Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:ojkastl_buildservice:Branch_Virtualization_containers
apko
apko.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File apko.changes of Package apko
------------------------------------------------------------------- Thu Nov 21 07:50:29 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.20.1: * fix: Allow accounts to belong to GID 0 (#1407) * build(deps): bump github/codeql-action from 3.27.4 to 3.27.5 (#1410) * build(deps): bump google.golang.org/api from 0.206.0 to 0.207.0 (#1409) * build(deps): bump step-security/harden-runner from 2.10.1 to 2.10.2 (#1408) * build(deps): bump google.golang.org/api from 0.205.0 to 0.206.0 (#1405) ------------------------------------------------------------------- Fri Nov 15 07:06:24 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.20.0: * Pass errors up the stack in CalculateWorld and InstallPackages (#1404) * build(deps): bump github/codeql-action from 3.27.2 to 3.27.4 (#1403) * build(deps): bump go.step.sm/crypto from 0.54.0 to 0.54.2 (#1402) * build(deps): bump golang.org/x/time from 0.7.0 to 0.8.0 (#1389) * build(deps): bump golang.org/x/sys from 0.26.0 to 0.27.0 (#1390) * build(deps): bump github/codeql-action from 3.27.1 to 3.27.2 (#1400) * build(deps): bump github/codeql-action from 3.27.0 to 3.27.1 (#1395) * build(deps): bump go.opentelemetry.io/otel from 1.31.0 to 1.32.0 (#1396) * build(deps): bump google.golang.org/api from 0.204.0 to 0.205.0 (#1388) * build(deps): bump golang.org/x/sync from 0.8.0 to 0.9.0 (#1391) * Add support for extras in `build-cpio` (#1394) * build(deps): bump goreleaser/goreleaser-action from 6.0.0 to 6.1.0 (#1392) * Record the `apko.json` file used to produce this image. (#1353) * docs(apk): document apkindex methods (#1393) ------------------------------------------------------------------- Tue Nov 12 07:33:59 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.19.9: * fix: --cache-dir broken after in 0.19.3+ (#1382) * fix: ensure cacheTransport returns an error for non-200 responses (#1381) * Attempt to flush renamed files in cache (#1387) ------------------------------------------------------------------- Tue Nov 05 09:44:20 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.19.8: * build(deps): bump google.golang.org/api from 0.203.0 to 0.204.0 (#1384) * Re-instantiate each APK's tarfs after caching (#1383) ------------------------------------------------------------------- Thu Oct 31 20:05:38 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.19.7: * Drop errgroup.WithContext and add withCause (#1380) * Allow multiauthenticator to try all authenticators (#1379) ------------------------------------------------------------------- Wed Oct 30 08:08:58 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.19.6: * MergeInto should include Volumes (#1376) ------------------------------------------------------------------- Tue Oct 29 13:58:07 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.19.5: * rsa: remove backwards compat APIs (#1307) * fix bug with triggers encoded in triggers file (#1358) ------------------------------------------------------------------- Sat Oct 26 08:22:36 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.19.4: * Make MergeInto threadsafe (#1374) * set downloadLocation to NOASSERTION when apk.URL is unset (#1372) * fix concurrent annotation map update (#1370) * fix data race in index cache (#1369) ------------------------------------------------------------------- Fri Oct 25 12:12:31 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.19.3: * build(deps): bump k8s.io/apimachinery from 0.31.1 to 0.31.2 (#1363) * build(deps): bump github/codeql-action from 3.26.13 to 3.27.0 (#1356) * build(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#1355) * build(deps): bump google.golang.org/api from 0.201.0 to 0.203.0 (#1362) * Avoid race when mutating annotations (#1368) * Stop using real headers for side channels (#1367) * fix(sbom): deduplicate SBOM packages by ID (#1366) * allow key lookups for http (#1365) * SBOM test cleanup (#1361) * don't attempt to discover chainguard keys for local file paths (#1360) * Work around sendfile bug (#1359) * Preserve APK timestamps when using dirfs (#1352) * build(deps): bump chainguard.dev/sdk from 0.1.27 to 0.1.28 (#1351) * build(deps): bump github.com/klauspost/compress from 1.17.10 to 1.17.11 (#1343) * build(deps): bump go.opentelemetry.io/otel from 1.30.0 to 1.31.0 (#1346) * build(deps): bump github/codeql-action from 3.26.12 to 3.26.13 (#1344) * build(deps): bump chainguard.dev/sdk from 0.1.26 to 0.1.27 (#1347) * build(deps): bump google.golang.org/api from 0.199.0 to 0.201.0 (#1348) * build(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#1340) * build(deps): bump github/codeql-action from 3.26.11 to 3.26.12 (#1339) * build(deps): bump go.step.sm/crypto from 0.53.0 to 0.54.0 (#1338) * build(deps): bump golang.org/x/sys from 0.25.0 to 0.26.0 (#1335) * build(deps): bump golang.org/x/time from 0.6.0 to 0.7.0 (#1336) * Update go to 1.23.2 and golangci-lint (#1334) * build(deps): bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 (#1331) * build(deps): bump chainguard.dev/sdk from 0.1.25 to 0.1.26 (#1328) * build(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 (#1329) * build(deps): bump github/codeql-action from 3.26.10 to 3.26.11 (#1332) * build(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 (#1333) * Make etag checks optional (#1327) * don't attempt to discover keys for file path repos (#1326) * cleanup: remove Lima documentation (#1325) * use slog default logger for CG auth exchange (#1324) * Drop a period from a command's help (#1312) * build(deps): bump go.step.sm/crypto from 0.52.0 to 0.53.0 (#1322) * build(deps): bump google.golang.org/api from 0.198.0 to 0.199.0 (#1320) * build(deps): bump github/codeql-action from 3.26.9 to 3.26.10 (#1323) * fix(ci): mark GitHub releases as latest from prerelease (#1277) * Fail if APKINDEX has single-character lines (#1321) * build(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#1319) * build(deps): bump github.com/klauspost/compress from 1.17.9 to 1.17.10 (#1315) * build(deps): bump github/codeql-action from 3.26.8 to 3.26.9 (#1318) * Cache some more expensive operations (#1317) * set OCI created annotation (#1316) * cg auth: fix sometimes (#1314) ------------------------------------------------------------------- Sat Sep 21 17:09:02 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.19.2: * set audience correctly, no https (#1313) * point to the apk.cgr.dev repo urls (#1311) ------------------------------------------------------------------- Sat Sep 21 17:06:46 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.19.1: * Restore SourceDateEpoch in tarball for melange (#1310) * build(deps): bump google.golang.org/api from 0.197.0 to 0.198.0 (#1309) * build(deps): bump github/codeql-action from 3.26.7 to 3.26.8 (#1308) ------------------------------------------------------------------- Sat Sep 21 17:04:01 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.19.0: * Keep apk modtime (#1305) * Delete a bunch of dead code (#1306) * build(deps): bump chainguard.dev/sdk from 0.1.24 to 0.1.25 (#1301) ------------------------------------------------------------------- Sat Sep 14 10:35:39 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de> - BuildRequire go1.23 to fix builds on Leap 16.0 ------------------------------------------------------------------- Sat Sep 14 10:19:09 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.18.1: * build(deps): bump k8s.io/apimachinery from 0.31.0 to 0.31.1 (#1302) * build(deps): bump github/codeql-action from 3.26.6 to 3.26.7 (#1304) * build(deps): bump sigs.k8s.io/release-utils from 0.8.4 to 0.8.5 (#1300) * Keep standalone DiscoverKeys function (#1303) ------------------------------------------------------------------- Sat Sep 14 10:11:56 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.18.0: * build(deps): bump google.golang.org/api from 0.196.0 to 0.197.0 (#1298) * build(deps): bump go.opentelemetry.io/otel from 1.29.0 to 1.30.0 (#1297) * build(deps): bump go.opentelemetry.io/otel/trace from 1.29.0 to 1.30.0 (#1299) * build(deps): bump go.step.sm/crypto from 0.51.2 to 0.52.0 (#1296) * build(deps): bump step-security/harden-runner from 2.9.1 to 2.10.1 (#1295) * rsa256 (#1256) * build(deps): bump go.step.sm/crypto from 0.51.1 to 0.51.2 (#1292) * Add LoongArch architecture definition (#1275) * build(deps): bump google.golang.org/api from 0.195.0 to 0.196.0 (#1293) * build(deps): bump golang.org/x/sys from 0.24.0 to 0.25.0 (#1294) * build(deps): bump github/codeql-action from 3.26.5 to 3.26.6 (#1291) * auth: attempt CG auth if envs are configured (#1279) * build(deps): bump chainguard.dev/sdk from 0.1.23 to 0.1.24 (#1289) * build(deps): bump google.golang.org/api from 0.194.0 to 0.195.0 (#1290) * upgrade to golang 1.23 (#1278) * build(deps): bump go.opentelemetry.io/otel/trace from 1.28.0 to 1.29.0 (#1286) * build(deps): bump github/codeql-action from 3.26.4 to 3.26.5 (#1288) * build(deps): bump google.golang.org/api from 0.193.0 to 0.194.0 (#1285) * codeql needs security-events: write (#1281) * build(deps): bump google.golang.org/api from 0.192.0 to 0.193.0 (#1282) * build(deps): bump github/codeql-action from 3.26.3 to 3.26.4 (#1283) * new command: `install-keys` (#1227) * build(deps): bump github/codeql-action from 3.26.2 to 3.26.3 (#1280) * Wire up chainctl stderr to os.Stderr (#1274) * Expose DiscoverKeys (#1273) * build(deps): bump github/codeql-action from 3.26.1 to 3.26.2 (#1271) * Expose type of DefaultAuthenticators (#1272) * build(deps): bump github/codeql-action from 3.26.0 to 3.26.1 (#1266) * build(deps): bump k8s.io/apimachinery from 0.30.3 to 0.31.0 (#1267) * build(deps): bump google.golang.org/api from 0.191.0 to 0.192.0 (#1268) * Revert "drop dependency on go.lsp.dev/uri" (#1262) * drop dependency on go.lsp.dev/uri (#1259) * remove custom log package, charm supports it now (#1257) * drop dependency on heredoc (#1258) * Bust global caches by default in index tests (#1255) * build(deps): bump github.com/chainguard-dev/clog from 1.4.0 to 1.5.0 (#1254) * build(deps): bump chainguard.dev/sdk from 0.1.22 to 0.1.23 (#1251) * build(deps): bump golang.org/x/sys from 0.23.0 to 0.24.0 (#1252) * build(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0 (#1250) * build(deps): bump github.com/sigstore/cosign/v2 from 2.3.0 to 2.4.0 (#1245) * build(deps): bump github.com/docker/docker from 26.1.4+incompatible to 26.1.5+incompatible in the go_modules group (#1253) * build(deps): bump google.golang.org/api from 0.190.0 to 0.191.0 (#1249) * build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 (#1247) * build(deps): bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2 (#1246) * auth: Set username to "user" (#1244) * build(deps): bump step-security/harden-runner from 2.9.0 to 2.9.1 (#1243) * set basic chainguard auth (#1242) * build(deps): bump golang.org/x/time from 0.5.0 to 0.6.0 (#1239) * build(deps): bump golang.org/x/sync from 0.7.0 to 0.8.0 (#1240) * auth: Wrap errors (#1241) * build(deps): bump golang.org/x/sys from 0.22.0 to 0.23.0 (#1238) * build(deps): bump google.golang.org/api from 0.189.0 to 0.190.0 (#1237) * build(deps): bump google.golang.org/api from 0.188.0 to 0.189.0 (#1235) * build(deps): bump chainguard.dev/sdk from 0.1.21 to 0.1.22 (#1236) * allow APK auth using assumable identity (#1230) * build(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 (#1233) * build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.3 to 4.0.4 (#1229) * build(deps): bump github.com/docker/docker from 24.0.9+incompatible to 26.1.4+incompatible in the go_modules group (#1232) * Canonicalize the architecture. (#1231) * use retryable http client by default (#1228) * Fix replacing symlinks (#1225) * Merge architectures (#1226) * Migrate the configuration locking to `apko`. (#1222) * build(deps): bump sigs.k8s.io/release-utils from 0.8.3 to 0.8.4 (#1220) * build(deps): bump github/codeql-action from 3.25.13 to 3.25.15 (#1221) * Create a command similar to `build-minirootfs` for CPIO (#1177) * build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.3 (#1217) ------------------------------------------------------------------- Thu Jul 25 05:01:50 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.17.0: * begin a new APK client (#1218) * remove the concept of Assertions (#1214) * Implement client-side APK discovery in `apko` (#1216) * copy annotations to config labels (#1215) * build(deps): bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.3.0 (#1213) * build(deps): bump docker/setup-qemu-action from 3.1.0 to 3.2.0 (#1211) * build(deps): bump github/codeql-action from 3.25.12 to 3.25.13 (#1212) * build(deps): bump k8s.io/apimachinery from 0.30.2 to 0.30.3 (#1209) * build(deps): bump github/codeql-action from 3.25.11 to 3.25.12 (#1203) * build(deps): bump step-security/harden-runner from 2.8.1 to 2.9.0 (#1210) * build(deps): bump github.com/google/go-containerregistry from 0.20.0 to 0.20.1 (#1208) * build(deps): bump actions/setup-go from 5.0.1 to 5.0.2 (#1200) * Remove labels from names and URLs in lockfile (#1163) * Add `MergeInto` for combining `ImageConfiguration`s (#1206) * Have the Authenticator support returning errors (#1205) * Simplify s6 stuff further (#1204) * Faster NewPkgResolver and GetRepositoryIndexes (#1202) * Add build.MultiArch.BuildPackageLists (#1201) * build(deps): bump github.com/google/go-containerregistry from 0.19.2 to 0.20.0 (#1199) * build(deps): bump sigs.k8s.io/release-utils from 0.8.2 to 0.8.3 (#1197) * fix * cleanup * checkout first * tidy * index throws nil pointer when no auth set * build(deps): bump golang.org/x/sys from 0.21.0 to 0.22.0 * tests are broken due to incosnsistency package version of openssl(riscv64) on alpine * remove more unknown stuff from example, log more * fail on unknown fields, remove os-release from alpine-slim * set unknown version ID too * remove more cruft * move os-release stuff into pkg/build/sbom.go, unexport * remove the example * remove remote include feature * remove os-release from apko config * Simplify the resolution logic to use `expandapk.Split` (#1186) * build(deps): bump go.opentelemetry.io/otel/trace from 1.27.0 to 1.28.0 * build(deps): bump docker/setup-qemu-action from 3.0.0 to 3.1.0 * build(deps): bump github/codeql-action from 3.25.10 to 3.25.11 ------------------------------------------------------------------- Wed Jul 03 19:07:59 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.16.0: * Fix typo in DefaultAuthenticators * Don't mutate accounts if base image is set * accept other apk hosts via env, use rate.Sometimes * fix unit tests, add StaticAuth * add TODO * auth: refactor into Authenticator interface * Make solving multi-architecture aware * Refactor into build.Multi, no behavior change * Expose ignoreSignatures functionality to CLI and library consumers * build(deps): bump github.com/chainguard-dev/clog from 1.3.1 to 1.4.0 * example(go): golang example with wolfi base * build(deps): bump github.com/google/go-containerregistry ------------------------------------------------------------------- Wed Jun 19 05:11:36 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.15.0: * Skip over "." when creating directories * build(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 * Plumb through the notion of build-time repositories. * whoops * remove --log-policy flag * build(deps): bump actions/checkout from 4.1.6 to 4.1.7 * build(deps): bump github/codeql-action from 3.25.8 to 3.25.10 * build(deps): bump k8s.io/apimachinery from 0.29.2 to 0.30.2 * build(deps): bump imjasonh/setup-crane from 0.3 to 0.4 * build(deps): bump github.com/klauspost/compress from 1.17.8 to 1.17.9 * Add note about --repository-append * Add include-paths to build and lock * build(deps): bump step-security/harden-runner from 2.8.0 to 2.8.1 ------------------------------------------------------------------- Wed Jun 12 13:34:40 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.14.9: * remove all SBOM formats except SPDX * fix: Add lockfile option to publish command ------------------------------------------------------------------- Fri Jun 07 19:38:30 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.14.8: * Add expandapk.Split and use it * Fix some lints carried over from go-apk * update go-apk * undo diff-causing change * get outta here submodule * rm pkg/apk * go mod tidy * go away * goimports -local to make linter a little happier * WIP: unsplit go-apk * change deprecated flags * build(deps): bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 * build(deps): bump github/codeql-action from 3.25.7 to 3.25.8 * add test that images with old packages can build * build(deps): bump golang.org/x/sys from 0.20.0 to 0.21.0 * appease linter * fix tests * use latest go-apk * enable per-host auth ------------------------------------------------------------------- Sat Jun 01 09:23:29 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.14.7: * ensure homedir respects non-defaults * build(deps): bump github/codeql-action from 3.25.6 to 3.25.7 ------------------------------------------------------------------- Sat Jun 01 09:10:13 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.14.6: * plumb through HomeDir as optional build configuration * Pull in the auth fix in go-apk (#1145) * Update internal/cli/build.go * Update internal/cli/publish.go * This fixes the boolean logic to pass auth. * go mod tidy * support basic HTTP auth ------------------------------------------------------------------- Thu May 30 08:59:06 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.14.5: * fix: redact URLs in config marshaling * bump go-apk ------------------------------------------------------------------- Thu May 30 08:52:10 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.14.4: * go mod tidy * bump go-apk ------------------------------------------------------------------- Sat May 25 15:08:37 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.14.3: * spdx: fixup PackageVerificationCode setting * spdx: fixup filesAnalyzed setting * spdx: backpopulate supplier & originator for packages * spdx: Add test case of merging pkg SBOM without supplier * spdx: rename expected.spdx.json ahead of more tests ------------------------------------------------------------------- Thu May 23 19:46:28 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.14.2: * spdx: Add test of SBOM of packages with custom licenses * updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor ... - dependency-name: go.opentelemetry.io/otel dependency-type: direct:production update-type: version-update:semver-minor ... * sbom: fixup merging LicensingInfos during Image SBOM generation * build(deps): bump github/codeql-action from 3.25.4 to 3.25.6 * build(deps): bump actions/checkout from 4.1.5 to 4.1.6 * build(deps): bump github.com/package-url/packageurl-go * gofmt * Fix capitalisation style * spdx: allow specifying custom license * Bump go-apk * Bump go-apk to pick up conflict fix * build(deps): bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 * Bump go-apk * linter * Fix duplicates when overlaying the config with config with no contents * build(deps): bump sigs.k8s.io/release-utils from 0.8.1 to 0.8.2 * build(deps): bump golangci/golangci-lint-action from 5.1.0 to 6.0.1 * build(deps): bump github/codeql-action from 3.25.3 to 3.25.4 * build(deps): bump actions/checkout from 4.1.4 to 4.1.5 * build(deps): bump golang.org/x/sys from 0.19.0 to 0.20.0 ------------------------------------------------------------------- Thu May 09 15:48:25 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.14.1: * default supplier to Chainguard * fix: remove default supplier for index SBOMs * build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 * build(deps): bump step-security/harden-runner from 2.7.0 to 2.7.1 * build(deps): bump golangci/golangci-lint-action from 5.0.0 to 5.1.0 * build(deps): bump github/codeql-action from 3.25.2 to 3.25.3 * build(deps): bump go.opentelemetry.io/otel from 1.25.0 to 1.26.0 * build(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 * build(deps): bump actions/checkout from 4.1.3 to 4.1.4 * build(deps): bump github/codeql-action from 3.25.1 to 3.25.2 * build(deps): bump actions/checkout from 4.1.2 to 4.1.3 * Parse apkindex only once during initialization * Comment fix * Refresh make generate * feat(user): Allow overriding the default shell * Update sbom-aarch64.spdx.json * spdx: remove more mentions of files * build(deps): bump golang.org/x/net in the go_modules group * Run build script for apko examples if such exists * Prepare the script to be run as part of github workflow * Fix golangci-lint * build(deps): bump github/codeql-action from 3.25.0 to 3.25.1 * build(deps): bump github/codeql-action from 3.24.10 to 3.25.0 * Add example for building on top of base * Update pkg/build/types/image_configuration.go * Update internal/cli/build.go * Address part of the comments from review round 1 * build(deps): bump github.com/sigstore/cosign/v2 from 2.2.3 to 2.2.4 * build(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 * Improve getImageForArch - nested index support and lookup of arch in config * Build and lock support for base image * Build and lock support for base image * Build and lock support for base image * build(deps): bump golang.org/x/sys from 0.18.0 to 0.19.0 * build(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0 * build(deps): bump github/codeql-action from 3.24.9 to 3.24.10 * build(deps): bump go.opentelemetry.io/otel from 1.24.0 to 1.25.0 * build(deps): bump sigs.k8s.io/release-utils from 0.8.0 to 0.8.1 * build(deps): bump sigs.k8s.io/release-utils from 0.7.7 to 0.8.0 * build(deps): bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 * Add testdata for apko on top of base image * build(deps): bump github/codeql-action from 3.24.8 to 3.24.9 * build(deps): bump github.com/charmbracelet/log * more tests * fix golden tests * fix test * try to fix this test * ignore Files when generating SBOMs * build(deps): bump github.com/docker/docker * build(deps): bump github/codeql-action from 3.24.7 to 3.24.8 * build(deps): bump github.com/google/go-containerregistry * Add more spans around potentially slow ops * build(deps): bump github/codeql-action from 3.24.6 to 3.24.7 * Add Harden Runner audit configs * build(deps): bump actions/checkout from 4.1.1 to 4.1.2 * build(deps): bump k8s.io/apimachinery from 0.28.3 to 0.29.2 * Bump go-apk * build(deps): bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3 * build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 * build(deps): bump github/codeql-action from 3.24.5 to 3.24.6 * Bump go-apk * build(deps): bump go.opentelemetry.io/otel from 1.22.0 to 1.24.0 * build(deps): bump github/codeql-action from 3.23.2 to 3.24.5 * Store checksum of apko-config in the lock-file to detect changes in origin. * Drop creating group log * Allow apko dot to be cancelled * build(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 * Make sure we clean up after ourselves * Preserve APK hardlinks * build(deps): bump golang.org/x/sys from 0.16.0 to 0.17.0 * build(deps): bump github.com/chainguard-dev/clog from 1.3.0 to 1.3.1 * go mod tidy * fix repro test * pick up go-apk changes * move some logs to debug, avoid duplicate work/logs * Cancel context on interrupt signal * go mod tidy * use charmlog @ head to get levels" * support log-level flag * Plumb ctx through daemon package * use charm logger * build(deps): bump github.com/chainguard-dev/clog * build(deps): bump github.com/google/go-containerregistry * build(deps): bump github.com/sigstore/cosign/v2 from 2.2.1 to 2.2.3 * build(deps): bump sigstore/cosign-installer from 3.2.0 to 3.4.0 * Make apko dot show errors * build(deps): bump github/codeql-action from 2.22.6 to 3.23.2 * build(deps): bump actions/setup-go from 4.1.0 to 5.0.0 ------------------------------------------------------------------- Wed Jan 31 14:20:12 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.14.0: * Bump go-apk to pick up new solver behavior * Plumb offline flags around more * Audit workflow permissions (#1017) * Add test and trailing new line to `apko.lock.json` files. * simplify logging to use slog * remove unused MarkDeprecated * remove unused AdditionalTags method * drop deprecated options field ------------------------------------------------------------------- Mon Jan 15 20:42:20 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.13.3: * build(deps): bump github.com/cloudflare/circl from 1.3.5 to 1.3.7 * Return better error messages for missing config * Drop multierror for errgroup ------------------------------------------------------------------- Sun Jan 07 18:12:07 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.13.2: * build(deps): bump github.com/go-git/go-git/v5 from 5.10.0 to 5.11.0 ------------------------------------------------------------------- Sun Jan 07 18:10:34 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.13.1: * Strip leading slash before sbom ownership check ------------------------------------------------------------------- Sun Jan 07 18:09:12 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 0.13.0: * Update NEWS.md for v0.13.0 * Use idb to drive sbom file inclusion * Add golden tests * Change testdata to be a bit smaller * Fix duplicate IDB entries * build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 * Update lock.go * Make sure list of 'repositories' in the 'resolved.json.file' is complete. * Again we were not doing post-actions. * Fixing Lint errors. * Rename --resolved-file to --lockfile (all over the place). * Integrate apko with InstallPackages api in go-apk. Support locked build with --resolved-file. * Improve the architecture handling. * Apko interpeting resolved (lock) file: Prototype 1. * Ensure jsonschema is kept up to date. ------------------------------------------------------------------- Thu Nov 30 09:08:12 UTC 2023 - kastl@b1-systems.de - Update to version 0.12.0: * Update NEWS.md for 0.12.0 * Allow existing packages to replace installed pkg * Fix packages with multiple Replaces * Add binary to generate json schema. * review feedback * fix and continuously validate SBOMs ------------------------------------------------------------------- Thu Nov 16 14:56:08 UTC 2023 - kastl@b1-systems.de - Update to version 0.11.3: * Update release.md * Create release.md * Drop cloud keychains * Try to approximate ~ in apko dot * build(deps): bump sigs.k8s.io/release-utils from 0.7.6 to 0.7.7 * build(deps): bump github/codeql-action from 2.22.5 to 2.22.6 * build(deps): bump golang.org/x/term from 0.13.0 to 0.14.0 * build(deps): bump github.com/sigstore/cosign/v2 from 2.2.0 to 2.2.1 * update go-apk dependency * build(deps): bump go.opentelemetry.io/otel from 1.19.0 to 1.20.0 * build(deps): bump sigstore/cosign-installer from 3.1.2 to 3.2.0 * build with go 1.21 * use main * use pushed PR * WIP: use forked alpine-go in go-apk * cleanup: remove unused flags * build(deps): bump github.com/docker/docker ------------------------------------------------------------------- Mon Oct 30 19:10:59 UTC 2023 - kastl@b1-systems.de - Update to version 0.11.2: * Update NEWS.md for v0.11.2 * Bump go-apk to fix solver * build(deps): bump github/codeql-action from 2.22.4 to 2.22.5 * build(deps): bump sigs.k8s.io/release-utils from 0.7.5 to 0.7.6 ------------------------------------------------------------------- Fri Oct 27 04:54:37 UTC 2023 - kastl@b1-systems.de - Update to version 0.11.1: * Update NEWS.md for 0.11.1 * Pass UID and GID mapping to the tarball writer * Add json tags to ImageConfiguration types. * build(deps): bump github/codeql-action from 2.22.1 to 2.22.4 * build(deps): bump actions/checkout from 4.1.0 to 4.1.1 * drop sync-issues-to-project-board.yaml not used anymore * streamline release workflow * call ImageConfiguration() * Remove Trailing / if there any * Fixed the make-devenv script ------------------------------------------------------------------- Thu Oct 19 06:24:13 UTC 2023 - kastl@b1-systems.de - Update to version 0.11.0: * Update NEWS.md * Clone image config's env to avoid race * feat: implement resolve command * build(deps): bump golang.org/x/sync from 0.3.0 to 0.4.0 * build(deps): bump sigs.k8s.io/release-utils * build(deps): bump go.opentelemetry.io/otel from 1.18.0 to 1.19.0 * build(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 * Add additional error info when trying to run as a root user. * build(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 * build(deps): bump github/codeql-action from 2.21.7 to 2.22.1 * change Use and error msg * build(deps): bump actions/checkout from 4.0.0 to 4.1.0 * dot: show version in node label * ensure propagated logger is used * Add apko dot command * build(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.9.0 * build(deps): bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.0 * build(deps): bump gitlab.alpinelinux.org/alpine/go * chore: remove CODEOWNERS file * build(deps): bump goreleaser/goreleaser-action from 4.4.0 to 5.0.0 * build(deps): bump github/codeql-action from 2.21.5 to 2.21.7 * fix: Development typo * build(deps): bump k8s.io/apimachinery from 0.28.1 to 0.28.2 * upgrade Go to 1.21 and several ci updates * update version comments * update version comments * build(deps): bump go.opentelemetry.io/otel from 1.17.0 to 1.18.0 * Write index as layout if target is a directory * Close tarfs files * Bump go-apk * Bump go-apk * Drop dependency on deleted packages * Allow replacement by different origin * build(deps): bump actions/checkout from 3.6.0 to 4.0.0 * build(deps): bump golang.org/x/term from 0.11.0 to 0.12.0 * Don't buffer everything * Expose tarfs * Use tarfs implementation for publish/build * Add an internal tarfs implementation * Don't require testify * Bump go-apk * build(deps): bump github/codeql-action from 2.21.4 to 2.21.5 * Plumb --offline flag * add tests to publishCmd for --sbom-path * fix: publish cmd --sbom-path not writing files * build(deps): bump github.com/jinzhu/copier from 0.3.5 to 0.4.0 * Pass a whole fs instead of a workdir to build * upgrade go-apk to 20230827 snapshot * build(deps): bump k8s.io/apimachinery from 0.27.3 to 0.28.1 * build(deps): bump github.com/package-url/packageurl-go * build(deps): bump actions/checkout from 3.5.3 to 3.6.0 * build(deps): bump golang.org/x/term from 0.9.0 to 0.11.0 * fix: publish --stage-tags missing generated tags * Don't call build.New for index SBOM * Set reasonable concurrency levels for pgzip * remove build options * build(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 * build(deps): bump github/codeql-action from 2.20.0 to 2.21.4 * build(deps): bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0 * fix: incorrect arch tag equality detection * build(deps): bump actions/setup-go from 4.0.1 to 4.1.0 * build(deps): bump golang.org/x/sys from 0.9.0 to 0.11.0 * Remove ldconfig step from build * build(deps): bump github.com/google/go-containerregistry * fix: assignment to nil map when using annotations via CLI flag * update NEWS.md for 0.10.1 * Improve path mutation errors * improve error messages when mutating paths * Update NEWS.md * Optimize SBOM generation * build(deps): bump github.com/klauspost/pgzip from 1.2.5 to 1.2.6 * build(deps): bump github.com/cloudflare/circl from 1.2.0 to 1.3.3 * Update README.md ------------------------------------------------------------------- Tue Aug 01 13:05:39 UTC 2023 - kastl@b1-systems.de - Update to version 0.10.0: * fix --workdir * restore handling of packageTag CLI flags for publish * Remove sbom generator indirection * Split publishing and loading * Inline apk package (mostly) to use go-apk directly * Stop exposing build.Context fields * Add a test to catch SBOM changes * Remove WantSBOM and GenerateSBOM * Remove buildImplementation * Add a test to verify no output changes * Remove unused executor package * when setting SOURCE_DATE_EPOCH, ensure string is not blank * Pull in the latest changes to go-apk (#802) * Don't compute layer hash twice * bump go-apk * work with no cache when cache-dir is not set and HOME is not set * report error when cannot create apkimpl object * Bump lint * Fix race * Bump go to 1.20 * Bump go-apk * Add 4MiB bufio for pgzip * Bump go-apk to pick up faster installs * Switch from pargzip to pgzip * Bump go-apk dep to pick up otel spans * Add otel spans - BuildRequire go1.20 ------------------------------------------------------------------- Mon Jul 03 06:12:20 UTC 2023 - kastl@b1-systems.de - Update to version 0.9.0: * add release notes for 0.9.0 * update go-apk component to 20230630 snapshot * go mod tidy * bump go-apk dep to stop fetching alpine keys all the time * base ci tests on examples * build(deps): bump github.com/sigstore/cosign/v2 * Always pass WithLogger first * Always UTC time.Unix (#758) * Pull in go-apk timestamp change (#757) * Bump go-apk, deduplicate extras * add annotations to index manifest * add optional oci volumes field to resulting image config * go-apk with support for pinned pre-existing as deps * improved show-packages output * build(deps): bump actions/setup-go from 4.0.0 to 4.0.1 (#679) * Address go vulnerabilities * Pull in https://gitlab.alpinelinux.org/alpine/go/-/merge_requests/25 (#742) * Update go-apk to pull in Jon/Avi's changes (#746) * build(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.6.0 (#739) * build(deps): bump actions/checkout from 3.5.2 to 3.5.3 (#740) * build(deps): bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0 (#741) * build(deps): bump docker/setup-qemu-action from 2.1.0 to 2.2.0 (#734) * build(deps): bump github/codeql-action from 2.3.2 to 2.20.0 (#745) * bump go-apk to inherit increased debug logging * Remove build implementation interface * safe rename * fix apk caching * support for apk package caching * restructure oci package * unify publish and build commands * avoid nil panic * lint * change how default envs are set * Test PublishCmd * Add a no-op test for PublishCmd * Check that images have the correct layers * Pass remoteOpts to publishIndex * run tests with race detector * Revert "Remove some more indirection" * Revert "Finish the argument movement" * fix: pass --extra-packages correctly * extend summarize to provide the rest of the options * Move default remote options out of library * adds warning when etc/os-release is actually generated * Finish the argument movement * Remove some more indirection * appease linter * add --extra-packages, deprecate build options * bump go-apk to fix infinite symlinks * Stop using tarball.LayerFromFile * Fix CI (#701) * Remove indirection for apk implementation * add option to change directory before executing * use upstream go-apk tarball functionality * Fix annotations. * build(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 * build(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2 * go-apk with proper error messages for arch with missing APKINDEX * Fix the error wrapper (#677) * Fix stupid boolean logic bug (#678) * Feature: Compute the default timestamp from installed APKs (#675) * Add test of determinism (#668) * latest go-apk with consistent file ordering * Fix: add timeouts to several actions legs. (#672) * Fix: Explicitly default the `SourceDateEpoch` (#671) * Cleanup: Make the Services type more concrete. (#664) * Cleanup: Use a string alias instead of struct. (#663) * bump go-apk to include world newline fix * Update pkg/build/types/types.go * document the fields in types/ * update go-apk to include race prevention * build(deps): bump gitlab.alpinelinux.org/alpine/go * use external apk-go library * add hotfix for alpine-go * apk: install: add support for replaces * build(deps): bump github/codeql-action from 2.2.12 to 2.3.2 ------------------------------------------------------------------- Mon May 01 06:16:11 UTC 2023 - kastl@b1-systems.de - Update to version 0.8.0: * update NEWS for apko 0.8.0. * allow overwrite of existing file if origin matches * better sort order for packages when writing to apk/db/installed * Plumb context * Optimize ggcr interactions * add ability to read busybox links from package manifest * report complete yaml when fail to build, if debug is enabled * handle versioning in provides * add testcase for alpine python3~3.11 change * version: fix tilde matching in packageNameRegex * add optional support for self-package resolution * Update pkg/apk/impl/version.go * add support for tilde matcher * iocomb: try to make log target parent directory if necessary * cli: use iocomb.Combine to combine multiple log outputs into a log policy * add iocomb package * internal: cli: use NewLogger as needed to instantiate the logger * log: adapter: default log level to InfoLevel * build: add WithLogger option to set a context logger * log: add output to NewLogger and add DefaultLogger for stderr logging * options: default to using io.Discard for logging * return all matches for PkgResolver.ResolvePackage * exec: update tests to use log.Logger instead of logrus * apk: update tests to use log.Logger instead of logrus * log: introduce Adapter type * everywhere: use abstract logger type, remove logrus from internals * expose GetRepositoryIndexes * expose GetPackage to resolve a single package with constraints * use interface to pass to NewPkgResolver * build(deps): bump actions/checkout from 3.5.0 to 3.5.2 * build(deps): bump github/codeql-action from 2.2.11 to 2.2.12 * fix mid-level symlinks for native-memfs * native in-memory filesystem * busybox install ignore existing link or file * Remove duplication, add make target * build(deps): bump github.com/sigstore/cosign/v2 from 2.0.0 to 2.0.1 * build(deps): bump github/codeql-action from 2.2.10 to 2.2.11 * log: formatting enhancements * build(deps): bump golang.org/x/term from 0.6.0 to 0.7.0 * build(deps): bump github/codeql-action from 2.2.9 to 2.2.10 * feat: send useragent in HTTP requests * appease linter * apk: downgrade package-level install notices to debug * add internal logging package * build(deps): bump github.com/docker/docker * build(deps): bump golang.org/x/sys from 0.6.0 to 0.7.0 * build(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 * ensure truncate when creating new file in case one already was there * Change the busybox detection logic to support "provides". * Add docs on stop-signal. * Add StopSignal support. * update NEWS for apko 0.7.3. * build(deps): bump github/codeql-action from 2.2.7 to 2.2.9 * Add codeowners * build(deps): bump actions/checkout from 3.4.0 to 3.5.0 * Add CI test harness * Add SBOM quality CI test * When build and publish, carry buildcontext to sbom generation * create homedir 0700, but parents 0755 * record when writing symlinks to case-sensitive * generate list of links for busybox * build: accounts: go back to using 0o755 permissions for the homedir ------------------------------------------------------------------- Sun Mar 19 14:00:06 UTC 2023 - Johannes Kastl <kastl@b1-systems.de> - new package apko
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor