This branch will never receive any security-backports when the
associated RHEL release reaches EOL. Add a condition to force CI to
break with a helpful message, after this RHEL EOL date.
Signed-off-by: Chris Evich <cevich@redhat.com>
Migrate our OSX build to a M1 instance, since Cirrus is sunsetting Intel-based macOS instances.
Signed-off-by: Ashley Cui <acui@redhat.com>
(cherry picked from commit b5ac534960)
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
1.19 has changed the expected gofmt format, and we don't want
to follow such changes on the stable branch.
go@1.18 is "keg-only", i.e. not installed by Brew to /usr/local/bin,
so we need to change PATH to point at it (as the installation instructs
us to).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
The k8s.gcr.io/coredns/coredns repo now contains an OCI
artifact, which we can't copy; so, use a different
repo to test syncing.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Related to CVE-2022-21698 ; note that the vulnerable
code is not actually reachable in Skopeo.
> go get github.com/prometheus/client_golang@v1.11.1
> make vendor
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Mainly this is to confirm some changes needed for the podman-py CI
setup don't disrupt operations here. Ref:
https://github.com/containers/automation_images/pull/111
Note: Glibc resolver configuration has changed from previous images. An
additional setup command was added to remove systemd-resolved from the
chain.
Signed-off-by: Chris Evich <cevich@redhat.com>
Highlights:
- A new sif: transport
- New options --multi-arch, --preserve-digests, --sign-passphrase-file
- Use a dynamic temp dir for test
- Add an option to allow copying image indexes alone
- proxy: Add a GetFullConfig method
- proxy: Also bump compatible semver
- Add option to preserve digests on copy
- Run codespell on code
- prompt-less signing via passphrase file
- add a SIF systemtest
- Merge pull request #1550 from vrothberg/sif-test
- Improve the documentation of the argument to (skopeo inspect)
- Document where various fields of (skopeo inspect) come from
- Improve the documentation of boolean flags
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
The Go behavior of boolean flags is as follows:
Accepted values are --flag, which is the same as --flag=true, and --flag=false,
which is the default (except for OptionalBoolFlag).
--flag {false,true} is parsed as --flag=true with a non-option {false,true} argument.
So, for almost all flags, document them just as --flag, not
mentioning the [={false,true}] part, because users can just
omit =true, or the whole flag instead of =false.
OTOH, for tls-verify, document only the tls-verify={true,false}
variant, because the primary use is tls-verify=false, and because
tls-verify is not "the default", but equivalent to an explicit
tls-verify=true (overriding registries.conf).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
