Merge branch 'main' into feature/fix-subpackage-names-libjpeg-dev

Signed-off-by: dlorenc <lorenc.d@gmail.com>

Author: dlorenc

.github/workflows/ci-build.yaml

@@ -84,6 +84,18 @@ jobs:
             echo "exists=false" >> $GITHUB_OUTPUT
           fi
 
+      # Note: vulns found in scans do not currently block CI
+      - name: 'Grype scan APKs'
+        id: grype-scan
+        if: steps.file_check.outputs.exists == 'true'
+        run: |
+          set -x
+          for line in `cat packages.log`; do
+            # convert the melange output (e.g. "x86_64|grype|grype|0.63.0-r1" ) to an actual apk path
+            apk_path=$(echo "${line}" | awk '{ split($1, pkg, "|"); printf("packages/%s/%s-%s.apk\n", pkg[1], pkg[3], pkg[4]) }')
+            ./scripts/grype-scan-apk.sh "${apk_path}"
+          done
+
       - name: Check sonames
         id: soname
         if: steps.file_check.outputs.exists == 'true'

.github/workflows/push-production.yaml

@@ -82,7 +82,9 @@ jobs:
               "${{ github.workspace }}/packages/x86_64/APKINDEX.json" gs://wolfi-production-registry-destination/os/x86_64/
 
           # apks will be cached in CDN for an hour by default.
+          # Don't upload the object if it already exists.
           gcloud --quiet storage cp \
+              --no-clobber \
               "${{ github.workspace }}/packages/x86_64/*.apk" gs://wolfi-production-registry-destination/os/x86_64/
 
   postrun:

aws-cli.yaml

@@ -1,7 +1,7 @@
 package:
   name: aws-cli
-  version: 1.27.162
-  epoch: 0
+  version: 1.27.164
+  epoch: 1
   description: "Universal Command Line Interface for Amazon Web Services"
   copyright:
     - license: Apache-2.0
@@ -33,7 +33,7 @@ pipeline:
   - uses: fetch
     with:
       uri: https://github.com/aws/aws-cli/archive/${{package.version}}.tar.gz
-      expected-sha256: bf4e810cc2b6193454b7c1706d5aa2234c15b19b88300ab45ea56cd633f8466d
+      expected-sha256: d92c97189720024c2c618cd9e15ae3408183bcde64ac94af764dac8073e1d822
 
   - runs: |
       python3 setup.py build