256:98d8669d2eb9c8d23984fa2f55a272b67a04b4bfd132c714682c4fd716a3d7be
 
 PACKAGES_CONTAINER_FOLDER ?= /work/packages
 # This target spins up a docker container that is helpful for testing local
@@ -235,6 +235,6 @@ dev-container-wolfi:
 		--mount type=bind,source="${PWD}/local-melange.rsa.pub",destination="/etc/apk/keys/local-melange.rsa.pub",readonly \
 		--mount type=bind,source="$(TMP_REPOS_FILE)",destination="/etc/apk/repositories",readonly \
 		-w "$(PACKAGES_CONTAINER_FOLDER)" \
-		ghcr.io/wolfi-dev/sdk:latest@sha256:77da1186e7c2d9796bcaf4fb035e8675cd822d67a1d8a530cc0f1ceb5df80110
+		ghcr.io/wolfi-dev/sdk:latest@sha256:98d8669d2eb9c8d23984fa2f55a272b67a04b4bfd132c714682c4fd716a3d7be
 	@rm "$(TMP_REPOS_FILE)"
 	@rmdir "$(TMP_REPOS_DIR)"
diff --git a/aws-eks-pod-identity-agent.yaml b/aws-eks-pod-identity-agent.yaml
@@ -1,7 +1,7 @@
 #nolint:git-checkout-must-use-github-updates,valid-pipeline-git-checkout-tag
 package:
   name: aws-eks-pod-identity-agent
-  version: 0_git20241124
+  version: 0_git20241126
   epoch: 0
   description: EKS Pod Identity is a feature of Amazon EKS that simplifies the process for cluster administrators to configure Kubernetes applications with AWS IAM permissions
   copyright:

diff --git a/brew.yaml b/brew.yaml
@@ -1,6 +1,6 @@
 package:
   name: brew
-  version: 4.4.7
+  version: 4.4.8
   epoch: 0
   description: "The homebrew package manager"
   copyright:
@@ -49,7 +49,7 @@ pipeline:
       repository: https://github.com/Homebrew/brew
       tag: ${{package.version}}
       destination: ./brew
-      expected-commit: 4a77cd1e2f7ed058d03a47fe1f18819b246e67f6
+      expected-commit: e78a0adb4f260913fffdc956cc8c20fb54109feb
 
   - runs: |
       set -x

diff --git a/bun-bootstrap.yaml b/bun-bootstrap.yaml
@@ -1,6 +1,6 @@
 package:
   name: bun-bootstrap
-  version: 1.1.36
+  version: 1.1.37
   epoch: 0
   description: "Bun requires itself to bootstrap."
   copyright:
@@ -23,13 +23,13 @@ pipeline:
         uses: fetch
         with:
           uri: "https://github.com/oven-sh/bun/releases/download/bun-v${{package.version}}/bun-linux-aarch64.zip"
-          expected-sha256: "d5bbf74d49288bb69819c5459789dac06a0062d999a626d79d2f45b05b53597a"
+          expected-sha256: "6a2ef497ddcc8fb9b78add876d340c20d7642858e159f93ab5bcb406483ffdd2"
           extract: false
       - if: ${{build.arch}} == 'x86_64'
         uses: fetch
         with:
           uri: "https://github.com/oven-sh/bun/releases/download/bun-v${{package.version}}/bun-linux-x64.zip"
-          expected-sha256: "c5261f4d7e342fe720bc6a5d736b1c94f4df2942c225a87652c6985181b1ec77"
+          expected-sha256: "cc7a53917edc9b65778bacdfca21e9acfbd1f2f69742d616980377a78620e974"
           extract: false
 
   - runs: |

diff --git a/bun.yaml b/bun.yaml
@@ -1,6 +1,6 @@
 package:
   name: bun
-  version: 1.1.36
+  version: 1.1.37
   epoch: 0
   description: "Incredibly fast JavaScript runtime, bundler, test runner, and package manager - all in one"
   copyright:
@@ -54,7 +54,7 @@ pipeline:
   - uses: git-checkout
     with:
       repository: https://github.com/oven-sh/bun
-      expected-commit: ededc168cf07afcdbe5ca34495c58df435ea526d
+      expected-commit: 8ca0eb831d6739c6a94b3f4d484bbfe71ee97226
       tag: bun-v${{package.version}}
 
   - runs: |

diff --git a/cargo-audit.yaml b/cargo-audit.yaml
@@ -1,7 +1,7 @@
 package:
   name: cargo-audit
   version: 0.21.0
-  epoch: 1
+  epoch: 2
   description: Audit your dependencies for crates with security vulnerabilities reported to the RustSec Advisory Database.
   copyright:
     - license: MIT OR Apache-2.0
@@ -22,6 +22,8 @@ pipeline:
       tag: cargo-audit/v${{package.version}}
       expected-commit: 78f9859ef6a78bc4a7c7219dac1d0b250446c84c
 
+  - uses: rust/cargobump
+
   - runs: |
       cd cargo-audit
       cargo update --precise 0.3.36 --package time

diff --git a/cargo-audit/cargobump-deps.yaml b/cargo-audit/cargobump-deps.yaml
@@ -0,0 +1,3 @@
+packages:
+    - name: rustls
+      version: 0.23.18
diff --git a/ddp-tool.yaml b/ddp-tool.yaml
@@ -1,7 +1,7 @@
 #nolint:valid-pipeline-git-checkout-commit,valid-pipeline-git-checkout-tag
 package:
   name: ddp-tool
-  version: 1.0.34.0_git20241124
+  version: 1.0.34.0_git20241126
   epoch: 0
   description: Intel Dynamic Device Personalization Tool
   copyright:
@@ -18,7 +18,7 @@ environment:
 pipeline:
   - uses: git-checkout
     with:
-      expected-commit: 3868a732013b8e8817f6453b58a170f669d99a68
+      expected-commit: 3c9d350737420f943a57cf9ab67af6cc78a4024b
       repository: https://github.com/intel/ddp-tool/
       branch: master
 

diff --git a/freerdp.yaml b/freerdp.yaml
@@ -1,7 +1,7 @@
 package:
   name: freerdp
   version: 2.11.7
-  epoch: 3
+  epoch: 4
   description: FreeRDP client
   copyright:
     - license: Apache-2.0
@@ -96,6 +96,9 @@ subpackages:
       runtime:
         - freerdp
     description: freerdp dev
+    test:
+      pipeline:
+        - uses: test/pkgconf
 
   - name: freerdp-libs
     pipeline:

diff --git a/gcc.yaml b/gcc.yaml
@@ -1,7 +1,7 @@
 package:
   name: gcc
   version: 14.2.0
-  epoch: 5
+  epoch: 6
   description: "the GNU compiler collection"
   copyright:
     - license: GPL-3.0-or-later WITH GCC-exception-3.1
@@ -11,6 +11,7 @@ package:
   dependencies:
     runtime:
       - binutils
+      - libquadmath # This is a temporary workaround for issues with single-arch packages.
       - libstdc++-dev
       - openssf-compiler-options
       - posix-cc-wrappers

diff --git a/gitaly-17.5.yaml b/gitaly-17.5.yaml
@@ -1,6 +1,6 @@
 package:
   name: gitaly-17.5
-  version: 17.5.2
+  version: 17.5.3
   epoch: 0
   description:
   copyright:
@@ -36,7 +36,7 @@ pipeline:
     with:
       repository: https://gitlab.com/gitlab-org/gitaly.git
       tag: v${{package.version}}
-      expected-commit: cdf74a7601c8b2902eab0e674f9ec656b9929191
+      expected-commit: 57d16586a4030ed1bddc4ce958f475ddf07954d0
 
   - runs: |
       make install DESTDIR="${{targets.destdir}}" PREFIX=/usr

diff --git a/gitlab-kas-17.5.yaml b/gitlab-kas-17.5.yaml
@@ -1,6 +1,6 @@
 package:
   name: gitlab-kas-17.5
-  version: 17.5.2
+  version: 17.5.3
   epoch: 0
   description: GitLab KAS is a component installed together with GitLab. It is required to manage the GitLab agent for Kubernetes.
   copyright:
@@ -20,7 +20,7 @@ pipeline:
     with:
       repository: https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent
       tag: v${{package.version}}
-      expected-commit: 847d7deea3b9937a8824fe8e783fd142ba426d8f
+      expected-commit: 08f9a6ed41a4f5e348ffefa87e5694a7c3dccb79
 
   - uses: go/build
     with:

diff --git a/gitlab-pages-17.5.yaml b/gitlab-pages-17.5.yaml
@@ -1,6 +1,6 @@
 package:
   name: gitlab-pages-17.5
-  version: 17.5.2
+  version: 17.5.3
   epoch: 0
   description: GitLab Pages daemon used to serve static websites for GitLab users.
   copyright:
@@ -20,7 +20,7 @@ pipeline:
     with:
       repository: https://gitlab.com/gitlab-org/gitlab-pages.git
       tag: v${{package.version}}
-      expected-commit: 086dfbdfe2337874e342b48dba5508b7d3f59626
+      expected-commit: 00734497b120604ef91ef6c45b2b72c806f34d94
 
   - uses: go/build
     with:

diff --git a/grafana-image-renderer.yaml b/grafana-image-renderer.yaml
@@ -1,14 +1,15 @@
 package:
   name: grafana-image-renderer
   version: 3.11.6
-  epoch: 0
+  epoch: 1
   description: A Grafana backend plugin that handles rendering of panels & dashboards to PNGs using headless browser (Chromium/Chrome)
   copyright:
     - license: Apache-2.0
   target-architecture:
     - x86_64
   dependencies:
     runtime:
+      - busybox
       - chromium
       - dumb-init
       - nodejs
@@ -22,7 +23,6 @@ environment:
       - nodejs
       - scanelf
       - ttf-dejavu
-      - vim
       - yarn
 
 pipeline:
@@ -47,7 +47,7 @@ pipeline:
       cp -r ./proto ${{targets.destdir}}/usr/src/app/
       cp -r ./build ${{targets.destdir}}/usr/src/app/
       cp -r ./node_modules ${{targets.destdir}}/usr/src/app/
-      cp ./devenv/docker/custom-config/config.json ${{targets.destdir}}/usr/src/app/
+      cp ./default.json ${{targets.destdir}}/usr/src/app/config.json
       cp ./plugin.json ${{targets.destdir}}/usr/src/app/
 
 update:
@@ -62,7 +62,7 @@ test:
       working-directory: /usr/src/app
       uses: test/daemon-check-output
       with:
-        start: "env CHROME_BIN=/usr/bin/chromium-browser dumb-init -- node build/app.js server --config=config.json"
+        start: "dumb-init -- node build/app.js server --config=config.json"
         timeout: 5
         expected_output: |
           {"level":"info","message":"HTTP Server started, listening at http://localhost:8081"}
diff --git a/istio-1.24.yaml b/istio-1.24.yaml
@@ -1,7 +1,7 @@
 package:
   name: istio-1.24
-  version: 1.24.0
-  epoch: 2
+  version: 1.24.1
+  epoch: 0
   description: Istio is an open source service mesh that layers transparently onto existing distributed applications.
   copyright:
     - license: Apache-2.0
@@ -26,7 +26,7 @@ pipeline:
     with:
       repository: https://github.com/istio/istio
       tag: ${{package.version}}
-      expected-commit: 8825a6b7f8c9a2d66005a5f8b64e98aaee0dda99
+      expected-commit: 5c178358f9c61c50d3d6149a0b05a609a0d7defd
 
 subpackages:
   - name: istio-cni-${{vars.major-minor-version}}

diff --git a/istio-envoy-1.24.yaml b/istio-envoy-1.24.yaml
@@ -1,6 +1,6 @@
 package:
   name: istio-envoy-1.24
-  version: 1.24.0
+  version: 1.24.1
   epoch: 0
   description: Envoy with additional Istio plugins (wasm, telemetry, etc)
   copyright:
@@ -48,7 +48,7 @@ pipeline:
     with:
       repository: https://github.com/istio/proxy
       tag: ${{package.version}}
-      expected-commit: 739644f84930a8c0d416319aea97f58c2222f7ef
+      expected-commit: 147cca4e7da4e8b3f8006e9fe3d8b3d6abd89462
 
   - runs: |
       export JAVA_HOME=/usr/lib/jvm/java-11-openjdk

diff --git a/kubescape.yaml b/kubescape.yaml
@@ -1,6 +1,6 @@
 package:
   name: kubescape
-  version: 3.0.20
+  version: 3.0.21
   epoch: 0
   description: Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.
   copyright:
@@ -20,14 +20,14 @@ environment:
 pipeline:
   - uses: git-checkout
     with:
-      expected-commit: 5b9c6491de8ab7b89c15d6b1b780987e2206a4c4
+      expected-commit: a9ac880356ec677e17472f08592d87b75229c681
       recurse-submodules: "true"
       repository: https://github.com/kubescape/kubescape
       tag: v${{package.version}}
 
   - uses: go/bump
     with:
-      deps: github.com/anchore/archiver/[email protected]
+      deps: github.com/mholt/archiver/[email protected]
       replaces: github.com/mholt/archiver/v3=github.com/anchore/archiver/[email protected]
 
   - runs: |

diff --git a/linkerd2.yaml b/linkerd2.yaml
@@ -1,6 +1,6 @@
 package:
   name: linkerd2
-  version: 24.11.5
+  version: 24.11.7
   epoch: 0
   description: "meta linkerd package"
   copyright:
@@ -25,7 +25,7 @@ environment:
 pipeline:
   - uses: git-checkout
     with:
-      expected-commit: 3c91fc64ce61208e3be01f908abe178e3786616f
+      expected-commit: afdf2e7d2de44c7ac1dedee64e8b5031f1d5f57b
       repository: https://github.com/linkerd/linkerd2/
       tag: edge-${{package.version}}
 

diff --git a/mailpit.yaml b/mailpit.yaml
@@ -1,6 +1,6 @@
 package:
   name: mailpit
-  version: 1.21.4
+  version: 1.21.5
   epoch: 0
   description: An email and SMTP testing tool with API for developers
   copyright:
@@ -21,7 +21,7 @@ pipeline:
     with:
       repository: https://github.com/axllent/mailpit
       tag: v${{package.version}}
-      expected-commit: 6d115ceb86746c74cff2cd778bec8c0a7d44663f
+      expected-commit: 0277f4e9442aff4be26ebfcf99e8995187be27d0
 
   - runs: |
       npm install