Merge branch 'main' into wolfictl-cd2a5fc0-e9cc-4632-83f3-25fcf5491c1b

wolfi-dev · Apr 16, 2024 · ba1373f · ba1373f
2 parents eee9375 + a65a26d
commit ba1373f
Show file tree

Hide file tree

Showing 62 changed files with 220 additions and 383 deletions.
diff --git a/.github/actions/docker-run/action.yaml b/.github/actions/docker-run/action.yaml
@@ -6,7 +6,7 @@ inputs:
     required: true
   image:
     description: "The image to use"
-    default: "ghcr.io/wolfi-dev/sdk:latest@sha256:7acd15c1b765550faec477069a7d0c8a1de329f220f8d7d1786ecbf3172e9425"
+    default: "ghcr.io/wolfi-dev/sdk:latest@sha256:8252bb7f54c82ea8791141001dd27d29dca5e3e628e98f7fee2957ffb7e36a05"
     required: false
   workdir:
     description: "The images working directory"

diff --git a/.github/chainguard/lifecycle-eol-mover.sts.yaml b/.github/chainguard/lifecycle-eol-mover.sts.yaml
@@ -7,3 +7,4 @@ subject: "105314035764875766195"
 permissions:
   contents: write
   pull_requests: write
+  workflows: write
diff --git a/.github/workflows/build-beta.yaml b/.github/workflows/build-beta.yaml
@@ -152,7 +152,7 @@ jobs:
 
     container:
       # NOTE: This step only signs and uploads, so it doesn't need any privileges
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:7acd15c1b765550faec477069a7d0c8a1de329f220f8d7d1786ecbf3172e9425
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:8252bb7f54c82ea8791141001dd27d29dca5e3e628e98f7fee2957ffb7e36a05
 
     steps:
       - name: Harden Runner

diff --git a/.github/workflows/build-old.yaml b/.github/workflows/build-old.yaml
@@ -26,7 +26,7 @@ jobs:
       contents: read
 
     container:
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:7acd15c1b765550faec477069a7d0c8a1de329f220f8d7d1786ecbf3172e9425
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:8252bb7f54c82ea8791141001dd27d29dca5e3e628e98f7fee2957ffb7e36a05
       # TODO: Deprivilege
       options: |
         --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined
@@ -139,7 +139,7 @@ jobs:
 
     container:
       # NOTE: This step only signs and uploads, so it doesn't need any privileges
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:7acd15c1b765550faec477069a7d0c8a1de329f220f8d7d1786ecbf3172e9425
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:8252bb7f54c82ea8791141001dd27d29dca5e3e628e98f7fee2957ffb7e36a05
 
     steps:
       - name: Harden Runner
@@ -262,7 +262,7 @@ jobs:
 
     container:
       # NOTE: This step only signs and uploads, so it doesn't need any privileges
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:7acd15c1b765550faec477069a7d0c8a1de329f220f8d7d1786ecbf3172e9425
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:8252bb7f54c82ea8791141001dd27d29dca5e3e628e98f7fee2957ffb7e36a05
 
     steps:
       - name: Harden Runner

diff --git a/.github/workflows/build-world.yaml b/.github/workflows/build-world.yaml
@@ -27,7 +27,7 @@ jobs:
     # permissions:
 
     container:
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:7acd15c1b765550faec477069a7d0c8a1de329f220f8d7d1786ecbf3172e9425
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:8252bb7f54c82ea8791141001dd27d29dca5e3e628e98f7fee2957ffb7e36a05
       # TODO: Deprivilege
       options: |
         --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -29,7 +29,7 @@ jobs:
       contents: read
 
     container:
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:7acd15c1b765550faec477069a7d0c8a1de329f220f8d7d1786ecbf3172e9425
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:8252bb7f54c82ea8791141001dd27d29dca5e3e628e98f7fee2957ffb7e36a05
       # TODO: Deprivilege
       options: |
         --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined
@@ -170,7 +170,7 @@ jobs:
 
     container:
       # NOTE: This step only signs and uploads, so it doesn't need any privileges
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:7acd15c1b765550faec477069a7d0c8a1de329f220f8d7d1786ecbf3172e9425
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:8252bb7f54c82ea8791141001dd27d29dca5e3e628e98f7fee2957ffb7e36a05
 
     steps:
       - name: Harden Runner
@@ -293,7 +293,7 @@ jobs:
 
     container:
       # NOTE: This step only signs and uploads, so it doesn't need any privileges
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:7acd15c1b765550faec477069a7d0c8a1de329f220f8d7d1786ecbf3172e9425
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:8252bb7f54c82ea8791141001dd27d29dca5e3e628e98f7fee2957ffb7e36a05
 
     steps:
       - name: Harden Runner

diff --git a/.github/workflows/lint-world.yaml b/.github/workflows/lint-world.yaml
@@ -32,7 +32,7 @@ jobs:
       group: wolfi-os-builder-${{ matrix.arch }}
 
     container:
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:7acd15c1b765550faec477069a7d0c8a1de329f220f8d7d1786ecbf3172e9425
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:8252bb7f54c82ea8791141001dd27d29dca5e3e628e98f7fee2957ffb7e36a05
 
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

diff --git a/Makefile b/Makefile
@@ -188,7 +188,7 @@ dev-container:
 	    -v "${PWD}:${PWD}" \
 	    -w "${PWD}" \
 	    -e SOURCE_DATE_EPOCH=0 \
-	    ghcr.io/wolfi-dev/sdk:latest@sha256:7acd15c1b765550faec477069a7d0c8a1de329f220f8d7d1786ecbf3172e9425
+	    ghcr.io/wolfi-dev/sdk:latest@sha256:8252bb7f54c82ea8791141001dd27d29dca5e3e628e98f7fee2957ffb7e36a05
 
 PACKAGES_CONTAINER_FOLDER ?= /work/packages
 TMP_REPOSITORIES_DIR := $(shell mktemp -d)
@@ -253,6 +253,6 @@ dev-container-wolfi:
 		--mount type=bind,source="${PWD}/local-melange.rsa.pub",destination="/etc/apk/keys/local-melange.rsa.pub",readonly \
 		--mount type=bind,source="$(TMP_REPOSITORIES_FILE)",destination="/etc/apk/repositories",readonly \
 		-w "$(PACKAGES_CONTAINER_FOLDER)" \
-		ghcr.io/wolfi-dev/sdk:latest@sha256:7acd15c1b765550faec477069a7d0c8a1de329f220f8d7d1786ecbf3172e9425
+		ghcr.io/wolfi-dev/sdk:latest@sha256:8252bb7f54c82ea8791141001dd27d29dca5e3e628e98f7fee2957ffb7e36a05
 	@rm "$(TMP_REPOSITORIES_FILE)"
 	@rmdir "$(TMP_REPOSITORIES_DIR)"
diff --git a/argo-cd-2.10.yaml b/argo-cd-2.10.yaml
@@ -1,7 +1,7 @@
 package:
   name: argo-cd-2.10
-  version: 2.10.6
-  epoch: 1
+  version: 2.10.7
+  epoch: 0
   description: Declarative continuous deployment for Kubernetes.
   copyright:
     - license: Apache-2.0
@@ -24,7 +24,7 @@ pipeline:
     with:
       repository: https://github.com/argoproj/argo-cd
       tag: v${{package.version}}
-      expected-commit: d504d2b1d92f0cf831a124a5fd1a96ee29fa7679
+      expected-commit: b060053b099b4c81c1e635839a309c9c8c1863e9
 
   - uses: go/bump
     with:

diff --git a/atuin.yaml b/atuin.yaml
@@ -1,6 +1,6 @@
 package:
   name: atuin
-  version: 18.1.0
+  version: 18.2.0
   epoch: 0
   description: Magical shell history
   copyright:
@@ -19,7 +19,7 @@ pipeline:
     with:
       repository: https://github.com/atuinsh/atuin
       tag: v${{package.version}}
-      expected-commit: c00e54c54c63e6ed4275d51b8bf6aea4e0221f92
+      expected-commit: a0231a70950fbec9dcc3403e37066d891d1fc833
 
   - runs: |
       cargo build --locked --release

diff --git a/brew.yaml b/brew.yaml
@@ -1,6 +1,6 @@
 package:
   name: brew
-  version: 4.2.17
+  version: 4.2.18
   epoch: 0
   description: "The homebrew package manager"
   copyright:
@@ -48,7 +48,7 @@ pipeline:
       repository: https://github.com/Homebrew/brew
       tag: ${{package.version}}
       destination: ./brew
-      expected-commit: 0476c2e5e4f02b409084553896340b2f4ab3352e
+      expected-commit: 9edabf02ce29e54d0b717baa757cff38ad0c0e25
 
   - runs: |
       set -x

diff --git a/cedar.yaml b/cedar.yaml
@@ -1,6 +1,6 @@
 package:
   name: cedar
-  version: 3.1.2
+  version: 3.1.3
   epoch: 0
   description: "Core implementation of the Cedar language"
   copyright:
@@ -19,7 +19,7 @@ pipeline:
   - uses: git-checkout
     with:
       repository: https://github.com/cedar-policy/cedar
-      expected-commit: 7f42da2fa311af51f7f0e7612f735d580e982ad7
+      expected-commit: f4756167959a8f1567385205daf02b6ec5e34d64
       tag: v${{package.version}}
 
   - name: Configure and build

diff --git a/confluent-kafka-images.yaml b/confluent-kafka-images.yaml
@@ -1,7 +1,7 @@
 #nolint:git-checkout-must-use-github-updates
 package:
   name: confluent-kafka-images
-  version: 7.7.0.20
+  version: 7.7.0.22
   epoch: 0
   description: Provides build files for Apache Kafka and Confluent Docker images
   copyright:
@@ -22,7 +22,7 @@ var-transforms:
 pipeline:
   - uses: git-checkout
     with:
-      expected-commit: d5e7641162f239a090bf521d26800aa814e64ec6
+      expected-commit: 8a5fb8eeb3f762ac9b39328a473af6da43256e86
       repository: https://github.com/confluentinc/kafka-images
       tag: v${{vars.mangled-package-version}}
 

diff --git a/deno.yaml b/deno.yaml
@@ -1,6 +1,6 @@
 package:
   name: deno
-  version: 1.42.3
+  version: 1.42.4
   epoch: 0
   description: "A modern runtime for JavaScript and TypeScript."
   copyright:
@@ -27,7 +27,7 @@ pipeline:
   - uses: fetch
     with:
       uri: https://github.com/denoland/deno/archive/refs/tags/v${{package.version}}.tar.gz
-      expected-sha256: 43d8a5c2740f2f6fed0c84aed42f045db0b92515debdb59fae63ef6249712c24
+      expected-sha256: 7ef4383dd5a290c672da3827eec80c4b49a6c0eab0893ed6cd72e335eee362d6
 
   - name: Configure and build
     runs: |

diff --git a/execline.yaml b/execline.yaml
@@ -1,7 +1,7 @@
 package:
   name: execline
-  version: 2.9.4.0
-  epoch: 1
+  version: 2.9.5.0
+  epoch: 0
   description: "a small scripting language intended to be an alternative to shell scripting"
   copyright:
     - license: ISC
@@ -19,7 +19,7 @@ pipeline:
   - uses: fetch
     with:
       uri: https://skarnet.org/software/execline/execline-${{package.version}}.tar.gz
-      expected-sha256: 9ab55d561539dfa76ff4a97906fa995fc4a288e3de5225cb1a9d8fa9e9ebc49b
+      expected-sha256: c1eb0d3a2f4e9f5751452631617a147f532ac2dd4a07c564e33f1612d2de837e
 
   - name: Configure
     runs: |

diff --git a/gatekeeper-3.14.yaml b/gatekeeper-3.14.yaml
@@ -28,12 +28,13 @@ pipeline:
 
   - uses: go/bump
     with:
-      deps: google.golang.org/[email protected] golang.org/x/[email protected] google.golang.org/[email protected]
+      deps: google.golang.org/[email protected] golang.org/x/[email protected] google.golang.org/[email protected] github.com/containerd/[email protected] github.com/docker/[email protected]
 
   - runs: |
       FRAMEWORKS_VERSION=$(go list -f '{{ .Version }}' -m github.com/open-policy-agent/frameworks/constraint)
       OPA_VERSION=$(go list -f '{{ .Version }}' -m github.com/open-policy-agent/opa)
       CGO_ENABLED=0 GO111MODULE=on go build -mod vendor -a -ldflags "-w -X github.com/open-policy-agent/gatekeeper/pkg/version.Version=v${{package.version}} -X main.frameworksVersion=${FRAMEWORKS_VERSION} -X main.opaVersion=${OPA_VERSION}" -o manager
+      make gator
       mkdir -p ${{targets.destdir}}/usr/bin
       install -Dm755 ./manager ${{targets.destdir}}/usr/bin/manager
 
@@ -49,6 +50,15 @@ subpackages:
       provides:
         - gatekeeper-compat=${{package.full-version}}
 
+  - name: ${{package.name}}-gator
+    pipeline:
+      - runs: |
+          mkdir -p ${{targets.subpkgdir}}/usr/bin
+          mv bin/gator ${{targets.subpkgdir}}/usr/bin/gator
+    dependencies:
+      provides:
+        - gatekeeper-gator=${{package.full-version}}
+
 update:
   enabled: true
   github:

diff --git a/grype.yaml b/grype.yaml
@@ -1,6 +1,6 @@
 package:
   name: grype
-  version: 0.75.0
+  version: 0.76.0
   epoch: 0
   description: Vulnerability scanner for container images, filesystems, and SBOMs
   copyright:
@@ -15,7 +15,7 @@ pipeline:
     with:
       repository: https://github.com/anchore/grype
       tag: v${{package.version}}
-      expected-commit: 57af1c34cb7db17824eac983cc6ae6945db47c88
+      expected-commit: a7cbe3a26c95826b0a0a5b7c94b56f4077d66ccd
 
   - uses: go/build
     with:

diff --git a/harbor-registry.yaml b/harbor-registry.yaml
@@ -1,7 +1,7 @@
 package:
   name: harbor-registry
   version: 3.0.0_alpha1
-  epoch: 0
+  epoch: 1
   description: An open source trusted cloud native registry project that stores, signs, and scans content (registry)
   copyright:
     - license: Apache-2.0

diff --git a/helm-operator.yaml b/helm-operator.yaml
@@ -1,7 +1,7 @@
 package:
   name: helm-operator
   version: 1.34.1
-  epoch: 2
+  epoch: 3
   description: open source toolkit to manage Kubernetes native applications.
   copyright:
     - license: Apache-2.0
@@ -24,7 +24,7 @@ pipeline:
   - uses: go/bump
     with:
       deps: golang.org/x/[email protected] github.com/docker/[email protected]+incompatible helm.sh/helm/[email protected] google.golang.org/[email protected] github.com/docker/[email protected]
-      replaces: github.com/google/gnostic=github.com/google/[email protected] k8s.io/kube-openapi=k8s.io/[email protected]
+      replaces: github.com/google/gnostic=github.com/google/[email protected] k8s.io/kube-openapi=k8s.io/[email protected] github.com/distribution/reference=github.com/distribution/[email protected]
 
   - runs: |
       make build/operator-sdk build/helm-operator

diff --git a/influx.yaml b/influx.yaml
@@ -1,7 +1,7 @@
 package:
   name: influx
-  version: 2.7.3
-  epoch: 11
+  version: 2.7.4
+  epoch: 0
   description: CLI for managing resources in InfluxDB v2
   copyright:
     - license: MIT
@@ -20,11 +20,7 @@ pipeline:
     with:
       repository: https://github.com/influxdata/influx-cli
       tag: v${{package.version}}
-      expected-commit: 8b962c7e750559f784dd2028633e5f324d4a8da2
-
-  - uses: go/bump
-    with:
-      deps: google.golang.org/[email protected]
+      expected-commit: ec55d42dc4214b335b05b1646293affff710cd63
 
   - runs: |
       # Our global LDFLAGS conflict with a Makefile parameter

diff --git a/ipfs.yaml b/ipfs.yaml
@@ -1,7 +1,7 @@
 package:
   name: ipfs
-  version: 0.27.0
-  epoch: 4
+  version: 0.28.0
+  epoch: 0
   description: An IPFS implementation in Go
   copyright:
     - license: Apache-2.0
@@ -24,13 +24,13 @@ environment:
 pipeline:
   - uses: git-checkout
     with:
-      expected-commit: 59bcea8783e4117d56aeb81685ce33b8ddb13a1b
+      expected-commit: e7f0f340c65379c1dd2d80967ae625614f1b9eae
       repository: https://github.com/ipfs/kubo
       tag: v${{package.version}}
 
   - uses: go/bump
     with:
-      deps: google.golang.org/[email protected] github.com/quic-go/[email protected] github.com/libp2p/[email protected]
+      deps: google.golang.org/[email protected]
 
   - runs: |
       CGO_ENABLED=1 GOOS=$(go env GOOS) GOARCH=$(go env GOARCH) GOFLAGS=-buildvcs=false make build GOTAGS=openssl

diff --git a/kubecolor.yaml b/kubecolor.yaml
@@ -1,6 +1,6 @@
 package:
   name: kubecolor
-  version: 0.2.2
+  version: 0.3.0
   epoch: 1
   description: Colorize your kubectl output
   copyright:
@@ -23,7 +23,7 @@ pipeline:
     with:
       repository: https://github.com/kubecolor/kubecolor
       tag: v${{package.version}}
-      expected-commit: 44922b41665dea35b12c994d932d2ea6c67962d1
+      expected-commit: 6a32eedbf6ce6310b46731a6917c1080de6d3716
 
   - uses: go/build
     with:

diff --git a/kubeflow-centraldashboard.yaml b/kubeflow-centraldashboard.yaml
@@ -1,10 +1,13 @@
 package:
   name: kubeflow-centraldashboard
   version: 1.8.0
-  epoch: 3
+  epoch: 4
   description: Landing page and central dashboard for Kubeflow deployments
   copyright:
     - license: MIT
+  dependencies:
+    runtime:
+      - npm
 
 environment:
   contents: