diff --git a/.github/workflows/autoapprove.yml b/.github/workflows/autoapprove.yml new file mode 100644 index 0000000..31ea99b --- /dev/null +++ b/.github/workflows/autoapprove.yml @@ -0,0 +1,35 @@ +name: ci-robbot auto-approve +on: +- pull_request_target + +permissions: + contents: write + pull-requests: write + packages: read + +jobs: + auto-approve: + runs-on: ubuntu-latest + if: ${{ github.actor == 'ci-robbot' }} + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Approve a PR if not already approved + run: | + gh pr checkout "$PR_URL" + if [ "$(gh pr status --json reviewDecision -q .currentBranch.reviewDecision)" != "APPROVED" ]; + then + gh pr review --approve "$PR_URL" + else + echo "PR already approved."; + fi + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + + - name: Enable auto-merge for Dependabot PRs + run: gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/build-arm64.yaml b/.github/workflows/build-arm64.yaml index 09e0c68..2edd4e3 100644 --- a/.github/workflows/build-arm64.yaml +++ b/.github/workflows/build-arm64.yaml @@ -92,3 +92,4 @@ jobs: REPOSITORY_TYPE: docker createRepo: true pushCache: true + revisionSHA: true diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index a5af6cc..190ef00 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -83,3 +83,4 @@ jobs: REPOSITORY_TYPE: docker createRepo: true pushCache: true + revisionSHA: true diff --git a/.github/workflows/one.yaml b/.github/workflows/one.yaml index 1d38d3f..dc6c1d5 100644 --- a/.github/workflows/one.yaml +++ b/.github/workflows/one.yaml @@ -69,3 +69,4 @@ jobs: REPOSITORY_TYPE: docker createRepo: true pushCache: true + revisionSHA: true diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 681a14e..32b65e1 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -14,13 +14,13 @@ jobs: fetch-depth: 0 - name: Get changed files id: changed-files - uses: tj-actions/changed-files@v42 + uses: tj-actions/changed-files@v44 with: files: packages/** - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: - go-version: 1.21.1 + go-version-file: tools/bump-validator/go.mod - name: Validate changed packages bump version if: steps.changed-files.outputs.any_changed == 'true' env: @@ -44,9 +44,9 @@ jobs: platforms: all - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@v3.0.0 + uses: docker/setup-buildx-action@v3.3.0 - name: Download meta 🔧 - uses: luet-lab/luet-github-action@v0.1.2 + uses: luet-lab/luet-github-action@v0.2.1 with: FINAL_REPO: quay.io/kairos/packages-arm64 REPOSITORY_TYPE: docker @@ -54,7 +54,7 @@ jobs: downloadFromList: true downloadMeta: true - name: Build packages 🔧 - uses: luet-lab/luet-github-action@v0.1.2 + uses: luet-lab/luet-github-action@v0.2.1 with: build: true fromIndex: true @@ -78,7 +78,7 @@ jobs: git fetch --prune --unshallow mkdir build - name: Download meta 🔧 - uses: luet-lab/luet-github-action@v0.1.2 + uses: luet-lab/luet-github-action@v0.2.1 with: FINAL_REPO: quay.io/kairos/packages REPOSITORY_TYPE: docker @@ -86,7 +86,7 @@ jobs: downloadFromList: true downloadMeta: true - name: Build packages 🔧 - uses: luet-lab/luet-github-action@v0.1.2 + uses: luet-lab/luet-github-action@v0.2.1 with: build: true fromIndex: true diff --git a/.github/workflows/renovate_auto.yml b/.github/workflows/renovate_auto.yml new file mode 100644 index 0000000..8167654 --- /dev/null +++ b/.github/workflows/renovate_auto.yml @@ -0,0 +1,35 @@ +name: Renovate auto-merge +on: +- pull_request_target + +permissions: + contents: write + pull-requests: write + packages: read + +jobs: + dependabot: + runs-on: ubuntu-latest + if: ${{ github.actor == 'renovate[bot]' }} + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Approve a PR if not already approved + run: | + gh pr checkout "$PR_URL" + if [ "$(gh pr status --json reviewDecision -q .currentBranch.reviewDecision)" != "APPROVED" ]; + then + gh pr review --approve "$PR_URL" + else + echo "PR already approved."; + fi + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + + - name: Enable auto-merge for Renovate PRs + run: gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} diff --git a/packages/alpine/collection.yaml b/packages/alpine/collection.yaml index 357e1a0..db51156 100644 --- a/packages/alpine/collection.yaml +++ b/packages/alpine/collection.yaml @@ -1,7 +1,7 @@ packages: - name: "alpine" category: "initrd" - version: "3.8.1+2" + version: "3.8.1+4" description: "Provides custom initrd scripts for alpine" # This syncs with the alpine version at https://gitlab.alpinelinux.org/alpine/mkinitfs/-/blob/master/initramfs-init.in?ref_type=heads # any changes to the initramfs-init.in file should be looked at and backported if necessary \ No newline at end of file diff --git a/packages/alpine/files/initramfs-init b/packages/alpine/files/initramfs-init index f7f0643..992b4b3 100755 --- a/packages/alpine/files/initramfs-init +++ b/packages/alpine/files/initramfs-init @@ -1,6 +1,6 @@ #!/bin/sh -VERSION=3.8.1-kairos1 +VERSION=3.8.1-kairos2 INIT=/sbin/init sysroot="$ROOT"/sysroot @@ -393,19 +393,20 @@ fi # Path for booting from livecd if grep -q cdroot /proc/cmdline ;then rd_break pre-livecd - echo "Mounting LiveCD" + echo "Mounting Live Media" sync + label=$(grep -o CDLABEL.* /proc/cmdline | cut -f 1 -d ' ' | cut -f 2 -d '=' ) # Create mountpoints ebegin "Create mountpoints" mkdir -p /media/root-ro /media/root-rw /run/rootfsbase $sysroot/media/root-ro $sysroot/media/root-rw $sysroot/run/rootfsbase eend $? # Between udev starting, we loading the modules and the cdrom appearing sometimes there is a delay, so lets wait a bit here - ebegin "Waiting for cdrom to be available" - retry 10 test -e /dev/sr0 + ebegin "Waiting for Live Media to be available" + retry 10 test -e /dev/disk/by-label/$label eend # Mount read-only livecd - ebegin "Mount LiveCD RO" - retry 10 mount /dev/sr0 /media/root-ro + ebegin "Mount Live Media RO" + retry 10 mount /dev/disk/by-label/$label /media/root-ro eend $? sync # Mount squashfs into loop device diff --git a/packages/dracut/immucore/build.yaml b/packages/dracut/immucore/build.yaml deleted file mode 100644 index a1e786b..0000000 --- a/packages/dracut/immucore/build.yaml +++ /dev/null @@ -1,18 +0,0 @@ -image: "alpine" - -prelude: - - apk add git - - | - PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && \ - git clone https://github.com/${GITHUB_ORG}/{{ .Values.name }}.git && cd {{.Values.name}} && git checkout v"${PACKAGE_VERSION}" - -steps: - - mkdir -p /package/usr/lib/dracut/modules.d - - mkdir -p /package/etc/dracut.conf.d/ - - cp -r {{.Values.name}}/dracut/28immucore /package/usr/lib/dracut/modules.d/28immucore - - cp {{.Values.name}}/dracut/*.conf /package/etc/dracut.conf.d/ - -env: - - GITHUB_ORG={{ ( index .Values.labels "github.owner" ) }} - -package_dir: "/package" \ No newline at end of file diff --git a/packages/dracut/immucore/definition.yaml b/packages/dracut/immucore/definition.yaml deleted file mode 100644 index a90be46..0000000 --- a/packages/dracut/immucore/definition.yaml +++ /dev/null @@ -1,11 +0,0 @@ -name: "immucore" -category: "dracut" -version: "0.1.14" -labels: - github.repo: "immucore" - autobump.revdeps: "true" - github.owner: "kairos-io" -uri: - - https://github.com/kairos-io/kcrypt -license: "Apache License v2" -description: "Dracut module for immucore" diff --git a/packages/firmware/opensuse/collection.yaml b/packages/firmware/opensuse/collection.yaml index 44bd020..45f13b7 100644 --- a/packages/firmware/opensuse/collection.yaml +++ b/packages/firmware/opensuse/collection.yaml @@ -4,7 +4,7 @@ packages: version: "20170419-5.220" - name: "u-boot-rpi64" category: "firmware" - version: "2024.01-1.1" + version: "2024.04-2.1" labels: autobump.strategy: "custom" autobump.string_replace: '{ "prefix": "" }' @@ -16,11 +16,11 @@ packages: # We do assume that checksum is sha256 autobump.checksum_hook: | curl -s -L https://download.opensuse.org/ports/aarch64/tumbleweed/repo/oss/$(curl -s -L https://download.opensuse.org/ports/aarch64/tumbleweed/repo/oss/repodata/repomd.xml | dasel -r xml 'repomd.data.[0].location.-href') | zstd -d - | dasel -r xml -w json | jq '.metadata.package[] | select(.name=="u-boot-rpiarm64") | select(.arch!="src").checksum."#text"' -r | tail -n1 - package.version: "2024.01-1.1" - package.checksum: "3315453834d23201afc0945fa759742a46671ef972513c5999e951465694c662c910868bf3ab0dbd92297e154e2d0eae477e2aa968b99fdec942c3e67e4b270d" + package.version: "2024.04-2.1" + package.checksum: "c590b4820a8f325bfe41bc1302ea4066d9de8621bb3718a988f3f1373ff8c503356374f33aca3835832e1336367eb802c94f21d726053304ac88d11a1efd6404" - name: "raspberrypi-firmware" category: "firmware" - version: "2023.11.21-1.1" + version: "2024.03.27-1.1" labels: autobump.strategy: "custom" autobump.string_replace: '{ "prefix": "" }' @@ -32,11 +32,11 @@ packages: # We do assume that checksum is sha256 autobump.checksum_hook: | curl -s -L https://download.opensuse.org/ports/aarch64/tumbleweed/repo/oss/$(curl -s -L https://download.opensuse.org/ports/aarch64/tumbleweed/repo/oss/repodata/repomd.xml | dasel -r xml 'repomd.data.[0].location.-href') | zstd -d - | dasel -r xml -w json | jq '.metadata.package[] | select(.name=="raspberrypi-firmware") | select(.arch!="src").checksum."#text"' -r | tail -n1 - package.version: "2023.11.21-1.1" - package.checksum: "f21f510b968f8b49ca98250f4985b2d5c5382a6d18fa088272826fe19834287cc5027de2041752b2a9d3c8ea284cc165f882410ebbc5327ae6c3969b91912058" + package.version: "2024.03.27-1.1" + package.checksum: "b557423675f8aadaa7a48c29e27dcbf2dc8a990fcc13fa7b2839dfc6afe281e54a0326bb881b244f77412d09f93df46a648abd3fb7c85716f2f207b8729e1219" - name: "raspberrypi-firmware-config" category: "firmware" - version: "2023.11.21-1.1" + version: "2024.03.27-1.1" labels: autobump.strategy: "custom" autobump.string_replace: '{ "prefix": "" }' @@ -48,11 +48,11 @@ packages: # We do assume that checksum is sha256 autobump.checksum_hook: | curl -s -L https://download.opensuse.org/ports/aarch64/tumbleweed/repo/oss/$(curl -s -L https://download.opensuse.org/ports/aarch64/tumbleweed/repo/oss/repodata/repomd.xml | dasel -r xml 'repomd.data.[0].location.-href') | zstd -d - | dasel -r xml -w json | jq '.metadata.package[] | select(.name=="raspberrypi-firmware-config") | select(.arch!="src").checksum."#text"' -r | tail -n1 - package.version: "2023.11.21-1.1" - package.checksum: "022aaea609c6f4503c46a9b72203e60220bd2a9792ca413f55b1e1e6736626781f89ed20a18e33fdafd0ffb0c7bd1a405deae87fb295ab6ef3adb4dd88ece6f1" + package.version: "2024.03.27-1.1" + package.checksum: "93514ec07d396888f4f09712c8c96258d857dba0321c30dfe827ebeb6887f5904f080a0947e51f269868530ac6a67b9054caf97abd57b12ce3984cc721d58bee" - name: "raspberrypi-firmware-dt" category: "firmware" - version: "2023.11.21-2.1" + version: "2023.11.21-3.3" labels: autobump.strategy: "custom" autobump.string_replace: '{ "prefix": "" }' @@ -64,5 +64,5 @@ packages: # We do assume that checksum is sha256 autobump.checksum_hook: | curl -s -L https://download.opensuse.org/ports/aarch64/tumbleweed/repo/oss/$(curl -s -L https://download.opensuse.org/ports/aarch64/tumbleweed/repo/oss/repodata/repomd.xml | dasel -r xml 'repomd.data.[0].location.-href') | zstd -d - | dasel -r xml -w json | jq '.metadata.package[] | select(.name=="raspberrypi-firmware-dt") | select(.arch!="src").checksum."#text"' -r | tail -n1 - package.version: "2023.11.21-2.1" - package.checksum: "36539b4b9270139fb313971e8c7851f3015fcc87f5a271f20a0cee92f4ff3f0ceeb620dd847f8e38469d3c216635c0d492bb553e44bfb41b74ea8a83850e51d0" + package.version: "2023.11.21-3.3" + package.checksum: "efbe401a3e2fdec4fb73d59ebfac9175f933b8e74416cdf5867eae3b04cbb3fff07ba8fa2d0b2782ae607a82df2f465fe210334780cf19d7bc3ca5c90c49811b" diff --git a/packages/k8s/k3s/build.yaml b/packages/k8s/k3s/build.yaml index 30fc370..5926ae1 100644 --- a/packages/k8s/k3s/build.yaml +++ b/packages/k8s/k3s/build.yaml @@ -1,5 +1,5 @@ requires: -- name: "toolchain-go" +- name: "toolchain-go-ubuntu" category: "development" version: ">=0" env: @@ -31,18 +31,10 @@ steps: - bash installer.sh agent - rm -rf installer.sh - chmod +x /usr/bin/k3s - - TAG=$INSTALL_K3S_VERSION ./fetch-template.sh - - mkdir -p /usr/share/config/kairos/k3s/ - - mv config.toml.tmpl /usr/share/config/kairos/k3s/containerd-config.toml.tmpl + - upx -1 /usr/bin/k3s includes: - ^/usr/bin/k3s -- ^/usr$ -- ^/usr/share$ -- ^/usr/share/config$ -- ^/usr/share/config/kairos$ -- ^/usr/share/config/kairos/k3s$ -- ^/usr/share/config/kairos/k3s/containerd-config.toml.tmpl$ {{ if eq .Values.name "k3s-openrc" }} - ^/etc/init.d/$ - ^/etc/init.d/k3s.* diff --git a/packages/k8s/k3s/collection.yaml b/packages/k8s/k3s/collection.yaml index 7c045e1..231a349 100644 --- a/packages/k8s/k3s/collection.yaml +++ b/packages/k8s/k3s/collection.yaml @@ -1,77 +1,78 @@ packages: - name: k3s-openrc category: k8s - version: "1.29.0+2" + version: "1.29.3" k3s_version: "2" labels: github.owner: "k3s-io" github.repo: "k3s" autobump.sed_script: 's/\+k3s1//g' + autobump.skip_if_contains: '["rc"]' uri: - https://github.com/k3s-io/k3s license: "APL-2" description: " Lightweight Kubernetes " - - name: k3s-openrc category: k8s - version: "1.28.5+2" + version: "1.28.5+4" k3s_version: "2" labels: github.owner: "k3s-io" github.repo: "k3s" autobump.sed_script: 's/\+k3s1//g' + autobump.skip_if_contains: '["rc"]' uri: - https://github.com/k3s-io/k3s license: "APL-2" description: " Lightweight Kubernetes " - - name: k3s-openrc category: k8s - version: "1.27.9+2" + version: "1.27.9+4" k3s_version: "2" labels: github.owner: "k3s-io" github.repo: "k3s" autobump.sed_script: 's/\+k3s1//g' + autobump.skip_if_contains: '["rc"]' uri: - https://github.com/k3s-io/k3s license: "APL-2" description: " Lightweight Kubernetes " - - name: k3s-systemd category: k8s - version: "1.29.0+2" + version: "1.29.3" k3s_version: "2" labels: github.owner: "k3s-io" github.repo: "k3s" autobump.sed_script: 's/\+k3s1//g' + autobump.skip_if_contains: '["rc"]' uri: - https://github.com/k3s-io/k3s license: "APL-2" description: " Lightweight Kubernetes " - - name: k3s-systemd category: k8s - version: "1.28.5+2" + version: "1.28.5+4" k3s_version: "2" labels: github.owner: "k3s-io" github.repo: "k3s" autobump.sed_script: 's/\+k3s1//g' + autobump.skip_if_contains: '["rc"]' uri: - https://github.com/k3s-io/k3s license: "APL-2" description: " Lightweight Kubernetes " - - name: k3s-systemd category: k8s - version: "1.27.9+2" + version: "1.27.9+4" k3s_version: "2" labels: github.owner: "k3s-io" github.repo: "k3s" autobump.sed_script: 's/\+k3s1//g' + autobump.skip_if_contains: '["rc"]' uri: - https://github.com/k3s-io/k3s license: "APL-2" diff --git a/packages/k8s/k3s/fetch-template.sh b/packages/k8s/k3s/fetch-template.sh deleted file mode 100755 index b7fc428..0000000 --- a/packages/k8s/k3s/fetch-template.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash - -set -e - -if [[ -z $TAG ]]; then - echo "TAG should be set" - exit 1 -fi - -cleanup() { - echo "Cleaning up..." - rm -rf "$tmp_dir" -} -trap cleanup EXIT - -SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) - -TMPDIR=$(mktemp -d) -cd $TMPDIR -echo $TMPDIR - -git clone --depth 1 --branch $TAG https://github.com/k3s-io/k3s.git -cd $TMPDIR/k3s - -cat << EOF > main.go -package main - -import ( - "fmt" - - "github.com/k3s-io/k3s/pkg/agent/templates" -) - -func main() { - fmt.Printf(templates.ContainerdConfigTemplate) -} -EOF - -go run . > $SCRIPT_DIR/config.toml.tmpl - -sed -i '/runc.options/a\ - NoPivotRoot = true -' $SCRIPT_DIR/config.toml.tmpl diff --git a/packages/static/kairos-overlay-files/collection.yaml b/packages/static/kairos-overlay-files/collection.yaml index c34d570..1e0ef54 100644 --- a/packages/static/kairos-overlay-files/collection.yaml +++ b/packages/static/kairos-overlay-files/collection.yaml @@ -1,4 +1,4 @@ packages: - name: "kairos-overlay-files" category: "static" - version: "1.1.29" + version: "1.1.32" diff --git a/packages/static/kairos-overlay-files/files/etc/kairos/branding/grubmenu.cfg b/packages/static/kairos-overlay-files/files/etc/kairos/branding/grubmenu.cfg index 5c1b804..b52fa8c 100644 --- a/packages/static/kairos-overlay-files/files/etc/kairos/branding/grubmenu.cfg +++ b/packages/static/kairos-overlay-files/files/etc/kairos/branding/grubmenu.cfg @@ -1,11 +1,11 @@ menuentry "Kairos remote recovery" --id remoterecovery { - if search.file /cOS/recovery.squashfs ; then + search --no-floppy --label --set=root COS_RECOVERY + if [ test -s /cOS/recovery.squashfs ]; then set img=/cOS/recovery.squashfs set recoverylabel=COS_RECOVERY else set img=/cOS/recovery.img fi - search.fs_label COS_RECOVERY root set label=COS_SYSTEM loopback loop0 /$img set root=($root) @@ -15,13 +15,13 @@ menuentry "Kairos remote recovery" --id remoterecovery { } menuentry "Kairos state reset (auto)" --id statereset { - if search.file /cOS/recovery.squashfs ; then + search --no-floppy --label --set=root COS_RECOVERY + if [ test -s /cOS/recovery.squashfs ]; then set img=/cOS/recovery.squashfs set recoverylabel=COS_RECOVERY else set img=/cOS/recovery.img fi - search.fs_label COS_RECOVERY root set label=COS_SYSTEM loopback loop0 /$img set root=($root) diff --git a/packages/static/kairos-overlay-files/files/system/oem/00_rootfs_uki.yaml b/packages/static/kairos-overlay-files/files/system/oem/00_rootfs_uki.yaml index a19502b..d96a9d3 100644 --- a/packages/static/kairos-overlay-files/files/system/oem/00_rootfs_uki.yaml +++ b/packages/static/kairos-overlay-files/files/system/oem/00_rootfs_uki.yaml @@ -8,7 +8,7 @@ name: "Rootfs Layout Settings for UKI" stages: rootfs: - - if: '[ -e "/run/cos/uki_boot_mode" ] && [ ! -e "/run/cos/recovery_mode" ]' + - if: '[ -e "/run/cos/uki_boot_mode" ] && [ ! -e "/run/cos/recovery_mode" ] && [ ! -e "/run/cos/autoreset_mode" ]' name: "Layout configuration for UKI boot" environment_file: /run/cos/cos-layout.env environment: @@ -46,9 +46,9 @@ stages: /var/lib/wicked /var/log /var/snap - - if: '[ -e "/run/cos/uki_boot_mode" ] && [ -e "/run/cos/recovery_mode" ]' - # omit the persistent partition on recovery mode - name: "Layout configuration for recovery mode on UKI" + - if: '[ -e "/run/cos/uki_boot_mode" ] && ([ -e "/run/cos/recovery_mode" ] || [ -e "/run/cos/autoreset_mode" ])' + # omit the persistent partition on recovery mode/autoreset + name: "Layout configuration for recovery/autoreset mode on UKI" environment_file: /run/cos/cos-layout.env environment: OVERLAY: "tmpfs:25%" diff --git a/packages/static/kairos-overlay-files/files/system/oem/51_reset.yaml b/packages/static/kairos-overlay-files/files/system/oem/51_reset.yaml index 13e3545..286c4b6 100644 --- a/packages/static/kairos-overlay-files/files/system/oem/51_reset.yaml +++ b/packages/static/kairos-overlay-files/files/system/oem/51_reset.yaml @@ -3,7 +3,7 @@ stages: initramfs: - name: "Starts kairos-reset for systemd based systems" if: | - grep -q "kairos.reset" /proc/cmdline && \ + (grep -q "kairos.reset" /proc/cmdline || [ -f /run/cos/autoreset_mode ]) && \ ( [ -e "/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] || [ -e "/usr/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] ) commands: - systemctl disable getty@tty1 @@ -14,4 +14,4 @@ stages: if: grep -q "kairos.reset" /proc/cmdline && [ -f "/sbin/openrc" ] commands: - sed -i -e 's/tty1.*//g' /etc/inittab - - echo "tty1::respawn:/usr/bin/kairos-agent reset tty1" >> /etc/inittab + - echo "tty1::respawn:/usr/bin/kairos-agent reset --unattended --reboot tty1" >> /etc/inittab diff --git a/packages/static/kairos-overlay-files/files/system/oem/53_k3s.yaml b/packages/static/kairos-overlay-files/files/system/oem/53_k3s.yaml deleted file mode 100644 index 2cc2034..0000000 --- a/packages/static/kairos-overlay-files/files/system/oem/53_k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -name: "k3s configuration" -stages: - boot: - - if: '[ ! -f "/run/cos/recovery_mode" ] && [ ! -e "/run/cos/uki_install_mode" ] && [[ $(source /etc/os-release; echo "$KAIROS_VARIANT") == "standard" ]]' - commands: - - mkdir -p /var/lib/rancher/k3s/agent/etc/containerd - - cp /usr/share/config/kairos/k3s/containerd-config.toml.tmpl /var/lib/rancher/k3s/agent/etc/containerd/config.toml.tmpl diff --git a/packages/system/immucore/build.yaml b/packages/system/immucore/build.yaml index 50f6819..e4f7774 100644 --- a/packages/system/immucore/build.yaml +++ b/packages/system/immucore/build.yaml @@ -2,7 +2,7 @@ requires: - name: "toolchain-go-ubuntu" category: "fips" - version: ">=0" + version: ">=1.19.10+1" {{else}} requires: - name: "toolchain-go-ubuntu" @@ -34,5 +34,11 @@ steps: {{if or (eq .Values.category "fips") (eq .Values.category "fips-static")}} - /usr/bin/{{.Values.name}} version | grep -i boringcrypto {{end}} + - mkdir -p /usr/lib/dracut/modules.d + - mkdir -p /etc/dracut.conf.d/ + - cp -r go/src/github.com/${GITHUB_ORG}/{{.Values.name}}/dracut/28immucore /usr/lib/dracut/modules.d/28immucore + - cp go/src/github.com/${GITHUB_ORG}/{{.Values.name}}/dracut/10-immucore.conf /etc/dracut.conf.d/10-immucore.conf includes: - /usr/bin/{{.Values.name}} + - /usr/lib/dracut/modules.d/28immucore + - /etc/dracut.conf.d/10-immucore.conf diff --git a/packages/system/immucore/collection.yaml b/packages/system/immucore/collection.yaml index 331a2b7..90de6e9 100644 --- a/packages/system/immucore/collection.yaml +++ b/packages/system/immucore/collection.yaml @@ -1,7 +1,18 @@ packages: - name: "immucore" category: "system" - version: "0.1.14" + version: "0.1.25" + labels: + github.repo: "immucore" + autobump.revdeps: "true" + github.owner: "kairos-io" + uri: + - https://github.com/kairos-io/immucore + license: "Apache License v2" + description: "The Kairos immutability management interface" + - name: "immucore" + category: "system" + version: "0.1.17-3" labels: github.repo: "immucore" autobump.revdeps: "true" @@ -12,7 +23,7 @@ packages: description: "The Kairos immutability management interface" - name: "immucore" category: "fips" - version: "0.1.14" + version: "0.1.25" labels: github.repo: "immucore" autobump.revdeps: "true" @@ -21,16 +32,3 @@ packages: - https://github.com/kairos-io/immucore license: "Apache License v2" description: "The Kairos immutability management interface" - # doesnt build so disable for now -#- name: "immucore" -#category: "fips-static" -#ldflags: "-linkmode external -extldflags -static" -#version: "0.1.6" -#labels: -# github.repo: "immucore" -# autobump.revdeps: "true" -# github.owner: "kairos-io" -#uri: -# - https://github.com/kairos-io/immucore -#license: "Apache License v2" -#description: "The Kairos immutability management interface" diff --git a/packages/system/kairos-agent/build.yaml b/packages/system/kairos-agent/build.yaml index dcc157a..932d979 100644 --- a/packages/system/kairos-agent/build.yaml +++ b/packages/system/kairos-agent/build.yaml @@ -15,39 +15,27 @@ prelude: - PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && cd /go/src/github.com/${GITHUB_ORG}/ && git clone --branch v${PACKAGE_VERSION} https://github.com/${GITHUB_ORG}/{{ .Values.name }}.git env: - GITHUB_ORG={{ ( index .Values.labels "github.owner" ) }} - - HUGO_VERSION=0.110.0 + - HUGO_VERSION=0.113.0 + - LDFLAGS="-s -w -X github.com/kairos-io/kairos-agent/v2/internal/common.VERSION=v${PACKAGE_VERSION} {{with .Values.ldflags}}{{.}}{{end}}" {{if or (eq .Values.category "fips") (eq .Values.category "fips-static")}} - CGO_ENABLED=1 - GOEXPERIMENT=boringcrypto - # Because we don't track the compiled-with version on the agent we need to keep the symbols in order to checks FIPS compliance - - LDFLAGS="-w -X github.com/kairos-io/kairos-agent/v2/internal/common.VERSION=v${PACKAGE_VERSION} {{with .Values.ldflags}}{{.}}{{end}}" {{else}} - CGO_ENABLED=0 - - LDFLAGS="-s -w -X github.com/kairos-io/kairos-agent/v2/internal/common.VERSION=v${PACKAGE_VERSION} {{with .Values.ldflags}}{{.}}{{end}}" {{end}} -copy: - - package: - category: "static" - name: "kairos-docs" - version: ">=0" - source: "/usr/share/doc/kairos" - destination: "/kairos-docs/" -steps: - # Docs for webui, copy them from the package - - mkdir -p /go/src/github.com/${GITHUB_ORG}/{{ .Values.name }}/internal/webui/public/local - - cp -r /kairos-docs/* /go/src/github.com/${GITHUB_ORG}/{{ .Values.name }}/internal/webui/public/local/ - # Deps for webui +# Deps for webui - cd /go/src/github.com/${GITHUB_ORG}/{{ .Values.name }}/internal/webui/public && npm install - # Now for the real binary with everything bundled! +steps: - | PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && \ cd /go/src/github.com/${GITHUB_ORG}/{{ .Values.name }}/ && \ go build -ldflags="${LDFLAGS}" -o /usr/bin/{{ .Values.name }} + - upx -1 /usr/bin/{{.Values.name}} - chmod +x /usr/bin/{{.Values.name}} {{if or (eq .Values.category "fips") (eq .Values.category "fips-static")}} {{ if .Values.arch }} {{ if eq .Values.arch "amd64" }} - - go tool nm /usr/bin/{{.Values.name}} | grep -i "FIPS_mode" + - /usr/bin/{{.Values.name}} version --long | grep -i "boringcrypto" {{end}} {{end}} {{end}} diff --git a/packages/system/kairos-agent/collection.yaml b/packages/system/kairos-agent/collection.yaml index 361dcfc..b8e8f8f 100644 --- a/packages/system/kairos-agent/collection.yaml +++ b/packages/system/kairos-agent/collection.yaml @@ -1,7 +1,7 @@ packages: - name: "kairos-agent" category: "system" - version: "2.7.13" + version: "2.9.1" labels: github.repo: "kairos-agent" autobump.revdeps: "true" @@ -12,7 +12,7 @@ packages: description: "Lifecycle agent for kairos" - name: "kairos-agent" category: "fips" - version: "2.7.13" + version: "2.9.1" labels: github.repo: "kairos-agent" autobump.revdeps: "true" diff --git a/packages/system/kcrypt-challenger/build.yaml b/packages/system/kcrypt-challenger/build.yaml index 5f5b636..0f1af10 100644 --- a/packages/system/kcrypt-challenger/build.yaml +++ b/packages/system/kcrypt-challenger/build.yaml @@ -10,15 +10,9 @@ requires: version: ">=0" {{end}} prelude: -{{if or (eq .Values.category "fips") (eq .Values.category "fips-static")}} - - apt-get update && apt-get install -y gcc -{{end}} - - mkdir go/src/github.com/${GITHUB_ORG}/ -p - apt-get update && apt-get install -y gcc libssl-dev + - mkdir go/src/github.com/${GITHUB_ORG}/ -p - cd go/src/github.com/${GITHUB_ORG}/ && git clone https://github.com/${GITHUB_ORG}/{{ .Values.name }}.git -{{ if ne .Values.live "yes" }} - - cd go/src/github.com/${GITHUB_ORG}/ && git checkout 3912abcec424521725ccd335181f2fde90510081 -b build -{{ end }} env: - GOPATH=/luetbuild/go/ - DEBIAN_FRONTEND=noninteractive @@ -27,22 +21,25 @@ env: {{if or (eq .Values.category "fips") (eq .Values.category "fips-static")}} - CGO_ENABLED=1 - GOEXPERIMENT=boringcrypto + - LDFLAGS="-w {{with .Values.ldflags}}{{.}}{{end}}" {{else}} - CGO_ENABLED=0 + - LDFLAGS="-s -w {{with .Values.ldflags}}{{.}}{{end}}" {{end}} steps: - | PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && \ mkdir -p /system/discovery && \ - cd go/src/github.com/${GITHUB_ORG}/{{ .Values.name }}/ && go build -ldflags="{{with .Values.ldflags}}{{.}}{{end}}" -o {{ .Values.binary_name }} ./cmd/discovery/main.go && mv {{ .Values.binary_name }} /system/discovery - - chmod +x /system/discovery/{{ .Values.binary_name }} + cd go/src/github.com/${GITHUB_ORG}/{{ .Values.name }}/ && go build -ldflags="${LDFLAGS}" -o {{ .Values.binary_name }} ./cmd/discovery/main.go && mv {{ .Values.binary_name }} /system/discovery {{if or (eq .Values.category "fips") (eq .Values.category "fips-static")}} {{ if .Values.arch }} {{ if eq .Values.arch "amd64" }} - go tool nm /system/discovery/{{ .Values.binary_name }} | grep -i "FIPS_mode" {{end}} {{end}} + - upx -1 /system/discovery/{{ .Values.binary_name }} + - chmod +x /system/discovery/{{ .Values.binary_name }} {{end}} includes: - /system/discovery/{{ .Values.binary_name }} diff --git a/packages/system/kcrypt-challenger/collection.yaml b/packages/system/kcrypt-challenger/collection.yaml index ced469d..956beca 100644 --- a/packages/system/kcrypt-challenger/collection.yaml +++ b/packages/system/kcrypt-challenger/collection.yaml @@ -2,8 +2,7 @@ packages: - name: kcrypt-challenger binary_name: kcrypt-discovery-challenger category: system - live: "yes" - version: "0.7.0" + version: "0.8.0" labels: github.repo: "kcrypt-challenger" github.owner: "kairos-io" @@ -14,8 +13,7 @@ packages: - name: kcrypt-challenger binary_name: kcrypt-discovery-challenger category: fips - live: "yes" - version: "0.7.0" + version: "0.8.0" labels: github.repo: "kcrypt-challenger" github.owner: "kairos-io" @@ -23,16 +21,3 @@ packages: - https://github.com/kairos-io/kcrypt-challenger license: "Apache License v2" description: "Cloud native guardian for persistent data in the edge" - #- name: kcrypt-challenger - #binary_name: kcrypt-discovery-challenger - #ldflags: "-linkmode external -extldflags -static" - #category: fips-static - #live: "yes" - #version: "0.5.0" - #labels: - #github.repo: "kcrypt-challenger" - #github.owner: "kairos-io" - #uri: - #- https://github.com/kairos-io/kcrypt-challenger - #license: "Apache License v2" - #description: "Cloud native guardian for persistent data in the edge" diff --git a/packages/system/kcrypt/build.yaml b/packages/system/kcrypt/build.yaml index 1b918d0..b8a29e4 100644 --- a/packages/system/kcrypt/build.yaml +++ b/packages/system/kcrypt/build.yaml @@ -30,7 +30,6 @@ steps: - | PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && \ cd go/src/github.com/${GITHUB_ORG}/{{ .Values.name }}/ && git checkout v"${PACKAGE_VERSION}" -b build && go build -ldflags="${LDFLAGS}" && mv {{.Values.name}} /usr/bin/ - - chmod +x /usr/bin/{{.Values.name}} {{if or (eq .Values.category "fips") (eq .Values.category "fips-static")}} {{ if .Values.arch }} {{ if eq .Values.arch "amd64" }} @@ -38,5 +37,7 @@ steps: {{end}} {{end}} {{end}} + - upx -1 /usr/bin/{{.Values.name}} + - chmod +x /usr/bin/{{.Values.name}} includes: - /usr/bin/{{.Values.name}} diff --git a/packages/system/kcrypt/collection.yaml b/packages/system/kcrypt/collection.yaml index 7ae9a37..b89a3e1 100644 --- a/packages/system/kcrypt/collection.yaml +++ b/packages/system/kcrypt/collection.yaml @@ -12,7 +12,7 @@ packages: description: "Cloud native guardian for persistent data in the edge" - name: kcrypt category: fips - version: "0.9.1" + version: "0.10.0" labels: github.repo: "kcrypt" autobump.revdeps: "true" diff --git a/packages/system/provider-kairos/build.yaml b/packages/system/provider-kairos/build.yaml index a7dde48..7cde58c 100644 --- a/packages/system/provider-kairos/build.yaml +++ b/packages/system/provider-kairos/build.yaml @@ -1,10 +1,13 @@ -image: golang:1.20 +requires: +- name: "toolchain-go-ubuntu" + category: "development" + version: ">=0" env: - CGO_ENABLED=0 - - LDFLAGS="-s -w -X 'github.com/kairos-io/provider-kairos/v2/internal/cli.VERSION={{ .Values.version }}'" + - PACKAGE_VERSION={{ .Values.tag }} + - LDFLAGS="-s -w -X 'github.com/kairos-io/provider-kairos/v2/internal/cli.VERSION={{ .Values.tag }}'" prelude: -- apt-get update -- apt-get install -y git +- apt-get update && apt-get install -y git - git clone https://github.com/kairos-io/provider-kairos - | PACKAGE_VERSION=${PACKAGE_VERSION%\-*} && \ @@ -13,6 +16,7 @@ steps: - mkdir -p /system/providers - cd provider-kairos && go build -ldflags "${LDFLAGS}" -o agent-provider-kairos - mv provider-kairos/agent-provider-kairos /system/providers/agent-provider-kairos +- upx -1 /system/providers/agent-provider-kairos - ln -s /system/providers/agent-provider-kairos /usr/bin/kairos includes: diff --git a/packages/system/provider-kairos/collection.yaml b/packages/system/provider-kairos/collection.yaml index b35ed08..23be36e 100644 --- a/packages/system/provider-kairos/collection.yaml +++ b/packages/system/provider-kairos/collection.yaml @@ -1,7 +1,8 @@ packages: - name: "provider-kairos" category: "system" - version: "2.6.3" + version: "2.6.4" + tag: "2.6.4" labels: github.repo: "provider-kairos" github.owner: "kairos-io" diff --git a/packages/system/systemd/build.yaml b/packages/system/systemd/build.yaml index 6740359..8ca9f7d 100644 --- a/packages/system/systemd/build.yaml +++ b/packages/system/systemd/build.yaml @@ -36,7 +36,7 @@ prelude: - zypper ref && zypper in -y gcc13 git ninja gperf libpcap libpcap-devel libcap-devel cmake libmount-devel rsync diffutils openssl-devel tpm2-* python311-pip python311-cryptography - update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.11 1 - mkdir -p src/ - - PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && cd src/ && git clone --branch v${PACKAGE_VERSION} https://github.com/systemd/systemd.git + - PACKAGE_VERSION=${PACKAGE_VERSION%\-*} && cd src/ && git clone --branch v${PACKAGE_VERSION} https://github.com/systemd/systemd.git steps: # Minimal systemd build, remove almost everything, we only interested in the efi boot files @@ -49,7 +49,7 @@ steps: - pip3 install -r ukify-requirements.txt # install dev tools - pip3 install meson ninja2 - - PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && cd src/systemd && env CC=gcc-13 meson setup build -Dmode=release -Dbootloader=true -Defi=true -Dukify=true -Dblkid=true -Dopenssl=true -Dshared-lib-tag=${PACKAGE_VERSION}-kairos -Dsbat-distro="Kairos" -Dsbat-distro-url="kairos.io" -Dsbat-distro-summary="Kairos" -Dsbat-distro-version="kairos-${PACKAGE_VERSION}" -Ddns-servers='' -Dsysvinit-path= -Dsysvrcnd-path= -Dtpm=false -Dinstall-tests=false -Dnss-resolve=disabled -Dlogind=false -Dcoredump=false -Dhomed=disabled -Dfirstboot=false -Dhostnamed=false -Dhibernate=false -Dinitrd=false -Dimportd=false -Dkernel-install=false -Dlocaled=false -Dmachined=false -Dnetworkd=false -Dnss-myhostname=false -Dnss-mymachines=false -Dnss-systemd=false -Doomd=false -Dportabled=false -Dhwdb=false -Dpstore=false -Dquotacheck=false -Drandomseed=false -Drepart=false -Dresolve=false -Drfkill=false -Dsysext=false -Danalyze=false -Dsysupdate=false -Dsysusers=false -Dstoragetm=false -Dtimedated=false -Dtimesyncd=false -Dtmpfiles=false -Duserdb=false -Dvconsole=false -Dxdg-autostart=false -Didn=false -Dpolkit=false -Dnscd=false -Dkmod=false -Ddbus=false -Dglib=false -Dbacklight=false -Dldconfig=false -Dgshadow=false -Dwheel-group=false -Dadm-group=false -Dxkbcommon=false -Dzstd=false -Dlz4=false -Dutmp=false -Dlink-udev-shared=false -Dlink-systemctl-shared=false -Dlink-networkd-shared=false -Dlink-timesyncd-shared=false -Dlink-journalctl-shared=false -Dlink-boot-shared=false -Dlink-portabled-shared=false -Denvironment-d=false -Dqrencode=false -Dpwquality=false -Dlibcurl=false -Dfdisk=false -Dlibidn2=false -Dlibiptc=false -Ddns-over-tls=false -Didn=false -Dgnutls=false -Dp11kit=false -Dlibidn=false -Dlibidn2=false -Dgcrypt=false -Dxz=false -Dzlib=false -Dbzip2=false + - PACKAGE_VERSION=${PACKAGE_VERSION%\-*} && cd src/systemd && env CC=gcc-13 meson setup build -Dmode=release -Dbootloader=true -Defi=true -Dukify=true -Dblkid=true -Dopenssl=true -Dshared-lib-tag=${PACKAGE_VERSION}-kairos -Dsbat-distro="Kairos" -Dsbat-distro-url="kairos.io" -Dsbat-distro-summary="Kairos" -Dsbat-distro-version="kairos-${PACKAGE_VERSION}" -Ddns-servers='' -Dsysvinit-path= -Dsysvrcnd-path= -Dtpm=false -Dinstall-tests=false -Dnss-resolve=disabled -Dlogind=false -Dcoredump=false -Dhomed=disabled -Dfirstboot=false -Dhostnamed=false -Dhibernate=false -Dinitrd=false -Dimportd=false -Dkernel-install=false -Dlocaled=false -Dmachined=false -Dnetworkd=false -Dnss-myhostname=false -Dnss-mymachines=false -Dnss-systemd=false -Doomd=false -Dportabled=false -Dhwdb=false -Dpstore=false -Dquotacheck=false -Drandomseed=false -Drepart=false -Dresolve=false -Drfkill=false -Dsysext=false -Danalyze=false -Dsysupdate=false -Dsysusers=false -Dstoragetm=false -Dtimedated=false -Dtimesyncd=false -Dtmpfiles=false -Duserdb=false -Dvconsole=false -Dxdg-autostart=false -Didn=false -Dpolkit=false -Dnscd=false -Dkmod=false -Ddbus=false -Dglib=false -Dbacklight=false -Dldconfig=false -Dgshadow=false -Dwheel-group=false -Dadm-group=false -Dxkbcommon=false -Dzstd=false -Dlz4=false -Dutmp=false -Dlink-udev-shared=false -Dlink-systemctl-shared=false -Dlink-networkd-shared=false -Dlink-timesyncd-shared=false -Dlink-journalctl-shared=false -Dlink-boot-shared=false -Dlink-portabled-shared=false -Denvironment-d=false -Dqrencode=false -Dpwquality=false -Dlibcurl=false -Dfdisk=false -Dlibidn2=false -Dlibiptc=false -Ddns-over-tls=false -Didn=false -Dgnutls=false -Dp11kit=false -Dlibidn=false -Dlibidn2=false -Dgcrypt=false -Dxz=false -Dzlib=false -Dbzip2=false - cd src/systemd && ninja -C build - mkdir -p /package/usr/kairos/ - mkdir -p /package/usr/lib/systemd/ @@ -62,10 +62,10 @@ steps: - cp src/systemd/build/systemd-measure /package/usr/lib64/systemd/ - cp src/systemd/build/systemd-measure /package/lib/ - cp src/systemd/build/systemd-measure /package/lib64/ - - PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && cp src/systemd/build/src/shared/libsystemd-shared-${PACKAGE_VERSION}-kairos.so /package/usr/lib/systemd/ - - PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && cp src/systemd/build/src/shared/libsystemd-shared-${PACKAGE_VERSION}-kairos.so /package/usr/lib64/systemd/ - - PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && cp src/systemd/build/src/shared/libsystemd-shared-${PACKAGE_VERSION}-kairos.so /package/lib/ - - PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && cp src/systemd/build/src/shared/libsystemd-shared-${PACKAGE_VERSION}-kairos.so /package/lib64/ + - PACKAGE_VERSION=${PACKAGE_VERSION%\-*} && cp src/systemd/build/src/shared/libsystemd-shared-${PACKAGE_VERSION}-kairos.so /package/usr/lib/systemd/ + - PACKAGE_VERSION=${PACKAGE_VERSION%\-*} && cp src/systemd/build/src/shared/libsystemd-shared-${PACKAGE_VERSION}-kairos.so /package/usr/lib64/systemd/ + - PACKAGE_VERSION=${PACKAGE_VERSION%\-*} && cp src/systemd/build/src/shared/libsystemd-shared-${PACKAGE_VERSION}-kairos.so /package/lib/ + - PACKAGE_VERSION=${PACKAGE_VERSION%\-*} && cp src/systemd/build/src/shared/libsystemd-shared-${PACKAGE_VERSION}-kairos.so /package/lib64/ # ukify is copied in two places according to upstream, I guess to maintain backwards compatibility - src/systemd/build/ukify --version - cp src/systemd/build/ukify /package/usr/bin/ diff --git a/packages/system/systemd/collection.yaml b/packages/system/systemd/collection.yaml index 83d3d7b..9af6a2c 100644 --- a/packages/system/systemd/collection.yaml +++ b/packages/system/systemd/collection.yaml @@ -1,14 +1,14 @@ packages: - name: "systemd-boot" category: "system" - version: "255+6" + version: "255-6" labels: github.repo: "systemd" autobump.revdeps: "true" github.owner: "systemd" - name: "systemd-ukify" category: "system" - version: "255+3" + version: "255-5" labels: github.repo: "systemd" autobump.revdeps: "true" diff --git a/packages/toolchain-go/build.yaml b/packages/toolchain-go/build.yaml index cf60dc4..dd22f3c 100644 --- a/packages/toolchain-go/build.yaml +++ b/packages/toolchain-go/build.yaml @@ -1,11 +1,22 @@ {{ if .Values.variant }} -image: "golang:{{.Values.version}}-{{.Values.variant}}" +image: "golang:{{.Values.tag}}-{{.Values.variant}}" {{ else }} -image: "golang:{{.Values.version}}" +image: "golang:{{.Values.tag}}" {{ end }} -{{ if eq .Values.variant "alpine" }} prelude: +{{ if eq .Values.variant "alpine" }} - apk update - apk add curl make git bash +{{ end }} +{{ if eq .Values.variant "bookworm" }} +- apt-get update && apt-get install -y curl xz-utils +- curl -LO https://github.com/upx/upx/releases/download/v4.2.2/upx-4.2.2-{{ .Values.arch }}_linux.tar.xz +- tar -xvf upx-4.2.2-{{ .Values.arch }}_linux.tar.xz +- mv upx-4.2.2-{{ .Values.arch }}_linux/upx /usr/bin/ +- rm -rf upx-4.2.2-{{ .Values.arch }}_linux +- chmod +x /usr/bin/upx +{{ end }} +{{ if eq .Values.variant "bullseye" }} +- apt-get update && apt-get install -y curl xz-utils upx {{ end }} \ No newline at end of file diff --git a/packages/toolchain-go/collection.yaml b/packages/toolchain-go/collection.yaml index b6a834c..427b9d5 100644 --- a/packages/toolchain-go/collection.yaml +++ b/packages/toolchain-go/collection.yaml @@ -2,7 +2,8 @@ packages: - name: toolchain-go category: development variant: "alpine" - version: "1.21.6" + version: "1.22.2" + tag: "1.21.6" hidden: true labels: autobump.revdeps: "false" @@ -13,11 +14,12 @@ packages: curl -s -L "https://go.dev/dl/?mode=json" |jq -r '.[0].version'| sed 's/go//g' autobump.version_hook: | curl -s -L "https://go.dev/dl/?mode=json" |jq -r '.[0].version'| sed 's/go//g' - package.version: "1.21.6" + package.version: "1.22.2" - name: toolchain-go-ubuntu - variant: "" + variant: "bookworm" category: development - version: "1.21.6" + version: "1.22.2" + tag: "1.21.7" hidden: true labels: autobump.revdeps: "false" @@ -28,11 +30,12 @@ packages: curl -s -L "https://go.dev/dl/?mode=json" |jq -r '.[0].version'| sed 's/go//g' autobump.version_hook: | curl -s -L "https://go.dev/dl/?mode=json" |jq -r '.[0].version'| sed 's/go//g' - package.version: "1.21.6" + package.version: "1.22.2" - name: toolchain-go category: development variant: "alpine" version: "1.20.2" + tag: "1.20.2" hidden: true labels: autobump.revdeps: "false" @@ -44,9 +47,10 @@ packages: autobump.version_hook: | curl -s -L "https://go.dev/dl/?mode=json" |jq -r '.[0].version'| sed 's/go//g' - name: toolchain-go-ubuntu - variant: "" + variant: "bookworm" category: development version: "1.20.2" + tag: "1.20.2" hidden: true labels: autobump.revdeps: "false" @@ -63,12 +67,6 @@ packages: version: "1.19.10" tag: "1.19.10" hidden: true - - name: toolchain-go-ubuntu - variant: "" - category: fips - version: "1.19.10" - tag: "1.19.10" - hidden: true - name: toolchain-go category: fips variant: "alpine" @@ -76,8 +74,8 @@ packages: tag: "1.19.10" hidden: true - name: toolchain-go-ubuntu - variant: "" + variant: "bullseye" category: fips - version: "1.19.10" + version: "1.19.10+1" tag: "1.19.10" hidden: true diff --git a/packages/utils/earthly/definition.yaml b/packages/utils/earthly/definition.yaml index 50add68..aa4f8b8 100644 --- a/packages/utils/earthly/definition.yaml +++ b/packages/utils/earthly/definition.yaml @@ -1,7 +1,7 @@ name: earthly category: utils arch: "amd64" -version: "0.8.3" +version: "0.8.8" labels: github.repo: "earthly" github.owner: "earthly" diff --git a/packages/utils/edgevpn/build.yaml b/packages/utils/edgevpn/build.yaml index 931e85a..f12be7f 100644 --- a/packages/utils/edgevpn/build.yaml +++ b/packages/utils/edgevpn/build.yaml @@ -1,5 +1,5 @@ requires: -- name: "toolchain-go" +- name: "toolchain-go-ubuntu" category: "development" version: ">=0" prelude: @@ -9,10 +9,12 @@ env: - GOPATH=/luetbuild/go/ - GITHUB_ORG={{ ( index .Values.labels "github.owner" ) }} - CGO_ENABLED=0 +- PACKAGE_VERSION={{ .Values.tag }} steps: - | PACKAGE_VERSION=${PACKAGE_VERSION%\-*} && \ cd go/src/github.com/${GITHUB_ORG}/{{ .Values.name }}/ && git checkout v"${PACKAGE_VERSION}" -b build && go build -ldflags="-w -s -X github.com/mudler/edgevpn/internal.Version=v$PACKAGE_VERSION" && mv {{.Values.name}} /usr/bin/ +- upx -1 /usr/bin/{{.Values.name}} - chmod +x /usr/bin/{{.Values.name}} includes: - /usr/bin/{{.Values.name}} diff --git a/packages/utils/edgevpn/definition.yaml b/packages/utils/edgevpn/definition.yaml index 15e339c..a32a414 100644 --- a/packages/utils/edgevpn/definition.yaml +++ b/packages/utils/edgevpn/definition.yaml @@ -1,6 +1,7 @@ name: edgevpn category: utils -version: "0.24.6" +version: "0.25.2" +tag: "0.24.6" labels: github.repo: "edgevpn" github.owner: "mudler" diff --git a/packages/utils/goreleaser/definition.yaml b/packages/utils/goreleaser/definition.yaml index faf7617..dbcfb39 100644 --- a/packages/utils/goreleaser/definition.yaml +++ b/packages/utils/goreleaser/definition.yaml @@ -1,6 +1,6 @@ name: goreleaser category: utils -version: "1.24.0" +version: "1.25.1" description: "Deliver Go binaries as fast and easily as possible" labels: github.repo: "goreleaser" diff --git a/packages/utils/helm/definition.yaml b/packages/utils/helm/definition.yaml index bea332c..8beabee 100644 --- a/packages/utils/helm/definition.yaml +++ b/packages/utils/helm/definition.yaml @@ -1,6 +1,6 @@ name: "helm" category: "utils" -version: "3.14.0" +version: "3.14.4" description: "The Kubernetes Package Manager" license: "Apache-2.0" labels: diff --git a/packages/utils/k9s/build.yaml b/packages/utils/k9s/build.yaml index 311b6cf..7d1448b 100644 --- a/packages/utils/k9s/build.yaml +++ b/packages/utils/k9s/build.yaml @@ -1,10 +1,11 @@ requires: -- name: "toolchain-go" +- name: "toolchain-go-ubuntu" category: "development" version: ">=0" env: - PATH=$PATH:/usr/local/go/bin - CGO_ENABLED=0 +- PACKAGE_VERSION={{ .Values.tag }} prelude: - | PACKAGE_VERSION=v${PACKAGE_VERSION%\-*} && \ @@ -13,6 +14,8 @@ steps: - | cd k9s && \ make build && \ - cp execs/k9s /usr/bin + cp execs/k9s /usr/bin && \ + upx /usr/bin/k9s + includes: - /usr/bin/k9s \ No newline at end of file diff --git a/packages/utils/k9s/definition.yaml b/packages/utils/k9s/definition.yaml index f0300fd..54bc306 100644 --- a/packages/utils/k9s/definition.yaml +++ b/packages/utils/k9s/definition.yaml @@ -1,6 +1,7 @@ name: "k9s" category: "utils" -version: "0.31.7" +version: "0.32.4" +tag: "0.31.7" platform: Linux labels: github.repo: "k9s" diff --git a/packages/utils/kube-vip/definition.yaml b/packages/utils/kube-vip/definition.yaml index ce8227e..cae4602 100644 --- a/packages/utils/kube-vip/definition.yaml +++ b/packages/utils/kube-vip/definition.yaml @@ -1,6 +1,6 @@ name: kube-vip category: utils -version: "0.7.0" +version: "0.8.0" labels: github.repo: "kube-vip" github.owner: "kube-vip" diff --git a/packages/utils/kubectl/build.yaml b/packages/utils/kubectl/build.yaml index 8f3f751..d4f47e3 100644 --- a/packages/utils/kubectl/build.yaml +++ b/packages/utils/kubectl/build.yaml @@ -1,12 +1,13 @@ requires: - category: "development" - name: "toolchain-go" + name: "toolchain-go-ubuntu" version: ">=0" package_dir: /kubectl +env: + - PACKAGE_VERSION={{ .Values.tag }} steps: -- apk add bash - mkdir -p /kubectl/usr/bin - PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && curl -LO "https://dl.k8s.io/release/v$PACKAGE_VERSION/bin/linux/{{.Values.arch}}/kubectl" - PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && curl -LO "https://dl.k8s.io/release/v$PACKAGE_VERSION/bin/linux/{{.Values.arch}}/kubectl.sha256" @@ -16,3 +17,4 @@ steps: - /bin/bash -c 'echo "$(=0" env: - PATH=$PATH:/usr/local/go/bin - CGO_ENABLED=0 +- PACKAGE_VERSION={{ .Values.tag }} prelude: - | PACKAGE_VERSION=v${PACKAGE_VERSION%\-*} && \ @@ -13,6 +14,7 @@ steps: - | cd nerdctl && \ make binaries && \ - make BINDIR=/usr/bin install + make BINDIR=/usr/bin install && \ + upx -1 /usr/bin/nerdctl includes: - /usr/bin/nerdctl \ No newline at end of file diff --git a/packages/utils/nerdctl/definition.yaml b/packages/utils/nerdctl/definition.yaml index 25948b4..72c0e69 100644 --- a/packages/utils/nerdctl/definition.yaml +++ b/packages/utils/nerdctl/definition.yaml @@ -1,6 +1,7 @@ name: "nerdctl" category: "utils" -version: "1.7.2" +version: "2.0.0-beta.4" +tag: "1.7.2" platform: linux labels: github.repo: "nerdctl" diff --git a/packages/utils/operator-sdk/definition.yaml b/packages/utils/operator-sdk/definition.yaml index d832e3a..f688a6b 100644 --- a/packages/utils/operator-sdk/definition.yaml +++ b/packages/utils/operator-sdk/definition.yaml @@ -1,6 +1,6 @@ name: operator-sdk category: utils -version: "1.33.0" +version: "1.34.1" description: " SDK for building Kubernetes applications. Provides high level APIs, useful abstractions, and project scaffolding. " labels: github.repo: "operator-sdk" diff --git a/tools/bump-validator/go.mod b/tools/bump-validator/go.mod index c503503..9ca163d 100644 --- a/tools/bump-validator/go.mod +++ b/tools/bump-validator/go.mod @@ -1,3 +1,3 @@ module github.com/kairos-io/packages/tools/bump-validator -go 1.21.1 +go 1.22.2