kata-containers

mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-13 07:04:58 +00:00

Author	SHA1	Message	Date
stevenhorsman	e204847df5	agent-ctl: Replace removed clap functions When moving from clap v2 to v4 a bunch of functions have been removed, so update the code to handle these replacements Signed-off-by: stevenhorsman <steven@uk.ibm.com>	2025-06-21 17:15:12 +01:00
stevenhorsman	e11fc3334e	agent: Clap v4 updates AppSettings was removed, so refactor based on new documentation Signed-off-by: stevenhorsman <steven@uk.ibm.com>	2025-06-21 17:15:12 +01:00
dependabot[bot]	0aa80313eb	build(deps): bump the clap group across 6 directories with 1 update Bumps the clap group with 1 update in the /src/agent directory: [clap](https://github.com/clap-rs/clap). Bumps the clap group with 1 update in the /src/tools/agent-ctl directory: [clap](https://github.com/clap-rs/clap). Bumps the clap group with 1 update in the /src/tools/genpolicy directory: [clap](https://github.com/clap-rs/clap). Bumps the clap group with 1 update in the /src/tools/kata-ctl directory: [clap](https://github.com/clap-rs/clap). Bumps the clap group with 1 update in the /src/tools/runk directory: [clap](https://github.com/clap-rs/clap). Bumps the clap group with 1 update in the /src/tools/trace-forwarder directory: [clap](https://github.com/clap-rs/clap). Updates `clap` from 3.2.25 to 4.5.37 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 3.2.25 to 4.5.37 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 3.2.25 to 4.5.37 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 3.2.25 to 4.5.37 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 3.2.25 to 4.5.37 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 3.2.25 to 4.5.37 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 2.34.0 to 4.5.40 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 2.34.0 to 4.5.40 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 2.34.0 to 4.5.40 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 2.34.0 to 4.5.40 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 2.34.0 to 4.5.40 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 2.34.0 to 4.5.40 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 4.1.8 to 4.5.40 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 4.1.8 to 4.5.40 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 4.1.8 to 4.5.40 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 4.1.8 to 4.5.40 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 4.1.8 to 4.5.40 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 4.1.8 to 4.5.40 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 4.4.10 to 4.5.13 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 4.4.10 to 4.5.13 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 4.4.10 to 4.5.13 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 4.4.10 to 4.5.13 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 4.4.10 to 4.5.13 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 4.4.10 to 4.5.13 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 3.2.25 to 4.5.40 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 3.2.25 to 4.5.40 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 3.2.25 to 4.5.40 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 3.2.25 to 4.5.40 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 3.2.25 to 4.5.40 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 3.2.25 to 4.5.40 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 2.34.0 to 4.5.40 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 2.34.0 to 4.5.40 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 2.34.0 to 4.5.40 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 2.34.0 to 4.5.40 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 2.34.0 to 4.5.40 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) Updates `clap` from 2.34.0 to 4.5.40 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/v3.2.25...clap_complete-v4.5.37) --- updated-dependencies: - dependency-name: clap dependency-version: 4.5.37 dependency-type: direct:production update-type: version-update:semver-major dependency-group: clap - dependency-name: clap dependency-version: 4.5.37 dependency-type: direct:production update-type: version-update:semver-major dependency-group: clap - dependency-name: clap dependency-version: 4.5.37 dependency-type: direct:production update-type: version-update:semver-major dependency-group: clap - dependency-name: clap dependency-version: 4.5.37 dependency-type: direct:production update-type: version-update:semver-major dependency-group: clap - dependency-name: clap dependency-version: 4.5.37 dependency-type: direct:production update-type: version-update:semver-major dependency-group: clap - dependency-name: clap dependency-version: 4.5.37 dependency-type: direct:production update-type: version-update:semver-major dependency-group: clap - dependency-name: clap dependency-version: 4.5.40 dependency-type: direct:production update-type: version-update:semver-major dependency-group: clap - dependency-name: clap dependency-version: 4.5.40 dependency-type: direct:production update-type: version-update:semver-major dependency-group: clap - dependency-name: clap dependency-version: 4.5.40 dependency-type: direct:production update-type: version-update:semver-major dependency-group: clap - dependency-name: clap dependency-version: 4.5.40 dependency-type: direct:production update-type: version-update:semver-major dependency-group: clap - dependency-name: clap dependency-version: 4.5.40 dependency-type: direct:production update-type: version-update:semver-major dependency-group: clap - dependency-name: clap dependency-version: 4.5.40 dependency-type: direct:production update-type: version-update:semver-major dependency-group: clap - dependency-name: clap dependency-version: 4.5.40 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: clap - dependency-name: clap dependency-version: 4.5.40 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: clap - dependency-name: clap dependency-version: 4.5.40 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: clap - dependency-name: clap dependency-version: 4.5.40 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: clap - dependency-name: clap dependency-version: 4.5.40 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: clap - dependency-name: clap dependency-version: 4.5.40 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: clap - dependency-name: clap dependency-version: 4.5.13 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: clap - dependency-name: clap dependency-version: 4.5.13 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: clap - dependency-name: clap dependency-version: 4.5.13 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: clap - dependency-name: clap dependency-version: 4.5.13 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: clap - dependency-name: clap dependency-version: 4.5.13 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: clap - dependency-name: clap dependency-version: 4.5.13 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: clap - dependency-name: clap dependency-version: 4.5.40 dependency-type: direct:production update-type: version-update:semver-major dependency-group: clap - dependency-name: clap dependency-version: 4.5.40 dependency-type: direct:production update-type: version-update:semver-major dependency-group: clap - dependency-name: clap dependency-version: 4.5.40 dependency-type: direct:production update-type: version-update:semver-major dependency-group: clap - dependency-name: clap dependency-version: 4.5.40 dependency-type: direct:production update-type: version-update:semver-major dependency-group: clap - dependency-name: clap dependency-version: 4.5.40 dependency-type: direct:production update-type: version-update:semver-major dependency-group: clap - dependency-name: clap dependency-version: 4.5.40 dependency-type: direct:production update-type: version-update:semver-major dependency-group: clap - dependency-name: clap dependency-version: 4.5.40 dependency-type: direct:production update-type: version-update:semver-major dependency-group: clap - dependency-name: clap dependency-version: 4.5.40 dependency-type: direct:production update-type: version-update:semver-major dependency-group: clap - dependency-name: clap dependency-version: 4.5.40 dependency-type: direct:production update-type: version-update:semver-major dependency-group: clap - dependency-name: clap dependency-version: 4.5.40 dependency-type: direct:production update-type: version-update:semver-major dependency-group: clap - dependency-name: clap dependency-version: 4.5.40 dependency-type: direct:production update-type: version-update:semver-major dependency-group: clap - dependency-name: clap dependency-version: 4.5.40 dependency-type: direct:production update-type: version-update:semver-major dependency-group: clap ... Signed-off-by: dependabot[bot] <support@github.com>	2025-06-21 17:15:12 +01:00
RuoqingHe	b22135f4e5	Merge pull request #11431 from RuoqingHe/udpate-rust-vmm-ignore-list ci: Update dependabot ignore list	2025-06-21 18:20:41 +08:00
Ruoqing He	6628ba3208	ci: Update dependabot ignore list Update dependabot ignore list in cargo ecosystem to ignore upgrades from rust-vmm crates, since those crates need to be managed carefully and manually. Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>	2025-06-21 08:18:20 +01:00
Steve Horsman	4bfa74c2a5	Merge pull request #11331 from stevenhorsman/helm-ghcr-login-update workflow: Remove code injection in helm login	2025-06-21 08:13:40 +01:00
Steve Horsman	353b4bc853	Merge pull request #11440 from stevenhorsman/osbuilder-fedora-42-update osbuilder: Update image-builder base to f42	2025-06-21 08:11:12 +01:00
Steve Horsman	cac1cb75ce	Merge pull request #11378 from kata-containers/dependabot/cargo/src/tools/agent-ctl/rustix-0.37.28 build(deps): bump rustix in various components	2025-06-21 08:05:21 +01:00
stevenhorsman	900d9be55e	build(deps): bump rustix in various components Bumps of rustix 0.36, 0.37 and 0.38 to resolve CVE-2024-43806 Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: stevenhorsman <steven@uk.ibm.com>	2025-06-20 14:52:43 -05:00
stevenhorsman	d9defd5102	osbuilder: Update image-builder base to f42 Fedora 40 is EoL, and I've seen the registry pull fail a few times recently, so let's bump to fedora 42 which has 10 months of support left. Signed-off-by: stevenhorsman <steven@uk.ibm.com>	2025-06-20 20:52:30 +01:00
Saul Paredes	cc27966aa1	Merge pull request #11443 from microsoft/saulparedes/update_image tests: update container image for ci and unit test	2025-06-20 12:50:42 -07:00
Archana Choudhary	e093919b42	tests: update container image for ci and unit test This patch updates the container image for the CI test workloads: - `k8s-layered-sc-deployment.yaml` - `k8s-pod-sc-deployment.yaml` - `k8s-pod-sc-nobodyupdate-deployment.yaml` - `k8s-pod-sc-supplementalgroups-deployment.yaml` - `k8s-policy-deployment.yaml` Also updates unit tests: - `test_create_container_security_context` - `test_create_container_security_context_supplemental_groups` This fixes tests failing due to an image pull error as the previous image is no longer available in the container registry. Signed-off-by: Archana Choudhary <archana1@microsoft.com> Signed-off-by: Saul Paredes <saulparedes@microsoft.com>	2025-06-20 10:46:56 -07:00
stevenhorsman	776c89453c	workflow: Remove code injection in helm login In theory `github.actor` could be used for code injection, so swap it out. Signed-off-by: stevenhorsman <steven@uk.ibm.com>	2025-06-20 16:27:52 +01:00
Fabiano Fidêncio	6722ea2fd9	Merge pull request #11439 from stevenhorsman/multi-arch-manifest-permissions-fix release: Add more permissions	2025-06-19 12:45:37 +02:00
stevenhorsman	8da75bf55d	release: Add more permissions Add package: write to the multi-arch manifest upload to ghcr.io Signed-off-by: stevenhorsman <steven@uk.ibm.com>	2025-06-19 11:04:29 +01:00
Fabiano Fidêncio	d0c1ce1367	Merge pull request #11438 from stevenhorsman/helm-upload-fix release: Fix helm push typo	2025-06-19 12:01:04 +02:00
stevenhorsman	eaf42b3e0f	release: Fix helm push typo Switch the hyper for an underscore, so the ghcr helm publish can work properly. Co-authored-by: Fabiano Fidêncio <fidencio@northflank.com> Signed-off-by: stevenhorsman <steven@uk.ibm.com>	2025-06-19 10:56:50 +01:00
Fabiano Fidêncio	f7d3ea0c55	Merge pull request #11437 from kata-containers/release-flow-permissions-fixes-iii workflows: Release permissions	2025-06-19 11:23:46 +02:00
stevenhorsman	19597b8950	workflows: Release permissions Add more permissions to the release workflow in order to enable `gh release` commands to run Signed-off-by: stevenhorsman <steven@uk.ibm.com>	2025-06-19 10:05:23 +01:00
Fabiano Fidêncio	254ada2f6a	Merge pull request #11436 from kata-containers/release-flow-permission-fix-ii workflows: Add extra permissions	2025-06-19 10:45:26 +02:00
stevenhorsman	7c6c6f3c15	workflows: Add extra permissions Add permissions to the ppc release Signed-off-by: stevenhorsman <steven@uk.ibm.com>	2025-06-19 09:39:01 +01:00
Steve Horsman	00c9e61b60	Merge pull request #11435 from kata-containers/release-flow-permissions-fix(es) workflows: Fix permissions	2025-06-19 09:35:23 +01:00
stevenhorsman	9adf989555	workflows: Fix permissions Add extra permissions for reusable workflow calls that need them later on Signed-off-by: stevenhorsman <steven@uk.ibm.com>	2025-06-19 08:44:18 +01:00
Fabiano Fidêncio	e82de65d5d	Merge pull request #11425 from stevenhorsman/release-3.18.0-bump release: Bump version to 3.18.0	2025-06-18 21:39:51 +02:00
stevenhorsman	6fc622ef0f	release: Bump version to 3.18.0 Bump VERSION and helm-chart versions Signed-off-by: stevenhorsman <steven@uk.ibm.com>	2025-06-18 19:09:42 +01:00
Steve Horsman	060faa3d1a	Merge pull request #11433 from kata-containers/cri-containerd-test-fast-fail-false workflows: Add fail-fast: false to cri-containerd tests	2025-06-18 19:08:59 +01:00
Steve Horsman	e0084a958c	Merge pull request #11432 from stevenhorsman/golang-1.23.10 versions: Bump golang to 1.23.10	2025-06-18 17:25:07 +01:00
Steve Horsman	4e3238b9dc	Merge pull request #11337 from zvonkok/fix-module-signing gpu: Fix module signing	2025-06-18 17:23:51 +01:00
Steve Horsman	547b6c5781	Merge pull request #11429 from stevenhorsman/cri-containerd-required-test-rename Cri containerd required test rename	2025-06-18 15:45:14 +01:00
Zvonko Kaiser	e2f18057a4	kernel: Add config option for signing Only sign the kernel if the user has provided the KBUILD_SIGN_PIN otherwise ignore. Whole here, let's move the functionality to the common fragments as it's not a GPU specific functionality. Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com> Signed-off-by: Fabiano Fidêncio <fidencio@northflank.com>	2025-06-18 15:32:26 +02:00
stevenhorsman	73d7b4f258	workflows: Add fail-fast: false to cri-containerd tests At the moment if any of the tests in the matric fails then the rest of the jobs are cancelled, so we have to re-run everything. Add `fail-fast: false` to stop this behaviour. Signed-off-by: stevenhorsman <steven@uk.ibm.com>	2025-06-18 14:20:16 +01:00
stevenhorsman	aedbaa1545	versions: Bump golang to 1.23.10 Bump golang to fix CVEs GO-2025-3751 and GO-2025-3563 Signed-off-by: stevenhorsman <steven@uk.ibm.com>	2025-06-18 11:11:32 +01:00
stevenhorsman	b20f89b775	ci: required-tests: Remove test skip Remove the rule that causes gatekeeper to skip tests if we've only updated the required-tests.yaml list. Although update to just the required-tests.yaml doesn't change the outcome of any of the CI tests, it does change whether gatekeeper will still pass with the new rules. Although it's a bit of a hit to run the CI, it's probably worth it to keep gatekeeper validated. Signed-off-by: stevenhorsman <steven@uk.ibm.com>	2025-06-18 10:52:03 +01:00
stevenhorsman	d68b09a4f0	ci: required-tests: cri-containerd rename Update the names of the required jobs based on the changes done in #11019 Signed-off-by: stevenhorsman <steven@uk.ibm.com>	2025-06-18 10:52:03 +01:00
Steve Horsman	0aca20986b	Merge pull request #11400 from miz060/mitchzhu/add-govulncheck ci: Add optional govulncheck security scanning to static checks	2025-06-18 10:34:56 +01:00
Steve Horsman	d754e3939b	Merge pull request #11427 from BbolroC/bump-rootfs-confidential-s390x rootfs: Bump rootfs-{image,initrd} to 24.04	2025-06-18 09:06:58 +01:00
Mitch Zhu	292c27130d	ci: Add optional govulncheck security scanning to static checks This adds govulncheck vulnerability scanning as a non-blocking check in the static checks workflow. The check scans Go runtime binaries for known vulnerabilities while filtering out verified false positives. Signed-off-by: Mitch Zhu <mitchzhu@microsoft.com>	2025-06-17 20:43:00 -07:00
Alex Lyn	b61b20eef3	Merge pull request #11394 from mythi/tdx-kata-deploy-bump kata-deploy: accept 25.04 as supported distro for TDX	2025-06-18 08:52:46 +08:00
Hyounggyu Choi	4be261f248	rootfs: Bump rootfs-{image,initrd} to 24.04 Since #11197 was merged, all confidential k8s e2e tests for s390x have been failing with the following errors: ``` attestation-agent: error while loading shared libraries: libcurl.so.4: cannot open shared object file libnghttp2.so.14: cannot open shared object file ``` In line with the update on x86_64, we need to upgrade the OS used in rootfs-{image,initrd} on s390x. This commit also bumps all 22.04 to 24.04 for all architectures. For s390x, this ensures the missing packages listed above are installed. Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>	2025-06-17 22:03:26 +02:00
Steve Horsman	fd93e83a4f	Merge pull request #11019 from seungukshin/cri-containerd-tests-for-arm64 Enable cri-containerd-tests for arm64	2025-06-17 11:53:49 +01:00
Fupan Li	15b24b5be1	Merge pull request #10698 from Apokleos/kata-volume-rs runtime-rs: Support Pull Image in Guest with Kata Volume for CoCo	2025-06-17 15:00:02 +08:00
Steve Horsman	a00f39e272	Merge pull request #11419 from katexochen/p/gitignore-direnv gitignore: ignore direnv	2025-06-16 17:26:10 +01:00
Seunguk Shin	4f9b7e4d4f	ci: Enable cri-containerd-tests for arm64 This change enables cri-containerd-test for arm64. Signed-off-by: Seunguk Shin <seunguk.shin@arm.com> Reviewed-by: Nick Connolly <nick.connolly@arm.com>	2025-06-16 15:12:17 +01:00
Seunguk Shin	203e3af94b	ci: Disable run-containerd-sandboxapi containerd-sandboxapi fails with `containerd v2.0.x` and passes with `containerd v1.7.x` regardless kata-containers. And it was not tested with `containerd v2.0.x` because `containerd v2.0.x` could not recognize `[plugins.cri.containerd]` in `config.toml`. Signed-off-by: Seunguk Shin <seunguk.shin@arm.com>	2025-06-16 15:02:07 +01:00
Mikko Ylinen	825b1cd233	kata-deploy: accept 25.04 as supported distro for TDX the latest Canonical TDX release supports 25.04 / Plucky as well. Users experimenting with the latest goodies in the 25.04 TDX enablement won't get Kata deployed properly. This change accepts 25.04 as supported distro for TDX. Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>	2025-06-16 13:42:08 +01:00
Xuewei Niu	9b4518f742	Merge pull request #11359 from pawelbeza/fix-logs-on-virtiofs-shutdown Fix logging on virtiofs shutdown	2025-06-16 17:06:29 +08:00
Paul Meyer	b629b11ba0	gitignore: ignore direnv This allows contributors to setup direnv without having it detected by git. Signed-off-by: Paul Meyer <katexochen0@gmail.com>	2025-06-16 11:02:00 +02:00
Steve Horsman	64c95cb996	Merge pull request #11389 from kata-containers/checkout-persist-credentials-false workflows: Set persist-credentials: false on checkout	2025-06-16 09:58:22 +01:00
alex.lyn	cebb259e51	runtime-rs: Introduce force guest pulling image Container image integrity protection is a critical practice involving a multi-layered defense mechanism. While container images inherently offer basic integrity verification through Content-Addressable Storage (CAS) (ensuring pulled content matches stored hashes), a combination of other measures is crucial for production environments. These layers include: Encrypted Transport (HTTPS/TLS) to prevent tampering during transfer; Image Signing to confirm the image originates from a trusted source; Vulnerability Scanning to ensure the image content is "healthy"; and Trusted Registries with stringent access controls. In certain scenarios, such as when container image confidentiality requirements are not stringent, and integrity is already ensured via the aforementioned mechanisms (especially CAS and HTTPS/TLS), adopting "force guest pull" can be a viable option. This implies that even when pulling images from a container registry, their integrity remains guaranteed through content hashes and other built-in mechanisms, without relying on additional host-side verification or specialized transfer methods. Since this feature is already available in runtime-go and offers synergistic benefits with guest pull, we have chosen to support force guest pull. Fixes #10690 Signed-off-by: alex.lyn <alex.lyn@antgroup.com>	2025-06-16 16:49:17 +08:00
alex.lyn	2157075140	kata-types: Introduce a helper method to adjust rootfs mounts This commit introduces the `adjust_rootfs_mounts` function to manage root filesystem mounts for guest-pull scenarios. When the force guest-pull mechanism is active, this function ensures that the rootfs is exclusively configured via a dedicated `KataVirtualVolume`. It disregards any provided input mounts, instead generating a single, default `KataVirtualVolume`. This volume is then base64-encoded and set as the sole mount option for a new, singular `Mount` entry, which is returned as the only item in the `Vec<Mount>`. This change guarantees consistent and exclusive rootfs configuration when utilizing guest-pull for container images. Signed-off-by: alex.lyn <alex.lyn@antgroup.com>	2025-06-16 16:49:17 +08:00

1 2 3 4 5 ...

16245 Commits