From bba9c5a765d8bb3cbb0fdb0ba6f76cd3378bbeed Mon Sep 17 00:00:00 2001 From: Tosone Date: Sun, 22 Sep 2024 12:44:48 +0800 Subject: [PATCH] :sparkles: Update push builder image dockerfile (#404) --- build/all.alpine.Dockerfile | 71 +++++++++++-------- build/all.debian.Dockerfile | 9 +++ build/local.Dockerfile | 19 ++--- cmd/tools.go | 18 ++--- deploy/sigma/templates/configmap.yaml | 2 +- deploy/sigma/templates/post-job.yaml | 29 +++++--- deploy/sigma/templates/server/deployment.yaml | 8 +-- deploy/sigma/templates/worker/deployment.yaml | 8 +-- deploy/sigma/values.yaml | 8 +-- go.mod | 18 ++--- go.sum | 36 +++++----- 11 files changed, 126 insertions(+), 100 deletions(-) diff --git a/build/all.alpine.Dockerfile b/build/all.alpine.Dockerfile index dcbd8aea..749f0805 100644 --- a/build/all.alpine.Dockerfile +++ b/build/all.alpine.Dockerfile @@ -7,8 +7,8 @@ FROM --platform=$BUILDPLATFORM node:${NODE_VERSION} AS web-builder ARG USE_MIRROR=false RUN set -eux && \ - if [ "$USE_MIRROR" = true ]; then sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories; fi && \ - apk add --no-cache make bash ncurses build-base + if [ "$USE_MIRROR" = true ]; then sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories; fi && \ + apk add --no-cache make bash ncurses build-base COPY ./web /web @@ -23,12 +23,12 @@ ARG TARGETOS TARGETARCH ARG USE_MIRROR=false RUN set -eux && \ - if [ "$USE_MIRROR" = true ]; then sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories; fi && \ - apk add --no-cache wget && \ - wget --progress=dot:giga -O syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz https://github.com/anchore/syft/releases/download/v"${SYFT_VERSION}"/syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz && \ - tar -xzf syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz && \ - mv syft /usr/local/bin/syft && \ - rm syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz + if [ "$USE_MIRROR" = true ]; then sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories; fi && \ + apk add --no-cache wget && \ + wget --progress=dot:giga -O syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz https://github.com/anchore/syft/releases/download/v"${SYFT_VERSION}"/syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz && \ + tar -xzf syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz && \ + mv syft /usr/local/bin/syft && \ + rm syft_"${SYFT_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz FROM alpine:${ALPINE_VERSION} AS trivy @@ -40,20 +40,20 @@ ARG TARGETOS TARGETARCH SHELL ["/bin/ash", "-eo", "pipefail", "-c"] RUN set -eux && \ - if [ "$USE_MIRROR" = true ]; then sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories; fi && \ - apk add --no-cache wget && \ - case "${TARGETARCH}" in \ - amd64) export TRIVYARCH='64bit' ;; \ - arm64) export TRIVYARCH='ARM64' ;; \ - esac; \ - export TRIVYOS=$(echo "${TARGETOS}" | awk '{print toupper(substr($0, 1, 1)) substr($0, 2)}') && \ - wget --progress=dot:giga -O trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz https://github.com/aquasecurity/trivy/releases/download/v"${TRIVY_VERSION}"/trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \ - tar -xzf trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \ - mv trivy /usr/local/bin/trivy && \ - rm trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \ - mkdir -p /opt/trivy/ && \ - if [ "$WITH_TRIVY_DB" = true ]; then trivy --cache-dir /opt/trivy/ image --download-java-db-only --no-progress; fi && \ - trivy --cache-dir /opt/trivy/ image --download-db-only --no-progress + if [ "$USE_MIRROR" = true ]; then sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories; fi && \ + apk add --no-cache wget && \ + case "${TARGETARCH}" in \ + amd64) export TRIVYARCH='64bit' ;; \ + arm64) export TRIVYARCH='ARM64' ;; \ + esac; \ + export TRIVYOS=$(echo "${TARGETOS}" | awk '{print toupper(substr($0, 1, 1)) substr($0, 2)}') && \ + wget --progress=dot:giga -O trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz https://github.com/aquasecurity/trivy/releases/download/v"${TRIVY_VERSION}"/trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \ + tar -xzf trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \ + mv trivy /usr/local/bin/trivy && \ + rm trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \ + mkdir -p /opt/trivy/ && \ + if [ "$WITH_TRIVY_DB" = true ]; then trivy --cache-dir /opt/trivy/ image --download-java-db-only --no-progress; fi && \ + trivy --cache-dir /opt/trivy/ image --download-db-only --no-progress FROM --platform=$BUILDPLATFORM golang:${GOLANG_VERSION} AS skopeo @@ -62,12 +62,12 @@ ARG SKOPEO_VERSION=1.16.0 ARG TARGETOS TARGETARCH RUN set -eux && \ - if [ "$USE_MIRROR" = true ]; then sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories; fi && \ - apk add --no-cache make git && \ - git clone --branch v"${SKOPEO_VERSION}" https://github.com/containers/skopeo /go/src/github.com/containers/skopeo && \ - cd /go/src/github.com/containers/skopeo && \ - DISABLE_CGO=1 make bin/skopeo."${TARGETOS}"."${TARGETARCH}" && \ - cp bin/skopeo."${TARGETOS}"."${TARGETARCH}" /tmp/skopeo + if [ "$USE_MIRROR" = true ]; then sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories; fi && \ + apk add --no-cache make git && \ + git clone --branch v"${SKOPEO_VERSION}" https://github.com/containers/skopeo /go/src/github.com/containers/skopeo && \ + cd /go/src/github.com/containers/skopeo && \ + DISABLE_CGO=1 make bin/skopeo."${TARGETOS}"."${TARGETARCH}" && \ + cp bin/skopeo."${TARGETOS}"."${TARGETARCH}" /tmp/skopeo FROM --platform=$BUILDPLATFORM golang:${GOLANG_VERSION} AS builder @@ -85,15 +85,15 @@ WORKDIR /go/src/github.com/go-sigma/sigma ARG TARGETOS TARGETARCH RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache/go-build \ - GOOS=$TARGETOS GOARCH=$TARGETARCH make build + GOOS=$TARGETOS GOARCH=$TARGETARCH make build FROM alpine:${ALPINE_VERSION} ARG USE_MIRROR=false RUN set -eux && \ - if [ "$USE_MIRROR" = true ]; then sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories; fi && \ - apk add --no-cache curl + if [ "$USE_MIRROR" = true ]; then sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories; fi && \ + apk add --no-cache curl COPY --from=syft /usr/local/bin/syft /usr/local/bin/syft COPY --from=trivy /usr/local/bin/trivy /usr/local/bin/trivy @@ -106,4 +106,13 @@ COPY --from=builder /go/src/github.com/go-sigma/sigma/bin/sigma /usr/local/bin/s VOLUME /var/lib/sigma VOLUME /etc/sigma +RUN adduser --disabled-password -h /home/sigma -s /bin/sh -u 1001 sigma && \ + chown -R 1001:1001 /opt/trivy && \ + mkdir -p /var/lib/sigma && \ + chown -R 1001:1001 /var/lib/sigma + +WORKDIR /home/sigma + +USER sigma + CMD ["sigma", "server"] diff --git a/build/all.debian.Dockerfile b/build/all.debian.Dockerfile index 539668f0..4a03470a 100644 --- a/build/all.debian.Dockerfile +++ b/build/all.debian.Dockerfile @@ -124,4 +124,13 @@ COPY --from=builder /go/src/github.com/go-sigma/sigma/bin/sigma /usr/local/bin/s VOLUME /var/lib/sigma VOLUME /etc/sigma +RUN adduser --disabled-password -h /home/sigma -s /bin/bash -u 1001 sigma && \ + chown -R 1001:1001 /opt/trivy && \ + mkdir -p /var/lib/sigma && \ + chown -R 1001:1001 /var/lib/sigma + +WORKDIR /home/sigma + +USER sigma + CMD ["sigma", "server"] diff --git a/build/local.Dockerfile b/build/local.Dockerfile index bbb5e86d..8b527fea 100644 --- a/build/local.Dockerfile +++ b/build/local.Dockerfile @@ -34,18 +34,6 @@ RUN set -eux && \ FROM alpine:${ALPINE_VERSION} -ARG USE_MIRROR=false - -RUN set -eux && \ - if [ "$USE_MIRROR" = true ]; then sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories; fi && \ - apk add --no-cache curl - -RUN adduser --disabled-password -h /home/sigma -s /bin/sh -u 1001 sigma - -USER sigma - -WORKDIR /home/sigma - COPY --from=fetcher /tmp/skopeo /usr/local/bin/skopeo COPY --from=fetcher /usr/local/bin/syft /usr/local/bin/syft COPY --from=fetcher /usr/local/bin/trivy /usr/local/bin/trivy @@ -57,4 +45,11 @@ COPY ./bin/sigma /usr/local/bin/sigma VOLUME /var/lib/sigma VOLUME /etc/sigma +RUN adduser --disabled-password -h /home/sigma -s /bin/sh -u 1001 sigma && \ + chown -R 1001:1001 /opt/trivy/ + +WORKDIR /home/sigma + +USER sigma + CMD ["sigma", "server"] diff --git a/cmd/tools.go b/cmd/tools.go index b7831b8c..4f1c1063 100644 --- a/cmd/tools.go +++ b/cmd/tools.go @@ -50,17 +50,17 @@ var toolsCmd = &cobra.Command{ } var toolsForPushBuilderImageCmd = &cobra.Command{ - Use: "push-builder-image", - Short: "Push builder image to distribution", + Use: "push-builder-images", + Short: "Push builder images to distribution", PersistentPreRun: func(_ *cobra.Command, _ []string) { initConfig() logger.SetLevel(viper.GetString("log.level")) }, - Run: func(_ *cobra.Command, _ []string) { + RunE: func(_ *cobra.Command, _ []string) error { err := configs.Initialize() if err != nil { log.Error().Err(err).Msg("initialize configs with error") - return + return err } config := ptr.To(configs.GetConfiguration()) @@ -68,26 +68,28 @@ var toolsForPushBuilderImageCmd = &cobra.Command{ err = badger.Initialize(context.Background(), config) if err != nil { log.Error().Err(err).Msg("initialize badger with error") - return + return err } err = locker.Initialize(config) if err != nil { log.Error().Err(err).Msg("initialize locker with error") - return + return err } err = dal.Initialize(config) if err != nil { log.Error().Err(err).Msg("initialize database with error") - return + return err } err = initBaseimage(config) if err != nil { log.Error().Err(err).Msg("push builder image with error") - return + return err } + + return nil }, } diff --git a/deploy/sigma/templates/configmap.yaml b/deploy/sigma/templates/configmap.yaml index 7a406e4c..fcf929a4 100644 --- a/deploy/sigma/templates/configmap.yaml +++ b/deploy/sigma/templates/configmap.yaml @@ -38,7 +38,7 @@ data: type: external url: redis://:{{ .Values.redis.auth.password }}@{{ .Release.Name }}-redis-master:{{ .Values.redis.master.service.ports.redis }}/0 http: - internalEndpoint: {{ include "sigma.distribution" . }}:{{ .Values.service.distribution.port }} + internalEndpoint: http://{{ include "sigma.distribution" . }}:{{ .Values.service.distribution.port }} server: 0.0.0.0:{{.Values.service.server.port}} worker: 0.0.0.0:{{.Values.service.worker.port}} daemon: diff --git a/deploy/sigma/templates/post-job.yaml b/deploy/sigma/templates/post-job.yaml index dd40908c..27d3bdab 100644 --- a/deploy/sigma/templates/post-job.yaml +++ b/deploy/sigma/templates/post-job.yaml @@ -6,13 +6,15 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "sigma.postJob.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation spec: - backoffLimit: 6 + backoffLimit: 1 template: metadata: - annotations: - rollme: {{ randAlphaNum 5 | quote }} {{- with .Values.podAnnotations }} + annotations: {{- toYaml . | nindent 8 }} {{- end }} labels: @@ -23,20 +25,29 @@ spec: {{- toYaml .Values.podSecurityContext | nindent 8 }} initContainers: - name: check-distribution - image: {{ printf "%s:%s" .Values.busybox.repository .Values.busybox.tag | quote }} + image: {{ printf "%s:%s" .Values.image.osShell.repository .Values.image.osShell.tag | quote }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: - - /bin/sh - - -c - - 'until nc -z {{ include "sigma.distribution" . }} 80; do echo waiting for {{ include "sigma.distribution" . }}; sleep 3; done;' + - "/bin/bash" + - "-c" + - |- + set -e; + echo "Waiting for sigma distribution"; + wait-for-port \ + --host={{ include "sigma.distribution" . }} \ + --state=inuse \ + --timeout=120 \ + {{ .Values.service.distribution.port }}; + echo "sigma distribution is available"; containers: - - name: push-images + - name: push-builder-images image: {{ printf "%s/%s:%s" .Values.image.registry .Values.image.repository .Values.image.tag | quote }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: - sigma args: - - worker + - tools + - push-builder-images - --config=/etc/sigma/config.yaml volumeMounts: - name: config diff --git a/deploy/sigma/templates/server/deployment.yaml b/deploy/sigma/templates/server/deployment.yaml index 44db51c1..aa4c128e 100644 --- a/deploy/sigma/templates/server/deployment.yaml +++ b/deploy/sigma/templates/server/deployment.yaml @@ -59,10 +59,10 @@ spec: mountPath: /etc/sigma/config.yaml subPath: config.yaml readOnly: true - {{- if semverCompare ">= 1.31" .Capabilities.KubeVersion.Version }} - - name: trivy - mountPath: /opt/trivy - {{- end }} + # {{- if semverCompare ">= 1.31" .Capabilities.KubeVersion.Version }} + # - name: trivy + # mountPath: /opt/trivy + # {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} volumes: diff --git a/deploy/sigma/templates/worker/deployment.yaml b/deploy/sigma/templates/worker/deployment.yaml index 4a8de117..f0777361 100644 --- a/deploy/sigma/templates/worker/deployment.yaml +++ b/deploy/sigma/templates/worker/deployment.yaml @@ -57,10 +57,10 @@ spec: mountPath: /etc/sigma/config.yaml subPath: config.yaml readOnly: true - {{- if semverCompare ">= 1.31" .Capabilities.KubeVersion.Version }} - - name: trivy - mountPath: /opt/trivy - {{- end }} + # {{- if semverCompare ">= 1.31" .Capabilities.KubeVersion.Version }} + # - name: trivy + # mountPath: /opt/trivy + # {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} volumes: diff --git a/deploy/sigma/values.yaml b/deploy/sigma/values.yaml index 1f733d4c..5ed4ca83 100644 --- a/deploy/sigma/values.yaml +++ b/deploy/sigma/values.yaml @@ -16,10 +16,10 @@ image: web: repository: go-sigma/sigma-web tag: latest - ## busybox image used in init-container - busybox: - repository: busybox - tag: 1.36.1-musl + ## osShell image used in init-container + osShell: + repository: bitnami/os-shell + tag: 12-debian-12-r30 pullPolicy: IfNotPresent imagePullSecrets: [] diff --git a/go.mod b/go.mod index 08de0c27..4ec647fd 100644 --- a/go.mod +++ b/go.mod @@ -17,13 +17,13 @@ require ( github.com/caarlos0/env/v9 v9.0.0 github.com/casbin/casbin/v2 v2.100.0 github.com/casbin/gorm-adapter/v3 v3.28.0 - github.com/containers/podman/v5 v5.2.1 + github.com/containers/podman/v5 v5.2.2 github.com/deckarep/golang-set/v2 v2.6.0 github.com/dgraph-io/badger/v4 v4.3.0 github.com/distribution/distribution/v3 v3.0.0-beta.1 github.com/distribution/reference v0.6.0 - github.com/docker/cli v27.1.2+incompatible - github.com/docker/docker v27.2.1+incompatible + github.com/docker/cli v27.3.1+incompatible + github.com/docker/docker v27.3.1+incompatible github.com/dustin/go-humanize v1.0.1 github.com/fatih/color v1.17.0 github.com/glebarez/sqlite v1.11.0 @@ -156,9 +156,9 @@ require ( github.com/containerd/platforms v0.2.1 // indirect github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect github.com/containerd/typeurl/v2 v2.1.1 // indirect - github.com/containers/buildah v1.37.1 // indirect - github.com/containers/common v0.60.1 // indirect - github.com/containers/image/v5 v5.32.1 // indirect + github.com/containers/buildah v1.37.2 // indirect + github.com/containers/common v0.60.2 // indirect + github.com/containers/image/v5 v5.32.2 // indirect github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect github.com/containers/ocicrypt v1.2.0 // indirect github.com/containers/psgo v1.9.0 // indirect @@ -334,7 +334,7 @@ require ( github.com/nwaples/rardecode v1.1.3 // indirect github.com/nxadm/tail v1.4.11 // indirect github.com/oklog/ulid v1.3.1 // indirect - github.com/open-policy-agent/opa v0.67.1 // indirect + github.com/open-policy-agent/opa v0.68.0 // indirect github.com/opencontainers/runc v1.1.14 // indirect github.com/opencontainers/runtime-spec v1.2.0 // indirect github.com/opencontainers/runtime-tools v0.9.1-0.20230914150019-408c51e934dc // indirect @@ -352,7 +352,7 @@ require ( github.com/pkg/sftp v1.13.6 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/proglottis/gpgme v0.1.3 // indirect - github.com/prometheus/client_golang v1.20.1 // indirect + github.com/prometheus/client_golang v1.20.2 // indirect github.com/prometheus/client_model v0.6.1 // indirect github.com/prometheus/common v0.55.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect @@ -442,7 +442,7 @@ require ( google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf // indirect - google.golang.org/grpc v1.65.0 // indirect + google.golang.org/grpc v1.66.0 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/go-playground/assert.v1 v1.2.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index ddfe8f98..9511a424 100644 --- a/go.sum +++ b/go.sum @@ -557,18 +557,18 @@ github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G github.com/containerd/stargz-snapshotter/estargz v0.15.1/go.mod h1:gr2RNwukQ/S9Nv33Lt6UC7xEx58C+LHRdoqbEKjz1Kk= github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4= github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0= -github.com/containers/buildah v1.37.1 h1:BZ3vESqzmqGuj9kGqyjitdn9o0hD7owdZM699qtfMTc= -github.com/containers/buildah v1.37.1/go.mod h1:p/qfxznBMSn9YGYNBh0Sf2k4modfjD3us4rVqvmyeZM= -github.com/containers/common v0.60.1 h1:hMJNKfDxfXY91zD7mr4t/Ybe8JbAsTq5nkrUaCqTKsA= -github.com/containers/common v0.60.1/go.mod h1:tB0DRxznmHviECVHnqgWbl+8AVCSMZLA8qe7+U7KD6k= -github.com/containers/image/v5 v5.32.1 h1:fVa7GxRC4BCPGsfSRs4JY12WyeY26SUYQ0NuANaCFrI= -github.com/containers/image/v5 v5.32.1/go.mod h1:v1l73VeMugfj/QtKI+jhYbwnwFCFnNGckvbST3rQ5Hk= +github.com/containers/buildah v1.37.2 h1:KiJ3jVNUvdtGORxDz8fjjLkR81ZHQZIfnGWJWavks40= +github.com/containers/buildah v1.37.2/go.mod h1:alFCM3X0xfhE6ZjsFQkUlOMyKzOnbv9FL9fe1Ho48PA= +github.com/containers/common v0.60.2 h1:utcwp2YkO8c0mNlwRxsxfOiqfj157FRrBjxgjR6f+7o= +github.com/containers/common v0.60.2/go.mod h1:I0upBi1qJX3QmzGbUOBN1LVP6RvkKhd3qQpZbQT+Q54= +github.com/containers/image/v5 v5.32.2 h1:SzNE2Y6sf9b1GJoC8qjCuMBXwQrACFp4p0RK15+4gmQ= +github.com/containers/image/v5 v5.32.2/go.mod h1:v1l73VeMugfj/QtKI+jhYbwnwFCFnNGckvbST3rQ5Hk= github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYglewc+UyGf6lc8Mj2UaPTHy/iF2De0/77CA= github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= github.com/containers/ocicrypt v1.2.0 h1:X14EgRK3xNFvJEfI5O4Qn4T3E25ANudSOZz/sirVuPM= github.com/containers/ocicrypt v1.2.0/go.mod h1:ZNviigQajtdlxIZGibvblVuIFBKIuUI2M0QM12SD31U= -github.com/containers/podman/v5 v5.2.1 h1:EyaLdySOZETVULDLKxbX2R+bxWR1cr8UNMr3fQIgV+8= -github.com/containers/podman/v5 v5.2.1/go.mod h1:AOwRRDnYEy1TQwAQT4KZW5Oss4QKBvwYtegA6y8009I= +github.com/containers/podman/v5 v5.2.2 h1:UHDF+CeuRgqQc4EN0MNXrk1Xb45/5td/ClGmAOyiDJ8= +github.com/containers/podman/v5 v5.2.2/go.mod h1:6RoRmwWUDYzAdDMJnzBWiSxGJF7xJinJG+s4RnczwZw= github.com/containers/psgo v1.9.0 h1:eJ74jzSaCHnWt26OlKZROSyUyRcGDf+gYBdXnxrMW4g= github.com/containers/psgo v1.9.0/go.mod h1:0YoluUm43Mz2UnBIh1P+6V6NWcbpTL5uRtXyOcH0B5A= github.com/containers/storage v1.55.0 h1:wTWZ3YpcQf1F+dSP4KxG9iqDfpQY1otaUXjPpffuhgg= @@ -637,12 +637,12 @@ github.com/dlclark/regexp2 v1.11.4 h1:rPYF9/LECdNymJufQKmri9gV604RvvABwgOA8un7yA github.com/dlclark/regexp2 v1.11.4/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= github.com/dnaeon/go-vcr v1.1.0/go.mod h1:M7tiix8f0r6mKKJ3Yq/kqU1OYf3MnfmBWVbPx/yU9ko= github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= -github.com/docker/cli v27.1.2+incompatible h1:nYviRv5Y+YAKx3dFrTvS1ErkyVVunKOhoweCTE1BsnI= -github.com/docker/cli v27.1.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v27.3.1+incompatible h1:qEGdFBF3Xu6SCvCYhc7CzaQTlBmqDuzxPDpigSyeKQQ= +github.com/docker/cli v27.3.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v27.2.1+incompatible h1:fQdiLfW7VLscyoeYEBz7/J8soYFDZV1u6VW6gJEjNMI= -github.com/docker/docker v27.2.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v27.3.1+incompatible h1:KttF0XoteNTicmUtBO0L2tP+J7FGRFTjaEF4k6WdhfI= +github.com/docker/docker v27.3.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo= github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= @@ -1429,8 +1429,8 @@ github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAl github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= -github.com/open-policy-agent/opa v0.67.1 h1:rzy26J6g1X+CKknAcx0Vfbt41KqjuSzx4E0A8DAZf3E= -github.com/open-policy-agent/opa v0.67.1/go.mod h1:aqKlHc8E2VAAylYE9x09zJYr/fYzGX+JKne89UGqFzk= +github.com/open-policy-agent/opa v0.68.0 h1:Jl3U2vXRjwk7JrHmS19U3HZO5qxQRinQbJ2eCJYSqJQ= +github.com/open-policy-agent/opa v0.68.0/go.mod h1:5E5SvaPwTpwt2WM177I9Z3eT7qUpmOGjk1ZdHs+TZ4w= github.com/opencontainers/distribution-spec/specs-go v0.0.0-20240919170751-8dba5f1d8dd7 h1:cSQMzWIs23HH3PEiRrlmP0CJfrYGv//npO40/FeAViA= github.com/opencontainers/distribution-spec/specs-go v0.0.0-20240919170751-8dba5f1d8dd7/go.mod h1:Va0IMqkjv62YSEytL4sgxrkiD9IzU0T0bX/ZZEtMnSQ= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= @@ -1501,8 +1501,8 @@ github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= -github.com/prometheus/client_golang v1.20.1 h1:IMJXHOD6eARkQpxo8KkhgEVFlBNm+nkrFUyGlIu7Na8= -github.com/prometheus/client_golang v1.20.1/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_golang v1.20.2 h1:5ctymQzZlyOON1666svgwn3s6IKWgfbjsejTMiXIyjg= +github.com/prometheus/client_golang v1.20.2/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -2518,8 +2518,8 @@ google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACu google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= -google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc= -google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ= +google.golang.org/grpc v1.66.0 h1:DibZuoBznOxbDQxRINckZcUvnCEvrW9pcWIE2yF9r1c= +google.golang.org/grpc v1.66.0/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=