From 3c23e1388f1fcaf7022d9a915d00731980bda27c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 4 Jul 2024 09:54:48 +0000 Subject: [PATCH] Pin dependencies --- examples/bundle/Dockerfile | 2 +- examples/byoi/fedora-fips/Dockerfile | 6 +++--- examples/byoi/fedora/Dockerfile | 4 ++-- examples/byoi/rockylinux-fips/Dockerfile | 6 +++--- examples/byoi/ubuntu-fips/Dockerfile | 6 +++--- examples/byoi/ubuntu-non-hwe/Dockerfile | 2 +- images/Dockerfile.alpine | 2 +- images/Dockerfile.debian | 2 +- images/Dockerfile.kairos-alpine | 4 ++-- images/Dockerfile.kairos-debian | 4 ++-- images/Dockerfile.kairos-opensuse | 2 +- images/Dockerfile.kairos-rhel | 2 +- images/Dockerfile.kairos-ubuntu | 4 ++-- images/Dockerfile.nvidia | 2 +- images/Dockerfile.ubuntu | 2 +- 15 files changed, 25 insertions(+), 25 deletions(-) diff --git a/examples/bundle/Dockerfile b/examples/bundle/Dockerfile index ad75e613d..1b0901d7c 100644 --- a/examples/bundle/Dockerfile +++ b/examples/bundle/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine as build +FROM alpine@sha256:b89d9c93e9ed3597455c90a0b88a8bbb5cb7188438f70953fede212a0c4394e0 as build # Install a binary RUN wget https://github.com/ipfs/kubo/releases/download/v0.15.0/kubo_v0.15.0_linux-amd64.tar.gz -O kubo.tar.gz diff --git a/examples/byoi/fedora-fips/Dockerfile b/examples/byoi/fedora-fips/Dockerfile index 4b94cdde1..134c5f5ce 100644 --- a/examples/byoi/fedora-fips/Dockerfile +++ b/examples/byoi/fedora-fips/Dockerfile @@ -1,8 +1,8 @@ -ARG BASE_IMAGE=fedora:36 +ARG BASE_IMAGE=fedora:36@sha256:64cd00a0e2b92d527c0a0954162a73e85f160e3a53c38325b51e87d6aab4e266 FROM $BASE_IMAGE as base # Generate os-release file -FROM quay.io/kairos/osbuilder-tools:latest as osbuilder +FROM quay.io/kairos/osbuilder-tools:latest@sha256:6ad4d6ccf0dc0570b817271fe1b6a5c6b714405152182fecf025c3984cf3621c as osbuilder RUN zypper install -y gettext && zypper clean RUN mkdir /workspace COPY --from=base /etc/os-release /workspace/os-release @@ -76,7 +76,7 @@ RUN mkdir -p /run/lock && \ # Copy the os-release file to identify the OS COPY --from=osbuilder /workspace/os-release /etc/os-release -COPY --from=quay.io/kairos/framework:master_fips-systemd / / +COPY --from=quay.io/kairos/framework:master_fips-systemd@sha256:b4c475bba210cff0ba503ba15da67d463f2a93b470cb3432b4e2d755af25f64c / / # Copy the custom dracut config file COPY dracut.conf /etc/dracut.conf.d/kairos-fips.conf diff --git a/examples/byoi/fedora/Dockerfile b/examples/byoi/fedora/Dockerfile index 96b9d8ade..500e34c9d 100644 --- a/examples/byoi/fedora/Dockerfile +++ b/examples/byoi/fedora/Dockerfile @@ -1,4 +1,4 @@ -ARG BASE_IMAGE=fedora:36 +ARG BASE_IMAGE=fedora:36@sha256:64cd00a0e2b92d527c0a0954162a73e85f160e3a53c38325b51e87d6aab4e266 FROM $BASE_IMAGE @@ -46,7 +46,7 @@ RUN dnf install -y \ RUN mkdir -p /run/lock RUN touch /usr/libexec/.keep -COPY --from=quay.io/kairos/framework:master_fedora / / +COPY --from=quay.io/kairos/framework:master_fedora@sha256:e4d8facc9464a2cfdf0b32cf7bf9832ed7f76cd7113f194975d9278d89c7e6a6 / / # Activate Kairos services RUN systemctl enable cos-setup-reconcile.timer && \ diff --git a/examples/byoi/rockylinux-fips/Dockerfile b/examples/byoi/rockylinux-fips/Dockerfile index 090642cb6..698e31a48 100644 --- a/examples/byoi/rockylinux-fips/Dockerfile +++ b/examples/byoi/rockylinux-fips/Dockerfile @@ -1,8 +1,8 @@ -ARG BASE_IMAGE=rockylinux:9 +ARG BASE_IMAGE=rockylinux:9@sha256:d7be1c094cc5845ee815d4632fe377514ee6ebcf8efaed6892889657e5ddaaa6 FROM $BASE_IMAGE as base # Generate os-release file -FROM quay.io/kairos/osbuilder-tools:latest as osbuilder +FROM quay.io/kairos/osbuilder-tools:latest@sha256:6ad4d6ccf0dc0570b817271fe1b6a5c6b714405152182fecf025c3984cf3621c as osbuilder RUN zypper install -y gettext && zypper clean RUN mkdir /workspace COPY --from=base /etc/os-release /workspace/os-release @@ -78,7 +78,7 @@ RUN systemctl enable sshd # Copy the os-release file to identify the OS COPY --from=osbuilder /workspace/os-release /etc/os-release -COPY --from=quay.io/kairos/framework:master_fips-systemd / / +COPY --from=quay.io/kairos/framework:master_fips-systemd@sha256:b4c475bba210cff0ba503ba15da67d463f2a93b470cb3432b4e2d755af25f64c / / # Copy the custom dracut config file COPY dracut.conf /etc/dracut.conf.d/kairos-fips.conf diff --git a/examples/byoi/ubuntu-fips/Dockerfile b/examples/byoi/ubuntu-fips/Dockerfile index 51aaa1c18..22a01235e 100644 --- a/examples/byoi/ubuntu-fips/Dockerfile +++ b/examples/byoi/ubuntu-fips/Dockerfile @@ -1,12 +1,12 @@ # Kairos framework packages for ubuntu fips -FROM quay.io/kairos/framework:master_fips-systemd as kairos-fips +FROM quay.io/kairos/framework:master_fips-systemd@sha256:b4c475bba210cff0ba503ba15da67d463f2a93b470cb3432b4e2d755af25f64c as kairos-fips # Base ubuntu image (focal) -FROM ubuntu:focal as base +FROM ubuntu:focal@sha256:0b897358ff6624825fb50d20ffb605ab0eaea77ced0adb8c6a4b756513dec6fc as base # Generate os-release file -FROM quay.io/kairos/osbuilder-tools:latest as osbuilder +FROM quay.io/kairos/osbuilder-tools:latest@sha256:6ad4d6ccf0dc0570b817271fe1b6a5c6b714405152182fecf025c3984cf3621c as osbuilder RUN zypper install -y gettext && zypper clean RUN mkdir /workspace COPY --from=base /etc/os-release /workspace/os-release diff --git a/examples/byoi/ubuntu-non-hwe/Dockerfile b/examples/byoi/ubuntu-non-hwe/Dockerfile index 6118d3147..d27df97f5 100644 --- a/examples/byoi/ubuntu-non-hwe/Dockerfile +++ b/examples/byoi/ubuntu-non-hwe/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:22.04 +FROM ubuntu:22.04@sha256:340d9b015b194dc6e2a13938944e0d016e57b9679963fdeb9ce021daac430221 RUN apt-get update && \ apt-get install -y --no-install-recommends \ linux-image-generic diff --git a/images/Dockerfile.alpine b/images/Dockerfile.alpine index 40cc4e148..dd9d4d4d4 100644 --- a/images/Dockerfile.alpine +++ b/images/Dockerfile.alpine @@ -8,7 +8,7 @@ ARG FAMILY=alpine ARG FLAVOR ARG FLAVOR_RELEASE ARG MODEL=generic -ARG BASE_IMAGE=alpine:3.19 +ARG BASE_IMAGE=alpine:3.19@sha256:af4785ccdbcd5cde71bfd5b93eabd34250b98651f19fe218c91de6c8d10e21c5 ARG VARIANT ARG VERSION ARG FRAMEWORK_VERSION=main diff --git a/images/Dockerfile.debian b/images/Dockerfile.debian index 39d944828..ced3bc756 100644 --- a/images/Dockerfile.debian +++ b/images/Dockerfile.debian @@ -8,7 +8,7 @@ ARG FAMILY=debian ARG FLAVOR ARG FLAVOR_RELEASE ARG MODEL=generic -ARG BASE_IMAGE=debian:testing +ARG BASE_IMAGE=debian:testing@sha256:45461c02ed0ca82ae6fed79f4d9e8c8e1f503b5d237355ba10b8972386e490e7 ARG VARIANT ARG VERSION ARG FRAMEWORK_VERSION=main diff --git a/images/Dockerfile.kairos-alpine b/images/Dockerfile.kairos-alpine index ff839a8b3..4b3d2e34a 100644 --- a/images/Dockerfile.kairos-alpine +++ b/images/Dockerfile.kairos-alpine @@ -7,10 +7,10 @@ ARG FAMILY=alpine ARG FLAVOR ARG FLAVOR_RELEASE ARG MODEL=generic -ARG BASE_IMAGE=alpine:3.19 +ARG BASE_IMAGE=alpine:3.19@sha256:af4785ccdbcd5cde71bfd5b93eabd34250b98651f19fe218c91de6c8d10e21c5 ARG VARIANT ARG VERSION -ARG FRAMEWORK_VERSION=main +ARG FRAMEWORK_VERSION=main@sha256:0283fb033b996f66820a77248c2c80d1ad7bd406f4303df16747d0b478c71f3e ############################################################### #### Common #### diff --git a/images/Dockerfile.kairos-debian b/images/Dockerfile.kairos-debian index 60c85c1d4..2e3f68482 100644 --- a/images/Dockerfile.kairos-debian +++ b/images/Dockerfile.kairos-debian @@ -7,10 +7,10 @@ ARG FAMILY=debian ARG FLAVOR ARG FLAVOR_RELEASE ARG MODEL=generic -ARG BASE_IMAGE=debian:testing +ARG BASE_IMAGE=debian:testing@sha256:45461c02ed0ca82ae6fed79f4d9e8c8e1f503b5d237355ba10b8972386e490e7 ARG VARIANT ARG VERSION -ARG FRAMEWORK_VERSION=main +ARG FRAMEWORK_VERSION=main@sha256:0283fb033b996f66820a77248c2c80d1ad7bd406f4303df16747d0b478c71f3e ############################################################### #### Upstream Images #### diff --git a/images/Dockerfile.kairos-opensuse b/images/Dockerfile.kairos-opensuse index 649215615..34dc901db 100644 --- a/images/Dockerfile.kairos-opensuse +++ b/images/Dockerfile.kairos-opensuse @@ -10,7 +10,7 @@ ARG MODEL=generic ARG BASE_IMAGE ARG VARIANT ARG VERSION -ARG FRAMEWORK_VERSION=main +ARG FRAMEWORK_VERSION=main@sha256:0283fb033b996f66820a77248c2c80d1ad7bd406f4303df16747d0b478c71f3e FROM $BASE_IMAGE AS base diff --git a/images/Dockerfile.kairos-rhel b/images/Dockerfile.kairos-rhel index f52eabff7..6ada2e996 100644 --- a/images/Dockerfile.kairos-rhel +++ b/images/Dockerfile.kairos-rhel @@ -10,7 +10,7 @@ ARG MODEL=generic ARG BASE_IMAGE ARG VARIANT ARG VERSION -ARG FRAMEWORK_VERSION=main +ARG FRAMEWORK_VERSION=main@sha256:0283fb033b996f66820a77248c2c80d1ad7bd406f4303df16747d0b478c71f3e ARG BOOTLOADER=grub FROM $BASE_IMAGE AS base diff --git a/images/Dockerfile.kairos-ubuntu b/images/Dockerfile.kairos-ubuntu index 07df44764..5d2d8da95 100644 --- a/images/Dockerfile.kairos-ubuntu +++ b/images/Dockerfile.kairos-ubuntu @@ -20,7 +20,7 @@ ARG MODEL=generic ARG BASE_IMAGE ARG VARIANT ARG VERSION -ARG FRAMEWORK_VERSION=main +ARG FRAMEWORK_VERSION=main@sha256:0283fb033b996f66820a77248c2c80d1ad7bd406f4303df16747d0b478c71f3e ARG BOOTLOADER=grub ############################################################### @@ -41,7 +41,7 @@ FROM ${BASE_IMAGE} AS ubuntu-22.04-upstream # Ubuntu and the zfsutils-linux package, there is a fix in # nohang upstream but it's not yet available in the Ubuntu # package, so we build it from source -FROM ubuntu:22.04 as nohang-src +FROM ubuntu:22.04@sha256:340d9b015b194dc6e2a13938944e0d016e57b9679963fdeb9ce021daac430221 as nohang-src WORKDIR /root RUN apt-get update \ && apt-get install -y --no-install-recommends \ diff --git a/images/Dockerfile.nvidia b/images/Dockerfile.nvidia index 9669bbd38..b8d2204f3 100644 --- a/images/Dockerfile.nvidia +++ b/images/Dockerfile.nvidia @@ -1,4 +1,4 @@ -FROM ubuntu:20.04 as base +FROM ubuntu:20.04@sha256:0b897358ff6624825fb50d20ffb605ab0eaea77ced0adb8c6a4b756513dec6fc as base RUN apt-get update RUN apt-get install -y ca-certificates diff --git a/images/Dockerfile.ubuntu b/images/Dockerfile.ubuntu index 86d0d9365..a1b899147 100644 --- a/images/Dockerfile.ubuntu +++ b/images/Dockerfile.ubuntu @@ -42,7 +42,7 @@ FROM ${BASE_IMAGE} AS ubuntu-22.04-upstream # Ubuntu and the zfsutils-linux package, there is a fix in # nohang upstream but it's not yet available in the Ubuntu # package, so we build it from source -FROM ubuntu:22.04 as nohang-src +FROM ubuntu:22.04@sha256:340d9b015b194dc6e2a13938944e0d016e57b9679963fdeb9ce021daac430221 as nohang-src WORKDIR /root RUN apt-get update \ && apt-get install -y --no-install-recommends \