4120f820a0
19 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
| 4120f820a0 |
Fix multi-arch builds to preserve OCI config metadata
All checks were successful
Build and Push Base Distro Images / build-and-push (apko/base.yaml, base) (push) Successful in 10m9s
Build and Push Base Distro Images / build-and-push (apko/build.yaml, build) (push) Successful in 10m20s
Build and Push Base Distro Images / build-and-push (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Successful in 10m10s
Build and Push Base Distro Images / build-and-push (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Successful in 10m18s
Build and Push Base Distro Images / build-and-push (apko/flutter-sdk.yaml, flutter-sdk) (push) Successful in 10m5s
Weekly Rebuild (CVE Updates) / rebuild (apko/base.yaml, base) (push) Successful in 9m56s
Weekly Rebuild (CVE Updates) / rebuild (apko/build.yaml, build) (push) Successful in 9m59s
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Successful in 9m59s
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Successful in 10m1s
Weekly Rebuild (CVE Updates) / rebuild (apko/flutter-sdk.yaml, flutter-sdk) (push) Successful in 10m0s
Extract rootfs layer and config from apko OCI archive separately, then generate Dockerfile with ENV, ENTRYPOINT, WORKDIR and USER from the OCI config. Fixes missing environment variables in the final multi-arch image. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
|||
Mathias Beaulieu-Duncan
|
81b219fedc |
Add multi-arch support (amd64 + arm64) for all image variants
All checks were successful
Build and Push Base Distro Images / build-and-push (apko/base.yaml, base) (push) Successful in 9m56s
Build and Push Base Distro Images / build-and-push (apko/build.yaml, build) (push) Successful in 10m8s
Build and Push Base Distro Images / build-and-push (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Successful in 10m4s
Build and Push Base Distro Images / build-and-push (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Successful in 10m9s
Build and Push Base Distro Images / build-and-push (apko/flutter-sdk.yaml, flutter-sdk) (push) Successful in 9m59s
Weekly Rebuild (CVE Updates) / rebuild (apko/base.yaml, base) (push) Successful in 9m51s
Weekly Rebuild (CVE Updates) / rebuild (apko/build.yaml, build) (push) Successful in 9m59s
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Successful in 9m53s
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Successful in 10m1s
Weekly Rebuild (CVE Updates) / rebuild (apko/flutter-sdk.yaml, flutter-sdk) (push) Successful in 10m1s
Check for Upstream Stable Updates / Check .NET stable releases (push) Successful in 1s
Check for Upstream Stable Updates / Check Flutter stable releases (push) Successful in 1s
Check for Upstream Stable Updates / Create release for new Flutter version (push) Has been skipped
Check for Upstream Stable Updates / Check Wolfi package updates (push) Successful in 14s
Check for Upstream Stable Updates / Rebuild and push all variants (apko/base.yaml, base) (push) Successful in 10m0s
Check for Upstream Stable Updates / Rebuild and push all variants (apko/build.yaml, build) (push) Successful in 9m59s
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Successful in 10m2s
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Successful in 10m3s
Check for Upstream Stable Updates / Rebuild and push all variants (apko/flutter-sdk.yaml, flutter-sdk) (push) Successful in 9m54s
Build per-arch apko tarballs separately, then use buildx with QEMU and TARGETARCH to produce a proper multi-platform OCI image index. Each platform gets its correct native rootfs from apko. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|
Mathias Beaulieu-Duncan
|
70fc24a7e6 |
Fix apko install: assign env to shell var before use in URL
Some checks failed
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Blocked by required conditions
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Blocked by required conditions
Check for Upstream Stable Updates / Rebuild and push all variants (apko/flutter-sdk.yaml, flutter-sdk) (push) Blocked by required conditions
Check for Upstream Stable Updates / Create release for new Flutter version (push) Blocked by required conditions
Build and Push Base Distro Images / build-and-push (apko/base.yaml, base) (push) Successful in 40s
Build and Push Base Distro Images / build-and-push (apko/build.yaml, build) (push) Successful in 43s
Build and Push Base Distro Images / build-and-push (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Successful in 49s
Build and Push Base Distro Images / build-and-push (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Successful in 1m5s
Build and Push Base Distro Images / build-and-push (apko/flutter-sdk.yaml, flutter-sdk) (push) Successful in 40s
Weekly Rebuild (CVE Updates) / rebuild (apko/base.yaml, base) (push) Successful in 40s
Weekly Rebuild (CVE Updates) / rebuild (apko/build.yaml, build) (push) Successful in 43s
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Successful in 37s
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Successful in 41s
Weekly Rebuild (CVE Updates) / rebuild (apko/flutter-sdk.yaml, flutter-sdk) (push) Successful in 55s
Check for Upstream Stable Updates / Check Wolfi package updates (push) Successful in 27s
Check for Upstream Stable Updates / Check .NET stable releases (push) Successful in 1s
Check for Upstream Stable Updates / Check Flutter stable releases (push) Successful in 1s
Check for Upstream Stable Updates / Rebuild and push all variants (apko/base.yaml, base) (push) Has been cancelled
Check for Upstream Stable Updates / Rebuild and push all variants (apko/build.yaml, build) (push) Has been cancelled
Gitea drops the second ${{ env.APKO_VERSION }} expansion when multiple
expressions appear on the same line. Assigning to a shell variable
first avoids the bug.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
||
|
Mathias Beaulieu-Duncan
|
193ce6f4c6 |
Upgrade apko from 0.21.0 to 1.1.2
Some checks failed
Check for Upstream Stable Updates / Rebuild and push all variants (apko/base.yaml, base) (push) Blocked by required conditions
Check for Upstream Stable Updates / Rebuild and push all variants (apko/build.yaml, build) (push) Blocked by required conditions
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Blocked by required conditions
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Blocked by required conditions
Check for Upstream Stable Updates / Rebuild and push all variants (apko/flutter-sdk.yaml, flutter-sdk) (push) Blocked by required conditions
Build and Push Base Distro Images / build-and-push (apko/base.yaml, base) (push) Successful in 1m1s
Build and Push Base Distro Images / build-and-push (apko/build.yaml, build) (push) Successful in 1m3s
Build and Push Base Distro Images / build-and-push (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Successful in 42s
Build and Push Base Distro Images / build-and-push (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Successful in 1m4s
Build and Push Base Distro Images / build-and-push (apko/flutter-sdk.yaml, flutter-sdk) (push) Successful in 46s
Weekly Rebuild (CVE Updates) / rebuild (apko/base.yaml, base) (push) Successful in 32s
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Successful in 33s
Weekly Rebuild (CVE Updates) / rebuild (apko/build.yaml, build) (push) Successful in 43s
Weekly Rebuild (CVE Updates) / rebuild (apko/flutter-sdk.yaml, flutter-sdk) (push) Successful in 36s
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Successful in 38s
Check for Upstream Stable Updates / Check .NET stable releases (push) Successful in 1s
Check for Upstream Stable Updates / Check Flutter stable releases (push) Successful in 1s
Check for Upstream Stable Updates / Create release for new Flutter version (push) Has been skipped
Check for Upstream Stable Updates / Check Wolfi package updates (push) Has been cancelled
Fixes wolfi-baselayout install failure caused by symlink tar entry handling that changed in newer Wolfi packages. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|
Mathias Beaulieu-Duncan
|
6593a17aea |
Switch provenance back to mode=max for Docker Scout compliance
Some checks failed
Build and Push Base Distro Images / build-and-push (apko/base.yaml, base) (push) Failing after 33s
Weekly Rebuild (CVE Updates) / rebuild (apko/base.yaml, base) (push) Waiting to run
Weekly Rebuild (CVE Updates) / rebuild (apko/build.yaml, build) (push) Waiting to run
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Waiting to run
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Waiting to run
Weekly Rebuild (CVE Updates) / rebuild (apko/flutter-sdk.yaml, flutter-sdk) (push) Waiting to run
Check for Upstream Stable Updates / Check Wolfi package updates (push) Waiting to run
Check for Upstream Stable Updates / Check .NET stable releases (push) Waiting to run
Check for Upstream Stable Updates / Check Flutter stable releases (push) Waiting to run
Check for Upstream Stable Updates / Rebuild and push all variants (apko/base.yaml, base) (push) Blocked by required conditions
Check for Upstream Stable Updates / Rebuild and push all variants (apko/build.yaml, build) (push) Blocked by required conditions
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Blocked by required conditions
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Blocked by required conditions
Check for Upstream Stable Updates / Rebuild and push all variants (apko/flutter-sdk.yaml, flutter-sdk) (push) Blocked by required conditions
Check for Upstream Stable Updates / Create release for new Flutter version (push) Blocked by required conditions
Build and Push Base Distro Images / build-and-push (apko/build.yaml, build) (push) Failing after 44s
Build and Push Base Distro Images / build-and-push (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Failing after 34s
Build and Push Base Distro Images / build-and-push (apko/flutter-sdk.yaml, flutter-sdk) (push) Has been cancelled
Build and Push Base Distro Images / build-and-push (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Has been cancelled
Attestations are stored as separate manifests in the OCI index, not in the image layers. Docker pull only fetches the platform manifest, so mode=max does not affect actual pull size. Docker Scout requires max mode for full compliance. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|
Mathias Beaulieu-Duncan
|
f9890ff15d |
Pin apko version to avoid GitHub API rate limiting
Some checks failed
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Waiting to run
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Waiting to run
Weekly Rebuild (CVE Updates) / rebuild (apko/flutter-sdk.yaml, flutter-sdk) (push) Waiting to run
Check for Upstream Stable Updates / Check Wolfi package updates (push) Waiting to run
Check for Upstream Stable Updates / Check .NET stable releases (push) Waiting to run
Check for Upstream Stable Updates / Check Flutter stable releases (push) Waiting to run
Check for Upstream Stable Updates / Rebuild and push all variants (apko/base.yaml, base) (push) Blocked by required conditions
Check for Upstream Stable Updates / Rebuild and push all variants (apko/build.yaml, build) (push) Blocked by required conditions
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Blocked by required conditions
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Blocked by required conditions
Check for Upstream Stable Updates / Rebuild and push all variants (apko/flutter-sdk.yaml, flutter-sdk) (push) Blocked by required conditions
Check for Upstream Stable Updates / Create release for new Flutter version (push) Blocked by required conditions
Build and Push Base Distro Images / build-and-push (apko/build.yaml, build) (push) Failing after 27s
Build and Push Base Distro Images / build-and-push (apko/base.yaml, base) (push) Failing after 15s
Build and Push Base Distro Images / build-and-push (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Failing after 16s
Build and Push Base Distro Images / build-and-push (apko/flutter-sdk.yaml, flutter-sdk) (push) Failing after 16s
Build and Push Base Distro Images / build-and-push (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Failing after 22s
Weekly Rebuild (CVE Updates) / rebuild (apko/build.yaml, build) (push) Has been cancelled
Weekly Rebuild (CVE Updates) / rebuild (apko/base.yaml, base) (push) Has been cancelled
Dynamic resolution via api.github.com/repos/.../releases/latest hits the 60 req/hour unauthenticated rate limit when 5 matrix variants run across multiple pipelines. Pin to v0.21.0 as a top-level env var for easy updates. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|
Mathias Beaulieu-Duncan
|
9e93d02602 |
Switch provenance from mode=max to mode=min to reduce image size
Some checks failed
Weekly Rebuild (CVE Updates) / rebuild (apko/flutter-sdk.yaml, flutter-sdk) (push) Waiting to run
Check for Upstream Stable Updates / Rebuild and push all variants (apko/build.yaml, build) (push) Blocked by required conditions
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Blocked by required conditions
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Blocked by required conditions
Check for Upstream Stable Updates / Rebuild and push all variants (apko/flutter-sdk.yaml, flutter-sdk) (push) Blocked by required conditions
Check for Upstream Stable Updates / Check Wolfi package updates (push) Waiting to run
Check for Upstream Stable Updates / Check .NET stable releases (push) Waiting to run
Check for Upstream Stable Updates / Check Flutter stable releases (push) Waiting to run
Check for Upstream Stable Updates / Rebuild and push all variants (apko/base.yaml, base) (push) Blocked by required conditions
Check for Upstream Stable Updates / Create release for new Flutter version (push) Blocked by required conditions
Build and Push Base Distro Images / build-and-push (apko/base.yaml, base) (push) Successful in 39s
Build and Push Base Distro Images / build-and-push (apko/build.yaml, build) (push) Successful in 59s
Build and Push Base Distro Images / build-and-push (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Successful in 51s
Build and Push Base Distro Images / build-and-push (apko/flutter-sdk.yaml, flutter-sdk) (push) Failing after 4s
Build and Push Base Distro Images / build-and-push (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Successful in 52s
Weekly Rebuild (CVE Updates) / rebuild (apko/base.yaml, base) (push) Successful in 46s
Weekly Rebuild (CVE Updates) / rebuild (apko/build.yaml, build) (push) Successful in 34s
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Has been cancelled
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Has been cancelled
mode=max embeds full build logs and environment as attestation layers, roughly doubling the reported image size. mode=min still satisfies provenance compliance with minimal metadata overhead. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|
Mathias Beaulieu-Duncan
|
f72130c6bf |
Add USER 65532 to generated Dockerfile for non-root compliance
Some checks failed
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Waiting to run
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Waiting to run
Weekly Rebuild (CVE Updates) / rebuild (apko/flutter-sdk.yaml, flutter-sdk) (push) Waiting to run
Check for Upstream Stable Updates / Check Wolfi package updates (push) Waiting to run
Check for Upstream Stable Updates / Check .NET stable releases (push) Waiting to run
Check for Upstream Stable Updates / Check Flutter stable releases (push) Waiting to run
Check for Upstream Stable Updates / Rebuild and push all variants (apko/base.yaml, base) (push) Blocked by required conditions
Check for Upstream Stable Updates / Rebuild and push all variants (apko/build.yaml, build) (push) Blocked by required conditions
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Blocked by required conditions
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Blocked by required conditions
Check for Upstream Stable Updates / Rebuild and push all variants (apko/flutter-sdk.yaml, flutter-sdk) (push) Blocked by required conditions
Check for Upstream Stable Updates / Create release for new Flutter version (push) Blocked by required conditions
Build and Push Base Distro Images / build-and-push (apko/base.yaml, base) (push) Successful in 49s
Build and Push Base Distro Images / build-and-push (apko/build.yaml, build) (push) Successful in 58s
Build and Push Base Distro Images / build-and-push (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Successful in 51s
Build and Push Base Distro Images / build-and-push (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Successful in 1m8s
Build and Push Base Distro Images / build-and-push (apko/flutter-sdk.yaml, flutter-sdk) (push) Successful in 39s
Weekly Rebuild (CVE Updates) / rebuild (apko/build.yaml, build) (push) Has been cancelled
Weekly Rebuild (CVE Updates) / rebuild (apko/base.yaml, base) (push) Has been cancelled
The FROM scratch + ADD pattern loses apko's OCI config metadata including the run-as user. Adding USER 65532 to the Dockerfile restores the non-root default that Docker Scout checks for. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|
Mathias Beaulieu-Duncan
|
7c2d558a35 |
Replace cosign with docker buildx for SBOM and provenance attestations
Some checks failed
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Blocked by required conditions
Check for Upstream Stable Updates / Rebuild and push all variants (apko/flutter-sdk.yaml, flutter-sdk) (push) Blocked by required conditions
Check for Upstream Stable Updates / Create release for new Flutter version (push) Blocked by required conditions
Build and Push Base Distro Images / build-and-push (apko/base.yaml, base) (push) Successful in 38s
Build and Push Base Distro Images / build-and-push (apko/build.yaml, build) (push) Successful in 57s
Build and Push Base Distro Images / build-and-push (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Successful in 50s
Build and Push Base Distro Images / build-and-push (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Successful in 1m10s
Build and Push Base Distro Images / build-and-push (apko/flutter-sdk.yaml, flutter-sdk) (push) Successful in 40s
Weekly Rebuild (CVE Updates) / rebuild (apko/base.yaml, base) (push) Successful in 41s
Weekly Rebuild (CVE Updates) / rebuild (apko/build.yaml, build) (push) Successful in 39s
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Successful in 37s
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Successful in 37s
Check for Upstream Stable Updates / Check Wolfi package updates (push) Successful in 19s
Check for Upstream Stable Updates / Check .NET stable releases (push) Successful in 1s
Check for Upstream Stable Updates / Check Flutter stable releases (push) Successful in 5s
Weekly Rebuild (CVE Updates) / rebuild (apko/flutter-sdk.yaml, flutter-sdk) (push) Successful in 46s
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Has been cancelled
Check for Upstream Stable Updates / Rebuild and push all variants (apko/build.yaml, build) (push) Has been cancelled
Check for Upstream Stable Updates / Rebuild and push all variants (apko/base.yaml, base) (push) Successful in 34s
Cosign keyless mode requires OIDC browser auth which is not viable in CI. Switch all three pipelines to use apko build + docker buildx with --sbom=true and --provenance=mode=max for automatic attestation. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|
Mathias Beaulieu-Duncan
|
510bfa01b9 |
Fix provenance: pass only predicate to cosign, not full in-toto statement
Some checks failed
Build and Push Base Distro Images / build-and-push (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Has been cancelled
Build and Push Base Distro Images / build-and-push (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Has been cancelled
Build and Push Base Distro Images / build-and-push (apko/flutter-sdk.yaml, flutter-sdk) (push) Has been cancelled
Build and Push Base Distro Images / build-and-push (apko/base.yaml, base) (push) Has been cancelled
Build and Push Base Distro Images / build-and-push (apko/build.yaml, build) (push) Has been cancelled
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Has been cancelled
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Has been cancelled
Weekly Rebuild (CVE Updates) / rebuild (apko/flutter-sdk.yaml, flutter-sdk) (push) Has been cancelled
Weekly Rebuild (CVE Updates) / rebuild (apko/build.yaml, build) (push) Has been cancelled
Weekly Rebuild (CVE Updates) / rebuild (apko/base.yaml, base) (push) Has been cancelled
Check for Upstream Stable Updates / Check .NET stable releases (push) Successful in 1s
Check for Upstream Stable Updates / Rebuild and push all variants (apko/base.yaml, base) (push) Has been cancelled
Check for Upstream Stable Updates / Rebuild and push all variants (apko/build.yaml, build) (push) Has been cancelled
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Has been cancelled
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Has been cancelled
Check for Upstream Stable Updates / Rebuild and push all variants (apko/flutter-sdk.yaml, flutter-sdk) (push) Has been cancelled
Check for Upstream Stable Updates / Create release for new Flutter version (push) Has been cancelled
Check for Upstream Stable Updates / Check Wolfi package updates (push) Has been cancelled
Check for Upstream Stable Updates / Check Flutter stable releases (push) Has been cancelled
cosign attest --type slsaprovenance expects the predicate JSON only (builder, buildType, invocation, metadata). It wraps it in the in-toto statement envelope itself. Passing the full statement caused cosign to look for builder at the wrong nesting level. Ref: https://github.com/sigstore/cosign/issues/3757 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|
Mathias Beaulieu-Duncan
|
b3372fce38 |
Add versioned tags with auto-incrementing build number
Some checks failed
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Waiting to run
Weekly Rebuild (CVE Updates) / rebuild (apko/flutter-sdk.yaml, flutter-sdk) (push) Waiting to run
Check for Upstream Stable Updates / Rebuild and push all variants (apko/base.yaml, base) (push) Blocked by required conditions
Check for Upstream Stable Updates / Rebuild and push all variants (apko/build.yaml, build) (push) Blocked by required conditions
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Blocked by required conditions
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Blocked by required conditions
Check for Upstream Stable Updates / Rebuild and push all variants (apko/flutter-sdk.yaml, flutter-sdk) (push) Blocked by required conditions
Check for Upstream Stable Updates / Check Wolfi package updates (push) Waiting to run
Check for Upstream Stable Updates / Check .NET stable releases (push) Waiting to run
Check for Upstream Stable Updates / Check Flutter stable releases (push) Waiting to run
Check for Upstream Stable Updates / Create release for new Flutter version (push) Blocked by required conditions
Build and Push Base Distro Images / build-and-push (apko/base.yaml, base) (push) Failing after 27s
Build and Push Base Distro Images / build-and-push (apko/build.yaml, build) (push) Failing after 29s
Build and Push Base Distro Images / build-and-push (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Failing after 35s
Build and Push Base Distro Images / build-and-push (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Failing after 32s
Build and Push Base Distro Images / build-and-push (apko/flutter-sdk.yaml, flutter-sdk) (push) Failing after 26s
Weekly Rebuild (CVE Updates) / rebuild (apko/base.yaml, base) (push) Failing after 25s
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Has been cancelled
Weekly Rebuild (CVE Updates) / rebuild (apko/build.yaml, build) (push) Has been cancelled
Each variant now gets a versioned tag alongside -latest: - base/build: glibc version (e.g. base-2.42.1, base-2.42.2) - dotnet-runtime: .NET runtime version (e.g. dotnet-runtime-10.0.0.1) - dotnet-sdk: .NET SDK version (e.g. dotnet-sdk-10.0.100.1) - flutter-sdk: Flutter version (e.g. flutter-sdk-3.38.9.1) The build number auto-increments by querying existing tags on DockerHub. Also fixes provenance JSON (use jq instead of heredoc) and adds push-on-self triggers for publish/rebuild pipelines. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|
Mathias Beaulieu-Duncan
|
dcedc113e8 |
Fix provenance JSON: use jq instead of heredoc to avoid whitespace
Some checks failed
Check for Upstream Stable Updates / Rebuild and push all variants (apko/flutter-sdk.yaml, flutter-sdk) (push) Blocked by required conditions
Check for Upstream Stable Updates / Create release for new Flutter version (push) Blocked by required conditions
Weekly Rebuild (CVE Updates) / rebuild (apko/base.yaml, base) (push) Failing after 24s
Weekly Rebuild (CVE Updates) / rebuild (apko/build.yaml, build) (push) Failing after 24s
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Failing after 27s
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Failing after 28s
Check for Upstream Stable Updates / Check Wolfi package updates (push) Successful in 14s
Check for Upstream Stable Updates / Check .NET stable releases (push) Successful in 1s
Check for Upstream Stable Updates / Check Flutter stable releases (push) Successful in 1s
Check for Upstream Stable Updates / Rebuild and push all variants (apko/base.yaml, base) (push) Failing after 17s
Check for Upstream Stable Updates / Rebuild and push all variants (apko/build.yaml, build) (push) Failing after 21s
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Failing after 20s
Weekly Rebuild (CVE Updates) / rebuild (apko/flutter-sdk.yaml, flutter-sdk) (push) Has been cancelled
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Has been cancelled
The heredoc with YAML indentation produced JSON with leading spaces, causing cosign to fail with "required field builder missing". Use jq -n with --arg to generate clean JSON. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|
Mathias Beaulieu-Duncan
|
2e07c31e99 |
Add SBOM and provenance attestations via cosign
Some checks failed
Weekly Rebuild (CVE Updates) / rebuild (apko/build.yaml, build) (push) Failing after 28s
Weekly Rebuild (CVE Updates) / rebuild (apko/base.yaml, base) (push) Failing after 30s
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Failing after 26s
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Failing after 26s
Check for Upstream Stable Updates / Check Wolfi package updates (push) Successful in 16s
Check for Upstream Stable Updates / Check .NET stable releases (push) Successful in 2s
Weekly Rebuild (CVE Updates) / rebuild (apko/flutter-sdk.yaml, flutter-sdk) (push) Failing after 27s
Check for Upstream Stable Updates / Rebuild and push all variants (apko/base.yaml, base) (push) Failing after 22s
Check for Upstream Stable Updates / Rebuild and push all variants (apko/build.yaml, build) (push) Failing after 22s
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Failing after 22s
Check for Upstream Stable Updates / Check Flutter stable releases (push) Successful in 2s
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Failing after 24s
Check for Upstream Stable Updates / Create release for new Flutter version (push) Has been skipped
Check for Upstream Stable Updates / Rebuild and push all variants (apko/flutter-sdk.yaml, flutter-sdk) (push) Failing after 20s
Use cosign to attach SPDX SBOM (generated by apko) and SLSA provenance attestations to all published images. Applied to publish, rebuild, and update-check pipelines. Also added push trigger on self-path for rebuild.yaml. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|
Mathias Beaulieu-Duncan
|
d6cac3cc8b |
Fix apko tar extraction: binary is in a subdirectory
Some checks failed
Check for Upstream Stable Updates / Check .NET stable releases (push) Successful in 2s
Check for Upstream Stable Updates / Check Flutter stable releases (push) Successful in 2s
Check for Upstream Stable Updates / Create release for new Flutter version (push) Has been skipped
Check for Upstream Stable Updates / Check Wolfi package updates (push) Successful in 15s
Check for Upstream Stable Updates / Rebuild and push all variants (apko/base.yaml, base) (push) Failing after 3s
Check for Upstream Stable Updates / Rebuild and push all variants (apko/build.yaml, build) (push) Failing after 3s
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Failing after 3s
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Failing after 3s
Check for Upstream Stable Updates / Rebuild and push all variants (apko/flutter-sdk.yaml, flutter-sdk) (push) Failing after 3s
The tarball contains apko_1.1.2_linux_amd64/apko, not a flat apko binary. Use --strip-components=1 to extract correctly. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|
Mathias Beaulieu-Duncan
|
b2bf4e309a |
Fix apko asset filename: include version number
Some checks failed
Check for Upstream Stable Updates / Check .NET stable releases (push) Successful in 1s
Check for Upstream Stable Updates / Check Wolfi package updates (push) Failing after 3s
Check for Upstream Stable Updates / Check Flutter stable releases (push) Successful in 2s
Check for Upstream Stable Updates / Rebuild and push all variants (apko/base.yaml, base) (push) Has been skipped
Check for Upstream Stable Updates / Rebuild and push all variants (apko/build.yaml, build) (push) Has been skipped
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Has been skipped
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Has been skipped
Check for Upstream Stable Updates / Rebuild and push all variants (apko/flutter-sdk.yaml, flutter-sdk) (push) Has been skipped
Check for Upstream Stable Updates / Create release for new Flutter version (push) Has been skipped
Asset naming is apko_1.1.2_linux_amd64.tar.gz, not apko_linux_amd64.tar.gz. Strip the v prefix from the tag to build the correct filename. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|
Mathias Beaulieu-Duncan
|
3bd65d9e05 |
Fix apko install: resolve version via GitHub API instead of /latest redirect
Some checks failed
Check for Upstream Stable Updates / Check .NET stable releases (push) Successful in 1s
Check for Upstream Stable Updates / Check Wolfi package updates (push) Failing after 2s
Check for Upstream Stable Updates / Check Flutter stable releases (push) Successful in 1s
Check for Upstream Stable Updates / Rebuild and push all variants (apko/base.yaml, base) (push) Has been skipped
Check for Upstream Stable Updates / Rebuild and push all variants (apko/build.yaml, build) (push) Has been skipped
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Has been skipped
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Has been skipped
Check for Upstream Stable Updates / Rebuild and push all variants (apko/flutter-sdk.yaml, flutter-sdk) (push) Has been skipped
Check for Upstream Stable Updates / Create release for new Flutter version (push) Has been skipped
The Gitea runner doesn't follow GitHub's /latest/download/ 302 redirect properly. Resolve the version tag explicitly via the GitHub API, then download from the versioned URL directly. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|
Mathias Beaulieu-Duncan
|
ee428c1331 |
Fix apko install URL and Flutter release check in CI pipelines
- apko release assets use lowercase OS and Go arch naming (linux_amd64), but uname returns Linux and x86_64. Map with tr/sed before building the download URL. - Flutter release check used curl -fsSL which fails on 404 when the release doesn't exist yet. Switch to -sS so the step continues and correctly detects new versions. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|
Mathias Beaulieu-Duncan
|
60d6d3bbec |
Rename flutter to flutter-sdk, add curl to runtime, add update-check pipeline
Some checks failed
Weekly Rebuild (CVE Updates) / rebuild (apko/base.yaml, base) (push) Failing after 2s
Weekly Rebuild (CVE Updates) / rebuild (apko/build.yaml, build) (push) Failing after 3s
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Failing after 2s
Weekly Rebuild (CVE Updates) / rebuild (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Failing after 4s
Weekly Rebuild (CVE Updates) / rebuild (apko/flutter-sdk.yaml, flutter-sdk) (push) Failing after 2s
Check for Upstream Stable Updates / Check .NET stable releases (push) Successful in 1s
Check for Upstream Stable Updates / Check Wolfi package updates (push) Failing after 3s
Check for Upstream Stable Updates / Check Flutter stable releases (push) Failing after 1s
Check for Upstream Stable Updates / Rebuild and push all variants (apko/base.yaml, base) (push) Has been skipped
Check for Upstream Stable Updates / Rebuild and push all variants (apko/build.yaml, build) (push) Has been skipped
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-runtime.yaml, dotnet-runtime) (push) Has been skipped
Check for Upstream Stable Updates / Rebuild and push all variants (apko/dotnet-sdk.yaml, dotnet-sdk) (push) Has been skipped
Check for Upstream Stable Updates / Rebuild and push all variants (apko/flutter-sdk.yaml, flutter-sdk) (push) Has been skipped
Check for Upstream Stable Updates / Create release for new Flutter version (push) Has been skipped
- Rename flutter variant to flutter-sdk for clarity across all configs and pipelines - Add curl to dotnet-runtime apko config (needed to bootstrap .NET runtime installation in downstream Dockerfiles) - Add daily update-check pipeline that monitors Flutter stable channel and Wolfi package updates, auto-creates releases for new Flutter versions and rebuilds all variants with latest packages Tested all variants with real workloads: - dotnet-sdk: dotnet new console + build + run - dotnet-runtime: multi-stage build, run prebuilt app - flutter-sdk: flutter create + build web --release Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|
Mathias Beaulieu-Duncan
|
734939fd12 |
Initial base distro with apko/Wolfi configs
Five minimal OCI image variants built with apko: - base: ~5.5MB glibc runtime (wolfi-baselayout, libstdc++, ca-certs, tzdata) - build: base + build tools (bash, git, curl, wget, unzip, xz) - dotnet-runtime: base + ICU, OpenSSL, zlib for .NET runtime - dotnet-sdk: build + ICU, OpenSSL, zlib for .NET SDK - flutter: build variant configured for Flutter SDK Includes melange package definitions for .NET 10 SDK/runtime and Flutter SDK (for future use when building custom APKs). CI/CD pipelines: publish on release, Scout CVE comparison on PRs, weekly rebuild for Wolfi security patches. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
