From 76e2a0a4a35b4afc4bd8a601d1ef75abdb61e47d Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Hernandez Date: Mon, 20 Jun 2022 11:07:43 +0000 Subject: [PATCH 01/88] Update debian versions Signed-off-by: Carlos Rodriguez Hernandez --- .github/actions/build/action.yml | 2 +- .github/workflows/main.yml | 34 ++++---------------------------- README.md | 18 ++++++++--------- buildall | 11 +++-------- pushall | 9 ++++----- pushmanifest | 5 ++--- test | 3 --- 7 files changed, 23 insertions(+), 59 deletions(-) diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml index 53a54faa..79dda2c5 100644 --- a/.github/actions/build/action.yml +++ b/.github/actions/build/action.yml @@ -1,7 +1,7 @@ inputs: dist: description: 'Dist to build' - default: 'buster' + default: 'bullseye' platform: description: 'Platform to build' default: 'amd64' diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index fe548105..81fe6c8e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -16,7 +16,7 @@ on: - cron: '0 0 * * *' env: BASENAME: bitnami/minideb - LATEST: buster + LATEST: bullseye # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: # This workflow contains a single job called "build" @@ -35,38 +35,13 @@ jobs: - name: Verify scripts with shellcheck run: | bash shellcheck - build_jessie: - runs-on: ubuntu-20.04 - needs: [ shellcheck ] - steps: - - name: Check out repository - uses: actions/checkout@v2 - - name: Use local build action - uses: ./.github/actions/build - with: - dist: "jessie" - platform: "amd64" - - name: Push - if: github.ref == 'refs/heads/master' - env: - DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} - DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }} - QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }} - GCR_EMAIL: ${{ secrets.GCR_EMAIL }} - GCR_KEY: ${{ secrets.GCR_KEY }} - GCR_TOKEN: ${{ secrets.GCR_TOKEN }} - DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }} - DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} - run: | - bash pushone jessie amd64 build_multiarch: runs-on: ubuntu-20.04 needs: [ shellcheck ] strategy: matrix: - dist: [stretch, buster, bullseye] + dist: [buster, bullseye] arch: [amd64, arm64] name: Build ${{ matrix.dist }} on ${{ matrix.arch }} @@ -104,7 +79,7 @@ jobs: deploy_manifests: runs-on: ubuntu-20.04 - needs: [ build_multiarch, build_jessie ] + needs: [ build_multiarch ] if: github.ref == 'refs/heads/master' env: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} @@ -120,5 +95,4 @@ jobs: - uses: actions/checkout@v2 - name: Push Manifests run: | - DISTS="stretch buster bullseye latest" bash pushmanifest - DISTS=jessie PLATFORMS=amd64 bash pushmanifest + DISTS="buster bullseye latest" bash pushmanifest diff --git a/README.md b/README.md index f24fecca..7f3eaaf8 100644 --- a/README.md +++ b/README.md @@ -14,14 +14,14 @@ $ docker run --rm -it bitnami/minideb:latest There are [tags](https://hub.docker.com/r/bitnami/minideb/tags/) for the different Debian releases. ``` -$ docker run --rm -it bitnami/minideb:stretch +$ docker run --rm -it bitnami/minideb:bullseye ``` The images are built daily and have the security release enabled, so will contain any security updates released more than 24 hours ago. You can also use the images as a base for your own `Dockerfile`: ``` -FROM bitnami/minideb:stretch +FROM bitnami/minideb:bullseye ``` # Why use Minideb @@ -62,28 +62,28 @@ We provide a Makefile to help you build Minideb locally. It should be run on a D $ sudo make ``` -To build an individual release (stretch, buster or unstable) +To build an individual release (buster, bullseye or unstable) ``` -$ sudo make stretch +$ sudo make bullseye ``` To test the resulting image: ``` -$ sudo make test-stretch +$ sudo make test-bullseye ``` ## Building Minideb for foreign architecture -Make commands shown above will build an image for the architecture you are currently working on. +Make commands shown above will build an image for the architecture you are currently working on. To build an image for a foreign architecture (for example to build a multiarch image), we provide a simple script which run a QEMU instance for the target architecture and build the image inside it. -To build and test a buster image for arm64: +To build and test a bullseye image for arm64: ``` -$ ./qemu_build buster arm64 +$ ./qemu_build bullseye arm64 ``` The image will be then imported locally through the docker cli with `$distribution-$architecture` tag -(example: `bitnami/minideb:buster-arm64`) +(example: `bitnami/minideb:bullseye-arm64`) Current limitations of `qemu_build` script: diff --git a/buildall b/buildall index 917ccb85..51dd0ac5 100755 --- a/buildall +++ b/buildall @@ -8,18 +8,13 @@ set -o pipefail arch=${1:-"amd64 arm64"} -dist="jessie -stretch -buster +dist="buster +bullseye " -dist_with_snapshot="buster" +dist_with_snapshot="bullseye" for a in $arch; do for i in $dist; do - if [[ "$a" != "amd64" && "$i" == "jessie" ]]; then - continue - fi - ./buildone "$i" "$a" done done diff --git a/pushall b/pushall index 84f4412e..699a8e32 100755 --- a/pushall +++ b/pushall @@ -4,12 +4,11 @@ set -e set -u set -o pipefail -DISTS="jessie -stretch -buster +DISTS="buster +bullseye " -DISTS_WITH_SNAPSHOT="buster" -LATEST=buster +DISTS_WITH_SNAPSHOT="bullseye" +LATEST=bullseye BASENAME=bitnami/minideb GCR_BASENAME=gcr.io/bitnami-containers/minideb diff --git a/pushmanifest b/pushmanifest index 88be21c9..96134fad 100755 --- a/pushmanifest +++ b/pushmanifest @@ -4,13 +4,12 @@ set -e set -u set -o pipefail -DISTS=${DISTS:-"stretch -buster +DISTS=${DISTS:-"buster bullseye latest "} -DISTS_WITH_SNAPSHOT=${DISTS_WITH_SNAPSHOT:-buster} +DISTS_WITH_SNAPSHOT=${DISTS_WITH_SNAPSHOT:-bullseye} BASENAME=bitnami/minideb GCR_BASENAME=gcr.io/bitnami-containers/minideb PLATFORMS=${PLATFORMS:-amd64 arm64} diff --git a/test b/test index a0bae2e2..101fa439 100755 --- a/test +++ b/test @@ -76,9 +76,6 @@ desc "Checking that the terminfo is valid when running with -t (#17)" echo "" | test_extra_args '-t' bash -c 'install_packages procps && top -d1 -n1 -b' MYSQL_PACKAGE=default-mysql-server -if [[ "$DIST" == "jessie"* ]]; then - MYSQL_PACKAGE=mysql-server -fi # See https://github.com/bitnami/minideb/issues/16 desc "Check that we can install mysql-server (#16)" From 373a9a011ab07f1c011533df6a0a47199f9721c8 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Hernandez Date: Mon, 20 Jun 2022 15:35:56 +0000 Subject: [PATCH 02/88] Use buster for minideb snapshot Signed-off-by: Carlos Rodriguez Hernandez --- buildall | 2 +- pushall | 2 +- pushmanifest | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/buildall b/buildall index 51dd0ac5..b282d06f 100755 --- a/buildall +++ b/buildall @@ -11,7 +11,7 @@ arch=${1:-"amd64 arm64"} dist="buster bullseye " -dist_with_snapshot="bullseye" +dist_with_snapshot="buster" for a in $arch; do for i in $dist; do diff --git a/pushall b/pushall index 699a8e32..fe50499b 100755 --- a/pushall +++ b/pushall @@ -7,7 +7,7 @@ set -o pipefail DISTS="buster bullseye " -DISTS_WITH_SNAPSHOT="bullseye" +DISTS_WITH_SNAPSHOT="buster" LATEST=bullseye BASENAME=bitnami/minideb GCR_BASENAME=gcr.io/bitnami-containers/minideb diff --git a/pushmanifest b/pushmanifest index 96134fad..8ad0aa28 100755 --- a/pushmanifest +++ b/pushmanifest @@ -9,7 +9,7 @@ bullseye latest "} -DISTS_WITH_SNAPSHOT=${DISTS_WITH_SNAPSHOT:-bullseye} +DISTS_WITH_SNAPSHOT=${DISTS_WITH_SNAPSHOT:-buster} BASENAME=bitnami/minideb GCR_BASENAME=gcr.io/bitnami-containers/minideb PLATFORMS=${PLATFORMS:-amd64 arm64} From f5901de6da39d386613b2f8fe58b02ea02be3307 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Hernandez Date: Tue, 21 Jun 2022 07:30:40 +0000 Subject: [PATCH 03/88] Allow snapshot image to be different than latest Signed-off-by: Carlos Rodriguez Hernandez --- .github/workflows/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 81fe6c8e..e69b78d6 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -17,6 +17,7 @@ on: env: BASENAME: bitnami/minideb LATEST: bullseye + DIST_WITH_SNAPSHOT: buster # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: # This workflow contains a single job called "build" @@ -55,7 +56,7 @@ jobs: dist: "${{ matrix.dist }}" platform: "${{ matrix.arch }}" is_latest: ${{ matrix.dist == env.LATEST }} - build_snapshot: ${{ matrix.dist == env.LATEST }} + build_snapshot: ${{ matrix.dist == env.DIST_WITH_SNAPSHOT }} - name: Push if: github.ref == 'refs/heads/master' env: From cf730dbae216e7dd60a1e1abffef7d84cfd66edb Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Hernandez Date: Tue, 21 Jun 2022 10:37:44 +0000 Subject: [PATCH 04/88] Fix snapshot push and remove unused quay creds Signed-off-by: Carlos Rodriguez Hernandez --- .github/workflows/main.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e69b78d6..98f1763c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -62,8 +62,6 @@ jobs: env: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }} - QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }} GCR_EMAIL: ${{ secrets.GCR_EMAIL }} GCR_KEY: ${{ secrets.GCR_KEY }} GCR_TOKEN: ${{ secrets.GCR_TOKEN }} @@ -74,7 +72,7 @@ jobs: if ${{ matrix.dist == env.LATEST }} ; then bash pushone "latest" "${{ matrix.arch }}" fi - if ${{ matrix.dist == env.LATEST }} ; then + if ${{ matrix.dist == env.DIST_WITH_SNAPSHOT }} ; then bash pushone "${{ matrix.dist }}-snapshot-${{ steps.build.outputs.snapshot-id }}" "${{ matrix.arch }}" fi @@ -85,8 +83,6 @@ jobs: env: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }} - QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }} GCR_EMAIL: ${{ secrets.GCR_EMAIL }} GCR_KEY: ${{ secrets.GCR_KEY }} GCR_TOKEN: ${{ secrets.GCR_TOKEN }} From f864c9f5cbd51f86b195945672f28a9711d8cfe4 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Hernandez Date: Wed, 29 Jun 2022 21:20:45 +0000 Subject: [PATCH 05/88] Don't build/publish minideb in GCR Signed-off-by: Carlos Rodriguez Hernandez --- .github/workflows/main.yml | 6 ------ pushall | 10 ---------- pushmanifest | 14 -------------- pushone | 12 ------------ 4 files changed, 42 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 98f1763c..987de121 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -62,9 +62,6 @@ jobs: env: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - GCR_EMAIL: ${{ secrets.GCR_EMAIL }} - GCR_KEY: ${{ secrets.GCR_KEY }} - GCR_TOKEN: ${{ secrets.GCR_TOKEN }} DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }} DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} run: | @@ -83,9 +80,6 @@ jobs: env: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - GCR_EMAIL: ${{ secrets.GCR_EMAIL }} - GCR_KEY: ${{ secrets.GCR_KEY }} - GCR_TOKEN: ${{ secrets.GCR_TOKEN }} DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }} DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} steps: diff --git a/pushall b/pushall index fe50499b..1386e456 100755 --- a/pushall +++ b/pushall @@ -10,16 +10,11 @@ bullseye DISTS_WITH_SNAPSHOT="buster" LATEST=bullseye BASENAME=bitnami/minideb -GCR_BASENAME=gcr.io/bitnami-containers/minideb if [ -n "${DOCKER_PASSWORD:-}" ]; then docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD" fi -if [ -n "${GCR_KEY:-}" ]; then - gcloud auth activate-service-account "$GCR_EMAIL" --key-file <(echo "$GCR_KEY") -fi - ENABLE_DOCKER_CONTENT_TRUST=0 if [ -n "${DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE:-}" ] && [ -n "${DOCKER_CONTENT_TRUST_REPOSITORY_KEY:-}" ]; then tmpdir=$(mktemp -d) @@ -33,11 +28,9 @@ fi push() { local dist="$1" DOCKER_CONTENT_TRUST=${ENABLE_DOCKER_CONTENT_TRUST} docker push "${BASENAME}:${dist}" - gcloud docker -- push "${GCR_BASENAME}:${dist}" } for DIST in $DISTS; do - docker tag "${BASENAME}:${DIST}" "${GCR_BASENAME}:${DIST}" push "$DIST" done @@ -46,14 +39,11 @@ if [ -f "build/snapshot_id" ]; then for DIST in $DISTS_WITH_SNAPSHOT; do TAG="${DIST}-snapshot-${snapshot_id}" - - docker tag "${BASENAME}:${TAG}" "${GCR_BASENAME}:${TAG}" push "${TAG}" done fi docker tag "${BASENAME}:${LATEST}" "${BASENAME}:latest" -docker tag "${GCR_BASENAME}:${LATEST}" "${GCR_BASENAME}:latest" push latest diff --git a/pushmanifest b/pushmanifest index 8ad0aa28..c64d9cf7 100755 --- a/pushmanifest +++ b/pushmanifest @@ -11,7 +11,6 @@ latest DISTS_WITH_SNAPSHOT=${DISTS_WITH_SNAPSHOT:-buster} BASENAME=bitnami/minideb -GCR_BASENAME=gcr.io/bitnami-containers/minideb PLATFORMS=${PLATFORMS:-amd64 arm64} DRY_RUN=${DRY_RUN:-} SNAPSHOT_ID=${SNAPSHOT_ID:-} @@ -44,13 +43,6 @@ if [ -n "${DOCKER_PASSWORD:-}" ]; then echo "$DOCKER_PASSWORD" | run_docker login -u "$DOCKER_USERNAME" --password-stdin fi -if [ -n "${GCR_KEY:-}" ]; then - gcloud auth activate-service-account "$GCR_EMAIL" --key-file <(echo "$GCR_KEY") - gcloud auth print-access-token | run_docker login -u oauth2accesstoken --password-stdin gcr.io -elif [ -n "${GCR_TOKEN:-}" ]; then - echo "${GCR_TOKEN:-}" | run_docker login -u oauth2accesstoken --password-stdin gcr.io -fi - push_manifest() { local image="" local archs="" @@ -75,12 +67,6 @@ done repositories=("$BASENAME") -if [[ -n "${GCR_KEY:-}" || -n "${GCR_TOKEN:-}" ]]; then - repositories+=("$GCR_BASENAME") -else - echo "Skipping repository gcr.io (empty password)" -fi - for tag in "${tags[@]}"; do for repo in "${repositories[@]}"; do push_manifest "$repo:$tag" "${ARCHS[@]}" diff --git a/pushone b/pushone index 9abea993..f1064c98 100755 --- a/pushone +++ b/pushone @@ -8,19 +8,11 @@ DIST=${1:?Specify the distrubution name} PLATFORM=${2:-amd64} BASENAME=bitnami/minideb -GCR_BASENAME=gcr.io/bitnami-containers/minideb if [ -n "${DOCKER_PASSWORD:-}" ]; then echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin fi -if [ -n "${GCR_KEY:-}" ]; then - gcloud auth activate-service-account "$GCR_EMAIL" --key-file <(echo "$GCR_KEY") - gcloud auth print-access-token | docker login -u oauth2accesstoken --password-stdin gcr.io -elif [ -n "${GCR_TOKEN:-}" ]; then - echo "${GCR_TOKEN:-}" | docker login -u oauth2accesstoken --password-stdin gcr.io -fi - ENABLE_DOCKER_CONTENT_TRUST=0 if [ -n "${DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE:-}" ] && [ -n "${DOCKER_CONTENT_TRUST_REPOSITORY_KEY:-}" ]; then tmpdir=$(mktemp -d) @@ -34,10 +26,6 @@ fi push() { local dist="$1" DOCKER_CONTENT_TRUST=${ENABLE_DOCKER_CONTENT_TRUST} docker push "${BASENAME}:${dist}" - docker push "${GCR_BASENAME}:${dist}" } -docker tag "${BASENAME}:${DIST}-${PLATFORM}" "${GCR_BASENAME}:${DIST}-${PLATFORM}" - push "$DIST-${PLATFORM}" - From 72c463dfd20ac6d80e583bb63f4af1d6fb9a17a1 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Hernandez Date: Wed, 29 Jun 2022 21:31:40 +0000 Subject: [PATCH 06/88] Remove gcloud installation Signed-off-by: Carlos Rodriguez Hernandez --- .github/actions/build/action.yml | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml index 79dda2c5..83cdcffd 100644 --- a/.github/actions/build/action.yml +++ b/.github/actions/build/action.yml @@ -26,20 +26,6 @@ runs: shell: bash - run: sudo make .installed-requirements shell: bash - - name: Install gcloud - run: | - if ! command -v gcloud &> /dev/null - then - echo "Installing gcloud" - echo "deb https://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list - curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - - - apt-get update - apt-get install -y google-cloud-sdk - else - echo "gcloud is installed" - fi - shell: bash - name: "Install QEMU" run: | set -x From 0482e1fe5365cfc16b3a06e848fe9ada801cc121 Mon Sep 17 00:00:00 2001 From: Bob Tanner Date: Thu, 7 Jul 2022 12:06:19 -0500 Subject: [PATCH 07/88] WIP #129: Unable to build Minideb for ARM64 foreign architecture Changed libvirt-bin to libvirt-daemon-system libvirt-clients as docmented in https://lists.debian.org/debian-user/2016/11/msg00518.html Signed-off-by: Bob Tanner --- install-qemu.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-qemu.sh b/install-qemu.sh index b63bd401..09372c4f 100755 --- a/install-qemu.sh +++ b/install-qemu.sh @@ -15,5 +15,5 @@ while do_sudo fuser /var/{lib/{dpkg,apt/lists},cache/apt/archives}/lock >/dev/nu done do_sudo apt-get update -do_sudo apt-get install -y qemu-kvm libvirt-bin qemu-utils genisoimage virtinst curl rsync qemu-system-x86 qemu-system-arm cloud-image-utils +do_sudo apt-get install -y qemu-kvm libvirt-daemon-system libvirt-clients qemu-utils genisoimage virtinst curl rsync qemu-system-x86 qemu-system-arm cloud-image-utils From 1f6f3e74ca113598a7c3c7c12ca2c4c1c1ba411f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20G=C3=B3mez=20Gracia?= Date: Mon, 25 Jul 2022 13:24:48 +0200 Subject: [PATCH 08/88] Revert "WIP #129: Unable to build Minideb for ARM64 foreign architecture" --- install-qemu.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-qemu.sh b/install-qemu.sh index 09372c4f..b63bd401 100755 --- a/install-qemu.sh +++ b/install-qemu.sh @@ -15,5 +15,5 @@ while do_sudo fuser /var/{lib/{dpkg,apt/lists},cache/apt/archives}/lock >/dev/nu done do_sudo apt-get update -do_sudo apt-get install -y qemu-kvm libvirt-daemon-system libvirt-clients qemu-utils genisoimage virtinst curl rsync qemu-system-x86 qemu-system-arm cloud-image-utils +do_sudo apt-get install -y qemu-kvm libvirt-bin qemu-utils genisoimage virtinst curl rsync qemu-system-x86 qemu-system-arm cloud-image-utils From 73bd548f6f5cbcf2bde0ff45f5a66ceecdefe9e1 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Hernandez Date: Tue, 26 Jul 2022 16:42:15 +0000 Subject: [PATCH 09/88] Replace bitnami-docker-* URLs by the equivalent bitnami/containers ones Signed-off-by: Carlos Rodriguez Hernandez --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7f3eaaf8..0f2ce5c1 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ FROM bitnami/minideb:bullseye ``` # Adoption of Minideb -The minideb container image is the base image for many Bitnami-maintained language runtimes including [php](https://github.com/bitnami/bitnami-docker-php-fpm), [nodejs](https://github.com/bitnami/bitnami-docker-node), [ruby](https://github.com/bitnami/bitnami-docker-ruby) and infrastructure components including [mariadb](https://github.com/bitnami/bitnami-docker-mariadb), [redis](https://github.com/bitnami/bitnami-docker-redis), [nginx](https://github.com/bitnami/bitnami-docker-nginx) and [mongodb](https://github.com/bitnami/bitnami-docker-mongodb). +The minideb container image is the base image for many Bitnami-maintained language runtimes including [php](https://github.com/bitnami/containers/tree/main/bitnami/php-fpm), [nodejs](https://github.com/bitnami/containers/tree/main/bitnami/node), [ruby](https://github.com/bitnami/containers/tree/main/bitnami/ruby) and infrastructure components including [mariadb](https://github.com/bitnami/containers/tree/main/bitnami/mariadb), [redis](https://github.com/bitnami/containers/tree/main/bitnami/redis), [nginx](https://github.com/bitnami/containers/tree/main/bitnami/nginx) and [mongodb](https://github.com/bitnami/containers/tree/main/bitnami/mongodb). # Compatibility The image points to the Debian archive, so you are free to install packages from there that you need. However because some `Essential` packages have been removed they may not always install or work correctly. From 57ef6ab622bbadda23ed291ae52dc61f7969d5fd Mon Sep 17 00:00:00 2001 From: Chris Banks Date: Fri, 26 Aug 2022 15:10:58 +0100 Subject: [PATCH 10/88] Use Ubuntu 22.04 for GitHub Actions runners instead of 20.04. This should remove the need to install qemu from a non-LTS apt repo. Signed-off-by: Chris Banks --- .github/workflows/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 987de121..50ed909c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -23,7 +23,7 @@ jobs: # This workflow contains a single job called "build" shellcheck: # The type of runner that the job will run on - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 name: Shellcheck # Steps represent a sequence of tasks that will be executed as part of the job steps: @@ -38,7 +38,7 @@ jobs: bash shellcheck build_multiarch: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 needs: [ shellcheck ] strategy: matrix: @@ -74,7 +74,7 @@ jobs: fi deploy_manifests: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 needs: [ build_multiarch ] if: github.ref == 'refs/heads/master' env: From d418e8272f3767f2ce748b84bae4db16ef9558ee Mon Sep 17 00:00:00 2001 From: Chris Banks Date: Fri, 26 Aug 2022 15:13:33 +0100 Subject: [PATCH 11/88] Remove the workaround for qemu/+bug/1749393. Now that we can run GitHub Actions on Ubuntu 22.04 images, we no longer have to install qemu from a non-LTS Ubuntu repo in order to get these bugfixes: https://bugs.launchpad.net/qemu/+bug/1749393 https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1928075 Signed-off-by: Chris Banks --- .github/actions/build/action.yml | 25 ++----------------------- 1 file changed, 2 insertions(+), 23 deletions(-) diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml index 83cdcffd..8755e596 100644 --- a/.github/actions/build/action.yml +++ b/.github/actions/build/action.yml @@ -31,30 +31,9 @@ runs: set -x if [[ "${{ inputs.platform }}" == "arm64" ]]; then echo "Installing QEMU" - # qemu-user-static fails with segfaults building bullseye - # We will revisit this when 20.10 is allowed as build slave on GitHub Actions - # https://bugs.launchpad.net/qemu/+bug/1749393 - # https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1928075 - if [[ "${{ inputs.dist }}" == "bullseye" ]]; then - sudo tee /etc/apt/preferences.d/qemu < Date: Wed, 14 Sep 2022 11:28:32 +0200 Subject: [PATCH 12/88] Adding the ability to assign to a team member of the containers triage team to review any (re)opened PR or issue MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Alejandro Gómez --- .github/workflows/triage.yml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 .github/workflows/triage.yml diff --git a/.github/workflows/triage.yml b/.github/workflows/triage.yml new file mode 100644 index 00000000..3961e268 --- /dev/null +++ b/.github/workflows/triage.yml @@ -0,0 +1,33 @@ +# This workflow is built to manage the triage support by using GH issues. +name: '[Support] Organize triage' +on: + issues: + types: + - reopened + - opened + pull_request_target: + types: + - reopened + - opened +permissions: + repository-projects: write + issues: write + +# To fix the concurrency when for example more than one label is added +concurrency: + group: ${{ github.run_id }} + cancel-in-progress: false + +jobs: + # For any opened or reopened issue, should be sent into Triage + send_to_board: + if: ${{ github.actor != 'bitnami-bot' }} + runs-on: ubuntu-latest + steps: + - name: Assign to a person to work on it + uses: pozil/auto-assign-issue@v1.9.0 + with: + numOfAssignee: 1 + removePreviousAssignees: false + teams: "containers-triage" + repo-token: "${{ secrets.BITNAMI_BOT_TOKEN }}" \ No newline at end of file From fa2e0bc29518f9152f3f492e9ee7e6fce8f791b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20G=C3=B3mez?= Date: Wed, 14 Sep 2022 11:49:33 +0200 Subject: [PATCH 13/88] Adding fmulero's feedback MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Alejandro Gómez --- .github/workflows/triage.yml | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/.github/workflows/triage.yml b/.github/workflows/triage.yml index 3961e268..6d161609 100644 --- a/.github/workflows/triage.yml +++ b/.github/workflows/triage.yml @@ -10,17 +10,11 @@ on: - reopened - opened permissions: - repository-projects: write issues: write -# To fix the concurrency when for example more than one label is added -concurrency: - group: ${{ github.run_id }} - cancel-in-progress: false - jobs: - # For any opened or reopened issue, should be sent into Triage - send_to_board: + # For any opened or reopened issue, should be assign to a team member + team_assignation: if: ${{ github.actor != 'bitnami-bot' }} runs-on: ubuntu-latest steps: From 064761b6d4cd1cf908a58c7dc840a053e564d702 Mon Sep 17 00:00:00 2001 From: Alejandro Ruiz <4057165+aruiz14@users.noreply.github.com> Date: Thu, 3 Nov 2022 17:26:09 +0100 Subject: [PATCH 14/88] ci(snapshot_id): Fix URL escaping (#138) --- snapshot_id | 1 + 1 file changed, 1 insertion(+) diff --git a/snapshot_id b/snapshot_id index 083cd056..2dedee23 100755 --- a/snapshot_id +++ b/snapshot_id @@ -24,6 +24,7 @@ get_latest_debian_snapshot_id() { local -r snapshot_list_tmp_file="${snapshot_tmp_dir}/month-snapshots.html" ! month_query=$(get_latest_month_query) && return 1 + month_query=${month_query/&month=/&month=} curl -sSfL "https://snapshot.debian.org/archive/debian/$month_query" > "$snapshot_list_tmp_file" From a9d9039d03bb460daeae9c3b40ae18f5e0710d64 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Hernandez Date: Thu, 3 Nov 2022 16:36:26 +0000 Subject: [PATCH 15/88] Remove snapshot logic Signed-off-by: Carlos Rodriguez Hernandez --- .github/actions/build/action.yml | 17 -------------- .github/workflows/main.yml | 5 ---- buildall | 13 ----------- buildone | 12 +++------- buildone_snapshot | 11 --------- mkimage | 6 ----- pushall | 10 -------- pushmanifest | 5 ---- qemu_build | 3 +-- snapshot_id | 40 -------------------------------- 10 files changed, 4 insertions(+), 118 deletions(-) delete mode 100755 buildone_snapshot delete mode 100755 snapshot_id diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml index 8755e596..aa5dd366 100644 --- a/.github/actions/build/action.yml +++ b/.github/actions/build/action.yml @@ -8,13 +8,6 @@ inputs: is_latest: description: The created dist is also latest default: false - build_snapshot: - description: Build snapshot build - default: false -outputs: - snapshot-id: - description: "Created snapshot id if requested to build it" - value: ${{ steps.snapshot-id.outputs.snapshot-id }} runs: using: "composite" steps: @@ -36,21 +29,11 @@ runs: echo "QEMU is not required for platform ${{ inputs.platform }}" fi shell: bash - - name: Build snapshot id - id: snapshot-id - run: | - if ${{ inputs.build_snapshot }} ; then - echo "::set-output name=snapshot-id::$(./snapshot_id)" - fi - shell: bash - name: "Build image" run: | set -x echo Building ${{ inputs.dist }} - ${{ inputs.platform }} sudo -E bash -x buildone "${{ inputs.dist }}" "${{ inputs.platform }}" - if ${{ inputs.build_snapshot }} ; then - sudo -E bash -x buildone_snapshot "${{ inputs.dist }}" "${{ steps.snapshot-id.outputs.snapshot-id }}" "${{ inputs.platform }}" - fi if ${{ inputs.is_latest }} ; then BASENAME=${BASENAME:?Undefined or empty BASENAME} echo "Tagging latest" diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 50ed909c..41daed1f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -17,7 +17,6 @@ on: env: BASENAME: bitnami/minideb LATEST: bullseye - DIST_WITH_SNAPSHOT: buster # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: # This workflow contains a single job called "build" @@ -56,7 +55,6 @@ jobs: dist: "${{ matrix.dist }}" platform: "${{ matrix.arch }}" is_latest: ${{ matrix.dist == env.LATEST }} - build_snapshot: ${{ matrix.dist == env.DIST_WITH_SNAPSHOT }} - name: Push if: github.ref == 'refs/heads/master' env: @@ -69,9 +67,6 @@ jobs: if ${{ matrix.dist == env.LATEST }} ; then bash pushone "latest" "${{ matrix.arch }}" fi - if ${{ matrix.dist == env.DIST_WITH_SNAPSHOT }} ; then - bash pushone "${{ matrix.dist }}-snapshot-${{ steps.build.outputs.snapshot-id }}" "${{ matrix.arch }}" - fi deploy_manifests: runs-on: ubuntu-22.04 diff --git a/buildall b/buildall index b282d06f..2cfa7d9f 100755 --- a/buildall +++ b/buildall @@ -11,22 +11,9 @@ arch=${1:-"amd64 arm64"} dist="buster bullseye " -dist_with_snapshot="buster" - for a in $arch; do for i in $dist; do ./buildone "$i" "$a" done done -snapshot_id=$(./snapshot_id) -if [ -n "$snapshot_id" ]; then - for a in $arch; do - for i in $dist_with_snapshot; do - ./buildone_snapshot "$i" "$snapshot_id" "$a" - done - - mkdir -p "build/$a" - echo "$snapshot_id" > "build/$a/snapshot_id" - done -fi diff --git a/buildone b/buildone index bdf5554e..494d7e9b 100755 --- a/buildone +++ b/buildone @@ -44,13 +44,7 @@ log() { build() { DIST=$1 PLATFORM=${2:-amd64} - - debian_snapshot_id=${3:-} - if [ -n "$debian_snapshot_id" ]; then - TAG="${DIST}-snapshot-${debian_snapshot_id}-$PLATFORM" - else - TAG=$DIST-$PLATFORM - fi + TAG=$DIST-$PLATFORM [ -f "debootstrap/$DIST" ] || (echo "buildall: Unknown distribution: $DIST" && exit 1) current_ts="$(date -u +%Y-%m-%dT%H:%M:%S.%NZ)" @@ -64,7 +58,7 @@ build() { log "============================================" log "Building $BASENAME:$TAG" log "============================================" - ./mkimage "build/$TAG.tar" "$DIST" "$PLATFORM" "${debian_snapshot_id:-}" + ./mkimage "build/$TAG.tar" "$DIST" "$PLATFORM" built_image_id=$(./import "build/$TAG.tar" "$target_ts" "$PLATFORM") log "============================================" log "Running tests for $BASENAME:$TAG" @@ -73,7 +67,7 @@ build() { log "============================================" log "Rebuilding $BASENAME:$TAG to test reproducibility" log "============================================" - ./mkimage "build/${TAG}-repro.tar" "$DIST" "$PLATFORM" "${debian_snapshot_id:-}" + ./mkimage "build/${TAG}-repro.tar" "$DIST" "$PLATFORM" repro_image_id=$(./import "build/${TAG}-repro.tar" "$target_ts" "$PLATFORM") if [ "$repro_image_id" != "$built_image_id" ]; then log "$BASENAME:$TAG differs after a rebuild. Examine $built_image_id and $repro_image_id" diff --git a/buildone_snapshot b/buildone_snapshot deleted file mode 100755 index 36b0b1a1..00000000 --- a/buildone_snapshot +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -set -e -set -u -set -o pipefail - -dist=${1:?dist arg is required} -snapshot_id=${2:-$(./snapshot_id)} -platform=${3:-amd64} - -./buildone "$dist" "$platform" "$snapshot_id" diff --git a/mkimage b/mkimage index 1386f982..c3685418 100755 --- a/mkimage +++ b/mkimage @@ -8,7 +8,6 @@ ROOT=$(cd "$(dirname "$0")" && pwd) TARGET=${1:?Specify the target filename} DIST=${2:-stable} PLATFORM=${3:-$(dpkg --print-architecture)} -SNAPSHOT_ID=${4:-} LOGFILE=${TARGET}.log @@ -78,11 +77,6 @@ rootfs_chroot bash debootstrap/debootstrap --second-stage repo_url="http://deb.debian.org/debian" sec_repo_url="http://security.debian.org/" -if [ -n "$SNAPSHOT_ID" ]; then - repo_url="http://snapshot.debian.org/archive/debian/${SNAPSHOT_ID}/" - sec_repo_url="http://snapshot.debian.org/archive/debian-security/${SNAPSHOT_ID}/" -fi - echo -e "deb ${repo_url} $DIST main" > "$rootfsDir/etc/apt/sources.list" if [ "$DIST" == "bullseye" ]; then echo "deb ${repo_url} $DIST-updates main" >> "$rootfsDir/etc/apt/sources.list" diff --git a/pushall b/pushall index 1386e456..263bc940 100755 --- a/pushall +++ b/pushall @@ -7,7 +7,6 @@ set -o pipefail DISTS="buster bullseye " -DISTS_WITH_SNAPSHOT="buster" LATEST=bullseye BASENAME=bitnami/minideb @@ -34,15 +33,6 @@ for DIST in $DISTS; do push "$DIST" done -if [ -f "build/snapshot_id" ]; then - snapshot_id=$(cat build/snapshot_id) - - for DIST in $DISTS_WITH_SNAPSHOT; do - TAG="${DIST}-snapshot-${snapshot_id}" - push "${TAG}" - done -fi - docker tag "${BASENAME}:${LATEST}" "${BASENAME}:latest" push latest diff --git a/pushmanifest b/pushmanifest index c64d9cf7..82b7f37c 100755 --- a/pushmanifest +++ b/pushmanifest @@ -9,11 +9,9 @@ bullseye latest "} -DISTS_WITH_SNAPSHOT=${DISTS_WITH_SNAPSHOT:-buster} BASENAME=bitnami/minideb PLATFORMS=${PLATFORMS:-amd64 arm64} DRY_RUN=${DRY_RUN:-} -SNAPSHOT_ID=${SNAPSHOT_ID:-} read -r -a ARCHS <<<"$PLATFORMS" run_docker() { @@ -60,9 +58,6 @@ tags=() for DIST in $DISTS; do tags+=("$DIST") - if list_includes "$DISTS_WITH_SNAPSHOT" "$DIST" ; then - tags+=("$DIST-snapshot-${SNAPSHOT_ID:-$(./snapshot_id)}") - fi done repositories=("$BASENAME") diff --git a/qemu_build b/qemu_build index 4f91047a..2ab505ab 100755 --- a/qemu_build +++ b/qemu_build @@ -49,7 +49,6 @@ fi DIST=$1 PLATFORM=${2:-amd64} -DEBIAN_SNAPSHOT_ID=${3:-} make .installed-qemu mkdir -p .kvm-images/{amd64,arm64} @@ -145,7 +144,7 @@ do_ssh "apt-get update && apt-get install -y docker-ce docker-ce-cli containerd. rsync -avz -e "ssh -o 'StrictHostKeyChecking=no' -o 'UserKnownHostsFile=/dev/null' -p 5555 -i $pub_key_dir/id_rsa" --exclude ".git" --exclude ".installed-requirements" --exclude ".kvm-images" --exclude "build" --exclude "ssh" ./ "root@localhost:/build/." do_ssh "cd /build/ && make .installed-requirements" -do_ssh "cd /build/ && ./buildone \"$DIST\" \"$PLATFORM\" \"$DEBIAN_SNAPSHOT_ID\"" +do_ssh "cd /build/ && ./buildone \"$DIST\" \"$PLATFORM\"" rsync -avz -e "ssh -o 'StrictHostKeyChecking=no' -o 'UserKnownHostsFile=/dev/null' -p 5555 -i $pub_key_dir/id_rsa" "root@localhost:/build/build/$DIST.tar" "./$TARGET_FILE" current_ts="$(date -u +%Y-%m-%dT%H:%M:%S.%NZ)" diff --git a/snapshot_id b/snapshot_id deleted file mode 100755 index 2dedee23..00000000 --- a/snapshot_id +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash - -set -e -set -u -set -o pipefail - -snapshot_tmp_dir=$(mktemp -d) -mkdir -p "${snapshot_tmp_dir}" - -get_latest_month_query() { - local -r snapshot_archive_tmp_file="${snapshot_tmp_dir}/archive.html" - - curl -sSfL "https://snapshot.debian.org/archive/debian/" > "$snapshot_archive_tmp_file" - - local -r month_query_regex="(\?year=\d\d\d\d&month=\d+)" - local -r month_query=$(grep -Po "${month_query_regex}" "${snapshot_archive_tmp_file}" | tail -1) - - [[ -z "$month_query" ]] && echo "Not found snapshots using the following regex: ${month_query_regex}" && return 1 - - echo "$month_query" -} - -get_latest_debian_snapshot_id() { - local -r snapshot_list_tmp_file="${snapshot_tmp_dir}/month-snapshots.html" - - ! month_query=$(get_latest_month_query) && return 1 - month_query=${month_query/&month=/&month=} - - curl -sSfL "https://snapshot.debian.org/archive/debian/$month_query" > "$snapshot_list_tmp_file" - - local -r snapshot_id_regex="(\d+T.*Z)" - local -r snapshot_id=$(grep -Po "${snapshot_id_regex}" "${snapshot_list_tmp_file}" | tail -1) - - [[ -z "$snapshot_id" ]] && echo "Not found snapshot id using the following regex: ${snapshot_id_regex}" && return 1 - - echo "$snapshot_id" -} - -get_latest_debian_snapshot_id -rm -rf "${snapshot_tmp_dir}" From f97e1053dc1bfe83f05dc41d549ef1b6b8e4d213 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez Hernandez Date: Thu, 3 Nov 2022 16:55:25 +0000 Subject: [PATCH 16/88] Bump actions/checkout version from v2 to v3 Signed-off-by: Carlos Rodriguez Hernandez --- .github/workflows/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 50ed909c..80cc1833 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -28,7 +28,7 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Install Dependencies run: | sudo apt-get -qq update @@ -48,7 +48,7 @@ jobs: name: Build ${{ matrix.dist }} on ${{ matrix.arch }} steps: - name: Check out repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Use local build action id: build uses: ./.github/actions/build @@ -83,7 +83,7 @@ jobs: DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }} DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Push Manifests run: | DISTS="buster bullseye latest" bash pushmanifest From 6670e30fdc2605ea8350de7f7e23cf2279bd9dc5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Sun, 8 Jan 2023 20:50:00 +0100 Subject: [PATCH 17/88] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0f2ce5c1..d337a768 100644 --- a/README.md +++ b/README.md @@ -94,7 +94,7 @@ Current limitations of `qemu_build` script: We'd love for you to contribute to this image. You can request new features by creating an [issue](https://github.com/bitnami/minideb/issues), or submit a [pull request](https://github.com/bitnami/minideb/pulls) with your contribution. # License -Copyright © 2022 Bitnami +Copyright © 2023 Bitnami Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at From 124d613eabf4fe51831b6c2fea3c0f7c210c1a73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Sun, 8 Jan 2023 20:58:08 +0100 Subject: [PATCH 18/88] Update LICENSE.md --- LICENSE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE.md b/LICENSE.md index cdc8ab40..2299c14c 100644 --- a/LICENSE.md +++ b/LICENSE.md @@ -1,4 +1,4 @@ -Copyright © 2022 Bitnami +Copyright © 2023 Bitnami Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. From a23e134706a0a012bc1d56c560c2e441cef5cdd0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Sun, 8 Jan 2023 21:12:18 +0100 Subject: [PATCH 19/88] Create CODE_OF_CONDUCT.md --- CODE_OF_CONDUCT.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 CODE_OF_CONDUCT.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 00000000..48beb02e --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,17 @@ +# Contributor Code of Conduct + +As contributors and maintainers of this project, we pledge to respect everyone who contributes by posting issues, updating documentation, submitting pull requests, providing feedback in comments, and any other activities. + +Communication through any of Bitnami's channels (GitHub, mailing lists, Twitter, and so on) must be constructive and never resort to personal attacks, trolling, public or private harassment, insults, or other unprofessional conduct. + +We promise to extend courtesy and respect to everyone involved in this project, regardless of gender, gender identity, sexual orientation, disability, age, race, ethnicity, religion, or level of experience. We expect anyone contributing to this project to do the same. + +If any member of the community violates this code of conduct, the maintainers of this project may take action, including removing issues, comments, and PRs or blocking accounts, as deemed appropriate. + +If you are subjected to or witness unacceptable behavior, or have any other concerns, please communicate with us. + +If you have suggestions to improve this Code of Conduct, please submit an issue or PR. + +**Attribution** + +This Code of Conduct is adapted from the Angular project available at this page: https://github.com/angular/code-of-conduct/blob/master/CODE_OF_CONDUCT.md From f76392a2837b1c673944f1d05154c867439fbab7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Sun, 8 Jan 2023 21:16:48 +0100 Subject: [PATCH 20/88] Update LICENSE.md --- LICENSE.md | 209 ++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 199 insertions(+), 10 deletions(-) diff --git a/LICENSE.md b/LICENSE.md index 2299c14c..b57c3f72 100644 --- a/LICENSE.md +++ b/LICENSE.md @@ -1,13 +1,202 @@ -Copyright © 2023 Bitnami + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - http://www.apache.org/licenses/LICENSE-2.0 + 1. Definitions. -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + From b81207cbafddb775fbbc9e8da75d223f5c125d1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Sun, 8 Jan 2023 21:19:14 +0100 Subject: [PATCH 21/88] Create CONTRIBUTING.md --- CONTRIBUTING.md | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 CONTRIBUTING.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..8192828f --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,48 @@ +# Contributing Guidelines + +Contributions are welcome via GitHub Pull Requests. This document outlines the process to help get your contribution accepted. + +Any type of contribution is welcome: new features, bug fixes, documentation improvements, etc. + +## How to Contribute + +1. Fork this repository, develop, and test your changes. +2. Submit a pull request. + +### Requirements + +When submitting a PR make sure that: +- It must pass CI jobs for linting and test the changes (if any). +- The title of the PR is clear enough. +- If necessary, add information to the repository's `README.md`. + +#### Sign Your Work + +The sign-off is a simple line at the end of the explanation for a commit. All commits needs to be signed. Your signature certifies that you wrote the patch or otherwise have the right to contribute the material. The rules are pretty simple, you only need to certify the guidelines from [developercertificate.org](https://developercertificate.org/). + +Then you just add a line to every git commit message: + + Signed-off-by: Joe Smith + +Use your real name (sorry, no pseudonyms or anonymous contributions.) + +If you set your `user.name` and `user.email` git configs, you can sign your commit automatically with `git commit -s`. + +Note: If your git config information is set properly then viewing the `git log` information for your commit will look something like this: + +``` +Author: Joe Smith +Date: Thu Feb 2 11:41:15 2018 -0800 + + Update README + + Signed-off-by: Joe Smith +``` + +Notice the `Author` and `Signed-off-by` lines match. If they don't your PR will be rejected by the automated DCO check. + +### PR Approval and Release Process + +1. Changes are manually reviewed by Bitnami team members usually within a business day. +2. Once the changes are accepted, the PR is tested (if needed) into the Bitnami CI pipeline. +3. The PR is merged by the reviewer(s) in the GitHub `master` branch. From 1299ee28300a070df1d4374c8c94d20f4cf9b43f Mon Sep 17 00:00:00 2001 From: Claudia Garcia Date: Mon, 24 Apr 2023 15:13:41 +0100 Subject: [PATCH 22/88] [CONTENT-3783] Configure Slack alerts for CI failures in bitnami/minideb Signed-off-by: Claudia Garcia --- .github/workflows/main.yml | 40 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 67f9b22f..b745d206 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -82,3 +82,43 @@ jobs: - name: Push Manifests run: | DISTS="buster bullseye latest" bash pushmanifest + + # If the CI Pipeline does not succeed we should notify the interested agents + slack-notif: + runs-on: ubuntu-22.04 + needs: + - build_multiarch + - deploy_manifests + if: always() + name: Notify unsuccessful CI run + steps: + - name: Notify in Slack channel + if: ${{ needs.build_multiarch.result != 'success' || needs.deploy_manifests.result != 'success' }} + uses: slackapi/slack-github-action@v1.23.0 + with: + channel-id: ${{ secrets.CI_SLACK_CHANNEL_ID }} + payload: | + { + "attachments": [ + { + "color": "#CC0000", + "fallback": "Unsuccessful bitnami/minideb CI pipeline", + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "*Unsuccessful `bitnami/minideb` CI pipeline*" + } + }, + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "The CI pipeline for <${{ github.event.head_commit.url }}|bitnami/minideb@${{ github.event.head_commit.id }}> did not succeed. Check the related <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|action run> for more information." + } + } + ] + } + env: + SLACK_BOT_TOKEN: ${{ secrets.CI_SLACK_BOT_TOKEN }} From e32873729de8d9975f5c06254585dac6e87c3430 Mon Sep 17 00:00:00 2001 From: Claudia Garcia Date: Mon, 24 Apr 2023 15:34:02 +0100 Subject: [PATCH 23/88] [CONTENT-3783] Configure Slack alerts for CI failures in bitnami/minideb Signed-off-by: Claudia Garcia --- .github/workflows/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index b745d206..d0b6bd8c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -120,5 +120,7 @@ jobs: } ] } + ] + } env: SLACK_BOT_TOKEN: ${{ secrets.CI_SLACK_BOT_TOKEN }} From e434f14b5eafad78809df6c648823ab833dd8348 Mon Sep 17 00:00:00 2001 From: Claudia Garcia Date: Thu, 27 Apr 2023 08:56:20 +0100 Subject: [PATCH 24/88] [CONTENT-3783] Use slack webhook url instead of token Signed-off-by: Claudia Garcia --- .github/workflows/main.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d0b6bd8c..c0695af6 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -96,7 +96,6 @@ jobs: if: ${{ needs.build_multiarch.result != 'success' || needs.deploy_manifests.result != 'success' }} uses: slackapi/slack-github-action@v1.23.0 with: - channel-id: ${{ secrets.CI_SLACK_CHANNEL_ID }} payload: | { "attachments": [ @@ -123,4 +122,4 @@ jobs: ] } env: - SLACK_BOT_TOKEN: ${{ secrets.CI_SLACK_BOT_TOKEN }} + SLACK_WEBHOOK_URL: ${{ secrets.CI_SLACK_WEBHOOK_URLs }} From 113044f9a2ebf457049830fc421a924a72fb6678 Mon Sep 17 00:00:00 2001 From: Claudia Garcia Date: Thu, 27 Apr 2023 09:19:43 +0100 Subject: [PATCH 25/88] [CONTENT-3783] Fix slack webhook url variable naming Signed-off-by: Claudia Garcia --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c0695af6..5be0630f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -122,4 +122,4 @@ jobs: ] } env: - SLACK_WEBHOOK_URL: ${{ secrets.CI_SLACK_WEBHOOK_URLs }} + SLACK_WEBHOOK_URL: ${{ secrets.CI_SLACK_WEBHOOK_URL }} From 44f4625fc8b9aa2f80fd5757c29b5d66140d22b5 Mon Sep 17 00:00:00 2001 From: Claudia Garcia Date: Thu, 27 Apr 2023 11:19:50 +0100 Subject: [PATCH 26/88] [CONTENT-3783] Test new slack payload Signed-off-by: Claudia Garcia --- .github/workflows/main.yml | 46 ++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 24 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 5be0630f..cdda56a0 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -97,29 +97,27 @@ jobs: uses: slackapi/slack-github-action@v1.23.0 with: payload: | - { - "attachments": [ - { - "color": "#CC0000", - "fallback": "Unsuccessful bitnami/minideb CI pipeline", - "blocks": [ - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": "*Unsuccessful `bitnami/minideb` CI pipeline*" - } - }, - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": "The CI pipeline for <${{ github.event.head_commit.url }}|bitnami/minideb@${{ github.event.head_commit.id }}> did not succeed. Check the related <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|action run> for more information." - } - } - ] + { + "text": "*Unsuccessful `bitnami/minideb` CI pipeline*", + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "*Unsuccessful `bitnami/minideb` CI pipeline*" } - ] - } + }, + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "The CI pipeline for <${{ github.event.head_commit.url }}|bitnami/minideb@${{ github.event.head_commit.id }}> did not succeed. Check the related <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|action run> for more information." + } + } + ] + } + + env: - SLACK_WEBHOOK_URL: ${{ secrets.CI_SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_URL: ${{ secrets.TEST_CI_SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK From 658502b59df1be7440b916af257642912169162b Mon Sep 17 00:00:00 2001 From: Claudia Garcia Date: Thu, 27 Apr 2023 11:25:02 +0100 Subject: [PATCH 27/88] [CONTENT-3783] Correct indentation Signed-off-by: Claudia Garcia --- .github/workflows/main.yml | 38 ++++++++++++++++++-------------------- 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index cdda56a0..8afe879c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -97,27 +97,25 @@ jobs: uses: slackapi/slack-github-action@v1.23.0 with: payload: | - { - "text": "*Unsuccessful `bitnami/minideb` CI pipeline*", - "blocks": [ - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": "*Unsuccessful `bitnami/minideb` CI pipeline*" + { + "text": "*Unsuccessful `bitnami/minideb` CI pipeline*", + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "*Unsuccessful `bitnami/minideb` CI pipeline*" + } + }, + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "The CI pipeline for <${{ github.event.head_commit.url }}|bitnami/minideb@${{ github.event.head_commit.id }}> did not succeed. Check the related <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|action run> for more information." + } } - }, - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": "The CI pipeline for <${{ github.event.head_commit.url }}|bitnami/minideb@${{ github.event.head_commit.id }}> did not succeed. Check the related <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|action run> for more information." - } - } - ] - } - - + ] + } env: SLACK_WEBHOOK_URL: ${{ secrets.TEST_CI_SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK From 4c7936b83a2862cb197f35de2a693176af58a6b7 Mon Sep 17 00:00:00 2001 From: Claudia Garcia Date: Thu, 27 Apr 2023 12:22:07 +0100 Subject: [PATCH 28/88] [CONTENT-3783] Test message Signed-off-by: Claudia Garcia --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 8afe879c..9f9f61a0 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -111,7 +111,7 @@ jobs: "type": "section", "text": { "type": "mrkdwn", - "text": "The CI pipeline for <${{ github.event.head_commit.url }}|bitnami/minideb@${{ github.event.head_commit.id }}> did not succeed. Check the related <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|action run> for more information." + "text": "The CI pipeline for `bitnami/minideb` did not succeed. Check the related <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|action run> for more information." } } ] From 82d24d4b97058f116f07b8e7c5c354ec31461d31 Mon Sep 17 00:00:00 2001 From: Claudia Garcia Date: Thu, 27 Apr 2023 12:42:00 +0100 Subject: [PATCH 29/88] [CONTENT-3783] Point to the correct webhook Signed-off-by: Claudia Garcia --- .github/workflows/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 9f9f61a0..16d2f69e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -93,7 +93,7 @@ jobs: name: Notify unsuccessful CI run steps: - name: Notify in Slack channel - if: ${{ needs.build_multiarch.result != 'success' || needs.deploy_manifests.result != 'success' }} + if: ${{ needs.build_multiarch.result == 'failure' || needs.deploy_manifests.result == 'failure' }} uses: slackapi/slack-github-action@v1.23.0 with: payload: | @@ -117,5 +117,5 @@ jobs: ] } env: - SLACK_WEBHOOK_URL: ${{ secrets.TEST_CI_SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_URL: ${{ secrets.CI_SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK From 6faffd5c250232c7a84054627f4d634f80f24eaf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 24 May 2023 20:53:30 +0200 Subject: [PATCH 30/88] Create SECURITY.md --- SECURITY.md | 71 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..c3b77256 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,71 @@ +# Security Release Process + +The community has adopted this security disclosure and response policy to ensure we responsibly handle critical issues. + + +## Supported Versions + +For a list of support versions that this project will potentially create security fixes for, please refer to the Releases page on this project's GitHub and/or project related documentation on release cadence and support. + + +## Reporting a Vulnerability - Private Disclosure Process + +Security is of the highest importance and all security vulnerabilities or suspected security vulnerabilities should be reported to this project privately, to minimize attacks against current users before they are fixed. Vulnerabilities will be investigated and patched on the next patch (or minor) release as soon as possible. This information could be kept entirely internal to the project. + +If you know of a publicly disclosed security vulnerability for this project, please **IMMEDIATELY** contact the maintainers of this project privately. The use of encrypted email is encouraged. + + +**IMPORTANT: Do not file public issues on GitHub for security vulnerabilities** + +To report a vulnerability or a security-related issue, please contact the maintainers with enough details through one of the following channels: +* Directly via their individual email addresses +* Open a [GitHub Security Advisory](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability). This allows for anyone to report security vulnerabilities directly and privately to the maintainers via GitHub. Note that this option may not be present for every repository. + +The report will be fielded by the maintainers who have committer and release permissions. Feedback will be sent within 3 business days, including a detailed plan to investigate the issue and any potential workarounds to perform in the meantime. + +Do not report non-security-impacting bugs through this channel. Use GitHub issues for all non-security-impacting bugs. + + +## Proposed Report Content + +Provide a descriptive title and in the description of the report include the following information: + +* Basic identity information, such as your name and your affiliation or company. +* Detailed steps to reproduce the vulnerability (POC scripts, screenshots, and logs are all helpful to us). +* Description of the effects of the vulnerability on this project and the related hardware and software configurations, so that the maintainers can reproduce it. +* How the vulnerability affects this project's usage and an estimation of the attack surface, if there is one. +* List other projects or dependencies that were used in conjunction with this project to produce the vulnerability. + + +## When to report a vulnerability + +* When you think this project has a potential security vulnerability. +* When you suspect a potential vulnerability but you are unsure that it impacts this project. +* When you know of or suspect a potential vulnerability on another project that is used by this project. + + +## Patch, Release, and Disclosure + +The maintainers will respond to vulnerability reports as follows: + +1. The maintainers will investigate the vulnerability and determine its effects and criticality. +2. If the issue is not deemed to be a vulnerability, the maintainers will follow up with a detailed reason for rejection. +3. The maintainers will initiate a conversation with the reporter within 3 business days. +4. If a vulnerability is acknowledged and the timeline for a fix is determined, the maintainers will work on a plan to communicate with the appropriate community, including identifying mitigating steps that affected users can take to protect themselves until the fix is rolled out. +5. The maintainers will also create a [Security Advisory](https://docs.github.com/en/code-security/repository-security-advisories/publishing-a-repository-security-advisory) using the [CVSS Calculator](https://www.first.org/cvss/calculator/3.0), if it is not created yet. The maintainers make the final call on the calculated CVSS; it is better to move quickly than making the CVSS perfect. Issues may also be reported to [Mitre](https://cve.mitre.org/) using this [scoring calculator](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator). The draft advisory will initially be set to private. +6. The maintainers will work on fixing the vulnerability and perform internal testing before preparing to roll out the fix. +7. Once the fix is confirmed, the maintainers will patch the vulnerability in the next patch or minor release, and backport a patch release into all earlier supported releases. + + +## Public Disclosure Process + +The maintainers publish the public advisory to this project's community via GitHub. In most cases, additional communication via Slack, Twitter, mailing lists, blog, and other channels will assist in educating the project's users and rolling out the patched release to affected users. + +The maintainers will also publish any mitigating steps users can take until the fix can be applied to their instances. This project's distributors will handle creating and publishing their own security advisories. + + +## Confidentiality, integrity and availability + +We consider vulnerabilities leading to the compromise of data confidentiality, elevation of privilege, or integrity to be our highest priority concerns. Availability, in particular in areas relating to DoS and resource exhaustion, is also a serious security concern. The maintainer team takes all vulnerabilities, potential vulnerabilities, and suspected vulnerabilities seriously and will investigate them in an urgent and expeditious manner. + +Note that we do not currently consider the default settings for this project to be secure-by-default. It is necessary for operators to explicitly configure settings, role based access control, and other resource related features in this project to provide a hardened environment. We will not act on any security disclosure that relates to a lack of safe defaults. Over time, we will work towards improved safe-by-default configuration, taking into account backwards compatibility. From 1319a5f20f206cec7ea68a1a8c0ca6bff694b887 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Thu, 1 Jun 2023 16:34:45 +0200 Subject: [PATCH 31/88] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d337a768..6dc8d853 100644 --- a/README.md +++ b/README.md @@ -94,7 +94,7 @@ Current limitations of `qemu_build` script: We'd love for you to contribute to this image. You can request new features by creating an [issue](https://github.com/bitnami/minideb/issues), or submit a [pull request](https://github.com/bitnami/minideb/pulls) with your contribution. # License -Copyright © 2023 Bitnami +Copyright © 2023 VMware Inc Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at From 51ac5ee9c3706bf37d64de7c33e09a6b85155a2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Fri, 2 Jun 2023 14:59:22 +0200 Subject: [PATCH 32/88] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6dc8d853..ffe0da10 100644 --- a/README.md +++ b/README.md @@ -94,7 +94,7 @@ Current limitations of `qemu_build` script: We'd love for you to contribute to this image. You can request new features by creating an [issue](https://github.com/bitnami/minideb/issues), or submit a [pull request](https://github.com/bitnami/minideb/pulls) with your contribution. # License -Copyright © 2023 VMware Inc +Copyright © 2023 VMware, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at From 04c8a20386e4491181fead22c042939f6946e373 Mon Sep 17 00:00:00 2001 From: Jose Antonio Carmona Date: Mon, 12 Jun 2023 18:11:35 +0200 Subject: [PATCH 33/88] Add support for Debian 12 bookworm Signed-off-by: Jose Antonio Carmona --- .github/actions/build/action.yml | 2 +- .github/workflows/main.yml | 6 +++--- README.md | 16 ++++++++-------- buildall | 1 + debootstrap/bookworm | 1 + mkimage | 2 +- pushall | 3 ++- pushmanifest | 1 + 8 files changed, 18 insertions(+), 14 deletions(-) create mode 120000 debootstrap/bookworm diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml index aa5dd366..3871f698 100644 --- a/.github/actions/build/action.yml +++ b/.github/actions/build/action.yml @@ -1,7 +1,7 @@ inputs: dist: description: 'Dist to build' - default: 'bullseye' + default: 'bookworm' platform: description: 'Platform to build' default: 'amd64' diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 16d2f69e..1a6104aa 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -16,7 +16,7 @@ on: - cron: '0 0 * * *' env: BASENAME: bitnami/minideb - LATEST: bullseye + LATEST: bookworm # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: # This workflow contains a single job called "build" @@ -41,7 +41,7 @@ jobs: needs: [ shellcheck ] strategy: matrix: - dist: [buster, bullseye] + dist: [buster, bullseye, bookworm] arch: [amd64, arm64] name: Build ${{ matrix.dist }} on ${{ matrix.arch }} @@ -81,7 +81,7 @@ jobs: - uses: actions/checkout@v3 - name: Push Manifests run: | - DISTS="buster bullseye latest" bash pushmanifest + DISTS="buster bullseye bookworm latest" bash pushmanifest # If the CI Pipeline does not succeed we should notify the interested agents slack-notif: diff --git a/README.md b/README.md index ffe0da10..bd16f67d 100644 --- a/README.md +++ b/README.md @@ -14,14 +14,14 @@ $ docker run --rm -it bitnami/minideb:latest There are [tags](https://hub.docker.com/r/bitnami/minideb/tags/) for the different Debian releases. ``` -$ docker run --rm -it bitnami/minideb:bullseye +$ docker run --rm -it bitnami/minideb:bookworm ``` The images are built daily and have the security release enabled, so will contain any security updates released more than 24 hours ago. You can also use the images as a base for your own `Dockerfile`: ``` -FROM bitnami/minideb:bullseye +FROM bitnami/minideb:bookworm ``` # Why use Minideb @@ -62,14 +62,14 @@ We provide a Makefile to help you build Minideb locally. It should be run on a D $ sudo make ``` -To build an individual release (buster, bullseye or unstable) +To build an individual release (buster, bullseye, bookworm or unstable) ``` -$ sudo make bullseye +$ sudo make bookworm ``` To test the resulting image: ``` -$ sudo make test-bullseye +$ sudo make test-bookworm ``` ## Building Minideb for foreign architecture @@ -77,13 +77,13 @@ Make commands shown above will build an image for the architecture you are curre To build an image for a foreign architecture (for example to build a multiarch image), we provide a simple script which run a QEMU instance for the target architecture and build the image inside it. -To build and test a bullseye image for arm64: +To build and test a bookworm image for arm64: ``` -$ ./qemu_build bullseye arm64 +$ ./qemu_build bookworm arm64 ``` The image will be then imported locally through the docker cli with `$distribution-$architecture` tag -(example: `bitnami/minideb:bullseye-arm64`) +(example: `bitnami/minideb:bookworm-arm64`) Current limitations of `qemu_build` script: diff --git a/buildall b/buildall index 2cfa7d9f..0dfcb56a 100755 --- a/buildall +++ b/buildall @@ -10,6 +10,7 @@ arch=${1:-"amd64 arm64"} dist="buster bullseye +bookworm " for a in $arch; do for i in $dist; do diff --git a/debootstrap/bookworm b/debootstrap/bookworm new file mode 120000 index 00000000..8cfa86a0 --- /dev/null +++ b/debootstrap/bookworm @@ -0,0 +1 @@ +jessie \ No newline at end of file diff --git a/mkimage b/mkimage index c3685418..1a29567c 100755 --- a/mkimage +++ b/mkimage @@ -78,7 +78,7 @@ repo_url="http://deb.debian.org/debian" sec_repo_url="http://security.debian.org/" echo -e "deb ${repo_url} $DIST main" > "$rootfsDir/etc/apt/sources.list" -if [ "$DIST" == "bullseye" ]; then +if [ "$DIST" == "bullseye" ] || [ "$DIST" == "bookworm" ]; then echo "deb ${repo_url} $DIST-updates main" >> "$rootfsDir/etc/apt/sources.list" echo "deb ${sec_repo_url} $DIST-security main" >> "$rootfsDir/etc/apt/sources.list" elif [ "$DIST" != "unstable" ]; then diff --git a/pushall b/pushall index 263bc940..b95896dd 100755 --- a/pushall +++ b/pushall @@ -6,8 +6,9 @@ set -o pipefail DISTS="buster bullseye +bookworm " -LATEST=bullseye +LATEST=bookworm BASENAME=bitnami/minideb if [ -n "${DOCKER_PASSWORD:-}" ]; then diff --git a/pushmanifest b/pushmanifest index 82b7f37c..dd234166 100755 --- a/pushmanifest +++ b/pushmanifest @@ -6,6 +6,7 @@ set -o pipefail DISTS=${DISTS:-"buster bullseye +bookworm latest "} From a17be0216f4d0fea0ee51331c2af3642d54cc085 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 13 Jun 2023 18:16:00 +0200 Subject: [PATCH 34/88] Remove debootrsap from unsupported/old versions making buster the new default MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Carlos Rodríguez Hernández --- debootstrap/bullseye | 2 +- debootstrap/buster | 227 ++++++++++++++++++++++++++++++++++++++++++- debootstrap/jessie | 226 ------------------------------------------ debootstrap/stretch | 1 - debootstrap/unstable | 1 - debootstrap/wheezy | 1 - 6 files changed, 227 insertions(+), 231 deletions(-) mode change 120000 => 100644 debootstrap/buster delete mode 100644 debootstrap/jessie delete mode 120000 debootstrap/stretch delete mode 120000 debootstrap/unstable delete mode 120000 debootstrap/wheezy diff --git a/debootstrap/bullseye b/debootstrap/bullseye index 8cfa86a0..766a99ab 120000 --- a/debootstrap/bullseye +++ b/debootstrap/bullseye @@ -1 +1 @@ -jessie \ No newline at end of file +buster \ No newline at end of file diff --git a/debootstrap/buster b/debootstrap/buster deleted file mode 120000 index 8cfa86a0..00000000 --- a/debootstrap/buster +++ /dev/null @@ -1 +0,0 @@ -jessie \ No newline at end of file diff --git a/debootstrap/buster b/debootstrap/buster new file mode 100644 index 00000000..804e9660 --- /dev/null +++ b/debootstrap/buster @@ -0,0 +1,226 @@ +mirror_style release +download_style apt +finddebs_style from-indices +variants - container fakechroot +keyring /usr/share/keyrings/debian-archive-keyring.gpg + +if doing_variant fakechroot; then + test "$FAKECHROOT" = "true" || error 1 FAKECHROOTREQ "This variant requires fakechroot environment to be started" +fi + +case $ARCH in + alpha|ia64) LIBC="libc6.1" ;; + kfreebsd-*) LIBC="libc0.1" ;; + hurd-*) LIBC="libc0.3" ;; + *) LIBC="libc6" ;; +esac + +work_out_debs () { + # adduser in case users want to add a user to run as non-root + # base-files as it has many important files + # base-passwd to get user account info + # bash because users will often shell in + # bsdutils because it has some commands used in postinst + # - particularly `logger` for `mysql-server` see + # https://github.com/bitnami/minideb/issues/16 + # coreutils for many very common utilities + # dash for a shell for scripts + # debian-archive-keyring to verify apt packages + # diffutils for diff as required for installing the system + # (could maybe be removed after, but diffing is pretty common in debugging) + # dpkg for dpkg + # findutils for find as required for installing the system + # grep as it is a very common debugging tool + # gzip as decompressing zip is super common + # hostname ? + # libc-bin for ldconfig + # login as su maybe used if run as non root (?) + # lsb-base ? + # mawk as it is used by dpkg + # ncurses-base for terminfo files as docker sets TERM=xterm + # see https://github.com/bitnami/minideb/issues/17 + # passwd for managing user accounts if run as non-root. + # sed as a very commonly used tool + # sysv-rc for update-rc.d, required when installing initscripts in postinsts + # tar as uncompressing tarballs is super common when installing things. + # tzdata for handling timezones + # util-linux for getopt + # mount is required for mounting /proc during debootstrap + required="adduser base-files base-passwd bash bsdutils coreutils dash debian-archive-keyring diffutils dpkg findutils grep gzip hostname init-system-helpers libc-bin login lsb-base mawk ncurses-base passwd sed sysv-rc tar tzdata util-linux mount" + + base="apt" + + if doing_variant fakechroot; then + # ldd.fake needs binutils + required="$required binutils" + fi + + case $MIRRORS in + https://*) + base="$base apt-transport-https ca-certificates" + ;; + esac +} + +first_stage_install () { + extract $required + + mkdir -p "$TARGET/var/lib/dpkg" + : >"$TARGET/var/lib/dpkg/status" + : >"$TARGET/var/lib/dpkg/available" + + setup_etc + if [ ! -e "$TARGET/etc/fstab" ]; then + echo '# UNCONFIGURED FSTAB FOR BASE SYSTEM' > "$TARGET/etc/fstab" + chown 0:0 "$TARGET/etc/fstab"; chmod 644 "$TARGET/etc/fstab" + fi + + setup_devices + + x_feign_install () { + local pkg="$1" + local deb="$(debfor $pkg)" + local ver="$(extract_deb_field "$TARGET/$deb" Version)" + + mkdir -p "$TARGET/var/lib/dpkg/info" + + echo \ +"Package: $pkg +Version: $ver +Maintainer: unknown +Status: install ok installed" >> "$TARGET/var/lib/dpkg/status" + + touch "$TARGET/var/lib/dpkg/info/${pkg}.list" + } + + x_feign_install dpkg +} + +second_stage_install () { + setup_dynamic_devices + + x_core_install () { + smallyes '' | in_target dpkg --force-depends --install $(debfor "$@") + } + + p () { + baseprog="$(($baseprog + ${1:-1}))" + } + + if doing_variant fakechroot; then + setup_proc_fakechroot + else + setup_proc + in_target /sbin/ldconfig + fi + + DEBIAN_FRONTEND=noninteractive + DEBCONF_NONINTERACTIVE_SEEN=true + export DEBIAN_FRONTEND DEBCONF_NONINTERACTIVE_SEEN + + baseprog=0 + bases=7 + + p; progress $baseprog $bases INSTCORE "Installing core packages" #1 + info INSTCORE "Installing core packages..." + + p; progress $baseprog $bases INSTCORE "Installing core packages" #2 + ln -sf mawk "$TARGET/usr/bin/awk" + x_core_install base-passwd + x_core_install base-files + p; progress $baseprog $bases INSTCORE "Installing core packages" #3 + x_core_install dpkg + + if [ ! -e "$TARGET/etc/localtime" ]; then + ln -sf /usr/share/zoneinfo/UTC "$TARGET/etc/localtime" + fi + + if doing_variant fakechroot; then + install_fakechroot_tools + fi + + p; progress $baseprog $bases INSTCORE "Installing core packages" #4 + x_core_install $LIBC + + p; progress $baseprog $bases INSTCORE "Installing core packages" #5 + x_core_install perl-base + + p; progress $baseprog $bases INSTCORE "Installing core packages" #6 + rm "$TARGET/usr/bin/awk" + x_core_install mawk + + p; progress $baseprog $bases INSTCORE "Installing core packages" #7 + if doing_variant -; then + x_core_install debconf + fi + + baseprog=0 + bases=$(set -- $required; echo $#) + + info UNPACKREQ "Unpacking required packages..." + + exec 7>&1 + + smallyes '' | + (repeatn 5 in_target_failmsg UNPACK_REQ_FAIL_FIVE "Failure while unpacking required packages. This will be attempted up to five times." "" \ + dpkg --status-fd 8 --force-depends --unpack $(debfor $required) 8>&1 1>&7 || echo EXITCODE $?) | + dpkg_progress $baseprog $bases UNPACKREQ "Unpacking required packages" UNPACKING + + info CONFREQ "Configuring required packages..." + + echo \ +"#!/bin/sh +exit 101" > "$TARGET/usr/sbin/policy-rc.d" + chmod 755 "$TARGET/usr/sbin/policy-rc.d" + + mv "$TARGET/sbin/start-stop-daemon" "$TARGET/sbin/start-stop-daemon.REAL" + echo \ +"#!/bin/sh +echo +echo \"Warning: Fake start-stop-daemon called, doing nothing\"" > "$TARGET/sbin/start-stop-daemon" + chmod 755 "$TARGET/sbin/start-stop-daemon" + + setup_dselect_method apt + + smallyes '' | + (in_target_failmsg CONF_REQ_FAIL "Failure while configuring required packages." "" \ + dpkg --status-fd 8 --configure --pending --force-configure-any --force-depends 8>&1 1>&7 || echo EXITCODE $?) | + dpkg_progress $baseprog $bases CONFREQ "Configuring required packages" CONFIGURING + + baseprog=0 + bases="$(set -- $base; echo $#)" + + info UNPACKBASE "Unpacking the base system..." + + setup_available $required $base + done_predeps= + while predep=$(get_next_predep); do + # We have to resolve dependencies of pre-dependencies manually because + # dpkg --predep-package doesn't handle this. + predep=$(without "$(without "$(resolve_deps $predep)" "$required")" "$done_predeps") + # XXX: progress is tricky due to how dpkg_progress works + # -- cjwatson 2009-07-29 + p; smallyes '' | + in_target dpkg --force-overwrite --force-confold --skip-same-version --install $(debfor $predep) + base=$(without "$base" "$predep") + done_predeps="$done_predeps $predep" + done + + smallyes '' | + (repeatn 5 in_target_failmsg INST_BASE_FAIL_FIVE "Failure while installing base packages. This will be re-attempted up to five times." "" \ + dpkg --status-fd 8 --force-overwrite --force-confold --skip-same-version --unpack $(debfor $base) 8>&1 1>&7 || echo EXITCODE $?) | + dpkg_progress $baseprog $bases UNPACKBASE "Unpacking base system" UNPACKING + + info CONFBASE "Configuring the base system..." + + smallyes '' | + (repeatn 5 in_target_failmsg CONF_BASE_FAIL_FIVE "Failure while configuring base packages. This will be re-attempted up to five times." "" \ + dpkg --status-fd 8 --force-confold --skip-same-version --configure -a 8>&1 1>&7 || echo EXITCODE $?) | + dpkg_progress $baseprog $bases CONFBASE "Configuring base system" CONFIGURING + + mv "$TARGET/sbin/start-stop-daemon.REAL" "$TARGET/sbin/start-stop-daemon" + rm -f "$TARGET/usr/sbin/policy-rc.d" + + progress $bases $bases CONFBASE "Configuring base system" + info BASESUCCESS "Base system installed successfully." +} diff --git a/debootstrap/jessie b/debootstrap/jessie deleted file mode 100644 index 804e9660..00000000 --- a/debootstrap/jessie +++ /dev/null @@ -1,226 +0,0 @@ -mirror_style release -download_style apt -finddebs_style from-indices -variants - container fakechroot -keyring /usr/share/keyrings/debian-archive-keyring.gpg - -if doing_variant fakechroot; then - test "$FAKECHROOT" = "true" || error 1 FAKECHROOTREQ "This variant requires fakechroot environment to be started" -fi - -case $ARCH in - alpha|ia64) LIBC="libc6.1" ;; - kfreebsd-*) LIBC="libc0.1" ;; - hurd-*) LIBC="libc0.3" ;; - *) LIBC="libc6" ;; -esac - -work_out_debs () { - # adduser in case users want to add a user to run as non-root - # base-files as it has many important files - # base-passwd to get user account info - # bash because users will often shell in - # bsdutils because it has some commands used in postinst - # - particularly `logger` for `mysql-server` see - # https://github.com/bitnami/minideb/issues/16 - # coreutils for many very common utilities - # dash for a shell for scripts - # debian-archive-keyring to verify apt packages - # diffutils for diff as required for installing the system - # (could maybe be removed after, but diffing is pretty common in debugging) - # dpkg for dpkg - # findutils for find as required for installing the system - # grep as it is a very common debugging tool - # gzip as decompressing zip is super common - # hostname ? - # libc-bin for ldconfig - # login as su maybe used if run as non root (?) - # lsb-base ? - # mawk as it is used by dpkg - # ncurses-base for terminfo files as docker sets TERM=xterm - # see https://github.com/bitnami/minideb/issues/17 - # passwd for managing user accounts if run as non-root. - # sed as a very commonly used tool - # sysv-rc for update-rc.d, required when installing initscripts in postinsts - # tar as uncompressing tarballs is super common when installing things. - # tzdata for handling timezones - # util-linux for getopt - # mount is required for mounting /proc during debootstrap - required="adduser base-files base-passwd bash bsdutils coreutils dash debian-archive-keyring diffutils dpkg findutils grep gzip hostname init-system-helpers libc-bin login lsb-base mawk ncurses-base passwd sed sysv-rc tar tzdata util-linux mount" - - base="apt" - - if doing_variant fakechroot; then - # ldd.fake needs binutils - required="$required binutils" - fi - - case $MIRRORS in - https://*) - base="$base apt-transport-https ca-certificates" - ;; - esac -} - -first_stage_install () { - extract $required - - mkdir -p "$TARGET/var/lib/dpkg" - : >"$TARGET/var/lib/dpkg/status" - : >"$TARGET/var/lib/dpkg/available" - - setup_etc - if [ ! -e "$TARGET/etc/fstab" ]; then - echo '# UNCONFIGURED FSTAB FOR BASE SYSTEM' > "$TARGET/etc/fstab" - chown 0:0 "$TARGET/etc/fstab"; chmod 644 "$TARGET/etc/fstab" - fi - - setup_devices - - x_feign_install () { - local pkg="$1" - local deb="$(debfor $pkg)" - local ver="$(extract_deb_field "$TARGET/$deb" Version)" - - mkdir -p "$TARGET/var/lib/dpkg/info" - - echo \ -"Package: $pkg -Version: $ver -Maintainer: unknown -Status: install ok installed" >> "$TARGET/var/lib/dpkg/status" - - touch "$TARGET/var/lib/dpkg/info/${pkg}.list" - } - - x_feign_install dpkg -} - -second_stage_install () { - setup_dynamic_devices - - x_core_install () { - smallyes '' | in_target dpkg --force-depends --install $(debfor "$@") - } - - p () { - baseprog="$(($baseprog + ${1:-1}))" - } - - if doing_variant fakechroot; then - setup_proc_fakechroot - else - setup_proc - in_target /sbin/ldconfig - fi - - DEBIAN_FRONTEND=noninteractive - DEBCONF_NONINTERACTIVE_SEEN=true - export DEBIAN_FRONTEND DEBCONF_NONINTERACTIVE_SEEN - - baseprog=0 - bases=7 - - p; progress $baseprog $bases INSTCORE "Installing core packages" #1 - info INSTCORE "Installing core packages..." - - p; progress $baseprog $bases INSTCORE "Installing core packages" #2 - ln -sf mawk "$TARGET/usr/bin/awk" - x_core_install base-passwd - x_core_install base-files - p; progress $baseprog $bases INSTCORE "Installing core packages" #3 - x_core_install dpkg - - if [ ! -e "$TARGET/etc/localtime" ]; then - ln -sf /usr/share/zoneinfo/UTC "$TARGET/etc/localtime" - fi - - if doing_variant fakechroot; then - install_fakechroot_tools - fi - - p; progress $baseprog $bases INSTCORE "Installing core packages" #4 - x_core_install $LIBC - - p; progress $baseprog $bases INSTCORE "Installing core packages" #5 - x_core_install perl-base - - p; progress $baseprog $bases INSTCORE "Installing core packages" #6 - rm "$TARGET/usr/bin/awk" - x_core_install mawk - - p; progress $baseprog $bases INSTCORE "Installing core packages" #7 - if doing_variant -; then - x_core_install debconf - fi - - baseprog=0 - bases=$(set -- $required; echo $#) - - info UNPACKREQ "Unpacking required packages..." - - exec 7>&1 - - smallyes '' | - (repeatn 5 in_target_failmsg UNPACK_REQ_FAIL_FIVE "Failure while unpacking required packages. This will be attempted up to five times." "" \ - dpkg --status-fd 8 --force-depends --unpack $(debfor $required) 8>&1 1>&7 || echo EXITCODE $?) | - dpkg_progress $baseprog $bases UNPACKREQ "Unpacking required packages" UNPACKING - - info CONFREQ "Configuring required packages..." - - echo \ -"#!/bin/sh -exit 101" > "$TARGET/usr/sbin/policy-rc.d" - chmod 755 "$TARGET/usr/sbin/policy-rc.d" - - mv "$TARGET/sbin/start-stop-daemon" "$TARGET/sbin/start-stop-daemon.REAL" - echo \ -"#!/bin/sh -echo -echo \"Warning: Fake start-stop-daemon called, doing nothing\"" > "$TARGET/sbin/start-stop-daemon" - chmod 755 "$TARGET/sbin/start-stop-daemon" - - setup_dselect_method apt - - smallyes '' | - (in_target_failmsg CONF_REQ_FAIL "Failure while configuring required packages." "" \ - dpkg --status-fd 8 --configure --pending --force-configure-any --force-depends 8>&1 1>&7 || echo EXITCODE $?) | - dpkg_progress $baseprog $bases CONFREQ "Configuring required packages" CONFIGURING - - baseprog=0 - bases="$(set -- $base; echo $#)" - - info UNPACKBASE "Unpacking the base system..." - - setup_available $required $base - done_predeps= - while predep=$(get_next_predep); do - # We have to resolve dependencies of pre-dependencies manually because - # dpkg --predep-package doesn't handle this. - predep=$(without "$(without "$(resolve_deps $predep)" "$required")" "$done_predeps") - # XXX: progress is tricky due to how dpkg_progress works - # -- cjwatson 2009-07-29 - p; smallyes '' | - in_target dpkg --force-overwrite --force-confold --skip-same-version --install $(debfor $predep) - base=$(without "$base" "$predep") - done_predeps="$done_predeps $predep" - done - - smallyes '' | - (repeatn 5 in_target_failmsg INST_BASE_FAIL_FIVE "Failure while installing base packages. This will be re-attempted up to five times." "" \ - dpkg --status-fd 8 --force-overwrite --force-confold --skip-same-version --unpack $(debfor $base) 8>&1 1>&7 || echo EXITCODE $?) | - dpkg_progress $baseprog $bases UNPACKBASE "Unpacking base system" UNPACKING - - info CONFBASE "Configuring the base system..." - - smallyes '' | - (repeatn 5 in_target_failmsg CONF_BASE_FAIL_FIVE "Failure while configuring base packages. This will be re-attempted up to five times." "" \ - dpkg --status-fd 8 --force-confold --skip-same-version --configure -a 8>&1 1>&7 || echo EXITCODE $?) | - dpkg_progress $baseprog $bases CONFBASE "Configuring base system" CONFIGURING - - mv "$TARGET/sbin/start-stop-daemon.REAL" "$TARGET/sbin/start-stop-daemon" - rm -f "$TARGET/usr/sbin/policy-rc.d" - - progress $bases $bases CONFBASE "Configuring base system" - info BASESUCCESS "Base system installed successfully." -} diff --git a/debootstrap/stretch b/debootstrap/stretch deleted file mode 120000 index 8cfa86a0..00000000 --- a/debootstrap/stretch +++ /dev/null @@ -1 +0,0 @@ -jessie \ No newline at end of file diff --git a/debootstrap/unstable b/debootstrap/unstable deleted file mode 120000 index 8cfa86a0..00000000 --- a/debootstrap/unstable +++ /dev/null @@ -1 +0,0 @@ -jessie \ No newline at end of file diff --git a/debootstrap/wheezy b/debootstrap/wheezy deleted file mode 120000 index 8cfa86a0..00000000 --- a/debootstrap/wheezy +++ /dev/null @@ -1 +0,0 @@ -jessie \ No newline at end of file From 489416e02e0e7ae2d27d5e9de4844aec137b3ebd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 13 Jun 2023 18:21:41 +0200 Subject: [PATCH 35/88] Remove unstable mentions and always add security repo to sources MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Carlos Rodríguez Hernández --- README.md | 2 +- mkimage | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index ffe0da10..072878a9 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,7 @@ We provide a Makefile to help you build Minideb locally. It should be run on a D $ sudo make ``` -To build an individual release (buster, bullseye or unstable) +To build an individual release (buster or bullseye) ``` $ sudo make bullseye ``` diff --git a/mkimage b/mkimage index c3685418..33660194 100755 --- a/mkimage +++ b/mkimage @@ -78,11 +78,9 @@ repo_url="http://deb.debian.org/debian" sec_repo_url="http://security.debian.org/" echo -e "deb ${repo_url} $DIST main" > "$rootfsDir/etc/apt/sources.list" +echo -e "deb ${sec_repo_url} $DIST-security main" >> "$rootfsDir/etc/apt/sources.list" if [ "$DIST" == "bullseye" ]; then - echo "deb ${repo_url} $DIST-updates main" >> "$rootfsDir/etc/apt/sources.list" - echo "deb ${sec_repo_url} $DIST-security main" >> "$rootfsDir/etc/apt/sources.list" -elif [ "$DIST" != "unstable" ]; then - echo "deb ${sec_repo_url} $DIST/updates main" >> "$rootfsDir/etc/apt/sources.list" + echo -e "deb ${repo_url} $DIST-updates main" >> "$rootfsDir/etc/apt/sources.list" fi rootfs_chroot apt-get update From 6f2f6182538ca670e4d23fb37a05f093a19cdc3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 13 Jun 2023 18:22:25 +0200 Subject: [PATCH 36/88] Remove custom keys. They were only used in two versions and not in others MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Carlos Rodríguez Hernández --- keys/buster.gpg | 53 -------------- keys/unstable.gpg | 174 ---------------------------------------------- mkimage | 4 -- 3 files changed, 231 deletions(-) delete mode 100644 keys/buster.gpg delete mode 100644 keys/unstable.gpg diff --git a/keys/buster.gpg b/keys/buster.gpg deleted file mode 100644 index 2c4a66c5..00000000 --- a/keys/buster.gpg +++ /dev/null @@ -1,53 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBFxZ9FABEADPEDVwAUd10zcdnQJF7klaxK1mcTEUd+xfNAKBjhvP69XdAf54 -7PS8Xid9zMAK/JARzLsZj5STy1VQQrPGOkSqPKA+gSpW8CmEWwfL/VTfQFFrJ9kb -1eArtb3FFk3qdtLih38t5JUhm0PidKcThemoi3kfVfoK3iWnfnb36RuNG75H73gf -/5i3C4Wq+dGusGXWxz15E9qACja3i/r239unHKvfEFWXQU6IyNYkz8o/hG/knRCX -DTBKbzKt4AH7LQFoLsd+qN8DNUUjxIUZyDTxJac5TXTWKiiOXsxzUmcgZBO+FT8b -Nx19fq9leIqxcBGdXU1TT2STwcgku9QtIKdm8wq0IrlbLjEasmmpeEx6WAIvaZfx -U2hFIKhYJXue2LTu2eUgxFBPUwQYoClCBUDuJgA9n+Z4HGKlibiUhf3HF+KIxqzr -woQn+rac6eVJowsPPN8maeMwltjAdkfSHGWQkgGPPCaGwJj7shq2qJBYmbEbC5j6 -02ZJS1srmvJbQrKhG+jdPDADDhwLq5vEQysqcJJ72+vAKjMHOTWc026zwQz3evvO -p6LsrJ+l0kyH1CjMhmumr4A/d+GSFGxzUR6BRAGigSYKQdPWb7Fb9fEuTsa1kp9k -cqRMMGxPYNQsBPu+h0PIMMHEYY5WOMaKni7bE7lfxSdcnDG6TbtAy4zcQwARAQAB -tEdEZWJpYW4gU3RhYmxlIFJlbGVhc2UgS2V5ICgxMC9idXN0ZXIpIDxkZWJpYW4t -cmVsZWFzZUBsaXN0cy5kZWJpYW4ub3JnPokCVAQTAQoAPhYhBG0zhm7dj/pBwBQ6 -7dzJ77934RUXBQJcWfRQAhsDBQkPCZwABQsJCAcDBRUKCQgLBRYCAwEAAh4BAheA -AAoJENzJ77934RUX/woQAICqnZKgvhZrYU/ogF1Kbx1oPYWg1Dz8ErQtXbFqcSeU -JBsG2eJFHkR//sqeKGFYcE8xHN9oX8i9UMUvmb6FtMMTK9wJ99sSA/PFWJT6FbZo -Eflx27q3fJfzcGGAgtslXBEqYVcyBv6KUQk/d+OC73rdFAH+53BuWFLQKxPFEa3l -U7QLo0oyWH4gKXVGs2D+Bo4sRSa0NzcJoUQXTi04f2RU/4Zs4ar/tYopMoA3H0hC -axZLfrSFtXpb7n3IsivP4mwdaPDSRavLZuNoc/Vze4RGmd0rtC/HyUBHVVMJ17Q2 -2WD7eCEhq8XBbh2u1xZWW3WjRgZxlIdvBu78+A0Kiz0noobA/pwPqYAtMmY3hB+8 -AuaYYWiM53HhySp0m/XkIMOCHZiAaOe4mTf1rrj2qsEH9ZqHljqLD1Bas5NIy2AD -Q2t5MJiNLKKI54cNCsYB2gkCNNoBN+wYRzbrFPMGFxFk/dnb7gRIsqq60t+cwfdt -Y8QlyI0ss1uWhaB7ORXNC7hOziTM1nJ3rCQy5LY1pUyb7WecYIRG2niLIb8bXlml -XA+jyVQ/Ft8FL33drvXdIrNobNz5Q9PZUSC0Ll2OYkbTzioxTMv8o0SPkz7xawvq -cOhWyNdf7E0/SUf4T75jCZ3zqaZOucNBRekumcUme+6ua8+W0iC4Jtmot5yh4oaZ -iQIzBBABCAAdFiEEcgNjDiyOcnJRaE/rxc5dwsVCzVkFAlxZ93cACgkQxc5dwsVC -zVmrKBAAlAgWCTg6sd8RH91sBlDyRd0RLb4qG3q1OQiZSuUXiaLfZkNkzhaWt2rs -fDR2YqqF5zqiJ3FzUoWAvLWvna0yWaVjxJ79x1BfIfB5m00zWtL4S9loPQk/ktyF -XKCwEYT+XFF7BMPdOt14pfnqvF4lMlQ3PYdy7PYxXicWjGAx7UEUhTxyg/w8T8Tw -8axI6JOVDI7KZKpXNHVv+QnvkVv22vrbd5CC+NoyBBHld1R5b66RHJXRlmb3eZa/ -QfTFDeI8Lbsc4mRL8xmq35oCd2+/ZRo+urD9fXN8LNYR0gdhlCDmP5lw8zKQuW3w -7DQl/Mc3zZSMP2n2YcSdVLEycZ4Q3qG0Ft0LXiDol9zPe8fjTQK8A7bR1r0Cu/hI -IhvV8HjhSwp5scjarv0/jt1p+BDgKcccf0j8vdWGiNwt5opq9vQLWgfVGxjVBDXG -lrxJg3QvM7OboN020OWs9OPnzIQhLfoP33fcMK5Fci1X09lakG3KvpvJBxPyy/cR -YYeKhL28fb7I3+z4keDsK38+b/jEPuLn4yf/5u89ZQE4FHCQdqvd8Bv9FK18UrAN -H41LKqLwDsLjKSBYZ6B1ZKryyq0IxYo3Tbxf9k1AbBIMQotYi2NFzY0+i7HVqxLq -XYD2C+XuoY5q4DUIbbM95LFGci7yM/xWz67G3hAZz3doyu7NFvSJAjMEEAEKAB0W -IQQKVbfFEiM5QobsdMNTlEed01JMUQUCXLXVIwAKCRBTlEed01JMUdrMD/sESjTO -/g/dtSwnUhKJHyn56jSBRzqDvkxpvJS3pk6NIVW/SSplTWZfw97k5DtpW3qtEh1L -KvRTGwL27jhl4J+mBepGtItRUVHKxLVLLUMn6qdVhX2K9rHB0wTW/BTcUp0/jf3Q -QrZuuhoIx1xQtugJBWnSzuqJQcV7Nc3NBIPHxuvrVnGun+TXYZhab4odNxj1efuw -z7MmFPEs1UqxNJaeSM/cDyFOwBo/FuSflKx9M45KP80hneMZzFYC7BBtcVEAsqJ0 -949UHIZp58z7lL/uI8hSsDNLoddPus+Kebq+iot7Yq9qL2KgHbnL/jjmP+JXeEJn -bvTI1XwB1yd9TpGpwx4QU+dPX9Fl0JcJ1M9Ym9GJyUUzwhfKaIEjfzJLjbCNeI0m -/KRKTm8XkGb9Mr3Za8BgZRrvK9OQsVuYfNHBQhPmSPsoOtqHP6lwfEt+ZBhsTlRG -MnjVJCXOIls7rkI2128c2cQSeUNBW8N/dXTthE0SAqTek5jGGgJ5oo7brPFmJLhD -35fJeyT1AfoJX9KavVXd63ShDvjS3Nt8+wPizzBFUmylzoJAy0172mqs+WmJ9rPs -2ywOhgdo65iPihKiqLGr2pSrcmwJ3LvHpCgQldjqZfF9dmJAqdoO+WDYBU3pTQGV -idjr8CGNeffTyeMJbSniGisGOkhiX9TLbz8ufw== -=a2kx ------END PGP PUBLIC KEY BLOCK----- diff --git a/keys/unstable.gpg b/keys/unstable.gpg deleted file mode 100644 index 7d2315f9..00000000 --- a/keys/unstable.gpg +++ /dev/null @@ -1,174 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBFyy5ecBEACxXGKUyi5dFjPhEFoz3IwKlVfDxySVg+hlhcUEO657UHf/7Ba5 -wr9eHxjlbpxetAymSNnptgh8oaJWcokr9UjeaTbKrYGpRra7Wd1W+f++9tF7BVvV -+AWBaltD5NDuq+eQ7kj72oeMa7KAr4702ZokLgiTsS9dPeDAodx3/jMuV9VxlJ7q -w07bAoUdzhlPBcII3MOCMfQmtwIg27/qqekeOnrGtNwscugwVqcBATxRZ1wNAebJ -60FH9FQOtPZJnuv/q3KXqoneuSMKiBKferQhLXDG/1fUyojNF9Dcae+HmHAZmVsV -K8cHQwgSICWOgWOKVHUH0YHYvElhNIWayaw1EswEW3WMa0F4tY+EDNHEII1TGOxc -X9VzbGT998Hiuf9iJuWuCgYZ75XGA/tUooOwLE77lxPGpTtLL0tr/lTJOkfwxVeY -ERH1LranSQhZAXDHozKPylGo2vLxfA4WNKfaC7Mgq2WKpDWjYtF4kO6/Eiyoiq8L -DqOkCtvt84PFoXEGMk3I1yd7d3bhIUwsgt6nkvn54xebJwVe5aK4MM7qCNZAm+7i -94iZjXTH9wUWX27n9UESqYeHjer1L0m/yL8sn4ceCMzpri2HsI71URwJp47GJTSV -6oAm7NJkiT5Oihcex/tvObZZXZZNqtwROBCkBcdb4Ii3upIfx8uQ3WBkSQARAQAB -iQJOBB8BCgA4FiEEgNFYI7f9FWH597zd3DDXwjy7q+4FAlyy5mwXDIABgOl28UpQ -ikjpyj/pvDciUsoc+WQCBwAACgkQ3DDXwjy7q+7u/g//Wzz20dlQymfkrtvgWAXN -8qw6ifkQtd/kNu61A5u5MGg/EViFnmvZdtYRentf3qnsDl3ZgjYhHMJ5hLVG16Gb -2nrkpQQe6rBX26PMkg/wP5uebUnPQscEO0KpVlJBppO4/rmJNKsphsRYCkgbZORM -LyTRijrN+NJw3Lirk59ykkWyu0PQN0by+aDMOjg4Qt8vfpNxeeEBtCg7wk5XuArZ -mDwcjqazkXn04l74LRzXynK2HFakROCWZQQxl87gpFXAzcdualbenazYI3nWcpPM -taLvOoWpse4jM2c4UC9fX+PLOCOh01POMu/7+omeKfuSLJ77ngS7jkCdbn8y469e -EBFh5tGD2piNg3IgSFjGFOIKt8eOOYQJ5dYLCYpDQ12qO3B/TnRiIwWGDPWg3wxZ -UEkVS+ZkqZcBe3qIqEQ4r/ZgG2vByWdiKDEYGIk6vITOP9SBzWE29M883oAvifcG -3cTwyODl06RMe/DJkZwMxbti0qn2Fpw6T4kozVVI3wbmuLm7kShcTxeE4volP44c -3mOcqIyXIoOQeCLHy34SmYkzmSJ7iE32u6V4hzvPOtfxFbR6VUKOGvFCGUTLfvZr -AqF2PiUWw9B/bXkD6j7js7eclYz9ClgDnW8p5HzA4xVoVAvZISNbwxtiwflplbYT -6t1Mv1sU2iyjjrncY2AYV1mJAk4EHwEKADgWIQSA0Vgjt/0VYfn3vN3cMNfCPLur -7gUCXLLmbBcMgAH7+r21QbXclVvZum7bFs9bsSUlxAIHAAAKCRDcMNfCPLur7ihB -D/4iace5p4gK5MTRNTibKNktYfpOr47BccPGdfeEx+PrVXPHAvFVoo6cwTBa0VeS -n8jXkosgwlXREUTsXFTWq0XFOKBg1OLzofKQyxfyYZLM4ge2VAGuI20HuwnAVHUU -/+8BIzH31CJmvsehWIhALaCxA7RbI01aREpiDJoiBNppHCqwXBRxzk3y7Shmo4pt -J+joRw4x9OZXjBC1y4q70bafOufglKGU11qMDqTan9LpbVT8eN/7xLuGQsUC+Nt5 -ZB/UZkN7shfHiI8bEOTfR9hawf83i/ErAv3PhFmcI9D9SAe11PYGTYwZtGs6Osnv -SXyJNyxvanaFbNfowEUou4NGGdRMXff6W3qe7SQG976SHmJtHB5V5QlO9gVxU5TC -TQc1IL7+JJRhJN83Yo/CnOo6xeY0/jlhZDvVFylGuHDe2L87Q4GqU4ztwrq6KYPA -OuPCGrDTo6Dzc0+WAiZfnrtx11qSawa6hlP0pJdjw09fhBaugrdPyIr23b0iMwp+ -Q8mMaqU8ud4Sfae8KuMvcaNF5dCNe4qJ3xVfeQCkZIsFVSWdq8LHxmQoVZYH+ZsQ -7QzjKZT5s6sb5We7scGYm6O0+1SzT0j4IoiXM39kovzmq40eEZktOm0l7qmDO5vW -2DcMSdFrf9bY4yP0/XiCgKIntl6xKC8FP6lBYl+fd4Jq1IkCTgQfAQoAOBYhBIDR -WCO3/RVh+fe83dww18I8u6vuBQJcsuZsFwyAAYyCPe0QqoBBY54SEFrOjW4MFKRw -AgcAAAoJENww18I8u6vu6IIP/RwycYXi/0bHlthWvS5dAfWlpkQBuG5ZZmxCgw0O -meTFPrIAMk2TZ7mgeiPGetwmvze+5QeRmy4zdSZfyaQWxcWoIE+oUaWEARLlSGIT -nDVn6fiAgjcqauT3Sw3EWp2UAVIvJOoz59aZI+msdglI82eSO+v/XoZ/Bk3KrwrA -ClCqsPfInXdodLeBbDxQ+CJGGjq87sjS6DM8LZFR6Y3rcJf9QbGSU1ZG+bjNb4nq -de29eIqhrJPcfh4p12ADNLUf0MFWh8KDkVOy9cqJH/GeYX3kPxl8cDD6s5PwEsrc -TIa1Iaw7cYSxRRZQJYeCf9//2kn4xQOzFwSoVDHLjg4tTgctLzcmiebqZAtoZGLA -QGDq2SrnPc9vK3z8VMgzrJM1pNkLrhAvTZtyyw85bq/SXUfymPnWDhk5071v6yfn -IMLtvzgA+FcybD6mRLC1tUFhfeqqVi5zbw1haunGnwodSTw/z2BcgR9fdCGA8ebv -Iwh8txQsDHNG10E8dWwF8pe/e8uSdagmITTE9QYN04rV/RRMY6WJ8+2pz12XQZmA -18BPljP2VIHZcBg5Cm2sSgjNA/rpwlGtAxA+ztimwnV39p90BAEVUco8AXXM9cBa -ya2pxNf5U0hj6xMG27FqIcdmmyKlys2m6kPLDuxrF0hPBIa3WM5jEKXercrsMGC+ -x9VoiQJOBB8BCgA4FiEEgNFYI7f9FWH597zd3DDXwjy7q+4FAlyy5mwXDIABMJkR -vqlm0GEwUwRXEbTl/xWw/YICBwAACgkQ3DDXwjy7q+6H7w/+OLbg5w8pGGnm1t0I -2QoLVKz3bNYLf0aJ5SwODYjXnQbLgcEjct/4gexTy3ahPR6zsX2cq0BGXH80A2nT -g9MP20BUOjtQnGjRozn9FotTOi5HsxoyIBcP5pfk2zcfcskpTJchqVhB5QXmw+vl -CIOtjSgLjrSPmRnhHqKR8bjMzvwo+jjCwTlWVBtjU9UnA1jRhvHzTp8SLC4HHY31 -yAiU6FbAlthC0UvCcw/c0FxEacZiy4tDYJUehV1e2tdwHf82yRamZq/wnU6iEM9I -KUNcxHKgpUxwOSK82urpP1gkDb3d8Qp5EVkhTuCO8C4ws6PvFIge21e+XgDLgeR2 -B6+SPU8yJdZIpYJeqN9eGjlym6J5YwBi4BSGEU8tiXvfg0ZC+zbcj809l70QMtKc -Cb7CFXQcIpfuBHuqQOkN0IphwtYTJ8u+EADFWwbTPqLrshN85BQQ44JNF/BSkl7j -ZnHJwUqMIwliP2xxBfeHBDiSaGkCju1xQh4fRB3ob2UA/W0AAAptuayUkKS1gMVu -e2Y32qzPOY7mwCKahLQ1wn8AB+jVhndHWMgNbDfJ02BtB3oGyvWDuUaS0XYKGncz -0AE8UNDyn2Xj4uESJFQZ3JP24FVGIDzVUJkYodF4mSZL/KIsjOXSBGitWB7uVlh6 -zZzuTkwSbiVvRj75r6xjmTJIlD+JAk4EHwEKADgWIQSA0Vgjt/0VYfn3vN3cMNfC -PLur7gUCXLLmbBcMgAHHT2rJ6TOzBn9S8z+kWexnFbBwXwIHAAAKCRDcMNfCPLur -7vrPD/9I5p00zJ42MW0wbAEY4QGjiAVRsv1Lw1VUokeT2h6s0sBhYn+SM+lTCAva -Pp7q0KGFjHOSVCIKlweCV/1Iw9EDuReLpfY2eKNFWRDj+lKYSI74Tos73sNHBRvp -5xXkFqLvNrBmTYfvcqr2FIDfF6LXAZb/yUg6NjE4E93kilwq8lh+3nPqM9apWo9H -6fr6rGfDt1hlrwUDzrI5O7R5tjjQ1dd79YPYBXS6Sbc3LI8mTH6HIKTVgOw1rsA8 -haEL1JwzFiCnbmIZ4s5dc2yc+ALpVc3OdUKrCTpU/AthQAu/RSXGN9AdjdLYPDGY -aFer3pZvN2Nrh1ZB8j+4MY1YiOp0qgLQSxaBqq/JRY7jVDNxMyNADZuf7ji4qeAp -9nbIiCWjK4oqKKmGG78BxVx05zTteWPtcxkVSsPMfOgjaEefagYLIgv8Be1+avVg -hboLXrOIrHCFPfV7WNeLcLD8Mwz7/JTFP+XobAvim06QSe5u/wJc85AFTKPV+oCx -dn0dE81bp2G9r4/ypROBBEkYnoFN1dhmysXs8c0xRAboK56WxWihVQhiK7fLOonM -zmceMeiaKsQufNoOQ1a3rO4qd4Dks4cwXWiGhWRXSFWY1cCbxP34oo/fFKAxLBdq -RhN/IjafU+tw5SygW/3mkMHKVxJ2Tb+726QPhb/cYfRfpX52+bRHRGViaWFuIEFy -Y2hpdmUgQXV0b21hdGljIFNpZ25pbmcgS2V5ICgxMC9idXN0ZXIpIDxmdHBtYXN0 -ZXJAZGViaWFuLm9yZz6JAlQEEwEKAD4WIQSA0Vgjt/0VYfn3vN3cMNfCPLur7gUC -XLLl5wIbAwUJDwmcAAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRDcMNfCPLur -7p8KD/4gCYmz6IjMnhsz8x9d5lP3h+wIdUdt0L0QCNceoHcblUFhqx74HwVMLFyY -k+8/WHrLry/N83mgWmP8GOeOsQG0+1Fpd+0ew1+smYagSjyON4crv8W47Yb48qfV -UwT9VRJqdW0zga6KD8F17I3ssOVr9pZTDHa33ykwzg4eUvBs4wYdb5dZMYJImgRA -NRzgeiw70LOMZyaPh6yu7i+qcDuVUP1R8xF14GWmKgczsNnOGvaHTo+lc8SSTwjb -OhkNOSN9X6EYdqXRgyeGGiLcgWL7cOmezLNVOV4pDUD1T0jOXMV/t+2hQaPNmIJO -2hFa4m8ewi4Yo7QUw9q/NToJNMwtr4ZeFH4taCfHbfIJBQE+BQJ1MXDckH95LFNF -v3Zfh9iwEXyM1P5IgcgGp5mh7Uzs+FfyNLBzIoC09Kgbtrgohihm5S7jJD7ghogW -tQP6Gvz1XWvXOmljv2ccJKezbL82ChED/uSBnWypPxs2zbtyEvX16QnwJsNZMrvT -Whh4/4jaDrM7wncmU4RoV96KwwTlx8V4XlkEielMCt1Po/9Ws3JbdcFKVEIUrLOB -p631evHuUG+mmBlGAX1k8uiEVK3Xvrn3wdDc8+tPSxDQ9GCnQ4YPOv4SU02eUB+q -tBs85NbpULxAweKyMumARNVuqC82viB2YryUZF5+JslFnmb8pokCMwQQAQgAHRYh -BOHPIN3/5LiegCZY8eCxGJT2auyYBQJcsuvcAAoJEOCxGJT2auyYoSMP/ApUnr+O -6qzfkCNkxWcyFe/cSLsjKYDNeneaGIVnffk1gwltQ6/x3403UYW+HWFMdOf+PzRu -KD0habntmdMZP3a1t0YiJkRF4rGX2rqBegesPiBp74fSlHtuy6cPWlu7PYi0qVs1 -uZWiUF3eBo9DhN5j0w0vTaEVBFh1reahhOw5SlTXj2ITGViJXcQtFgcn5CepbZ9q -cswgnCv5RU1qXUxqiOTT/zBmVdOsNiZil5X39L5t8GE6yNCNaQrm+JNM/OWPswEi -fOhN4eiCysIDwKxGLqFvrw3i18iV8zWjJ+sQO2jXeqVFaxfT3HR3S24RO9VpjtIw -s5VdFjhczkqEWAHV/VtERDgrhiEB3tVwrEARNGjuIEJvWEo643KRkI2w+KK7GB0R -p4meBXHhyDucffss/0t5NqZynjZ/DDGWa+bsk/l2BI3KvPi2NZXXCXkZHbDREQka -kjlQgsM8Cy0+a//TU2X+l7+aXHSbrwVlAfF6yA6Lf6yu/GTMyS08rs5pSwxWFucu -cYPgANGD+V6XLn490un7iewcjjml6VKbi0fEqHkUV953tgZtnQGgZ9k3KL7aNdAV -/GtIxc47sL8HEsWgvBOc6s1hXbw7v1+bvI8hS46bhxMYWmXgznAdQPB++Xlc5kHu -QMAyQfaxYui6cXZra6+26sKZv8xYmroQVzk9iQIzBBABCAAdFiEEbtb1y1+m+y9G -CuiO7aDSOIriK6kFAlyy7NwACgkQ7aDSOIriK6mzKhAAhd7CQ/3Bl9Cvk8x+Gt5N -EDnj80gLGKqxUxoRekSAp6Rkh4b7XOBbSb+LHgniPgmXZnnVhNChfAlSmnmS4i+c -hJbu9Y2B987exiNXdBYWE3VBMvzy8a5JbUF8Guqqb9DlzAaD3rHOUSOK3HWi+Rhf -9wdFKVzDUXku32v4fmxMSSTOqpXRj2iVnuKLCKR18hNiZK5ez434gQDqYDvHuU4/ -jzsXsG4nPKfxvSjZk6hykb0rWvxbmDA1RVTLKAdlL+nm1dNoJKRz7/OmHf/u5Voh -inSDhlXbtWHL1PO7mqgqst5+0qkjImENpsQE9lKAyyV8xo/PsS+pu6N6NPxyjfTL -tHHyBnUOwS09vvib8aVYSH+3GqCz0c0ZpmGaTeDT2fhdCBFs7DKV6HYT3DbnqBnj -tQF2PBFUSDJlbRafDAu2JwLVPC3QL/iYKUn6NQHQkrKPYp8uQAMSLLRCr8lGMCG6 -4oqsMcVXHv3QYrYqQE+83dNSsZa+BabYTyz+tZS9EtJkN65UgrRvRLPvVazAEmJq -uiHZxLuwEuSUmnpSfTY0KGGJMhzsN8AI98K1sqDjrUvmgHH7ACWj0hU3xzkd0yOG -RjH507xOBFNpgN9LsPpRe9h5vpisFOrJYeIp2hQcoPDKHvgdeyFau3qdOItI7S5b -KJUW7UvfXu0pH+HyydTpZX+JAjMEEAEKAB0WIQSA6XbxSlCKSOnKP+m8NyJSyhz5 -ZAUCXLLu7gAKCRC8NyJSyhz5ZKgGEACMep8c7JVSEd6hsrmET50hd8U3tlwzhlwj -uNM181mN1P1dV+Tcjprz+Dr3b5U3fuA+Irnijn3Vfvoa/DD5j79dzp8VVO5DlSzx -wTM8fnswlJtSv/NaCAFsErxX7Gi54lgwC1abuUor/YdNimij06hg5PRD8ZtjAM+j -N3OI64vPsmhS+QPD3sz1nuiuh59AXoBcVtND5Ej7nHcK3WOwf8xhvim5g+eyoaPS -T47WzawWjSK/SgBQVeJsU0B0vb+DQGemnd4QyVI5tGKWz+vw0iAXieUksqnIYDlt -NSUgru3I+M0L6cIl9C9oj+gvXn4vSwpuhwpSJZS7ratIrhvY+uShBq0T1gSy1buL -c6hkDvyS+dIqnEZzPfCBAog3Q5mPD0GZ5rzk/XJ9PPTgH4QEug57MvyYyFmvIDtQ -1ZmfAlxWcKFMCNEpuGhL3DcmZWqd+Fqs4Ik/UsEPQpSVhxcsLf8wDO1dIzJBamlF -4IJHImoHtsmMFGI9zwNDwBo1jPOKcPt3FbMlQw9KUht/H7Xg6pbRQ6yGVi9ppdiG -k1Eb5B/J72QjwSaVKhC1W/nPNZvF5NxRwImTW1i3Llyy06WebperF7/8Wksk1pHo -GKZHt5JS816DTfOVrsjkFqC66mJCYBy3vEPONJWOo9gohxA7V0SP9vMEZJa8UpaY -rDGyonjq4YkCVQQQAQoAPxYhBPv6vbVBtdyVW9m6btsWz1uxJSXEBQJcs4trIRpo -dHRwOi8vZ3BnLmdhbm5lZmYuZGUvcG9saWN5LnR4dAAKCRDbFs9bsSUlxKm/D/9p -B+G1mLPt2DZveRhLQXi9w0QJlmOH3Ec/KYZKLbrk74yV6hgJS5fP9NYMT5/89wDD -KajmXy30UpiX99Y1nOeSGV7xk0LikiVvv1ZQl3YhsIgyiHiCtYgVXxZPhFYhxHw5 -P+7Zdl00gkTilTBuVbaVQLH+S593MBla/IX7PXPZFyPkArh3pyDleiE3AQiU8EWo -0Zjhntrfa9VQtk79vC1ho0//p+W0EPyhiLl9nzRvxoCjveSMFw8Pn+Qr51FzC/Y+ -EGjYao0H2PLce4CcogWh2no0o1zeFSm8xoyGUgNczs0hMLkrQTkr2+YQj9NJ5oKd -hZM1uRzsJ/DDXaEQTZjj2iIyU8e0E/OhOaq3OnTMVeiZEy5ZvyfyYlkzb5Qmcufv -OCh5rFtUj5+6TGl3ywRyTrs21MjCVwggBn2KU0Kg/gqh2IkPavlV+LecH6CJwplA -lsH1cnnnm2RJwOQhcdAAjbpjvkAVi4k+XJGnVZaeU1KCG8nmVSWdKd60Li4EOPlO -swc5K9GmPFjEfHkY6dynKbzMh8ukSozSF2f7Z0wL+c53jMCHpZ/UZUBqNjmhKcoS -PCME5pKP9rUr+L+sucw9gNC9mwWRTj6KbjLWo7fvQpJaBvcbYNIpKU7ViBe4Blvb -Sl0Me56Cmew4s8G5T2cpUG2Aumg/Rr5lR+MXdfGjVLkCDQRcsuXnARAArgqqMQG0 -iABrEdAG6Twzp+wZV7r/2IVqJyhnGyu0+yoOcYqai9eeP8XM3yZk1Y95FE09g7RJ -2jacyhhC5Tsrg+GVJ/1eSsvudegZn+QnqEZ7HrmwJsYKFKhntak11Tvvhsw08sKM -4KVoxZSmMgBq84OUW95ILySM9vm8ge1+aYgr70flXhKne+o1VKeHWlovtmIGpWaJ -7fCHj95pDoJhe6uUkmEIJzMrNIaM7FQ0r4GdBYwqDImW07zMRWk80Av7uf6f+5xc -v27y2yW8ZjKF5u0ZKWln+VZX4EfUdCgJ/0LeV/v9gVbCeanNqGJB6k6DpKu6IzGz -KXi7rHFi1GiuoiVgy9Svx27iRpJaykLxnGFn8C7Lpzo9q034gGIWLwQnjT1FdPya -2pFV1VHNFZQ3JnQRJwE8yGhw/5bpllaUUJKvydSWvBMgOscEHQdtRnA4IMUXrHGV -IhYN/awYkjhubeVJuhbsxaQDqpdAodaoIz20PVBfE+XFbfnLCBwxgzR/m+mE0iW1 -GCOBSoFw5SPQBihCF/PPBjqQjZKJz1btUvrv7gpLNuLEyA0RsHBFGqtqvT1K4Hvx -6Y7di35/Nm/Jgty2e75vMSGUm1B+G2pFjEypZjtOckOHQ9hVN4svvMJGFnqcwZIa -gMF+67twWmv/AVb5CovsXLKv1qTzplRJWiEAEQEAAYkEcgQYAQoAJhYhBIDRWCO3 -/RVh+fe83dww18I8u6vuBQJcsuXnAhsCBQkPCZwAAkAJENww18I8u6vuwXQgBBkB -CgAdFiEEAUbcbUoLKRS97TTbZIrP1iLz0TgFAlyy5ecACgkQZIrP1iLz0TiL/g// -UwdPym98fCTVZJ+HwHId+Ssqo6vTgxA/6DLGRvFILie40vA4OnFrozusDVh/x+Vv -+pxbtdw3w16kfpDifKicx2o4ZyEYl30pdVuBmSEOhFvI3ZgN6P79/Dv3KhD3QQPK -OMSxXO2vCh7BebmpfT2rdukgFED9vxbj1Ec7IMfm4VobFJZaFXZKsTBc09MQU2Bm -1JvtzINsdwzp/sFTilxmqO7kX4DmTM3k1KYmMkx7xq5KUaxSORZHIqDcIy74pOIw -TuvHN98cYujCKFDk0MfHBovXPUnFHFxd+OgSEbxGnb4Uuus1h89VIU5xviQHPGe0 -T9qG6tUBvFuCkPzcWxUg4AN6nxZz8stZHhd0ceuSDeYnGBk6X/eEcYmy/kEbJEqj -f+kuY4VFIDkShnnDrKchyoi/LmkfvW4fOEtTpmB8nkflolKfVaN2dEo2hyma3iKC -5zp8n8hlNwhkt3DiGyYXU0RD7JAbX4jVZSVov5PhAjmrEksxslv/ICrAJ7zfCx62 -zzm37TGwiQJTWQsIcQ2PRPWFWk/CHAVjNPsu2QpMsGUWccGUOI6a70LsVnnufLzt -c73TM37Jv9hCXljRvVRikTy+StjFZlVQdXoZvNJhhIE/W+/iNoBvChD8pKSWe6RJ -Yto5CxCQtN6IKgAiUtoXusAgFSB7TZ5CJF1NFZ0VQabJcw/9GunyNNj+RRdMXbHI -VbrDQoqKY1FAhIUE0cURfkVE7z0mYUUZ5bwILchQsvwVsQKorVmryh1fgaYCOi+H -4kvmhljN9HqB9I7vgRaYAJ3qwgYIUselclYN4SNniHzatRMROppUMs9W5ytENGhx -oPARiZpRVL+rPPaFdip33c27pVdNAU/lRq2ZpzkdSTv+2V9GmVfDtcKv9A4uDqJ9 -7ttgZCaifNbHShzMEWRCXSsT7/52XB7KlxmAynwPNMLeM+/0JTCLyFBEvyejvgCM -GqgvMDEddarHhd6ChdXLJLBAeXVBGRygWcDBO5rX8GPMb0y5/yE+UVprkx3jSb2m -sl9nUW2UcOhfrtu+CPS3qazu6h/QkTwitzAFSn57DtGmwKLzqk63g9TgcjBg1HtZ -S66DzdsJ4Y6Iy51oNyHx3EBLzmdFfxKAeABsapvJl7fhiC93CC3hZTKUyBjr6Dru -I2wktWCAAMHFE0eeyIreCHdzzMtu+V2H+X9GJMxzd5jOYBI3vy946R2jG5gX+WyD -calvWyo8N+XrZKD8NQnWQ/BocU9r5S5aJFcovdcmm1s1Ymdlo5Yuk8WHZDOsSf38 -VzY12szoQ9eMbBJOH7MhseS/gIWC/4x1eEEhGbPQbkzKZlJifv+55Mqqq7emGyBG -qn8+ouVQUr65+xcIST13Ffg80zc= -=5Cty ------END PGP PUBLIC KEY BLOCK----- diff --git a/mkimage b/mkimage index 33660194..dcda9c91 100755 --- a/mkimage +++ b/mkimage @@ -22,10 +22,6 @@ cp -a "${ROOT}/debootstrap/"* "${DEBOOTSTRAP_DIR}/scripts" KEYRING=$DEBOOTSTRAP_DIR/debian-archive-keyring.gpg -if [ -f "${ROOT}/keys/${DIST}.gpg" ]; then - gpg --no-default-keyring --keyring "$KEYRING" --import "${ROOT}/keys/${DIST}.gpg" -fi - use_qemu_static() { [[ "$PLATFORM" == "arm64" && ! ( "$(uname -m)" == *arm* || "$(uname -m)" == *aarch64* ) ]] } From b108d75105ec8aa3c3d585cff7145d6111150eeb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 13 Jun 2023 18:39:32 +0200 Subject: [PATCH 37/88] Change security repo url MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Carlos Rodríguez Hernández --- mkimage | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/mkimage b/mkimage index dcda9c91..121b181b 100755 --- a/mkimage +++ b/mkimage @@ -71,12 +71,14 @@ fi rootfs_chroot bash debootstrap/debootstrap --second-stage repo_url="http://deb.debian.org/debian" -sec_repo_url="http://security.debian.org/" +sec_repo_url="http://security.debian.org/debian-security" echo -e "deb ${repo_url} $DIST main" > "$rootfsDir/etc/apt/sources.list" -echo -e "deb ${sec_repo_url} $DIST-security main" >> "$rootfsDir/etc/apt/sources.list" if [ "$DIST" == "bullseye" ]; then - echo -e "deb ${repo_url} $DIST-updates main" >> "$rootfsDir/etc/apt/sources.list" + echo "deb ${repo_url} $DIST-updates main" >> "$rootfsDir/etc/apt/sources.list" + echo "deb ${sec_repo_url} $DIST-security main" >> "$rootfsDir/etc/apt/sources.list" +elif [ "$DIST" == "buster" ]; then + echo "deb ${sec_repo_url} $DIST/updates main" >> "$rootfsDir/etc/apt/sources.list" fi rootfs_chroot apt-get update From 4774b1666910351b065892a98d76348e99a9ae6f Mon Sep 17 00:00:00 2001 From: Jose Antonio Carmona Date: Wed, 14 Jun 2023 12:40:19 +0200 Subject: [PATCH 38/88] Use buster for debootstrap Signed-off-by: Jose Antonio Carmona --- debootstrap/bookworm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debootstrap/bookworm b/debootstrap/bookworm index 8cfa86a0..766a99ab 120000 --- a/debootstrap/bookworm +++ b/debootstrap/bookworm @@ -1 +1 @@ -jessie \ No newline at end of file +buster \ No newline at end of file From 3b6f68774e4812042952e22d032b217f45f4025c Mon Sep 17 00:00:00 2001 From: Jose Antonio Carmona Date: Wed, 14 Jun 2023 13:34:45 +0200 Subject: [PATCH 39/88] Update security repo URLs Signed-off-by: Jose Antonio Carmona --- mkimage | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/mkimage b/mkimage index 1b108109..0b9280f1 100755 --- a/mkimage +++ b/mkimage @@ -71,14 +71,18 @@ fi rootfs_chroot bash debootstrap/debootstrap --second-stage repo_url="http://deb.debian.org/debian" -sec_repo_url="http://security.debian.org/debian-security" +sec_repo_url_1="${repo_url}-security" +sec_repo_url_2="http://security.debian.org/debian-security" echo -e "deb ${repo_url} $DIST main" > "$rootfsDir/etc/apt/sources.list" -if [ "$DIST" == "bullseye" ] || [ "$DIST" == "bookworm" ]; then +if [ "$DIST" == "bookworm" ]; then echo "deb ${repo_url} $DIST-updates main" >> "$rootfsDir/etc/apt/sources.list" - echo "deb ${sec_repo_url} $DIST-security main" >> "$rootfsDir/etc/apt/sources.list" + echo "deb ${sec_repo_url_1} $DIST-security main" >> "$rootfsDir/etc/apt/sources.list" +elif [ "$DIST" == "bullseye" ]; then + echo "deb ${repo_url} $DIST-updates main" >> "$rootfsDir/etc/apt/sources.list" + echo "deb ${sec_repo_url_2} $DIST-security main" >> "$rootfsDir/etc/apt/sources.list" elif [ "$DIST" == "buster" ]; then - echo "deb ${sec_repo_url} $DIST/updates main" >> "$rootfsDir/etc/apt/sources.list" + echo "deb ${sec_repo_url_2} $DIST/updates main" >> "$rootfsDir/etc/apt/sources.list" fi rootfs_chroot apt-get update From fa2ff15cf3658d62bb440fdc6b118c34ec1f2ac2 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 29 Nov 2023 17:02:35 +0100 Subject: [PATCH 40/88] =?UTF-8?q?=F0=9F=94=84=20synced=20local=20'.github/?= =?UTF-8?q?workflows/'=20with=20remote=20'workflows/'=20(#153)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: bitnami-bot --- .github/workflows/comments.yml | 16 ++++++++++++++++ .github/workflows/migration.yml | 17 +++++++++++++++++ .github/workflows/move-closed-issues.yml | 18 ++++++++++++++++++ .github/workflows/pr-reviews.yml | 15 +++++++++++++++ .github/workflows/reasign.yml | 19 +++++++++++++++++++ .github/workflows/triage.yml | 21 ++++++++------------- 6 files changed, 93 insertions(+), 13 deletions(-) create mode 100644 .github/workflows/comments.yml create mode 100644 .github/workflows/migration.yml create mode 100644 .github/workflows/move-closed-issues.yml create mode 100644 .github/workflows/pr-reviews.yml create mode 100644 .github/workflows/reasign.yml diff --git a/.github/workflows/comments.yml b/.github/workflows/comments.yml new file mode 100644 index 00000000..7d321fd6 --- /dev/null +++ b/.github/workflows/comments.yml @@ -0,0 +1,16 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +name: '[Support] Comments based card movements' +on: + issue_comment: + types: + - created +permissions: + contents: read + pull-requests: write + issues: write +jobs: + call-comments-workflow: + uses: bitnami/support/.github/workflows/comment-created.yml@main + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/migration.yml b/.github/workflows/migration.yml new file mode 100644 index 00000000..ae86cb4f --- /dev/null +++ b/.github/workflows/migration.yml @@ -0,0 +1,17 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +name: '[Support] Cards migration' +on: [ workflow_dispatch ] +permissions: {} +jobs: + call-migration-workflow: + uses: bitnami/support/.github/workflows/migrate-reusable.yml@main + with: + organization: bitnami + legacy_project_board_name: Support + new_project_number: 4 + repo: ${{ github.event.repository.name }} + secrets: + # This token should have access to both projects and at least read:project permissions + token: ${{ secrets.MIGRATION_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/move-closed-issues.yml b/.github/workflows/move-closed-issues.yml new file mode 100644 index 00000000..76664ced --- /dev/null +++ b/.github/workflows/move-closed-issues.yml @@ -0,0 +1,18 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +name: '[Support] Move closed issues' +on: + issues: + types: + - closed + pull_request_target: + types: + - closed +permissions: + issues: write + pull-requests: write +jobs: + call-move-closed-workflow: + uses: bitnami/support/.github/workflows/item-closed.yml@main + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/pr-reviews.yml b/.github/workflows/pr-reviews.yml new file mode 100644 index 00000000..bd3da55a --- /dev/null +++ b/.github/workflows/pr-reviews.yml @@ -0,0 +1,15 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +name: '[Support] Review based card movements' +on: + pull_request_target: + types: + - review_requested + - synchronize +permissions: + contents: read +jobs: + call-pr-review-workflow: + uses: bitnami/support/.github/workflows/pr-review-requested-sync.yml@main + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/reasign.yml b/.github/workflows/reasign.yml new file mode 100644 index 00000000..67f31995 --- /dev/null +++ b/.github/workflows/reasign.yml @@ -0,0 +1,19 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +name: '[Support] Review based card movements' +on: + pull_request: + types: + - labeled + issues: + types: + - labeled +permissions: + contents: read + pull-requests: write + issues: write +jobs: + call-reasign-workflow: + uses: bitnami/support/.github/workflows/item-labeled.yml@main + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/triage.yml b/.github/workflows/triage.yml index 6d161609..8a861335 100644 --- a/.github/workflows/triage.yml +++ b/.github/workflows/triage.yml @@ -1,3 +1,6 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + # This workflow is built to manage the triage support by using GH issues. name: '[Support] Organize triage' on: @@ -10,18 +13,10 @@ on: - reopened - opened permissions: + contents: read + pull-requests: write issues: write - jobs: - # For any opened or reopened issue, should be assign to a team member - team_assignation: - if: ${{ github.actor != 'bitnami-bot' }} - runs-on: ubuntu-latest - steps: - - name: Assign to a person to work on it - uses: pozil/auto-assign-issue@v1.9.0 - with: - numOfAssignee: 1 - removePreviousAssignees: false - teams: "containers-triage" - repo-token: "${{ secrets.BITNAMI_BOT_TOKEN }}" \ No newline at end of file + call-triage-workflow: + uses: bitnami/support/.github/workflows/item-opened.yml@main + secrets: inherit \ No newline at end of file From c00957b188ab78e7039b173072aa183a5f8bdebf Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 29 Nov 2023 18:54:39 +0100 Subject: [PATCH 41/88] =?UTF-8?q?=F0=9F=94=84=20synced=20local=20'.github/?= =?UTF-8?q?workflows/'=20with=20remote=20'workflows/'=20(#154)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: bitnami-bot --- .github/workflows/comments.yml | 3 +++ .github/workflows/move-closed-issues.yml | 3 +++ .github/workflows/pr-reviews.yml | 3 +++ .github/workflows/reasign.yml | 5 ++++- .github/workflows/triage.yml | 3 +++ 5 files changed, 16 insertions(+), 1 deletion(-) diff --git a/.github/workflows/comments.yml b/.github/workflows/comments.yml index 7d321fd6..017f8837 100644 --- a/.github/workflows/comments.yml +++ b/.github/workflows/comments.yml @@ -10,6 +10,9 @@ permissions: contents: read pull-requests: write issues: write +# Avoid concurrency over the same issue +concurrency: + group: card-movement-${{ github.event.issue.number }} jobs: call-comments-workflow: uses: bitnami/support/.github/workflows/comment-created.yml@main diff --git a/.github/workflows/move-closed-issues.yml b/.github/workflows/move-closed-issues.yml index 76664ced..d9c74255 100644 --- a/.github/workflows/move-closed-issues.yml +++ b/.github/workflows/move-closed-issues.yml @@ -12,6 +12,9 @@ on: permissions: issues: write pull-requests: write +# Avoid concurrency over the same issue +concurrency: + group: card-movement-${{ github.event.repository.id }}-${{ github.event.issue != null && github.event.issue.number || github.event.number }} jobs: call-move-closed-workflow: uses: bitnami/support/.github/workflows/item-closed.yml@main diff --git a/.github/workflows/pr-reviews.yml b/.github/workflows/pr-reviews.yml index bd3da55a..2f3725fb 100644 --- a/.github/workflows/pr-reviews.yml +++ b/.github/workflows/pr-reviews.yml @@ -9,6 +9,9 @@ on: - synchronize permissions: contents: read +# Avoid concurrency over the same issue +concurrency: + group: card-movement-${{ github.event.number }} jobs: call-pr-review-workflow: uses: bitnami/support/.github/workflows/pr-review-requested-sync.yml@main diff --git a/.github/workflows/reasign.yml b/.github/workflows/reasign.yml index 67f31995..ce670f71 100644 --- a/.github/workflows/reasign.yml +++ b/.github/workflows/reasign.yml @@ -3,7 +3,7 @@ name: '[Support] Review based card movements' on: - pull_request: + pull_request_target: types: - labeled issues: @@ -13,6 +13,9 @@ permissions: contents: read pull-requests: write issues: write +# Avoid concurrency over the same issue +concurrency: + group: card-movement-${{ github.event.issue != null && github.event.issue.number || github.event.number }} jobs: call-reasign-workflow: uses: bitnami/support/.github/workflows/item-labeled.yml@main diff --git a/.github/workflows/triage.yml b/.github/workflows/triage.yml index 8a861335..88003178 100644 --- a/.github/workflows/triage.yml +++ b/.github/workflows/triage.yml @@ -16,6 +16,9 @@ permissions: contents: read pull-requests: write issues: write +# Avoid concurrency over the same issue +concurrency: + group: card-movement-${{ github.event.issue != null && github.event.issue.number || github.event.number }} jobs: call-triage-workflow: uses: bitnami/support/.github/workflows/item-opened.yml@main From 18f5d343755f78f46a78c354e3ea83bbb39772e6 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Tue, 5 Dec 2023 16:34:59 +0100 Subject: [PATCH 42/88] =?UTF-8?q?=F0=9F=94=84=20synced=20local=20'.github/?= =?UTF-8?q?workflows/'=20with=20remote=20'workflows/'=20(#155)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: bitnami-bot --- .github/workflows/pr-reviews-requested.yml | 18 +++++++++++++++++ .github/workflows/pr-reviews.yml | 23 ++++++++++++++-------- 2 files changed, 33 insertions(+), 8 deletions(-) create mode 100644 .github/workflows/pr-reviews-requested.yml diff --git a/.github/workflows/pr-reviews-requested.yml b/.github/workflows/pr-reviews-requested.yml new file mode 100644 index 00000000..2f3725fb --- /dev/null +++ b/.github/workflows/pr-reviews-requested.yml @@ -0,0 +1,18 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +name: '[Support] Review based card movements' +on: + pull_request_target: + types: + - review_requested + - synchronize +permissions: + contents: read +# Avoid concurrency over the same issue +concurrency: + group: card-movement-${{ github.event.number }} +jobs: + call-pr-review-workflow: + uses: bitnami/support/.github/workflows/pr-review-requested-sync.yml@main + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/pr-reviews.yml b/.github/workflows/pr-reviews.yml index 2f3725fb..07882f18 100644 --- a/.github/workflows/pr-reviews.yml +++ b/.github/workflows/pr-reviews.yml @@ -1,18 +1,25 @@ # Copyright VMware, Inc. # SPDX-License-Identifier: APACHE-2.0 -name: '[Support] Review based card movements' +name: '[Support] PR review comment card movements' on: - pull_request_target: + pull_request_review_comment: types: - - review_requested - - synchronize -permissions: - contents: read + - created + pull_request_review: + types: + - submitted + - dismissed +permissions: {} # Avoid concurrency over the same issue concurrency: - group: card-movement-${{ github.event.number }} + group: card-movement-${{ github.event.pull_request.number }} jobs: + call-pr-review-comment-workflow: + if: ${{ github.event_name == 'pull_request_review_comment' }} + uses: bitnami/support/.github/workflows/pr-review-comment.yml@main + secrets: inherit call-pr-review-workflow: - uses: bitnami/support/.github/workflows/pr-review-requested-sync.yml@main + if: ${{ github.event_name == 'pull_request_review' }} + uses: bitnami/support/.github/workflows/pr-review.yml@main secrets: inherit \ No newline at end of file From 1d1a435777682c8d92b6c557eea2faac0d0399bd Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Thu, 7 Dec 2023 17:30:15 +0100 Subject: [PATCH 43/88] =?UTF-8?q?=F0=9F=94=84=20synced=20local=20'.github/?= =?UTF-8?q?workflows/'=20with=20remote=20'workflows/'=20(#156)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: bitnami-bot --- .github/workflows/pr-review-hack.yml | 51 ++++++++++++++++++++++++++++ .github/workflows/pr-reviews.yml | 19 ++++------- 2 files changed, 58 insertions(+), 12 deletions(-) create mode 100644 .github/workflows/pr-review-hack.yml diff --git a/.github/workflows/pr-review-hack.yml b/.github/workflows/pr-review-hack.yml new file mode 100644 index 00000000..32f02ab9 --- /dev/null +++ b/.github/workflows/pr-review-hack.yml @@ -0,0 +1,51 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +# This is a hack to run reusable workflows in the main repo context and not from the forked repository. +# We this hack we can use secrets configured in the organization. +name: '[Support] PR review comment trigger' +on: + workflow_run: + workflows: + - '\[Support\] PR review comment card movements' + types: + - completed +permissions: {} +jobs: + pr-info: + runs-on: ubuntu-latest + permissions: + pull-requests: read + outputs: + author: ${{ steps.get-info.outputs.author }} + actor: ${{ steps.get-info.outputs.actor }} + labels: ${{ steps.get-info.outputs.labels }} + resource_url: ${{ steps.get-info.outputs.resource_url }} + steps: + - id: get-info + env: + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + run: | + actor="${{ github.event.workflow_run.actor.login }}" + pull_request="$(gh api "${{ github.event.workflow_run.pull_requests[0].url }}")" + author="$(echo $pull_request | jq -cr '.user.login')" + author_association="$(echo $pull_request | jq -cr '.author_association')" + labels="$(echo $pull_request | jq -cr '[.labels[].name]')" + resource_url="$(echo $pull_request | jq -cr '.html_url')" + + echo "actor=${actor}" >> $GITHUB_OUTPUT + echo "author=${author}" >> $GITHUB_OUTPUT + echo "author_association=${author_association}" >> $GITHUB_OUTPUT + echo "labels=${labels}" >> $GITHUB_OUTPUT + echo "resource_url=${resource_url}" >> $GITHUB_OUTPUT + call-pr-review-comment: + uses: bitnami/support/.github/workflows/pr-review-comment.yml@main + needs: pr-info + permissions: + contents: read + secrets: inherit + with: + author: ${{ needs.pr-info.outputs.author }} + actor: ${{ needs.pr-info.outputs.actor }} + labels: ${{ needs.pr-info.outputs.labels }} + resource_url: ${{ needs.pr-info.outputs.resource_url }} diff --git a/.github/workflows/pr-reviews.yml b/.github/workflows/pr-reviews.yml index 07882f18..d2c09dcd 100644 --- a/.github/workflows/pr-reviews.yml +++ b/.github/workflows/pr-reviews.yml @@ -6,20 +6,15 @@ on: pull_request_review_comment: types: - created - pull_request_review: - types: - - submitted - - dismissed permissions: {} # Avoid concurrency over the same issue concurrency: group: card-movement-${{ github.event.pull_request.number }} jobs: - call-pr-review-comment-workflow: - if: ${{ github.event_name == 'pull_request_review_comment' }} - uses: bitnami/support/.github/workflows/pr-review-comment.yml@main - secrets: inherit - call-pr-review-workflow: - if: ${{ github.event_name == 'pull_request_review' }} - uses: bitnami/support/.github/workflows/pr-review.yml@main - secrets: inherit \ No newline at end of file + just-notice: + # This is a dummy workflow that triggers a workflow_run + runs-on: ubuntu-latest + steps: + - id: + run: | + echo "::notice:: Comment on PR #${{ github.event.pull_request.number }}" \ No newline at end of file From 179e8dfe2ff7d05afa878fc5946bbf6aefd166f2 Mon Sep 17 00:00:00 2001 From: Black-Hole Date: Tue, 19 Dec 2023 18:21:23 +0800 Subject: [PATCH 44/88] refactor(qemu): improve qemu deps (#152) replace `libvirt-bin` with `libvirt-daemon-system libvirt-clients` Ref: https://wiki.debian.org/KVM#Installation Signed-off-by: Black-Hole --- install-qemu.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-qemu.sh b/install-qemu.sh index b63bd401..09372c4f 100755 --- a/install-qemu.sh +++ b/install-qemu.sh @@ -15,5 +15,5 @@ while do_sudo fuser /var/{lib/{dpkg,apt/lists},cache/apt/archives}/lock >/dev/nu done do_sudo apt-get update -do_sudo apt-get install -y qemu-kvm libvirt-bin qemu-utils genisoimage virtinst curl rsync qemu-system-x86 qemu-system-arm cloud-image-utils +do_sudo apt-get install -y qemu-kvm libvirt-daemon-system libvirt-clients qemu-utils genisoimage virtinst curl rsync qemu-system-x86 qemu-system-arm cloud-image-utils From d4dc1adeaf4a58edd1879bc319fa7859a9602aa1 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Tue, 19 Dec 2023 12:38:29 +0100 Subject: [PATCH 45/88] =?UTF-8?q?=F0=9F=94=84=20synced=20local=20'.github/?= =?UTF-8?q?workflows/'=20with=20remote=20'workflows/'=20(#157)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: bitnami-bot --- .github/workflows/move-closed-issues.yml | 2 +- .github/workflows/pr-review-hack.yml | 9 ++++++++- .github/workflows/pr-reviews.yml | 11 ++++++++--- 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/.github/workflows/move-closed-issues.yml b/.github/workflows/move-closed-issues.yml index d9c74255..7abde6b9 100644 --- a/.github/workflows/move-closed-issues.yml +++ b/.github/workflows/move-closed-issues.yml @@ -14,7 +14,7 @@ permissions: pull-requests: write # Avoid concurrency over the same issue concurrency: - group: card-movement-${{ github.event.repository.id }}-${{ github.event.issue != null && github.event.issue.number || github.event.number }} + group: card-movement-${{ github.event.issue != null && github.event.issue.number || github.event.number }} jobs: call-move-closed-workflow: uses: bitnami/support/.github/workflows/item-closed.yml@main diff --git a/.github/workflows/pr-review-hack.yml b/.github/workflows/pr-review-hack.yml index 32f02ab9..6bc6638a 100644 --- a/.github/workflows/pr-review-hack.yml +++ b/.github/workflows/pr-review-hack.yml @@ -16,23 +16,30 @@ jobs: runs-on: ubuntu-latest permissions: pull-requests: read + actions: read outputs: author: ${{ steps.get-info.outputs.author }} actor: ${{ steps.get-info.outputs.actor }} labels: ${{ steps.get-info.outputs.labels }} resource_url: ${{ steps.get-info.outputs.resource_url }} + if: {{ github.event.workflow_run.conclusion == 'success' }} steps: - id: get-info env: GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} run: | actor="${{ github.event.workflow_run.actor.login }}" - pull_request="$(gh api "${{ github.event.workflow_run.pull_requests[0].url }}")" + download_url="$(gh api "${{ github.event.workflow_run.artifacts_url }}" | jq -cr '.artifacts[] | select(.name == "pull_request_number") | .archive_download_url')" + curl -sSL -o pull_request_number.zip -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" -H "Authorization: Bearer $GITHUB_TOKEN" $download_url + unzip pull_request_number.zip + pull_request_number=$(cat pull_request_number) + pull_request="$(gh api "repos/${GITHUB_REPOSITORY}/pulls/${pull_request_number}")" author="$(echo $pull_request | jq -cr '.user.login')" author_association="$(echo $pull_request | jq -cr '.author_association')" labels="$(echo $pull_request | jq -cr '[.labels[].name]')" resource_url="$(echo $pull_request | jq -cr '.html_url')" + echo "::notice:: Managing PR #${pull_request_number}" echo "actor=${actor}" >> $GITHUB_OUTPUT echo "author=${author}" >> $GITHUB_OUTPUT echo "author_association=${author_association}" >> $GITHUB_OUTPUT diff --git a/.github/workflows/pr-reviews.yml b/.github/workflows/pr-reviews.yml index d2c09dcd..46d1ca4e 100644 --- a/.github/workflows/pr-reviews.yml +++ b/.github/workflows/pr-reviews.yml @@ -15,6 +15,11 @@ jobs: # This is a dummy workflow that triggers a workflow_run runs-on: ubuntu-latest steps: - - id: - run: | - echo "::notice:: Comment on PR #${{ github.event.pull_request.number }}" \ No newline at end of file + - run: | + echo "::notice:: Comment on PR #${{ github.event.pull_request.number }}" + echo "${{ github.event.pull_request.number }}" > pull_request_number + - name: Upload the PR number + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 + with: + name: pull_request_number + path: ./pull_request_number \ No newline at end of file From 155fad794e5bd20d66e2637a27a4c50059aa468e Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Tue, 19 Dec 2023 14:14:06 +0100 Subject: [PATCH 46/88] =?UTF-8?q?=F0=9F=94=84=20synced=20local=20'.github/?= =?UTF-8?q?workflows/'=20with=20remote=20'workflows/'=20(#158)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: bitnami-bot --- .github/workflows/pr-review-hack.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-review-hack.yml b/.github/workflows/pr-review-hack.yml index 6bc6638a..00c8e1da 100644 --- a/.github/workflows/pr-review-hack.yml +++ b/.github/workflows/pr-review-hack.yml @@ -22,7 +22,7 @@ jobs: actor: ${{ steps.get-info.outputs.actor }} labels: ${{ steps.get-info.outputs.labels }} resource_url: ${{ steps.get-info.outputs.resource_url }} - if: {{ github.event.workflow_run.conclusion == 'success' }} + if: ${{ github.event.workflow_run.conclusion == 'success' }} steps: - id: get-info env: From eaaba7cb12ed271d5ee067734a1c1c3d6ec2bb9f Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Tue, 2 Jan 2024 10:27:38 +0100 Subject: [PATCH 47/88] =?UTF-8?q?=F0=9F=94=84=20synced=20local=20'.github/?= =?UTF-8?q?workflows/'=20with=20remote=20'workflows/'=20(#159)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: bitnami-bot --- .github/workflows/pr-reviews.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-reviews.yml b/.github/workflows/pr-reviews.yml index 46d1ca4e..98a0ed6a 100644 --- a/.github/workflows/pr-reviews.yml +++ b/.github/workflows/pr-reviews.yml @@ -19,7 +19,7 @@ jobs: echo "::notice:: Comment on PR #${{ github.event.pull_request.number }}" echo "${{ github.event.pull_request.number }}" > pull_request_number - name: Upload the PR number - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 + uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 with: name: pull_request_number path: ./pull_request_number \ No newline at end of file From dda86eeb6445d94e68c8f56b43aeb65ce41e238b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 2 Jan 2024 13:38:33 +0100 Subject: [PATCH 48/88] Update README.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Carlos Rodríguez Hernández --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 7d1a50c7..f2924726 100644 --- a/README.md +++ b/README.md @@ -94,7 +94,8 @@ Current limitations of `qemu_build` script: We'd love for you to contribute to this image. You can request new features by creating an [issue](https://github.com/bitnami/minideb/issues), or submit a [pull request](https://github.com/bitnami/minideb/pulls) with your contribution. # License -Copyright © 2023 VMware, Inc. + +Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at From 43e6d058a6d57c9360e50fa3a8fa571d4e27cdec Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 13 Mar 2024 09:33:15 +0100 Subject: [PATCH 49/88] =?UTF-8?q?=F0=9F=94=84=20synced=20local=20'.github/?= =?UTF-8?q?workflows/'=20with=20remote=20'workflows/'=20(#161)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: bitnami-bot --- .github/workflows/pr-reviews.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-reviews.yml b/.github/workflows/pr-reviews.yml index 98a0ed6a..b820d17a 100644 --- a/.github/workflows/pr-reviews.yml +++ b/.github/workflows/pr-reviews.yml @@ -19,7 +19,7 @@ jobs: echo "::notice:: Comment on PR #${{ github.event.pull_request.number }}" echo "${{ github.event.pull_request.number }}" > pull_request_number - name: Upload the PR number - uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 with: name: pull_request_number path: ./pull_request_number \ No newline at end of file From 74e7b8c9aca400b40a7a43e3de5231d1fbd7614d Mon Sep 17 00:00:00 2001 From: Fran Mulero Date: Wed, 13 Mar 2024 10:49:06 +0100 Subject: [PATCH 50/88] Delete .github/workflows/migration.yml This workflow file is not needed anymore Signed-off-by: Fran Mulero --- .github/workflows/migration.yml | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 .github/workflows/migration.yml diff --git a/.github/workflows/migration.yml b/.github/workflows/migration.yml deleted file mode 100644 index ae86cb4f..00000000 --- a/.github/workflows/migration.yml +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright VMware, Inc. -# SPDX-License-Identifier: APACHE-2.0 - -name: '[Support] Cards migration' -on: [ workflow_dispatch ] -permissions: {} -jobs: - call-migration-workflow: - uses: bitnami/support/.github/workflows/migrate-reusable.yml@main - with: - organization: bitnami - legacy_project_board_name: Support - new_project_number: 4 - repo: ${{ github.event.repository.name }} - secrets: - # This token should have access to both projects and at least read:project permissions - token: ${{ secrets.MIGRATION_TOKEN }} \ No newline at end of file From da5ba162f5c16d2b5f57a5140483e749019d9db1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Fri, 15 Mar 2024 10:28:15 +0100 Subject: [PATCH 51/88] Update README.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Carlos Rodríguez Hernández --- README.md | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index f2924726..e33819ae 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,15 @@ -minideb -======= - -[![CI](https://github.com/bitnami/minideb/actions/workflows/main.yml/badge.svg?branch=master)](https://github.com/bitnami/minideb/actions/workflows/main.yml) +

+ +

+ +

+ + + + + + +

# What is Minideb A minimalist Debian-based image built specifically to be used as a base image for containers. From 122cd7cfcd72e5d896de182c2e3e6d13f1b1e8c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Fri, 15 Mar 2024 10:40:03 +0100 Subject: [PATCH 52/88] Update README.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Carlos Rodríguez Hernández --- README.md | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index e33819ae..0ce053eb 100644 --- a/README.md +++ b/README.md @@ -33,13 +33,13 @@ FROM bitnami/minideb:bookworm ``` # Why use Minideb - * This image aims to strike a good balance between having small images, and having many quality packages available for easy integration. - * The image is based on glibc for wide compatibility, and has apt for access to a large number of packages. In order to reduce size of the image, some things that aren't required in containers are removed: - * Packages that aren't often used in containers (hardware related, init systems etc.) + * This image aims to strike a good balance between having small images and having many quality packages available for easy integration. + * The image is based on glibc for wide compatibility and is apt for access to a large number of packages. To reduce the size of the image, some things that aren't required in containers are removed: + * Packages that aren't often used in containers (hardware-related, init systems, etc.) * Some files that aren't usually required (docs, man pages, locales, caches) * These images also include an `install_packages` command that you can use instead of apt. This takes care of some things for you: - * Install the named packages, skipping prompts etc. - * Clean up the apt metadata afterwards to keep the image small. + * Install the named packages, skipping prompts, etc. + * Clean up the apt metadata afterward to keep the image small. * Retrying if apt fails. Sometimes a package will fail to download due to a network issue, and this may fix that, which is particularly useful in an automated build pipeline. For example: @@ -51,26 +51,26 @@ FROM bitnami/minideb:bookworm The minideb container image is the base image for many Bitnami-maintained language runtimes including [php](https://github.com/bitnami/containers/tree/main/bitnami/php-fpm), [nodejs](https://github.com/bitnami/containers/tree/main/bitnami/node), [ruby](https://github.com/bitnami/containers/tree/main/bitnami/ruby) and infrastructure components including [mariadb](https://github.com/bitnami/containers/tree/main/bitnami/mariadb), [redis](https://github.com/bitnami/containers/tree/main/bitnami/redis), [nginx](https://github.com/bitnami/containers/tree/main/bitnami/nginx) and [mongodb](https://github.com/bitnami/containers/tree/main/bitnami/mongodb). # Compatibility -The image points to the Debian archive, so you are free to install packages from there that you need. However because some `Essential` packages have been removed they may not always install or work correctly. +The image points to the Debian archive, so you are free to install the packages from there that you need. However, because some `Essential` packages have been removed they may not always install or work correctly. -In those cases you can figure out which package is needed and manually specify to install it along with your desired packages. Please feel free to submit an issue request so that we can reach out and help you quickly. +In those cases, you can figure out which package is needed and manually specify to install it along with your desired packages. Please feel free to submit an issue request so that we can reach out and help you quickly. # Security Minideb is based on Debian and relies on their security updates. The images are built daily and have the security release enabled, so will contain any security updates released more than 24 hours ago. Note that Debian [does not fix every CVE that affects their packages](https://www.debian.org/security/faq#cvedsa), which means that CVE scanners may detect unfixed vulnerabilities in Minideb images. In those cases, you can check the [Debian security tracker](https://security-tracker.debian.org/tracker/) to see whether Debian intends to release an update to fix it. -In order to keep compatibility with Debian, we will not patch any vulnerabilities in Minideb directly. If Debian does not fix the CVE then it will also remain in Minideb. If you find a vulnerability that is fixed in Debian but not in the latest images of Minideb then please file an issue as that is not intentional. +To keep compatibility with Debian, we will not patch any vulnerabilities in Minideb directly. If Debian does not fix the CVE then it will also remain in Minideb. If you find a vulnerability that is fixed in Debian but not in the latest images of Minideb then please file an issue as that is not intentional. On [this page](https://docs.bitnami.com/kubernetes/open-cve-policy/), you can find more information about the Bitnami policy regarding CVEs. In the same way, if you find a security issue with how the Minideb images are built or published then please report it to us. # Building Minideb -We provide a Makefile to help you build Minideb locally. It should be run on a Debian based machine and requires sudo privileges. +We provide a Makefile to help you build Minideb locally. It should be run on a Debian-based machine and requires sudo privileges. ``` $ sudo make ``` -To build an individual release (buster, bullseye or bookworm) +To build an individual release (buster, bullseye, or bookworm) ``` $ sudo make bookworm ``` @@ -82,20 +82,20 @@ $ sudo make test-bookworm ## Building Minideb for foreign architecture Make commands shown above will build an image for the architecture you are currently working on. -To build an image for a foreign architecture (for example to build a multiarch image), we provide a -simple script which run a QEMU instance for the target architecture and build the image inside it. +To build an image for a foreign architecture (for example to build a multi-arch image), we provide a +simple script that runs a QEMU instance for the target architecture and builds the image inside it. To build and test a bookworm image for arm64: ``` $ ./qemu_build bookworm arm64 ``` -The image will be then imported locally through the docker cli with `$distribution-$architecture` tag +The image will be then imported locally through the docker CLI with the `$distribution-$architecture` tag (example: `bitnami/minideb:bookworm-arm64`) -Current limitations of `qemu_build` script: +Current limitations of the `qemu_build` script: -- Can be run only on debian-based distributions +- Can be run only on Debian-based distributions - Support `AMD64` and `ARM64` target architectures only # Contributing From 8922522db37117435807f6c3355b12fb5118459c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Mon, 6 May 2024 15:41:50 +0200 Subject: [PATCH 53/88] Change license header and copyright (#163) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Carlos Rodríguez Hernández --- .github/workflows/comments.yml | 2 +- .github/workflows/move-closed-issues.yml | 2 +- .github/workflows/pr-review-hack.yml | 2 +- .github/workflows/pr-reviews-requested.yml | 2 +- .github/workflows/pr-reviews.yml | 2 +- .github/workflows/reasign.yml | 2 +- .github/workflows/triage.yml | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/comments.yml b/.github/workflows/comments.yml index 017f8837..7eb3986b 100644 --- a/.github/workflows/comments.yml +++ b/.github/workflows/comments.yml @@ -1,4 +1,4 @@ -# Copyright VMware, Inc. +# Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 name: '[Support] Comments based card movements' diff --git a/.github/workflows/move-closed-issues.yml b/.github/workflows/move-closed-issues.yml index 7abde6b9..a00cca34 100644 --- a/.github/workflows/move-closed-issues.yml +++ b/.github/workflows/move-closed-issues.yml @@ -1,4 +1,4 @@ -# Copyright VMware, Inc. +# Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 name: '[Support] Move closed issues' diff --git a/.github/workflows/pr-review-hack.yml b/.github/workflows/pr-review-hack.yml index 00c8e1da..e12f086d 100644 --- a/.github/workflows/pr-review-hack.yml +++ b/.github/workflows/pr-review-hack.yml @@ -1,4 +1,4 @@ -# Copyright VMware, Inc. +# Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 # This is a hack to run reusable workflows in the main repo context and not from the forked repository. diff --git a/.github/workflows/pr-reviews-requested.yml b/.github/workflows/pr-reviews-requested.yml index 2f3725fb..e8c93384 100644 --- a/.github/workflows/pr-reviews-requested.yml +++ b/.github/workflows/pr-reviews-requested.yml @@ -1,4 +1,4 @@ -# Copyright VMware, Inc. +# Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 name: '[Support] Review based card movements' diff --git a/.github/workflows/pr-reviews.yml b/.github/workflows/pr-reviews.yml index b820d17a..50bd5ecc 100644 --- a/.github/workflows/pr-reviews.yml +++ b/.github/workflows/pr-reviews.yml @@ -1,4 +1,4 @@ -# Copyright VMware, Inc. +# Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 name: '[Support] PR review comment card movements' diff --git a/.github/workflows/reasign.yml b/.github/workflows/reasign.yml index ce670f71..b33bb154 100644 --- a/.github/workflows/reasign.yml +++ b/.github/workflows/reasign.yml @@ -1,4 +1,4 @@ -# Copyright VMware, Inc. +# Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 name: '[Support] Review based card movements' diff --git a/.github/workflows/triage.yml b/.github/workflows/triage.yml index 88003178..4dcaeeb4 100644 --- a/.github/workflows/triage.yml +++ b/.github/workflows/triage.yml @@ -1,4 +1,4 @@ -# Copyright VMware, Inc. +# Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 # This workflow is built to manage the triage support by using GH issues. From 7c614eebec375acec9c1b02d3636e7d64d076daa Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Mon, 6 May 2024 16:15:29 +0200 Subject: [PATCH 54/88] =?UTF-8?q?=F0=9F=94=84=20synced=20local=20'.github/?= =?UTF-8?q?workflows/'=20with=20remote=20'workflows/'=20(#162)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: bitnami-bot --- .github/workflows/pr-reviews.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pr-reviews.yml b/.github/workflows/pr-reviews.yml index 50bd5ecc..7e6e666c 100644 --- a/.github/workflows/pr-reviews.yml +++ b/.github/workflows/pr-reviews.yml @@ -6,6 +6,10 @@ on: pull_request_review_comment: types: - created + pull_request_review: + types: + - submitted + - dismissed permissions: {} # Avoid concurrency over the same issue concurrency: @@ -19,7 +23,7 @@ jobs: echo "::notice:: Comment on PR #${{ github.event.pull_request.number }}" echo "${{ github.event.pull_request.number }}" > pull_request_number - name: Upload the PR number - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 with: name: pull_request_number path: ./pull_request_number \ No newline at end of file From 574527a5cfa4bb20765a1997e89cc3732fd741e2 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 29 May 2024 12:15:32 +0200 Subject: [PATCH 55/88] =?UTF-8?q?=F0=9F=94=84=20synced=20local=20'.github/?= =?UTF-8?q?workflows/'=20with=20remote=20'workflows/'=20(#164)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: bitnami-bot --- .github/workflows/pr-review-hack.yml | 12 ++++++++---- .github/workflows/pr-reviews.yml | 8 ++++---- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/.github/workflows/pr-review-hack.yml b/.github/workflows/pr-review-hack.yml index e12f086d..295804e3 100644 --- a/.github/workflows/pr-review-hack.yml +++ b/.github/workflows/pr-review-hack.yml @@ -20,6 +20,7 @@ jobs: outputs: author: ${{ steps.get-info.outputs.author }} actor: ${{ steps.get-info.outputs.actor }} + review_state: ${{ steps.get-info.outputs.review_state }} labels: ${{ steps.get-info.outputs.labels }} resource_url: ${{ steps.get-info.outputs.resource_url }} if: ${{ github.event.workflow_run.conclusion == 'success' }} @@ -29,10 +30,11 @@ jobs: GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} run: | actor="${{ github.event.workflow_run.actor.login }}" - download_url="$(gh api "${{ github.event.workflow_run.artifacts_url }}" | jq -cr '.artifacts[] | select(.name == "pull_request_number") | .archive_download_url')" - curl -sSL -o pull_request_number.zip -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" -H "Authorization: Bearer $GITHUB_TOKEN" $download_url - unzip pull_request_number.zip - pull_request_number=$(cat pull_request_number) + download_url="$(gh api "${{ github.event.workflow_run.artifacts_url }}" | jq -cr '.artifacts[] | select(.name == "pull_request_info.json") | .archive_download_url')" + curl -sSL -o pull_request_info.zip -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" -H "Authorization: Bearer $GITHUB_TOKEN" $download_url + unzip pull_request_info.zip + pull_request_number="$(jq -cr '.issue.number' pull_request_info.json)" + issue_review_state="$(jq -cr '.review.state' pull_request_info.json)" pull_request="$(gh api "repos/${GITHUB_REPOSITORY}/pulls/${pull_request_number}")" author="$(echo $pull_request | jq -cr '.user.login')" author_association="$(echo $pull_request | jq -cr '.author_association')" @@ -43,6 +45,7 @@ jobs: echo "actor=${actor}" >> $GITHUB_OUTPUT echo "author=${author}" >> $GITHUB_OUTPUT echo "author_association=${author_association}" >> $GITHUB_OUTPUT + echo "review_state=${issue_review_state}" >> $GITHUB_OUTPUT echo "labels=${labels}" >> $GITHUB_OUTPUT echo "resource_url=${resource_url}" >> $GITHUB_OUTPUT call-pr-review-comment: @@ -55,4 +58,5 @@ jobs: author: ${{ needs.pr-info.outputs.author }} actor: ${{ needs.pr-info.outputs.actor }} labels: ${{ needs.pr-info.outputs.labels }} + review_state: ${{ needs.pr-info.outputs.review_state }} resource_url: ${{ needs.pr-info.outputs.resource_url }} diff --git a/.github/workflows/pr-reviews.yml b/.github/workflows/pr-reviews.yml index 7e6e666c..7fe09a8f 100644 --- a/.github/workflows/pr-reviews.yml +++ b/.github/workflows/pr-reviews.yml @@ -21,9 +21,9 @@ jobs: steps: - run: | echo "::notice:: Comment on PR #${{ github.event.pull_request.number }}" - echo "${{ github.event.pull_request.number }}" > pull_request_number - - name: Upload the PR number + jq -n --arg issue '${{ github.event.pull_request.number }}' --arg state '${{ github.event.review != null && github.event.review.state || '' }}' '{"issue": {"number": $issue }, "review": { "state": $state }}' > pull_request_info.json + - name: Upload the PR info uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 with: - name: pull_request_number - path: ./pull_request_number \ No newline at end of file + name: pull_request_info.json + path: ./pull_request_info.json \ No newline at end of file From a76f97db1506f9db0d48d3b0e2ba68063cf4cf30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Mon, 1 Jul 2024 18:11:30 +0200 Subject: [PATCH 56/88] Deprecate Debian 10 (#165) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Deprecate Debian 10 Signed-off-by: Carlos Rodríguez Hernández * Change debootstrap Signed-off-by: Carlos Rodríguez Hernández * Remove buster from checks Signed-off-by: Carlos Rodríguez Hernández * Update bullseye Signed-off-by: Carlos Rodríguez Hernández --------- Signed-off-by: Carlos Rodríguez Hernández --- .github/workflows/main.yml | 4 +- README.md | 2 +- buildall | 3 +- debootstrap/bookworm | 2 +- debootstrap/bullseye | 227 ++++++++++++++++++++++++++++++++++++- debootstrap/buster | 226 ------------------------------------ mkimage | 2 - pushall | 3 +- pushmanifest | 3 +- 9 files changed, 233 insertions(+), 239 deletions(-) mode change 120000 => 100644 debootstrap/bullseye delete mode 100644 debootstrap/buster diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 1a6104aa..e7895c39 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -41,7 +41,7 @@ jobs: needs: [ shellcheck ] strategy: matrix: - dist: [buster, bullseye, bookworm] + dist: [bullseye, bookworm] arch: [amd64, arm64] name: Build ${{ matrix.dist }} on ${{ matrix.arch }} @@ -81,7 +81,7 @@ jobs: - uses: actions/checkout@v3 - name: Push Manifests run: | - DISTS="buster bullseye bookworm latest" bash pushmanifest + DISTS="bullseye bookworm latest" bash pushmanifest # If the CI Pipeline does not succeed we should notify the interested agents slack-notif: diff --git a/README.md b/README.md index 0ce053eb..dedf9958 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,7 @@ We provide a Makefile to help you build Minideb locally. It should be run on a D $ sudo make ``` -To build an individual release (buster, bullseye, or bookworm) +To build an individual release (bullseye or bookworm) ``` $ sudo make bookworm ``` diff --git a/buildall b/buildall index 0dfcb56a..b57a00c3 100755 --- a/buildall +++ b/buildall @@ -8,8 +8,7 @@ set -o pipefail arch=${1:-"amd64 arm64"} -dist="buster -bullseye +dist="bullseye bookworm " for a in $arch; do diff --git a/debootstrap/bookworm b/debootstrap/bookworm index 766a99ab..91bf492f 120000 --- a/debootstrap/bookworm +++ b/debootstrap/bookworm @@ -1 +1 @@ -buster \ No newline at end of file +bullseye \ No newline at end of file diff --git a/debootstrap/bullseye b/debootstrap/bullseye deleted file mode 120000 index 766a99ab..00000000 --- a/debootstrap/bullseye +++ /dev/null @@ -1 +0,0 @@ -buster \ No newline at end of file diff --git a/debootstrap/bullseye b/debootstrap/bullseye new file mode 100644 index 00000000..804e9660 --- /dev/null +++ b/debootstrap/bullseye @@ -0,0 +1,226 @@ +mirror_style release +download_style apt +finddebs_style from-indices +variants - container fakechroot +keyring /usr/share/keyrings/debian-archive-keyring.gpg + +if doing_variant fakechroot; then + test "$FAKECHROOT" = "true" || error 1 FAKECHROOTREQ "This variant requires fakechroot environment to be started" +fi + +case $ARCH in + alpha|ia64) LIBC="libc6.1" ;; + kfreebsd-*) LIBC="libc0.1" ;; + hurd-*) LIBC="libc0.3" ;; + *) LIBC="libc6" ;; +esac + +work_out_debs () { + # adduser in case users want to add a user to run as non-root + # base-files as it has many important files + # base-passwd to get user account info + # bash because users will often shell in + # bsdutils because it has some commands used in postinst + # - particularly `logger` for `mysql-server` see + # https://github.com/bitnami/minideb/issues/16 + # coreutils for many very common utilities + # dash for a shell for scripts + # debian-archive-keyring to verify apt packages + # diffutils for diff as required for installing the system + # (could maybe be removed after, but diffing is pretty common in debugging) + # dpkg for dpkg + # findutils for find as required for installing the system + # grep as it is a very common debugging tool + # gzip as decompressing zip is super common + # hostname ? + # libc-bin for ldconfig + # login as su maybe used if run as non root (?) + # lsb-base ? + # mawk as it is used by dpkg + # ncurses-base for terminfo files as docker sets TERM=xterm + # see https://github.com/bitnami/minideb/issues/17 + # passwd for managing user accounts if run as non-root. + # sed as a very commonly used tool + # sysv-rc for update-rc.d, required when installing initscripts in postinsts + # tar as uncompressing tarballs is super common when installing things. + # tzdata for handling timezones + # util-linux for getopt + # mount is required for mounting /proc during debootstrap + required="adduser base-files base-passwd bash bsdutils coreutils dash debian-archive-keyring diffutils dpkg findutils grep gzip hostname init-system-helpers libc-bin login lsb-base mawk ncurses-base passwd sed sysv-rc tar tzdata util-linux mount" + + base="apt" + + if doing_variant fakechroot; then + # ldd.fake needs binutils + required="$required binutils" + fi + + case $MIRRORS in + https://*) + base="$base apt-transport-https ca-certificates" + ;; + esac +} + +first_stage_install () { + extract $required + + mkdir -p "$TARGET/var/lib/dpkg" + : >"$TARGET/var/lib/dpkg/status" + : >"$TARGET/var/lib/dpkg/available" + + setup_etc + if [ ! -e "$TARGET/etc/fstab" ]; then + echo '# UNCONFIGURED FSTAB FOR BASE SYSTEM' > "$TARGET/etc/fstab" + chown 0:0 "$TARGET/etc/fstab"; chmod 644 "$TARGET/etc/fstab" + fi + + setup_devices + + x_feign_install () { + local pkg="$1" + local deb="$(debfor $pkg)" + local ver="$(extract_deb_field "$TARGET/$deb" Version)" + + mkdir -p "$TARGET/var/lib/dpkg/info" + + echo \ +"Package: $pkg +Version: $ver +Maintainer: unknown +Status: install ok installed" >> "$TARGET/var/lib/dpkg/status" + + touch "$TARGET/var/lib/dpkg/info/${pkg}.list" + } + + x_feign_install dpkg +} + +second_stage_install () { + setup_dynamic_devices + + x_core_install () { + smallyes '' | in_target dpkg --force-depends --install $(debfor "$@") + } + + p () { + baseprog="$(($baseprog + ${1:-1}))" + } + + if doing_variant fakechroot; then + setup_proc_fakechroot + else + setup_proc + in_target /sbin/ldconfig + fi + + DEBIAN_FRONTEND=noninteractive + DEBCONF_NONINTERACTIVE_SEEN=true + export DEBIAN_FRONTEND DEBCONF_NONINTERACTIVE_SEEN + + baseprog=0 + bases=7 + + p; progress $baseprog $bases INSTCORE "Installing core packages" #1 + info INSTCORE "Installing core packages..." + + p; progress $baseprog $bases INSTCORE "Installing core packages" #2 + ln -sf mawk "$TARGET/usr/bin/awk" + x_core_install base-passwd + x_core_install base-files + p; progress $baseprog $bases INSTCORE "Installing core packages" #3 + x_core_install dpkg + + if [ ! -e "$TARGET/etc/localtime" ]; then + ln -sf /usr/share/zoneinfo/UTC "$TARGET/etc/localtime" + fi + + if doing_variant fakechroot; then + install_fakechroot_tools + fi + + p; progress $baseprog $bases INSTCORE "Installing core packages" #4 + x_core_install $LIBC + + p; progress $baseprog $bases INSTCORE "Installing core packages" #5 + x_core_install perl-base + + p; progress $baseprog $bases INSTCORE "Installing core packages" #6 + rm "$TARGET/usr/bin/awk" + x_core_install mawk + + p; progress $baseprog $bases INSTCORE "Installing core packages" #7 + if doing_variant -; then + x_core_install debconf + fi + + baseprog=0 + bases=$(set -- $required; echo $#) + + info UNPACKREQ "Unpacking required packages..." + + exec 7>&1 + + smallyes '' | + (repeatn 5 in_target_failmsg UNPACK_REQ_FAIL_FIVE "Failure while unpacking required packages. This will be attempted up to five times." "" \ + dpkg --status-fd 8 --force-depends --unpack $(debfor $required) 8>&1 1>&7 || echo EXITCODE $?) | + dpkg_progress $baseprog $bases UNPACKREQ "Unpacking required packages" UNPACKING + + info CONFREQ "Configuring required packages..." + + echo \ +"#!/bin/sh +exit 101" > "$TARGET/usr/sbin/policy-rc.d" + chmod 755 "$TARGET/usr/sbin/policy-rc.d" + + mv "$TARGET/sbin/start-stop-daemon" "$TARGET/sbin/start-stop-daemon.REAL" + echo \ +"#!/bin/sh +echo +echo \"Warning: Fake start-stop-daemon called, doing nothing\"" > "$TARGET/sbin/start-stop-daemon" + chmod 755 "$TARGET/sbin/start-stop-daemon" + + setup_dselect_method apt + + smallyes '' | + (in_target_failmsg CONF_REQ_FAIL "Failure while configuring required packages." "" \ + dpkg --status-fd 8 --configure --pending --force-configure-any --force-depends 8>&1 1>&7 || echo EXITCODE $?) | + dpkg_progress $baseprog $bases CONFREQ "Configuring required packages" CONFIGURING + + baseprog=0 + bases="$(set -- $base; echo $#)" + + info UNPACKBASE "Unpacking the base system..." + + setup_available $required $base + done_predeps= + while predep=$(get_next_predep); do + # We have to resolve dependencies of pre-dependencies manually because + # dpkg --predep-package doesn't handle this. + predep=$(without "$(without "$(resolve_deps $predep)" "$required")" "$done_predeps") + # XXX: progress is tricky due to how dpkg_progress works + # -- cjwatson 2009-07-29 + p; smallyes '' | + in_target dpkg --force-overwrite --force-confold --skip-same-version --install $(debfor $predep) + base=$(without "$base" "$predep") + done_predeps="$done_predeps $predep" + done + + smallyes '' | + (repeatn 5 in_target_failmsg INST_BASE_FAIL_FIVE "Failure while installing base packages. This will be re-attempted up to five times." "" \ + dpkg --status-fd 8 --force-overwrite --force-confold --skip-same-version --unpack $(debfor $base) 8>&1 1>&7 || echo EXITCODE $?) | + dpkg_progress $baseprog $bases UNPACKBASE "Unpacking base system" UNPACKING + + info CONFBASE "Configuring the base system..." + + smallyes '' | + (repeatn 5 in_target_failmsg CONF_BASE_FAIL_FIVE "Failure while configuring base packages. This will be re-attempted up to five times." "" \ + dpkg --status-fd 8 --force-confold --skip-same-version --configure -a 8>&1 1>&7 || echo EXITCODE $?) | + dpkg_progress $baseprog $bases CONFBASE "Configuring base system" CONFIGURING + + mv "$TARGET/sbin/start-stop-daemon.REAL" "$TARGET/sbin/start-stop-daemon" + rm -f "$TARGET/usr/sbin/policy-rc.d" + + progress $bases $bases CONFBASE "Configuring base system" + info BASESUCCESS "Base system installed successfully." +} diff --git a/debootstrap/buster b/debootstrap/buster deleted file mode 100644 index 804e9660..00000000 --- a/debootstrap/buster +++ /dev/null @@ -1,226 +0,0 @@ -mirror_style release -download_style apt -finddebs_style from-indices -variants - container fakechroot -keyring /usr/share/keyrings/debian-archive-keyring.gpg - -if doing_variant fakechroot; then - test "$FAKECHROOT" = "true" || error 1 FAKECHROOTREQ "This variant requires fakechroot environment to be started" -fi - -case $ARCH in - alpha|ia64) LIBC="libc6.1" ;; - kfreebsd-*) LIBC="libc0.1" ;; - hurd-*) LIBC="libc0.3" ;; - *) LIBC="libc6" ;; -esac - -work_out_debs () { - # adduser in case users want to add a user to run as non-root - # base-files as it has many important files - # base-passwd to get user account info - # bash because users will often shell in - # bsdutils because it has some commands used in postinst - # - particularly `logger` for `mysql-server` see - # https://github.com/bitnami/minideb/issues/16 - # coreutils for many very common utilities - # dash for a shell for scripts - # debian-archive-keyring to verify apt packages - # diffutils for diff as required for installing the system - # (could maybe be removed after, but diffing is pretty common in debugging) - # dpkg for dpkg - # findutils for find as required for installing the system - # grep as it is a very common debugging tool - # gzip as decompressing zip is super common - # hostname ? - # libc-bin for ldconfig - # login as su maybe used if run as non root (?) - # lsb-base ? - # mawk as it is used by dpkg - # ncurses-base for terminfo files as docker sets TERM=xterm - # see https://github.com/bitnami/minideb/issues/17 - # passwd for managing user accounts if run as non-root. - # sed as a very commonly used tool - # sysv-rc for update-rc.d, required when installing initscripts in postinsts - # tar as uncompressing tarballs is super common when installing things. - # tzdata for handling timezones - # util-linux for getopt - # mount is required for mounting /proc during debootstrap - required="adduser base-files base-passwd bash bsdutils coreutils dash debian-archive-keyring diffutils dpkg findutils grep gzip hostname init-system-helpers libc-bin login lsb-base mawk ncurses-base passwd sed sysv-rc tar tzdata util-linux mount" - - base="apt" - - if doing_variant fakechroot; then - # ldd.fake needs binutils - required="$required binutils" - fi - - case $MIRRORS in - https://*) - base="$base apt-transport-https ca-certificates" - ;; - esac -} - -first_stage_install () { - extract $required - - mkdir -p "$TARGET/var/lib/dpkg" - : >"$TARGET/var/lib/dpkg/status" - : >"$TARGET/var/lib/dpkg/available" - - setup_etc - if [ ! -e "$TARGET/etc/fstab" ]; then - echo '# UNCONFIGURED FSTAB FOR BASE SYSTEM' > "$TARGET/etc/fstab" - chown 0:0 "$TARGET/etc/fstab"; chmod 644 "$TARGET/etc/fstab" - fi - - setup_devices - - x_feign_install () { - local pkg="$1" - local deb="$(debfor $pkg)" - local ver="$(extract_deb_field "$TARGET/$deb" Version)" - - mkdir -p "$TARGET/var/lib/dpkg/info" - - echo \ -"Package: $pkg -Version: $ver -Maintainer: unknown -Status: install ok installed" >> "$TARGET/var/lib/dpkg/status" - - touch "$TARGET/var/lib/dpkg/info/${pkg}.list" - } - - x_feign_install dpkg -} - -second_stage_install () { - setup_dynamic_devices - - x_core_install () { - smallyes '' | in_target dpkg --force-depends --install $(debfor "$@") - } - - p () { - baseprog="$(($baseprog + ${1:-1}))" - } - - if doing_variant fakechroot; then - setup_proc_fakechroot - else - setup_proc - in_target /sbin/ldconfig - fi - - DEBIAN_FRONTEND=noninteractive - DEBCONF_NONINTERACTIVE_SEEN=true - export DEBIAN_FRONTEND DEBCONF_NONINTERACTIVE_SEEN - - baseprog=0 - bases=7 - - p; progress $baseprog $bases INSTCORE "Installing core packages" #1 - info INSTCORE "Installing core packages..." - - p; progress $baseprog $bases INSTCORE "Installing core packages" #2 - ln -sf mawk "$TARGET/usr/bin/awk" - x_core_install base-passwd - x_core_install base-files - p; progress $baseprog $bases INSTCORE "Installing core packages" #3 - x_core_install dpkg - - if [ ! -e "$TARGET/etc/localtime" ]; then - ln -sf /usr/share/zoneinfo/UTC "$TARGET/etc/localtime" - fi - - if doing_variant fakechroot; then - install_fakechroot_tools - fi - - p; progress $baseprog $bases INSTCORE "Installing core packages" #4 - x_core_install $LIBC - - p; progress $baseprog $bases INSTCORE "Installing core packages" #5 - x_core_install perl-base - - p; progress $baseprog $bases INSTCORE "Installing core packages" #6 - rm "$TARGET/usr/bin/awk" - x_core_install mawk - - p; progress $baseprog $bases INSTCORE "Installing core packages" #7 - if doing_variant -; then - x_core_install debconf - fi - - baseprog=0 - bases=$(set -- $required; echo $#) - - info UNPACKREQ "Unpacking required packages..." - - exec 7>&1 - - smallyes '' | - (repeatn 5 in_target_failmsg UNPACK_REQ_FAIL_FIVE "Failure while unpacking required packages. This will be attempted up to five times." "" \ - dpkg --status-fd 8 --force-depends --unpack $(debfor $required) 8>&1 1>&7 || echo EXITCODE $?) | - dpkg_progress $baseprog $bases UNPACKREQ "Unpacking required packages" UNPACKING - - info CONFREQ "Configuring required packages..." - - echo \ -"#!/bin/sh -exit 101" > "$TARGET/usr/sbin/policy-rc.d" - chmod 755 "$TARGET/usr/sbin/policy-rc.d" - - mv "$TARGET/sbin/start-stop-daemon" "$TARGET/sbin/start-stop-daemon.REAL" - echo \ -"#!/bin/sh -echo -echo \"Warning: Fake start-stop-daemon called, doing nothing\"" > "$TARGET/sbin/start-stop-daemon" - chmod 755 "$TARGET/sbin/start-stop-daemon" - - setup_dselect_method apt - - smallyes '' | - (in_target_failmsg CONF_REQ_FAIL "Failure while configuring required packages." "" \ - dpkg --status-fd 8 --configure --pending --force-configure-any --force-depends 8>&1 1>&7 || echo EXITCODE $?) | - dpkg_progress $baseprog $bases CONFREQ "Configuring required packages" CONFIGURING - - baseprog=0 - bases="$(set -- $base; echo $#)" - - info UNPACKBASE "Unpacking the base system..." - - setup_available $required $base - done_predeps= - while predep=$(get_next_predep); do - # We have to resolve dependencies of pre-dependencies manually because - # dpkg --predep-package doesn't handle this. - predep=$(without "$(without "$(resolve_deps $predep)" "$required")" "$done_predeps") - # XXX: progress is tricky due to how dpkg_progress works - # -- cjwatson 2009-07-29 - p; smallyes '' | - in_target dpkg --force-overwrite --force-confold --skip-same-version --install $(debfor $predep) - base=$(without "$base" "$predep") - done_predeps="$done_predeps $predep" - done - - smallyes '' | - (repeatn 5 in_target_failmsg INST_BASE_FAIL_FIVE "Failure while installing base packages. This will be re-attempted up to five times." "" \ - dpkg --status-fd 8 --force-overwrite --force-confold --skip-same-version --unpack $(debfor $base) 8>&1 1>&7 || echo EXITCODE $?) | - dpkg_progress $baseprog $bases UNPACKBASE "Unpacking base system" UNPACKING - - info CONFBASE "Configuring the base system..." - - smallyes '' | - (repeatn 5 in_target_failmsg CONF_BASE_FAIL_FIVE "Failure while configuring base packages. This will be re-attempted up to five times." "" \ - dpkg --status-fd 8 --force-confold --skip-same-version --configure -a 8>&1 1>&7 || echo EXITCODE $?) | - dpkg_progress $baseprog $bases CONFBASE "Configuring base system" CONFIGURING - - mv "$TARGET/sbin/start-stop-daemon.REAL" "$TARGET/sbin/start-stop-daemon" - rm -f "$TARGET/usr/sbin/policy-rc.d" - - progress $bases $bases CONFBASE "Configuring base system" - info BASESUCCESS "Base system installed successfully." -} diff --git a/mkimage b/mkimage index 0b9280f1..53676a1d 100755 --- a/mkimage +++ b/mkimage @@ -81,8 +81,6 @@ if [ "$DIST" == "bookworm" ]; then elif [ "$DIST" == "bullseye" ]; then echo "deb ${repo_url} $DIST-updates main" >> "$rootfsDir/etc/apt/sources.list" echo "deb ${sec_repo_url_2} $DIST-security main" >> "$rootfsDir/etc/apt/sources.list" -elif [ "$DIST" == "buster" ]; then - echo "deb ${sec_repo_url_2} $DIST/updates main" >> "$rootfsDir/etc/apt/sources.list" fi rootfs_chroot apt-get update diff --git a/pushall b/pushall index b95896dd..226730b8 100755 --- a/pushall +++ b/pushall @@ -4,8 +4,7 @@ set -e set -u set -o pipefail -DISTS="buster -bullseye +DISTS="bullseye bookworm " LATEST=bookworm diff --git a/pushmanifest b/pushmanifest index dd234166..8098d528 100755 --- a/pushmanifest +++ b/pushmanifest @@ -4,8 +4,7 @@ set -e set -u set -o pipefail -DISTS=${DISTS:-"buster -bullseye +DISTS=${DISTS:-"bullseye bookworm latest "} From 115d8efcb7c2410a85e37142e7e29512786b12f0 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Tue, 9 Jul 2024 12:16:26 +0200 Subject: [PATCH 57/88] =?UTF-8?q?=F0=9F=94=84=20synced=20local=20'.github/?= =?UTF-8?q?workflows/'=20with=20remote=20'workflows/'=20(#166)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: bitnami-bot --- .github/workflows/pr-reviews.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-reviews.yml b/.github/workflows/pr-reviews.yml index 7fe09a8f..b7696ae5 100644 --- a/.github/workflows/pr-reviews.yml +++ b/.github/workflows/pr-reviews.yml @@ -23,7 +23,7 @@ jobs: echo "::notice:: Comment on PR #${{ github.event.pull_request.number }}" jq -n --arg issue '${{ github.event.pull_request.number }}' --arg state '${{ github.event.review != null && github.event.review.state || '' }}' '{"issue": {"number": $issue }, "review": { "state": $state }}' > pull_request_info.json - name: Upload the PR info - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b with: name: pull_request_info.json path: ./pull_request_info.json \ No newline at end of file From 33db0aaf9b30218790c38136f006da2bff8695a6 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 7 Aug 2024 11:08:52 +0200 Subject: [PATCH 58/88] =?UTF-8?q?=F0=9F=94=84=20synced=20local=20'.github/?= =?UTF-8?q?workflows/'=20with=20remote=20'workflows/'=20(#169)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: bitnami-bot --- .github/workflows/pr-reviews.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-reviews.yml b/.github/workflows/pr-reviews.yml index b7696ae5..57aca6c8 100644 --- a/.github/workflows/pr-reviews.yml +++ b/.github/workflows/pr-reviews.yml @@ -23,7 +23,7 @@ jobs: echo "::notice:: Comment on PR #${{ github.event.pull_request.number }}" jq -n --arg issue '${{ github.event.pull_request.number }}' --arg state '${{ github.event.review != null && github.event.review.state || '' }}' '{"issue": {"number": $issue }, "review": { "state": $state }}' > pull_request_info.json - name: Upload the PR info - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b + uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a with: name: pull_request_info.json path: ./pull_request_info.json \ No newline at end of file From 80b9b0c394cae6b24b5b433ef6d13b5816babde2 Mon Sep 17 00:00:00 2001 From: Orgad Shaneh Date: Thu, 10 Oct 2024 11:24:03 +0300 Subject: [PATCH 59/88] README: Fix wording (#172) Signed-off-by: Orgad Shaneh --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index dedf9958..eb0e0fad 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ FROM bitnami/minideb:bookworm # Why use Minideb * This image aims to strike a good balance between having small images and having many quality packages available for easy integration. - * The image is based on glibc for wide compatibility and is apt for access to a large number of packages. To reduce the size of the image, some things that aren't required in containers are removed: + * The image is based on glibc for wide compatibility and is using apt for access to a large number of packages. To reduce the size of the image, some things that aren't required in containers are removed: * Packages that aren't often used in containers (hardware-related, init systems, etc.) * Some files that aren't usually required (docs, man pages, locales, caches) * These images also include an `install_packages` command that you can use instead of apt. This takes care of some things for you: From fb66c35df1a4727c47ce50bfc908645158492d97 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 23 Oct 2024 04:45:37 -0400 Subject: [PATCH 60/88] mkimage: Remove device nodes (#173) Closes: https://github.com/bitnami/minideb/issues/171 Signed-off-by: Colin Walters --- mkimage | 1 + 1 file changed, 1 insertion(+) diff --git a/mkimage b/mkimage index 53676a1d..fbe37bf8 100755 --- a/mkimage +++ b/mkimage @@ -34,6 +34,7 @@ DIRS_TO_TRIM="/usr/share/man /usr/share/locale /var/log /usr/share/info +/dev " debootstrap_arch_args=( ) From f8bf1d122a0cfdceff209ea45495e19103ab3afc Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 20 Nov 2024 13:02:09 +0100 Subject: [PATCH 61/88] =?UTF-8?q?=F0=9F=94=84=20synced=20local=20'.github/?= =?UTF-8?q?workflows/'=20with=20remote=20'workflows/'=20(#170)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: bitnami-bot --- .github/workflows/pr-reviews.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-reviews.yml b/.github/workflows/pr-reviews.yml index 57aca6c8..1f92d412 100644 --- a/.github/workflows/pr-reviews.yml +++ b/.github/workflows/pr-reviews.yml @@ -23,7 +23,7 @@ jobs: echo "::notice:: Comment on PR #${{ github.event.pull_request.number }}" jq -n --arg issue '${{ github.event.pull_request.number }}' --arg state '${{ github.event.review != null && github.event.review.state || '' }}' '{"issue": {"number": $issue }, "review": { "state": $state }}' > pull_request_info.json - name: Upload the PR info - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 with: name: pull_request_info.json path: ./pull_request_info.json \ No newline at end of file From 20d85d4b0e329d26e56cd3b301dc3e8d34e08614 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 18 Dec 2024 09:14:05 +0100 Subject: [PATCH 62/88] =?UTF-8?q?=F0=9F=94=84=20synced=20local=20'.github/?= =?UTF-8?q?workflows/'=20with=20remote=20'workflows/'=20(#176)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: bitnami-bot --- .github/workflows/pr-reviews.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-reviews.yml b/.github/workflows/pr-reviews.yml index 1f92d412..0c7eac56 100644 --- a/.github/workflows/pr-reviews.yml +++ b/.github/workflows/pr-reviews.yml @@ -23,7 +23,7 @@ jobs: echo "::notice:: Comment on PR #${{ github.event.pull_request.number }}" jq -n --arg issue '${{ github.event.pull_request.number }}' --arg state '${{ github.event.review != null && github.event.review.state || '' }}' '{"issue": {"number": $issue }, "review": { "state": $state }}' > pull_request_info.json - name: Upload the PR info - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b with: name: pull_request_info.json path: ./pull_request_info.json \ No newline at end of file From fa88a8a3031def84dd0650dcb196ebf37f594094 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 8 Jan 2025 21:12:23 +0100 Subject: [PATCH 63/88] Create dependabot.yml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Carlos Rodríguez Hernández --- .github/dependabot.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..de6904fe --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,10 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +version: 2 +# Check for updates to GitHub Actions every week +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" From 8a20ea7148d4594c30653a814695eb8615ec02f6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Jan 2025 21:24:52 +0100 Subject: [PATCH 64/88] Bump slackapi/slack-github-action from 1.23.0 to 2.0.0 (#177) Bumps [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) from 1.23.0 to 2.0.0. - [Release notes](https://github.com/slackapi/slack-github-action/releases) - [Commits](https://github.com/slackapi/slack-github-action/compare/v1.23.0...v2.0.0) --- updated-dependencies: - dependency-name: slackapi/slack-github-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e7895c39..74be6992 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -94,7 +94,7 @@ jobs: steps: - name: Notify in Slack channel if: ${{ needs.build_multiarch.result == 'failure' || needs.deploy_manifests.result == 'failure' }} - uses: slackapi/slack-github-action@v1.23.0 + uses: slackapi/slack-github-action@v2.0.0 with: payload: | { From 8ae3c4abbff631bd03cd59dce5d1f65a6aa1327c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Jan 2025 21:25:03 +0100 Subject: [PATCH 65/88] Bump actions/checkout from 3 to 4 (#178) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 74be6992..5f8f0d41 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -27,7 +27,7 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install Dependencies run: | sudo apt-get -qq update @@ -47,7 +47,7 @@ jobs: name: Build ${{ matrix.dist }} on ${{ matrix.arch }} steps: - name: Check out repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Use local build action id: build uses: ./.github/actions/build @@ -78,7 +78,7 @@ jobs: DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }} DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Push Manifests run: | DISTS="bullseye bookworm latest" bash pushmanifest From 60ee9f5b6de931010ac5f3a2d89b8c86332f6e6f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Jan 2025 10:09:20 +0100 Subject: [PATCH 66/88] Bump actions/upload-artifact from 4.5.0 to 4.6.0 (#180) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.5.0 to 4.6.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/6f51ac03b9356f520e9adb1b1b7802705f340c2b...65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/pr-reviews.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-reviews.yml b/.github/workflows/pr-reviews.yml index 0c7eac56..52ce8f15 100644 --- a/.github/workflows/pr-reviews.yml +++ b/.github/workflows/pr-reviews.yml @@ -23,7 +23,7 @@ jobs: echo "::notice:: Comment on PR #${{ github.event.pull_request.number }}" jq -n --arg issue '${{ github.event.pull_request.number }}' --arg state '${{ github.event.review != null && github.event.review.state || '' }}' '{"issue": {"number": $issue }, "review": { "state": $state }}' > pull_request_info.json - name: Upload the PR info - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 with: name: pull_request_info.json path: ./pull_request_info.json \ No newline at end of file From 52d8486fa76ac600b666b026c6a3d509855af8e1 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 17 Jan 2025 12:24:48 +0100 Subject: [PATCH 67/88] =?UTF-8?q?=F0=9F=94=84=20synced=20local=20'.github/?= =?UTF-8?q?workflows/'=20with=20remote=20'workflows/'=20(#179)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: bitnami-bot From d7024896e0617b32f96703ea0616a5cd3bcefe3e Mon Sep 17 00:00:00 2001 From: John Kristensen Date: Wed, 22 Jan 2025 04:32:27 +1100 Subject: [PATCH 68/88] Only push images from bitnami/minideb repository (#147) Make it so that only builds triggered by the `bitnami/minideb` repository will attempt to push images (because it is the only repository that has access to the required secrets). This will prevent builds in forked repositories that don't have access to the secrets from failing. Signed-off-by: John Kristensen --- .github/workflows/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 5f8f0d41..571e8efc 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -56,7 +56,7 @@ jobs: platform: "${{ matrix.arch }}" is_latest: ${{ matrix.dist == env.LATEST }} - name: Push - if: github.ref == 'refs/heads/master' + if: github.repository == 'bitnami/minideb' && github.ref == 'refs/heads/master' env: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} @@ -71,7 +71,7 @@ jobs: deploy_manifests: runs-on: ubuntu-22.04 needs: [ build_multiarch ] - if: github.ref == 'refs/heads/master' + if: github.repository == 'bitnami/minideb' && github.ref == 'refs/heads/master' env: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} @@ -89,7 +89,7 @@ jobs: needs: - build_multiarch - deploy_manifests - if: always() + if: github.repository == 'bitnami/minideb' name: Notify unsuccessful CI run steps: - name: Notify in Slack channel From f9602b9e3114611e90d77aed503198191806adc2 Mon Sep 17 00:00:00 2001 From: John Kristensen Date: Wed, 22 Jan 2025 04:33:43 +1100 Subject: [PATCH 69/88] Only run scheduled jobs on bitnami/minideb repo (#148) Most repository forks won't want to run builds on a schedule, so only run the scheduled builds on the main `bitnami/minideb` repo. Signed-off-by: John Kristensen --- .github/workflows/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 571e8efc..41a3143a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -23,6 +23,7 @@ jobs: shellcheck: # The type of runner that the job will run on runs-on: ubuntu-22.04 + if: github.event_name != 'schedule' || github.repository == 'bitnami/minideb' name: Shellcheck # Steps represent a sequence of tasks that will be executed as part of the job steps: From ab13528657d8c6565bfb4321763d8a7fa36df9a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Fri, 31 Jan 2025 09:09:18 +0100 Subject: [PATCH 70/88] Update copyright year MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Carlos Rodríguez Hernández --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index eb0e0fad..37d78b72 100644 --- a/README.md +++ b/README.md @@ -103,7 +103,7 @@ We'd love for you to contribute to this image. You can request new features by c # License -Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at From bf5ee0980c5b06b70fe2f40e1f98c4b03f4d9a1b Mon Sep 17 00:00:00 2001 From: Miguel Ruiz Date: Mon, 10 Feb 2025 11:38:41 +0100 Subject: [PATCH 71/88] github-actions: Add gchat notification (#181) * github-actions: Add gchat notification Signed-off-by: Miguel Ruiz * Fix CodeQL: actions/missing-workflow-permissions Signed-off-by: Miguel Ruiz --------- Signed-off-by: Miguel Ruiz --- .github/workflows/main.yml | 47 +++++++++----------------------------- 1 file changed, 11 insertions(+), 36 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 41a3143a..d12f3cfb 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -14,6 +14,8 @@ on: workflow_dispatch: schedule: - cron: '0 0 * * *' +# Remove all permissions by default +permissions: {} env: BASENAME: bitnami/minideb LATEST: bookworm @@ -36,7 +38,6 @@ jobs: - name: Verify scripts with shellcheck run: | bash shellcheck - build_multiarch: runs-on: ubuntu-22.04 needs: [ shellcheck ] @@ -44,7 +45,6 @@ jobs: matrix: dist: [bullseye, bookworm] arch: [amd64, arm64] - name: Build ${{ matrix.dist }} on ${{ matrix.arch }} steps: - name: Check out repository @@ -68,7 +68,6 @@ jobs: if ${{ matrix.dist == env.LATEST }} ; then bash pushone "latest" "${{ matrix.arch }}" fi - deploy_manifests: runs-on: ubuntu-22.04 needs: [ build_multiarch ] @@ -83,40 +82,16 @@ jobs: - name: Push Manifests run: | DISTS="bullseye bookworm latest" bash pushmanifest - # If the CI Pipeline does not succeed we should notify the interested agents - slack-notif: - runs-on: ubuntu-22.04 + notify: + name: Send notification needs: - build_multiarch - deploy_manifests - if: github.repository == 'bitnami/minideb' - name: Notify unsuccessful CI run - steps: - - name: Notify in Slack channel - if: ${{ needs.build_multiarch.result == 'failure' || needs.deploy_manifests.result == 'failure' }} - uses: slackapi/slack-github-action@v2.0.0 - with: - payload: | - { - "text": "*Unsuccessful `bitnami/minideb` CI pipeline*", - "blocks": [ - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": "*Unsuccessful `bitnami/minideb` CI pipeline*" - } - }, - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": "The CI pipeline for `bitnami/minideb` did not succeed. Check the related <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|action run> for more information." - } - } - ] - } - env: - SLACK_WEBHOOK_URL: ${{ secrets.CI_SLACK_WEBHOOK_URL }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + if: ${{ always() && github.repository == 'bitnami/minideb' && (needs.build_multiarch.result == 'failure' || needs.deploy_manifests.result == 'failure') }} + uses: bitnami/support/.github/workflows/gchat-notification.yml@main + with: + workflow: ${{ github.workflow }} + job-url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + secrets: + webhook-url: ${{ secrets.GCHAT_CONTENT_ALERTS_WEBHOOK_URL }} From 0b1cf0243f2daf457df76f7a0786aeb4059523e9 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Mon, 10 Feb 2025 13:22:31 +0100 Subject: [PATCH 72/88] =?UTF-8?q?=F0=9F=94=84=20synced=20local=20'.github/?= =?UTF-8?q?workflows/'=20with=20remote=20'workflows/'=20(#183)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: bitnami-bot --- .github/workflows/comments.yml | 1 + .github/workflows/move-closed-issues.yml | 1 + .github/workflows/pr-review-hack.yml | 1 + .github/workflows/pr-reviews-requested.yml | 1 + .github/workflows/pr-reviews.yml | 1 + .github/workflows/reasign.yml | 1 + .github/workflows/stale.yml | 44 ++++++++++++++++++++++ .github/workflows/triage.yml | 1 + 8 files changed, 51 insertions(+) create mode 100644 .github/workflows/stale.yml diff --git a/.github/workflows/comments.yml b/.github/workflows/comments.yml index 7eb3986b..eccff3a2 100644 --- a/.github/workflows/comments.yml +++ b/.github/workflows/comments.yml @@ -1,6 +1,7 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 +# NOTE: This workflow is maintained in the https://github.com/bitnami/support repository name: '[Support] Comments based card movements' on: issue_comment: diff --git a/.github/workflows/move-closed-issues.yml b/.github/workflows/move-closed-issues.yml index a00cca34..cab0c782 100644 --- a/.github/workflows/move-closed-issues.yml +++ b/.github/workflows/move-closed-issues.yml @@ -1,6 +1,7 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 +# NOTE: This workflow is maintained in the https://github.com/bitnami/support repository name: '[Support] Move closed issues' on: issues: diff --git a/.github/workflows/pr-review-hack.yml b/.github/workflows/pr-review-hack.yml index 295804e3..509ba459 100644 --- a/.github/workflows/pr-review-hack.yml +++ b/.github/workflows/pr-review-hack.yml @@ -3,6 +3,7 @@ # This is a hack to run reusable workflows in the main repo context and not from the forked repository. # We this hack we can use secrets configured in the organization. +# NOTE: This workflow is maintained in the https://github.com/bitnami/support repository name: '[Support] PR review comment trigger' on: workflow_run: diff --git a/.github/workflows/pr-reviews-requested.yml b/.github/workflows/pr-reviews-requested.yml index e8c93384..d039e4d3 100644 --- a/.github/workflows/pr-reviews-requested.yml +++ b/.github/workflows/pr-reviews-requested.yml @@ -1,6 +1,7 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 +# NOTE: This workflow is maintained in the https://github.com/bitnami/support repository name: '[Support] Review based card movements' on: pull_request_target: diff --git a/.github/workflows/pr-reviews.yml b/.github/workflows/pr-reviews.yml index 52ce8f15..32889d81 100644 --- a/.github/workflows/pr-reviews.yml +++ b/.github/workflows/pr-reviews.yml @@ -1,6 +1,7 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 +# NOTE: This workflow is maintained in the https://github.com/bitnami/support repository name: '[Support] PR review comment card movements' on: pull_request_review_comment: diff --git a/.github/workflows/reasign.yml b/.github/workflows/reasign.yml index b33bb154..2a1d26c0 100644 --- a/.github/workflows/reasign.yml +++ b/.github/workflows/reasign.yml @@ -1,6 +1,7 @@ # Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 +# NOTE: This workflow is maintained in the https://github.com/bitnami/support repository name: '[Support] Review based card movements' on: pull_request_target: diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 00000000..55473118 --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,44 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# NOTE: This workflow is maintained in the https://github.com/bitnami/support repository +name: '[Support] Close stale issues and PRs' +on: + workflow_dispatch: + schedule: + - cron: '0 1 * * *' +# Remove all permissions by default +permissions: {} +# This job won't trigger any additional event. All actions are performed with GITHUB_TOKEN +jobs: + stale: + runs-on: ubuntu-latest + permissions: + issues: write + pull-requests: write + steps: + # This step will add the stale comment and label for the first 15 days without activity. It won't close any task + - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + stale-issue-message: 'This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.' + stale-pr-message: 'This Pull Request has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thank you for your contribution.' + days-before-stale: 15 + days-before-close: -1 + exempt-issue-labels: 'on-hold' + exempt-pr-labels: 'on-hold' + operations-per-run: 500 + # This step will add the 'solved' label and the last comment before closing the issue or PR. Note that it won't close any issue or PR, they will be closed by the clossing-issues workflow + - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + stale-issue-message: 'Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.' + stale-pr-message: 'Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Pull Request. Do not hesitate to reopen it later if necessary.' + any-of-labels: 'stale' + stale-issue-label: 'solved' + stale-pr-label: 'solved' + days-before-stale: 5 + days-before-close: -1 + exempt-issue-labels: 'on-hold' + exempt-pr-labels: 'on-hold' + operations-per-run: 200 \ No newline at end of file diff --git a/.github/workflows/triage.yml b/.github/workflows/triage.yml index 4dcaeeb4..09ba2596 100644 --- a/.github/workflows/triage.yml +++ b/.github/workflows/triage.yml @@ -2,6 +2,7 @@ # SPDX-License-Identifier: APACHE-2.0 # This workflow is built to manage the triage support by using GH issues. +# NOTE: This workflow is maintained in the https://github.com/bitnami/support repository name: '[Support] Organize triage' on: issues: From 0a41ed3eaeab91833f1d00d9fc2b1dbd67a1c29e Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Mon, 10 Feb 2025 15:00:15 +0100 Subject: [PATCH 73/88] =?UTF-8?q?=F0=9F=94=84=20synced=20local=20'.github/?= =?UTF-8?q?workflows/'=20with=20remote=20'workflows/'=20(#184)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: bitnami-bot --- .github/workflows/clossing-issues.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/clossing-issues.yml diff --git a/.github/workflows/clossing-issues.yml b/.github/workflows/clossing-issues.yml new file mode 100644 index 00000000..ecfceb08 --- /dev/null +++ b/.github/workflows/clossing-issues.yml @@ -0,0 +1,22 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# NOTE: This workflow is maintained in the https://github.com/bitnami/support repository +name: '[Support] Close Solved issues' +on: + schedule: + # Hourly + - cron: '0 * * * *' +# Remove all permissions by default. Actions are performed by Bitnami Bot +permissions: {} +jobs: + stale: + runs-on: ubuntu-latest + steps: + - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 + with: + any-of-labels: 'solved' + stale-issue-label: 'solved' + days-before-stale: 0 + days-before-close: 0 + repo-token: ${{ secrets.BITNAMI_SUPPORT_BOARD_TOKEN }} \ No newline at end of file From 5d96c9007b409918e8c4422d9b29f624669f5b49 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Tue, 11 Feb 2025 08:42:46 +0100 Subject: [PATCH 74/88] =?UTF-8?q?=F0=9F=94=84=20synced=20local=20'.github/?= =?UTF-8?q?workflows/'=20with=20remote=20'workflows/'=20(#185)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: bitnami-bot --- .github/workflows/clossing-issues.yml | 1 + .github/workflows/comments.yml | 1 + .github/workflows/move-closed-issues.yml | 1 + .github/workflows/pr-review-hack.yml | 2 +- .github/workflows/pr-reviews-requested.yml | 1 + .github/workflows/pr-reviews.yml | 1 + .github/workflows/reasign.yml | 1 + .github/workflows/stale.yml | 1 + .github/workflows/triage.yml | 1 + 9 files changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/clossing-issues.yml b/.github/workflows/clossing-issues.yml index ecfceb08..e971b254 100644 --- a/.github/workflows/clossing-issues.yml +++ b/.github/workflows/clossing-issues.yml @@ -12,6 +12,7 @@ permissions: {} jobs: stale: runs-on: ubuntu-latest + if: ${{ github.repository_owner == 'bitnami' }} steps: - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 with: diff --git a/.github/workflows/comments.yml b/.github/workflows/comments.yml index eccff3a2..b7bb4a4d 100644 --- a/.github/workflows/comments.yml +++ b/.github/workflows/comments.yml @@ -16,5 +16,6 @@ concurrency: group: card-movement-${{ github.event.issue.number }} jobs: call-comments-workflow: + if: ${{ github.repository_owner == 'bitnami' }} uses: bitnami/support/.github/workflows/comment-created.yml@main secrets: inherit \ No newline at end of file diff --git a/.github/workflows/move-closed-issues.yml b/.github/workflows/move-closed-issues.yml index cab0c782..2e1698c1 100644 --- a/.github/workflows/move-closed-issues.yml +++ b/.github/workflows/move-closed-issues.yml @@ -18,5 +18,6 @@ concurrency: group: card-movement-${{ github.event.issue != null && github.event.issue.number || github.event.number }} jobs: call-move-closed-workflow: + if: ${{ github.repository_owner == 'bitnami' }} uses: bitnami/support/.github/workflows/item-closed.yml@main secrets: inherit \ No newline at end of file diff --git a/.github/workflows/pr-review-hack.yml b/.github/workflows/pr-review-hack.yml index 509ba459..05d5ac04 100644 --- a/.github/workflows/pr-review-hack.yml +++ b/.github/workflows/pr-review-hack.yml @@ -24,7 +24,7 @@ jobs: review_state: ${{ steps.get-info.outputs.review_state }} labels: ${{ steps.get-info.outputs.labels }} resource_url: ${{ steps.get-info.outputs.resource_url }} - if: ${{ github.event.workflow_run.conclusion == 'success' }} + if: ${{ github.repository_owner == 'bitnami' && github.event.workflow_run.conclusion == 'success' }} steps: - id: get-info env: diff --git a/.github/workflows/pr-reviews-requested.yml b/.github/workflows/pr-reviews-requested.yml index d039e4d3..1f18378b 100644 --- a/.github/workflows/pr-reviews-requested.yml +++ b/.github/workflows/pr-reviews-requested.yml @@ -15,5 +15,6 @@ concurrency: group: card-movement-${{ github.event.number }} jobs: call-pr-review-workflow: + if: ${{ github.repository_owner == 'bitnami' }} uses: bitnami/support/.github/workflows/pr-review-requested-sync.yml@main secrets: inherit \ No newline at end of file diff --git a/.github/workflows/pr-reviews.yml b/.github/workflows/pr-reviews.yml index 32889d81..685c8994 100644 --- a/.github/workflows/pr-reviews.yml +++ b/.github/workflows/pr-reviews.yml @@ -19,6 +19,7 @@ jobs: just-notice: # This is a dummy workflow that triggers a workflow_run runs-on: ubuntu-latest + if: ${{ github.repository_owner == 'bitnami' }} steps: - run: | echo "::notice:: Comment on PR #${{ github.event.pull_request.number }}" diff --git a/.github/workflows/reasign.yml b/.github/workflows/reasign.yml index 2a1d26c0..affebd94 100644 --- a/.github/workflows/reasign.yml +++ b/.github/workflows/reasign.yml @@ -19,5 +19,6 @@ concurrency: group: card-movement-${{ github.event.issue != null && github.event.issue.number || github.event.number }} jobs: call-reasign-workflow: + if: ${{ github.repository_owner == 'bitnami' }} uses: bitnami/support/.github/workflows/item-labeled.yml@main secrets: inherit \ No newline at end of file diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 55473118..205f468f 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -13,6 +13,7 @@ permissions: {} jobs: stale: runs-on: ubuntu-latest + if: ${{ github.repository_owner == 'bitnami' }} permissions: issues: write pull-requests: write diff --git a/.github/workflows/triage.yml b/.github/workflows/triage.yml index 09ba2596..bae4cde3 100644 --- a/.github/workflows/triage.yml +++ b/.github/workflows/triage.yml @@ -22,5 +22,6 @@ concurrency: group: card-movement-${{ github.event.issue != null && github.event.issue.number || github.event.number }} jobs: call-triage-workflow: + if: ${{ github.repository_owner == 'bitnami' }} uses: bitnami/support/.github/workflows/item-opened.yml@main secrets: inherit \ No newline at end of file From 286f3aa8701935de8a5dd4a514be56ae74dbe044 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Feb 2025 22:52:00 +0100 Subject: [PATCH 75/88] Bump actions/upload-artifact from 4.6.0 to 4.6.1 (#187) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.0 to 4.6.1. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08...4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/pr-reviews.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-reviews.yml b/.github/workflows/pr-reviews.yml index 685c8994..be976757 100644 --- a/.github/workflows/pr-reviews.yml +++ b/.github/workflows/pr-reviews.yml @@ -25,7 +25,7 @@ jobs: echo "::notice:: Comment on PR #${{ github.event.pull_request.number }}" jq -n --arg issue '${{ github.event.pull_request.number }}' --arg state '${{ github.event.review != null && github.event.review.state || '' }}' '{"issue": {"number": $issue }, "review": { "state": $state }}' > pull_request_info.json - name: Upload the PR info - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 with: name: pull_request_info.json path: ./pull_request_info.json \ No newline at end of file From 5ae1e6ce9c672edbfa57d4ed7b11e3c05895b423 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Tue, 25 Feb 2025 13:06:31 +0100 Subject: [PATCH 76/88] =?UTF-8?q?=F0=9F=94=84=20synced=20local=20'.github/?= =?UTF-8?q?workflows/'=20with=20remote=20'workflows/'=20(#186)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: bitnami-bot From 40bc2650b41c0796c11e978421511b6e6a23e327 Mon Sep 17 00:00:00 2001 From: Fran Mulero Date: Wed, 5 Mar 2025 15:17:49 +0100 Subject: [PATCH 77/88] feature(aws-gallery): Publish minideb images to AWS ECR public Gallery (#188) * feature(aws-gallery): Publish minideb images to AWS ECR public Gallery Signed-off-by: Fran Mulero * Clean code and little fixes Signed-off-by: Fran Mulero --------- Signed-off-by: Fran Mulero --- .github/workflows/{main.yml => cd.yml} | 53 ++++++++++++++++++-------- .github/workflows/ci.yml | 47 +++++++++++++++++++++++ pushmanifest | 5 ++- pushone | 6 ++- 4 files changed, 91 insertions(+), 20 deletions(-) rename .github/workflows/{main.yml => cd.yml} (64%) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/main.yml b/.github/workflows/cd.yml similarity index 64% rename from .github/workflows/main.yml rename to .github/workflows/cd.yml index d12f3cfb..488acfc6 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/cd.yml @@ -1,15 +1,11 @@ -# This is a basic workflow to help you get started with Actions - -name: CI +name: CD # Controls when the action will run. on: - # Triggers the workflow on push or pull request events but only for the master branch + # Triggers the workflow on push on the master branch push: branches: - master - pull_request: - # Allows you to run this workflow manually from the Actions tab workflow_dispatch: schedule: @@ -30,7 +26,7 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - name: Install Dependencies run: | sudo apt-get -qq update @@ -48,7 +44,7 @@ jobs: name: Build ${{ matrix.dist }} on ${{ matrix.arch }} steps: - name: Check out repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - name: Use local build action id: build uses: ./.github/actions/build @@ -56,11 +52,12 @@ jobs: dist: "${{ matrix.dist }}" platform: "${{ matrix.arch }}" is_latest: ${{ matrix.dist == env.LATEST }} - - name: Push + - name: Push to DockerHUB if: github.repository == 'bitnami/minideb' && github.ref == 'refs/heads/master' env: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + DOCKER_REGISTRY: docker.io DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }} DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} run: | @@ -68,19 +65,43 @@ jobs: if ${{ matrix.dist == env.LATEST }} ; then bash pushone "latest" "${{ matrix.arch }}" fi + - name: Push to AWS + if: github.repository == 'bitnami/minideb' && github.ref == 'refs/heads/master' + env: + DOCKER_USERNAME: AWS + DOCKER_REGISTRY: public.ecr.aws + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PUBLIC_GALLERY_KEY_ID }} + AWS_ACCESS_SECRET_KEY: ${{ secrets.AWS_PUBLIC_GALLERY_SECRET_KEY }} + run: | + # AWS login + export DOCKER_PASSWORD="$(aws ecr-public get-login-password --region us-east-1)" + bash pushone "${{ matrix.dist }}" "${{ matrix.arch }}" + if ${{ matrix.dist == env.LATEST }} ; then + bash pushone "latest" "${{ matrix.arch }}" + fi deploy_manifests: runs-on: ubuntu-22.04 needs: [ build_multiarch ] if: github.repository == 'bitnami/minideb' && github.ref == 'refs/heads/master' - env: - DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} - DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }} - DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} + steps: - - uses: actions/checkout@v4 - - name: Push Manifests + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + - name: Push Manifests to DockerHUB + env: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + DOCKER_REGISTRY: docker.io + run: | + DISTS="bullseye bookworm latest" bash pushmanifest + - name: Push Manifests to AWS + env: + DOCKER_USERNAME: AWS + DOCKER_REGISTRY: public.ecr.aws + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PUBLIC_GALLERY_KEY_ID }} + AWS_ACCESS_SECRET_KEY: ${{ secrets.AWS_PUBLIC_GALLERY_SECRET_KEY }} run: | + # AWS login + export DOCKER_PASSWORD="$(aws ecr-public get-login-password --region us-east-1)" DISTS="bullseye bookworm latest" bash pushmanifest # If the CI Pipeline does not succeed we should notify the interested agents notify: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00000000..301c7a45 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,47 @@ +name: CI + +# Controls when the action will run. +on: + # Triggers the workflow on pull request events + pull_request: +# Remove all permissions by default +permissions: {} +env: + BASENAME: bitnami/minideb + LATEST: bookworm +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + # This workflow contains a single job called "build" + shellcheck: + # The type of runner that the job will run on + runs-on: ubuntu-22.04 + name: Shellcheck + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + - name: Install Dependencies + run: | + sudo apt-get -qq update + sudo apt-get install -y shellcheck + - name: Verify scripts with shellcheck + run: | + bash shellcheck + build_multiarch: + runs-on: ubuntu-22.04 + needs: [ shellcheck ] + strategy: + matrix: + dist: [bullseye, bookworm] + arch: [amd64, arm64] + name: Build ${{ matrix.dist }} on ${{ matrix.arch }} + steps: + - name: Check out repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + - name: Use local build action + id: build + uses: ./.github/actions/build + with: + dist: "${{ matrix.dist }}" + platform: "${{ matrix.arch }}" + is_latest: ${{ matrix.dist == env.LATEST }} diff --git a/pushmanifest b/pushmanifest index 8098d528..bc2b5ff7 100755 --- a/pushmanifest +++ b/pushmanifest @@ -10,6 +10,7 @@ latest "} BASENAME=bitnami/minideb +DOCKER_REGISTRY=${DOCKER_REGISTRY:-"docker.io"} PLATFORMS=${PLATFORMS:-amd64 arm64} DRY_RUN=${DRY_RUN:-} read -r -a ARCHS <<<"$PLATFORMS" @@ -38,7 +39,7 @@ list_includes() { } if [ -n "${DOCKER_PASSWORD:-}" ]; then - echo "$DOCKER_PASSWORD" | run_docker login -u "$DOCKER_USERNAME" --password-stdin + echo "$DOCKER_PASSWORD" | run_docker login -u "$DOCKER_USERNAME" --password-stdin "${DOCKER_REGISTRY}" fi push_manifest() { @@ -60,7 +61,7 @@ for DIST in $DISTS; do tags+=("$DIST") done -repositories=("$BASENAME") +repositories=("${DOCKER_REGISTRY}/${BASENAME}") for tag in "${tags[@]}"; do for repo in "${repositories[@]}"; do diff --git a/pushone b/pushone index f1064c98..55e33c64 100755 --- a/pushone +++ b/pushone @@ -8,9 +8,10 @@ DIST=${1:?Specify the distrubution name} PLATFORM=${2:-amd64} BASENAME=bitnami/minideb +DOCKER_REGISTRY=${DOCKER_REGISTRY:-"docker.io"} if [ -n "${DOCKER_PASSWORD:-}" ]; then - echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin + echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin "${DOCKER_REGISTRY}" fi ENABLE_DOCKER_CONTENT_TRUST=0 @@ -25,7 +26,8 @@ fi push() { local dist="$1" - DOCKER_CONTENT_TRUST=${ENABLE_DOCKER_CONTENT_TRUST} docker push "${BASENAME}:${dist}" + docker tag "${BASENAME}:${dist}" "${DOCKER_REGISTRY}/${BASENAME}:${dist}" + DOCKER_CONTENT_TRUST=${ENABLE_DOCKER_CONTENT_TRUST} docker push "${DOCKER_REGISTRY}/${BASENAME}:${dist}" } push "$DIST-${PLATFORM}" From a0a8b83407b246a91520c4b69ab35e27bb59cdf2 Mon Sep 17 00:00:00 2001 From: Fran Mulero Date: Wed, 5 Mar 2025 15:34:43 +0100 Subject: [PATCH 78/88] fix(workflow/cd): Fix typo (#189) Signed-off-by: Fran Mulero --- .github/workflows/cd.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 488acfc6..6e91a1e6 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -71,7 +71,7 @@ jobs: DOCKER_USERNAME: AWS DOCKER_REGISTRY: public.ecr.aws AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PUBLIC_GALLERY_KEY_ID }} - AWS_ACCESS_SECRET_KEY: ${{ secrets.AWS_PUBLIC_GALLERY_SECRET_KEY }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PUBLIC_GALLERY_SECRET_KEY }} run: | # AWS login export DOCKER_PASSWORD="$(aws ecr-public get-login-password --region us-east-1)" @@ -98,7 +98,7 @@ jobs: DOCKER_USERNAME: AWS DOCKER_REGISTRY: public.ecr.aws AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PUBLIC_GALLERY_KEY_ID }} - AWS_ACCESS_SECRET_KEY: ${{ secrets.AWS_PUBLIC_GALLERY_SECRET_KEY }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PUBLIC_GALLERY_SECRET_KEY }} run: | # AWS login export DOCKER_PASSWORD="$(aws ecr-public get-login-password --region us-east-1)" From edca393c2e77b9a13053b3fe3c0a06ddaf425db3 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Thu, 20 Mar 2025 10:52:00 +0100 Subject: [PATCH 79/88] =?UTF-8?q?=F0=9F=94=84=20synced=20local=20'.github/?= =?UTF-8?q?workflows/'=20with=20remote=20'workflows/'=20(#190)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: bitnami-bot --- .github/workflows/pr-reviews.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-reviews.yml b/.github/workflows/pr-reviews.yml index be976757..3d0506d7 100644 --- a/.github/workflows/pr-reviews.yml +++ b/.github/workflows/pr-reviews.yml @@ -25,7 +25,7 @@ jobs: echo "::notice:: Comment on PR #${{ github.event.pull_request.number }}" jq -n --arg issue '${{ github.event.pull_request.number }}' --arg state '${{ github.event.review != null && github.event.review.state || '' }}' '{"issue": {"number": $issue }, "review": { "state": $state }}' > pull_request_info.json - name: Upload the PR info - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 with: name: pull_request_info.json path: ./pull_request_info.json \ No newline at end of file From f284556dd6ba9d660d159e0730b910965c48fd69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20Jos=C3=A9=20Martos?= Date: Tue, 29 Apr 2025 13:40:57 +0200 Subject: [PATCH 80/88] [bitnami] Update Bitnami logo URL (#191) Signed-off-by: Jota Martos --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 37d78b72..38da2278 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@

- +

From 1694284885fecfb852b0dfd6fd78f4f923a081d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 18 Jun 2025 15:08:52 +0200 Subject: [PATCH 81/88] Update README.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Carlos Rodríguez Hernández --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 38da2278..734552b5 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@

- + From eec8c842f2af8433df88ad7fdb40b10f7810f018 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Aug 2025 17:37:38 +0200 Subject: [PATCH 82/88] Bump actions/checkout from 4.2.2 to 5.0.0 (#198) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.2 to 5.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/11bd71901bbe5b1630ceea73d27597364c9af683...08c6903cd8c0fde910a37f88322edcfb5dd907a8) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/cd.yml | 6 +++--- .github/workflows/ci.yml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 6e91a1e6..b41e0f65 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -26,7 +26,7 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - name: Install Dependencies run: | sudo apt-get -qq update @@ -44,7 +44,7 @@ jobs: name: Build ${{ matrix.dist }} on ${{ matrix.arch }} steps: - name: Check out repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - name: Use local build action id: build uses: ./.github/actions/build @@ -85,7 +85,7 @@ jobs: if: github.repository == 'bitnami/minideb' && github.ref == 'refs/heads/master' steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - name: Push Manifests to DockerHUB env: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 301c7a45..e64af4b1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,7 +19,7 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - name: Install Dependencies run: | sudo apt-get -qq update @@ -37,7 +37,7 @@ jobs: name: Build ${{ matrix.dist }} on ${{ matrix.arch }} steps: - name: Check out repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - name: Use local build action id: build uses: ./.github/actions/build From f1fd9b459c105b5526026d3f8c1cd4a9f18e1162 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n=20Garc=C3=ADa?= Date: Mon, 8 Sep 2025 12:14:47 +0200 Subject: [PATCH 83/88] feat: :sparkles: Add debian trixie support (#201) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: :sparkles: Add debian trixie support Signed-off-by: Javier J. Salmerón García * chore: :wrench: Add perl package Signed-off-by: Javier J. Salmerón García * chore: :wrench: Bump ubuntu testing version Signed-off-by: Javier J. Salmerón García --------- Signed-off-by: Javier J. Salmerón García --- .github/workflows/cd.yml | 14 +++++++------- .github/workflows/ci.yml | 8 ++++---- README.md | 16 ++++++++-------- buildall | 1 + debootstrap/bullseye | 2 +- debootstrap/trixie | 1 + mkimage | 2 +- pushmanifest | 1 + 8 files changed, 24 insertions(+), 21 deletions(-) create mode 120000 debootstrap/trixie diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index b41e0f65..63a1eb3a 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -14,13 +14,13 @@ on: permissions: {} env: BASENAME: bitnami/minideb - LATEST: bookworm + LATEST: trixie # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: # This workflow contains a single job called "build" shellcheck: # The type of runner that the job will run on - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 if: github.event_name != 'schedule' || github.repository == 'bitnami/minideb' name: Shellcheck # Steps represent a sequence of tasks that will be executed as part of the job @@ -35,11 +35,11 @@ jobs: run: | bash shellcheck build_multiarch: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: [ shellcheck ] strategy: matrix: - dist: [bullseye, bookworm] + dist: [bullseye, bookworm, trixie] arch: [amd64, arm64] name: Build ${{ matrix.dist }} on ${{ matrix.arch }} steps: @@ -80,7 +80,7 @@ jobs: bash pushone "latest" "${{ matrix.arch }}" fi deploy_manifests: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: [ build_multiarch ] if: github.repository == 'bitnami/minideb' && github.ref == 'refs/heads/master' @@ -92,7 +92,7 @@ jobs: DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} DOCKER_REGISTRY: docker.io run: | - DISTS="bullseye bookworm latest" bash pushmanifest + DISTS="bullseye bookworm trixie latest" bash pushmanifest - name: Push Manifests to AWS env: DOCKER_USERNAME: AWS @@ -102,7 +102,7 @@ jobs: run: | # AWS login export DOCKER_PASSWORD="$(aws ecr-public get-login-password --region us-east-1)" - DISTS="bullseye bookworm latest" bash pushmanifest + DISTS="bullseye bookworm trixie latest" bash pushmanifest # If the CI Pipeline does not succeed we should notify the interested agents notify: name: Send notification diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e64af4b1..f5f30a3d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,13 +8,13 @@ on: permissions: {} env: BASENAME: bitnami/minideb - LATEST: bookworm + LATEST: trixie # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: # This workflow contains a single job called "build" shellcheck: # The type of runner that the job will run on - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 name: Shellcheck # Steps represent a sequence of tasks that will be executed as part of the job steps: @@ -28,11 +28,11 @@ jobs: run: | bash shellcheck build_multiarch: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: [ shellcheck ] strategy: matrix: - dist: [bullseye, bookworm] + dist: [bullseye, bookworm, trixie] arch: [amd64, arm64] name: Build ${{ matrix.dist }} on ${{ matrix.arch }} steps: diff --git a/README.md b/README.md index 734552b5..f555c660 100644 --- a/README.md +++ b/README.md @@ -22,14 +22,14 @@ $ docker run --rm -it bitnami/minideb:latest There are [tags](https://hub.docker.com/r/bitnami/minideb/tags/) for the different Debian releases. ``` -$ docker run --rm -it bitnami/minideb:bookworm +$ docker run --rm -it bitnami/minideb:trixie ``` The images are built daily and have the security release enabled, so will contain any security updates released more than 24 hours ago. You can also use the images as a base for your own `Dockerfile`: ``` -FROM bitnami/minideb:bookworm +FROM bitnami/minideb:trixie ``` # Why use Minideb @@ -70,14 +70,14 @@ We provide a Makefile to help you build Minideb locally. It should be run on a D $ sudo make ``` -To build an individual release (bullseye or bookworm) +To build an individual release (bullseye, bookworm or trixie) ``` -$ sudo make bookworm +$ sudo make trixie ``` To test the resulting image: ``` -$ sudo make test-bookworm +$ sudo make test-trixie ``` ## Building Minideb for foreign architecture @@ -85,13 +85,13 @@ Make commands shown above will build an image for the architecture you are curre To build an image for a foreign architecture (for example to build a multi-arch image), we provide a simple script that runs a QEMU instance for the target architecture and builds the image inside it. -To build and test a bookworm image for arm64: +To build and test a trixie image for arm64: ``` -$ ./qemu_build bookworm arm64 +$ ./qemu_build trixie arm64 ``` The image will be then imported locally through the docker CLI with the `$distribution-$architecture` tag -(example: `bitnami/minideb:bookworm-arm64`) +(example: `bitnami/minideb:trixie-arm64`) Current limitations of the `qemu_build` script: diff --git a/buildall b/buildall index b57a00c3..05edfb33 100755 --- a/buildall +++ b/buildall @@ -10,6 +10,7 @@ arch=${1:-"amd64 arm64"} dist="bullseye bookworm +trixie " for a in $arch; do for i in $dist; do diff --git a/debootstrap/bullseye b/debootstrap/bullseye index 804e9660..861b182e 100644 --- a/debootstrap/bullseye +++ b/debootstrap/bullseye @@ -46,7 +46,7 @@ work_out_debs () { # tzdata for handling timezones # util-linux for getopt # mount is required for mounting /proc during debootstrap - required="adduser base-files base-passwd bash bsdutils coreutils dash debian-archive-keyring diffutils dpkg findutils grep gzip hostname init-system-helpers libc-bin login lsb-base mawk ncurses-base passwd sed sysv-rc tar tzdata util-linux mount" + required="adduser base-files base-passwd bash bsdutils coreutils dash debian-archive-keyring diffutils dpkg findutils grep gzip hostname init-system-helpers libc-bin login lsb-base mawk ncurses-base passwd perl sed sysv-rc tar tzdata util-linux mount" base="apt" diff --git a/debootstrap/trixie b/debootstrap/trixie new file mode 120000 index 00000000..91bf492f --- /dev/null +++ b/debootstrap/trixie @@ -0,0 +1 @@ +bullseye \ No newline at end of file diff --git a/mkimage b/mkimage index fbe37bf8..962ddf54 100755 --- a/mkimage +++ b/mkimage @@ -76,7 +76,7 @@ sec_repo_url_1="${repo_url}-security" sec_repo_url_2="http://security.debian.org/debian-security" echo -e "deb ${repo_url} $DIST main" > "$rootfsDir/etc/apt/sources.list" -if [ "$DIST" == "bookworm" ]; then +if [ "$DIST" == "bookworm" ] || [ "$DIST" == "trixie" ]; then echo "deb ${repo_url} $DIST-updates main" >> "$rootfsDir/etc/apt/sources.list" echo "deb ${sec_repo_url_1} $DIST-security main" >> "$rootfsDir/etc/apt/sources.list" elif [ "$DIST" == "bullseye" ]; then diff --git a/pushmanifest b/pushmanifest index bc2b5ff7..77d5101c 100755 --- a/pushmanifest +++ b/pushmanifest @@ -6,6 +6,7 @@ set -o pipefail DISTS=${DISTS:-"bullseye bookworm +trixie latest "} From 1cb591580722cd8aea15c8be8a1c1ab073e0009b Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Tue, 9 Sep 2025 10:11:15 +0200 Subject: [PATCH 84/88] =?UTF-8?q?=F0=9F=94=84=20synced=20local=20'.github/?= =?UTF-8?q?workflows/'=20with=20remote=20'workflows/'=20(#202)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: bitnami-bot --- .github/workflows/clossing-issues.yml | 2 +- .github/workflows/stale.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/clossing-issues.yml b/.github/workflows/clossing-issues.yml index e971b254..ddc25c12 100644 --- a/.github/workflows/clossing-issues.yml +++ b/.github/workflows/clossing-issues.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest if: ${{ github.repository_owner == 'bitnami' }} steps: - - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 + - uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f with: any-of-labels: 'solved' stale-issue-label: 'solved' diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 205f468f..42bc2ae0 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -19,7 +19,7 @@ jobs: pull-requests: write steps: # This step will add the stale comment and label for the first 15 days without activity. It won't close any task - - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 + - uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: 'This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.' @@ -30,7 +30,7 @@ jobs: exempt-pr-labels: 'on-hold' operations-per-run: 500 # This step will add the 'solved' label and the last comment before closing the issue or PR. Note that it won't close any issue or PR, they will be closed by the clossing-issues workflow - - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 + - uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: 'Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.' From e6de8d7e0f3657d05f3d36b366c73a7fbf366693 Mon Sep 17 00:00:00 2001 From: Alessandro Chitolina Date: Fri, 19 Sep 2025 16:11:51 +0200 Subject: [PATCH 85/88] fix(cd/workflow): use gha arm-based workers to build arm images (#203) Signed-off-by: Alessandro Chitolina --- .github/actions/build/action.yml | 2 +- .github/workflows/cd.yml | 18 ++++++++++-------- .github/workflows/ci.yml | 10 ++++++---- 3 files changed, 17 insertions(+), 13 deletions(-) diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml index 3871f698..3f98ba5c 100644 --- a/.github/actions/build/action.yml +++ b/.github/actions/build/action.yml @@ -22,7 +22,7 @@ runs: - name: "Install QEMU" run: | set -x - if [[ "${{ inputs.platform }}" == "arm64" ]]; then + if [[ "${{ inputs.platform }}" == "arm64" && "$(uname -m)" != "aarch64" ]]; then echo "Installing QEMU" sudo apt-get update -qq && sudo apt-get install -y qemu-user-static else diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 63a1eb3a..b0d14df2 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -35,13 +35,15 @@ jobs: run: | bash shellcheck build_multiarch: - runs-on: ubuntu-24.04 + runs-on: ${{ matrix.arch.platform }} needs: [ shellcheck ] strategy: matrix: dist: [bullseye, bookworm, trixie] - arch: [amd64, arm64] - name: Build ${{ matrix.dist }} on ${{ matrix.arch }} + arch: + - { name: amd64, platform: ubuntu-24.04 } + - { name: arm64, platform: ubuntu-24.04-arm } + name: Build ${{ matrix.dist }} on ${{ matrix.arch.name }} steps: - name: Check out repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 @@ -50,7 +52,7 @@ jobs: uses: ./.github/actions/build with: dist: "${{ matrix.dist }}" - platform: "${{ matrix.arch }}" + platform: "${{ matrix.arch.name }}" is_latest: ${{ matrix.dist == env.LATEST }} - name: Push to DockerHUB if: github.repository == 'bitnami/minideb' && github.ref == 'refs/heads/master' @@ -61,9 +63,9 @@ jobs: DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }} DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} run: | - bash pushone "${{ matrix.dist }}" "${{ matrix.arch }}" + bash pushone "${{ matrix.dist }}" "${{ matrix.arch.name }}" if ${{ matrix.dist == env.LATEST }} ; then - bash pushone "latest" "${{ matrix.arch }}" + bash pushone "latest" "${{ matrix.arch.name }}" fi - name: Push to AWS if: github.repository == 'bitnami/minideb' && github.ref == 'refs/heads/master' @@ -75,9 +77,9 @@ jobs: run: | # AWS login export DOCKER_PASSWORD="$(aws ecr-public get-login-password --region us-east-1)" - bash pushone "${{ matrix.dist }}" "${{ matrix.arch }}" + bash pushone "${{ matrix.dist }}" "${{ matrix.arch.name }}" if ${{ matrix.dist == env.LATEST }} ; then - bash pushone "latest" "${{ matrix.arch }}" + bash pushone "latest" "${{ matrix.arch.name }}" fi deploy_manifests: runs-on: ubuntu-24.04 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f5f30a3d..060a961f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -28,13 +28,15 @@ jobs: run: | bash shellcheck build_multiarch: - runs-on: ubuntu-24.04 + runs-on: ${{ matrix.arch.platform }} needs: [ shellcheck ] strategy: matrix: dist: [bullseye, bookworm, trixie] - arch: [amd64, arm64] - name: Build ${{ matrix.dist }} on ${{ matrix.arch }} + arch: + - { name: amd64, platform: ubuntu-24.04 } + - { name: arm64, platform: ubuntu-24.04-arm } + name: Build ${{ matrix.dist }} on ${{ matrix.arch.name }} steps: - name: Check out repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 @@ -43,5 +45,5 @@ jobs: uses: ./.github/actions/build with: dist: "${{ matrix.dist }}" - platform: "${{ matrix.arch }}" + platform: "${{ matrix.arch.name }}" is_latest: ${{ matrix.dist == env.LATEST }} From eb7171ac8a7e4143edda146e3aaa8c95d1899bf9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Oct 2025 16:03:47 +0200 Subject: [PATCH 86/88] Bump actions/stale from 10.0.0 to 10.1.0 (#205) Bumps [actions/stale](https://github.com/actions/stale) from 10.0.0 to 10.1.0. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/3a9db7e6a41a89f618792c92c0e97cc736e1b13f...5f858e3efba33a5ca4407a664cc011ad407f2008) --- updated-dependencies: - dependency-name: actions/stale dependency-version: 10.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/clossing-issues.yml | 2 +- .github/workflows/stale.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/clossing-issues.yml b/.github/workflows/clossing-issues.yml index ddc25c12..cd7c7072 100644 --- a/.github/workflows/clossing-issues.yml +++ b/.github/workflows/clossing-issues.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest if: ${{ github.repository_owner == 'bitnami' }} steps: - - uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f + - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 with: any-of-labels: 'solved' stale-issue-label: 'solved' diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 42bc2ae0..98b64ab2 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -19,7 +19,7 @@ jobs: pull-requests: write steps: # This step will add the stale comment and label for the first 15 days without activity. It won't close any task - - uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f + - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: 'This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.' @@ -30,7 +30,7 @@ jobs: exempt-pr-labels: 'on-hold' operations-per-run: 500 # This step will add the 'solved' label and the last comment before closing the issue or PR. Note that it won't close any issue or PR, they will be closed by the clossing-issues workflow - - uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f + - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: 'Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.' From a542c10bf2eadb5f98b628b8ba6e755a6e85d980 Mon Sep 17 00:00:00 2001 From: flymarq Date: Wed, 8 Oct 2025 12:24:46 +0200 Subject: [PATCH 87/88] Optional build with Podman (#206) * Fix for podman usage The output of load command in docker and podman differs: - docker produces only one line of output the sha256 hash at 4th position - podman produces mulktiple lines of output with sha256 hash in the last line at third position This patch filters the line with hash and print the last argument, which is the hash. It works with docker and podman. Signed-off-by: flymarq * Add hints for building with podman Provide a simple command toi replace all relevant calls to docker with podman to enable a daemon less run. Signed-off-by: flymarq --------- Signed-off-by: flymarq --- README.md | 5 +++++ import | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f555c660..fab85c7a 100644 --- a/README.md +++ b/README.md @@ -80,6 +80,11 @@ To test the resulting image: $ sudo make test-trixie ``` +Building the image with podman instead of docker is possible, if you replace docker with podman in 4 scripts: +``` +$ sed -i "s/docker /podman /g" buildone dockerdiff import test +``` + ## Building Minideb for foreign architecture Make commands shown above will build an image for the architecture you are currently working on. To build an image for a foreign architecture (for example to build a multi-arch image), we provide a diff --git a/import b/import index ef1708e3..3b98ffb4 100755 --- a/import +++ b/import @@ -31,7 +31,7 @@ import() { local MANIFEST="$(echo -n "$MANIFEST_TEMPLATE" | sed -e "s/%CONF_SHA%/$CONF_SHA/g" -e "s/%LAYERSUM%/$LAYERSUM/g")" echo -n "$MANIFEST" > $TDIR/manifest.json tar cf $TDIR/import.tar -C $TDIR manifest.json "${CONF_SHA}.json" "$LAYERSUM" - local ID=$(docker load -i $TDIR/import.tar | awk '{print $4}') + local ID=$(docker load -i $TDIR/import.tar | grep Loaded\ image | awk '{print $NF}') if [ "$ID" != "sha256:$CONF_SHA" ]; then echo "Failed to load $ID correctly, expected id to be $CONF_SHA, source in $TDIR" >&2 exit 1 From bb12e109864860725c5d689e08e789035e21e218 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Oct 2025 11:08:50 +0100 Subject: [PATCH 88/88] Bump actions/upload-artifact from 4.6.2 to 5.0.0 (#208) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.2 to 5.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...330a01c490aca151604b8cf639adc76d48f6c5d4) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/pr-reviews.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-reviews.yml b/.github/workflows/pr-reviews.yml index 3d0506d7..2b357439 100644 --- a/.github/workflows/pr-reviews.yml +++ b/.github/workflows/pr-reviews.yml @@ -25,7 +25,7 @@ jobs: echo "::notice:: Comment on PR #${{ github.event.pull_request.number }}" jq -n --arg issue '${{ github.event.pull_request.number }}' --arg state '${{ github.event.review != null && github.event.review.state || '' }}' '{"issue": {"number": $issue }, "review": { "state": $state }}' > pull_request_info.json - name: Upload the PR info - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 with: name: pull_request_info.json path: ./pull_request_info.json \ No newline at end of file