Merge branch 'main' into jvreeland/automated-ssf-glibc.yaml

wolfi-dev · Dec 26, 2024 · bf962ee · bf962ee
2 parents ca22cb1 + a283072
commit bf962ee
Show file tree

Hide file tree

Showing 92 changed files with 652 additions and 485 deletions.
diff --git a/.github/actions/docker-run/action.yaml b/.github/actions/docker-run/action.yaml
@@ -6,7 +6,7 @@ inputs:
     required: true
   image:
     description: "The image to use"
-    default: "ghcr.io/wolfi-dev/sdk:latest@sha256:ff191d976f24586394d0a03df7900a8f6f76fe1adbbe209e9f92e960bd7e8120"
+    default: "ghcr.io/wolfi-dev/sdk:latest@sha256:6d49f779092c0bfacb2296654376aac5607dd946a5cd077f06e05e89a2341495"
     required: false
   workdir:
     description: "The images working directory"

diff --git a/Makefile b/Makefile
@@ -141,7 +141,7 @@ dev-container:
 	    -v "${PWD}:${PWD}" \
 	    -w "${PWD}" \
 	    -e SOURCE_DATE_EPOCH=0 \
-	    ghcr.io/wolfi-dev/sdk:latest@sha256:ff191d976f24586394d0a03df7900a8f6f76fe1adbbe209e9f92e960bd7e8120
+	    ghcr.io/wolfi-dev/sdk:latest@sha256:6d49f779092c0bfacb2296654376aac5607dd946a5cd077f06e05e89a2341495
 
 PACKAGES_CONTAINER_FOLDER ?= /work/packages
 # This target spins up a docker container that is helpful for testing local
@@ -209,7 +209,7 @@ dev-container-wolfi:
 		--mount type=bind,source="${PWD}/local-melange.rsa.pub",destination="/etc/apk/keys/local-melange.rsa.pub",readonly \
 		--mount type=bind,source="$(TMP_REPOS_FILE)",destination="/etc/apk/repositories",readonly \
 		-w "$(PACKAGES_CONTAINER_FOLDER)" \
-		ghcr.io/wolfi-dev/sdk:latest@sha256:ff191d976f24586394d0a03df7900a8f6f76fe1adbbe209e9f92e960bd7e8120
+		ghcr.io/wolfi-dev/sdk:latest@sha256:6d49f779092c0bfacb2296654376aac5607dd946a5cd077f06e05e89a2341495
 	@rm "$(TMP_REPOS_FILE)"
 	@rmdir "$(TMP_REPOS_DIR)"
 

diff --git a/apache-nifi.yaml b/apache-nifi.yaml
@@ -1,7 +1,7 @@
 package:
   name: apache-nifi
-  version: 2.0.0
-  epoch: 6
+  version: 2.1.0
+  epoch: 0
   description: Apache NiFi is an easy to use, powerful, and reliable system to process and distribute data.
   copyright:
     - license: Apache-2.0
@@ -50,11 +50,7 @@ pipeline:
     with:
       repository: https://github.com/apache/nifi
       tag: rel/nifi-${{package.version}}
-      expected-commit: 2f13b609bdb77cb985aa35e8b66b4f04274d7c59
-
-  - uses: patch
-    with:
-      patches: upgrade-netty.4.version.patch
+      expected-commit: f3af2394f90f2326a3ddacf1bf3a2f3160fbe6a6
 
   - uses: maven/pombump
 

diff --git a/apache-nifi/upgrade-netty.4.version.patch b/apache-nifi/upgrade-netty.4.version.patch
diff --git a/aws-eks-pod-identity-agent.yaml b/aws-eks-pod-identity-agent.yaml
@@ -1,7 +1,7 @@
 #nolint:git-checkout-must-use-github-updates,valid-pipeline-git-checkout-tag
 package:
   name: aws-eks-pod-identity-agent
-  version: 0_git20241222
+  version: 0_git20241226
   epoch: 0
   description: EKS Pod Identity is a feature of Amazon EKS that simplifies the process for cluster administrators to configure Kubernetes applications with AWS IAM permissions
   copyright:

diff --git a/bash-completion.yaml b/bash-completion.yaml
@@ -1,6 +1,6 @@
 package:
   name: bash-completion
-  version: 2.15.0
+  version: 2.16.0
   epoch: 0
   description: "Programmable completion functions for bash"
   copyright:
@@ -20,7 +20,7 @@ pipeline:
   - uses: git-checkout
     with:
       repository: https://github.com/scop/bash-completion
-      expected-commit: d4a1c565dfcafc21a6c9cfe56966a531a42b6219
+      expected-commit: 79d225bad8939a3833314b5af93509131c03f2f8
       tag: ${{package.version}}
 
   - runs: autoreconf -fiv

diff --git a/cilium-1.16.yaml b/cilium-1.16.yaml
@@ -1,8 +1,7 @@
-#nolint:valid-pipeline-git-checkout-commit,valid-pipeline-git-checkout-tag
 package:
   name: cilium-1.16
   version: 1.16.5
-  epoch: 1
+  epoch: 2
   description: Cilium is a networking, observability, and security solution with an eBPF-based dataplane
   copyright:
     - license: Apache-2.0
@@ -61,10 +60,6 @@ environment:
       - samurai
       - wolfi-baselayout
 
-vars:
-  # https://github.com/cilium/cilium/blob/v1.16.4/images/cilium/Dockerfile
-  CILIUM_PROXY_COMMIT: "eaae5aca0fb988583e5617170a65ac5aa51c0aa8"
-
 pipeline:
   - uses: git-checkout
     with:
@@ -94,68 +89,6 @@ pipeline:
       DESTDIR=${{targets.destdir}} DISABLE_ENVOY_INSTALLATION=1 make build-container
       DESTDIR=${{targets.destdir}} DISABLE_ENVOY_INSTALLATION=1 make install-container
 
-  - runs: |
-      # Check the Dockerfile for a SHA and match against the proxy SHA
-      ENVOY_SHA=$(grep 'ARG.*cilium-envoy' ./images/cilium/Dockerfile \
-        | sed "s/^ARG.*:v[0-9.]\+-[0-9]\+-//g" | cut -d@ -f1)
-
-      if [ "$ENVOY_SHA" != "${{vars.CILIUM_PROXY_COMMIT}}" ]; then
-        echo "Expected vars.CILIUM_PROXY_COMMIT to be $ENVOY_SHA. Please update" 1>&2
-        exit 1
-      fi
-
-  - uses: git-checkout
-    with:
-      repository: https://github.com/cilium/proxy
-      # Branch from https://github.com/cilium/cilium/blob/v1.15.5/images/cilium/Dockerfile
-      # Note often the branch is updated with dependencies updates, no tags
-      # See CILIUM_PROXY_COMMIT for anchor point
-      branch: v1.30
-      depth: 1000
-      destination: envoy
-
-  - runs: |
-      git -C envoy reset --hard ${{vars.CILIUM_PROXY_COMMIT}}
-
-  - runs: |
-      # Bazel errors out on toolchain stanza
-      sed -i '/$toolchain /d' go.mod
-      # Bazel errors out on go point release
-      sed -i 's|^\(go 1\.[0-9]*\)\.[0-9]*|\1|' go.mod
-
-  - runs: |
-      cd /home/build/envoy/proxylib
-      make
-      mkdir -p ${{targets.destdir}}/usr/lib
-      cp -v libcilium.so ${{targets.destdir}}/usr/lib/libcilium.so
-
-      cd /home/build/envoy
-      # The Python interpreter complains about being run as root, there's a flag to pass to disable that warning.
-      sed -i 's/envoy_dependencies_extra()/envoy_dependencies_extra(ignore_root_user_error=True)/g' WORKSPACE
-      # The toolchain at cilium/proxy has paths that are specific to their CI.
-      # Unregister to use Wolfi's.
-      sed 's/register_toolchains/#register_toolchains/g' -i WORKSPACE
-      export JAVA_HOME=/usr/lib/jvm/java-11-openjdk
-      mkdir -p .cache/bazel/_bazel_root
-
-      ./bazel/setup_clang.sh /usr
-      # Use libc++ to be consistent with our Envoys.
-      echo "build --config=libc++" >> user.bazelrc
-
-      mkdir -p ${{targets.destdir}}/usr/bin
-
-      for target in cilium-envoy-starter cilium-envoy; do
-        bazel build --fission=no --config=clang \
-          --discard_analysis_cache \
-          --nokeep_state_after_build \
-          --notrack_incremental_state \
-          --conlyopt="-Wno-strict-prototypes" \
-          `# The thread-saftey analysis flagged some issue in upstream code` \
-          --cxxopt="-Wno-thread-safety" \
-          --verbose_failures -c opt //:${target}
-        cp -v bazel-bin/${target} ${{targets.destdir}}/usr/bin/${target}
-      done
-
   - uses: strip
 
 subpackages:

diff --git a/cilium-1.16/envoy-55b0fc45cfdc2c0df002690606853540cf794fab.patch b/cilium-1.16/envoy-55b0fc45cfdc2c0df002690606853540cf794fab.patch
diff --git a/cilium-1.16/toolchains-paths.patch b/cilium-1.16/toolchains-paths.patch