github/skopeo
1
0
Fork 0
mirror of https://github.com/containers/skopeo.git synced 2025-09-16 15:00:14 +00:00
Code Issues Projects Releases Wiki Activity
2,239 Commits 18 Branches 102 Tags
d58e59a57d2c6019a239f53896c1775273c7ab2b
Commit Graph

2239 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Miloslav Trmač
68e9f2c576 Merge pull request #1697 from containers/dependabot/go_modules/github.com/stretchr/testify-1.8.0 
Bump github.com/stretchr/testify from 1.7.5 to 1.8.0
 2022-06-30 17:43:30 +02:00
dependabot[bot]
331162358b Bump github.com/stretchr/testify from 1.7.5 to 1.8.0 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.5 to 1.8.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.5...v1.8.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-30 08:17:49 +00:00
Josh Soref
89089f3a8d Update IRC information 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-06-29 20:14:56 -04:00
Miloslav Trmač
ba6af16e53 Use bytes.ReplaceAll instead of bytes.Replace(..., -1) 
... for a trivial improvement in readability.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-06-29 19:40:02 +02:00
Miloslav Trmač
bc84a02bc4 Merge pull request #1661 from cevich/multiarch_build 
[CI:BUILD] Cirrus: Migrate multiarch build off github actions
 2022-06-29 19:16:13 +02:00
Chris Evich
2024e2e258 Update & fix skopeo multiarch image Containerfiles 
These changes substantially mirror similar updates made recently to both
podman and buildah.  Besides renaming `Dockerfile` -> `Containerfile`,
there are much needed updates to docs, and the build instructions.

Signed-off-by: Chris Evich <cevich@redhat.com>
 2022-06-29 11:42:15 -04:00
Chris Evich
774ff9d16f Cirrus: Migrate multiarch build off github actions 
The github actions workflow for this operation is complex and difficult
to maintain.  For several months now a replacement has been running well
in the podman repository.  It's scripts/components are centralized,
versioned, unit, and integration tested.  Add cirrus tasks to run the
build, and another task to allow test builds in a PR.

This also adds support for a new magic CI string: `[CI:BUILD]`.
With this string in the PR title, automation will only do basic build
verification, and enable testing of the multi-arch build process.

Otherwise, many tasks were updated to not be created when running the
cirrus-cron multi-arch image builds, since this would simply be a waste
of time and invitation for flakes.

Lastly, since only native tooling is used in the new build process,
rename all the recipes to `Containerfile`.

Signed-off-by: Chris Evich <cevich@redhat.com>
 2022-06-28 17:43:37 -04:00
Daniel J Walsh
1462a45c91 Merge pull request #1653 from mairin/patch-1 
Updated skopeo logo with new artwork
 2022-06-27 10:56:26 -04:00
Miloslav Trmač
7bfa5cbad8 Merge pull request #1690 from containers/dependabot/go_modules/github.com/stretchr/testify-1.7.5 
Bump github.com/stretchr/testify from 1.7.4 to 1.7.5
 2022-06-24 19:12:34 +02:00
dependabot[bot]
899d3686f9 Bump github.com/stretchr/testify from 1.7.4 to 1.7.5 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.4 to 1.7.5.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.4...v1.7.5)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-24 08:34:09 +00:00
Daniel J Walsh
1a98f253b4 Merge pull request #1687 from containers/dependabot/go_modules/github.com/stretchr/testify-1.7.4 
Bump github.com/stretchr/testify from 1.7.2 to 1.7.4
 2022-06-21 13:08:58 -04:00
Daniel J Walsh
fdd8aa2fd0 Merge pull request #1686 from containers/dependabot/go_modules/github.com/spf13/cobra-1.5.0 
Bump github.com/spf13/cobra from 1.4.0 to 1.5.0
 2022-06-21 13:08:33 -04:00
dependabot[bot]
2f77d21343 Bump github.com/stretchr/testify from 1.7.2 to 1.7.4 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.2 to 1.7.4.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.2...v1.7.4)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-21 08:13:03 +00:00
dependabot[bot]
2009d1c61e Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.4.0...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-21 08:12:52 +00:00
Miloslav Trmač
168f8d648a Merge pull request #1684 from lsm5/rpmspec-syntax-highlight-fix 
[CI:DOCS] skopeo.spec.rpkg: Fix syntax highlighting
 2022-06-17 20:35:21 +02:00
Lokesh Mandvekar
fe0228095b [CI:DOCS] skopeo.spec.rpkg: Fix syntax highlighting 
For whatever reason, the comment rearrangement is
required for vim rpm synatx highlighting to work.

Also added a comment pointing out where additional comments
should go. :)

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2022-06-17 10:14:57 -04:00
Daniel J Walsh
14650880c8 Merge pull request #1679 from mtrmac/test-registry-2.8.1-from-image 
Use an updated CI image with OCI-capable registry
 2022-06-17 06:06:22 -04:00
Miloslav Trmač
e7363a2e30 Merge pull request #1682 from lsm5/rpkg-doc-update 
[CI:DOCS] Makefile: include cautionary note for rpm target
 2022-06-16 21:38:02 +02:00
Lokesh Mandvekar
71d450cb35 [CI:DOCS] Makefile: include cautionary note for rpm target 
Also add same warning to skopeo.spec.rpkg

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2022-06-16 15:36:06 -04:00
Lokesh Mandvekar
3738854467 CoPR: Autobuild rpm on rhcontainerbot/podman-next 
The new file `skopeo.spec.rpkg` along with a webhook will automatically
build rpms on every PR merge on the main branch.

Run `rpkg local` or `make rpm` to generate the rpm.

Known issue: Doesn't yet build for EL8 environments.

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2022-06-16 15:27:39 -04:00
Miloslav Trmač
38f4b9d032 Enable schema1 support on the test registries 
We expect schema1 images to work.  Also, docker/distribution
doesn't provide useful errors for rejected schema1 images
( https://github.com/distribution/distribution/issues/2925 ),
which makes it impractical for Skopeo to automatically convert
schema1 to schema2.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-06-16 20:27:05 +02:00
Miloslav Trmač
1b5fb465be Update for docker/distribution CLI change 
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-06-16 20:27:05 +02:00
Miloslav Trmač
e9ed5e04e2 Use an updated CI image 
... from https://github.com/containers/automation_images/pull/137 .

This updates the docker/distribution registry to 2.8.1, allowing it
to accept OCI images.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-06-16 20:27:01 +02:00
Daniel J Walsh
f2c1d77c57 Merge pull request #1672 from mtrmac/non-artifact-oci-repo 
Change a repo used for sync tests
 2022-06-11 05:52:07 -04:00
Miloslav Trmač
bbdabebd17 Change a repo used for sync tests 
The k8s.gcr.io/coredns/coredns repo now contains an OCI
artifact, which we can't copy; so, use a different
repo to test syncing.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-06-11 03:15:14 +02:00
Daniel J Walsh
4b5e6327cd Merge pull request #1667 from mtrmac/go1.17 
Update to benefit from Go 1.17
 2022-06-09 11:11:51 -04:00
Miloslav Trmač
92c0d0c09d Use testing.T.Setenv instead of os.Setenv in tests 
... to benefit from Go 1.17.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-06-08 16:57:06 +02:00
Miloslav Trmač
a3a72342f2 Update go.mod to Go 1.17 
> go mod tidy -go=1.17
> make vendor

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-06-08 16:46:38 +02:00
Miloslav Trmač
14a3b9241e Merge pull request #1666 from containers/dependabot/go_modules/github.com/docker/docker-20.10.17incompatible 
Bump github.com/docker/docker from 20.10.16+incompatible to 20.10.17+incompatible
 2022-06-07 15:59:14 +02:00
dependabot[bot]
e9379d15d2 Bump github.com/docker/docker 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.16+incompatible to 20.10.17+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/docker/docker/compare/v20.10.16...v20.10.17)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-07 08:19:08 +00:00
Miloslav Trmač
eb61a79dde Merge pull request #1664 from containers/dependabot/go_modules/github.com/stretchr/testify-1.7.2 
Bump github.com/stretchr/testify from 1.7.1 to 1.7.2
 2022-06-06 17:31:50 +02:00
dependabot[bot]
69840fd082 Bump github.com/stretchr/testify from 1.7.1 to 1.7.2 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.1 to 1.7.2.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.1...v1.7.2)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-06 14:50:42 +00:00
Daniel J Walsh
dc905cb7be Merge pull request #1663 from containers/dependabot/go_modules/github.com/containers/ocicrypt-1.1.5 
Bump github.com/containers/ocicrypt from 1.1.4 to 1.1.5
 2022-06-06 08:05:31 -04:00
dependabot[bot]
63622bc7c4 Bump github.com/containers/ocicrypt from 1.1.4 to 1.1.5 
Bumps [github.com/containers/ocicrypt](https://github.com/containers/ocicrypt) from 1.1.4 to 1.1.5.
- [Release notes](https://github.com/containers/ocicrypt/releases)
- [Commits](https://github.com/containers/ocicrypt/compare/v1.1.4...v1.1.5)

---
updated-dependencies:
- dependency-name: github.com/containers/ocicrypt
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-06 08:16:08 +00:00
Chris Evich
02ae5c2af5 Merge pull request #1658 from lsm5/ubuntu-2204-lts-cirrus 
Cirrus: use Ubuntu 22.04 LTS
 2022-05-31 13:37:11 -04:00
Lokesh Mandvekar
6b58459829 Cirrus: use Ubuntu 22.04 LTS 
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2022-05-31 13:03:56 -04:00
Valentin Rothberg
a5d4e6655d Merge pull request #1655 from mtrmac/runc-1.1.2 
Update to github.com/opencontainers/runc >= 1.1.2
 2022-05-31 09:09:11 +02:00
Miloslav Trmač
00a58e48b1 Update to github.com/opencontainers/runc >= 1.1.2 
... to silence Dependabot alerts about CVE-2022-29162 = GHSA-f3fp-gc8g-vw66.

Note that the vulnerable code is not actually included in Skopeo at all,
this is purely to silence imprecise vulnerability checkers.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-05-31 01:23:51 +02:00
Miloslav Trmač
db663df804 Merge pull request #1659 from Luap99/make-completions 
fix make completions for all POSIX shells
 2022-05-30 15:00:14 +02:00
Paul Holzinger
263a5f017f fix make completions for all POSIX shells 
The {a,b} syntax is not POSIX compatible. The Makefile should run with
all POSIX shells so we cannot use shell specific features like this.

Fixes #1657

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
 2022-05-30 14:38:56 +02:00
Valentin Rothberg
47afd101f0 Merge pull request #1656 from mtrmac/yaml-3.0.0 
Update to gopkg.in/yaml.v3 v3.0.0
 2022-05-30 11:38:26 +02:00
Miloslav Trmač
0a3be734a9 Update to gopkg.in/yaml.v3 v3.0.0 
... to include a fix for CVE-2022-28948 = GHSA-hp87-p4gw-j4gq .

Note that the package is only used for Skopeo's tests, so
Skopeo's users can't reach the vulnerable code.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-05-26 20:30:59 +02:00
Chris Evich
e8a3064328 Merge pull request #1652 from cevich/fix_gha_security 
[CI:DOCS] Pin actions to a full length commit SHA
 2022-05-26 14:28:01 -04:00
Máirín Duffy
0ad7ec2402 Updated skopeo logo with new artwork 
Signed-off-by: Máirín Duffy <duffy@redhat.com>
 2022-05-25 13:39:05 -04:00
Chris Evich
014d47f396 [CI:DOCS] Pin actions to a full length commit SHA 
+ Pin actions to a full length commit SHA is currently the only way
  to use an action as an immutable release. Pinning to a particular SHA
  helps mitigate the risk of a bad actor adding a backdoor to the action's
  repository, as they would need to generate a SHA-1 collision for a valid
  Git object payload. Ref:
  https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions

+ Explicitly set permissions for actions to minimum required.  The
  defaults are (unfortunately) overly permissive: Ref:
  https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token

Signed-off-by: Chris Evich <cevich@redhat.com>
 2022-05-25 11:29:18 -04:00
Daniel J Walsh
0fa1b5038f Merge pull request #1649 from mtrmac/gpgme-native-pkg-config 
Stop calling gpgme-config
 2022-05-23 23:32:14 -04:00
Miloslav Trmač
1add7a81d7 Merge pull request #1647 from Luap99/completion 
use spf13/cobra to generate shell completions
 2022-05-23 19:22:10 +02:00
Paul Holzinger
d78bc82782 shell completion: add completion for transports names 
Make sure skopeo copy/inspect/delete show the transport names when shell
completion is used to not regress compared to the old bash completion
script.

In theory I would highly recommend to set completion functions for
every flag and command. This can be ensured with a test like this:
https://github.com/containers/podman/blob/main/cmd/podman/shell_completion_test.go
But this is a lot of work to get right and I am neither a skopeo user or
maintainer so I am missing a lot of context for most options. I think
this would be better handled by a person who knows skopeo better.

Normally options should either use AutocompleteNone() or
AutocompleteDefault() from c/common/pkg/completion.
Even better would be to add custom completion functions for arguments
that only accept fixed values, see AutocompleteSupportedTransports() in
this commit.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
 2022-05-23 18:47:51 +02:00
Paul Holzinger
6c2a415f6c shell completion: add install instructions docs 
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
 2022-05-23 18:47:51 +02:00
Paul Holzinger
9bed0a9e9a shell completion: add Makefile target 
Add target to generate the shell scripts and a target to install them.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
 2022-05-23 18:47:46 +02:00