Skip to content

🌱 Update Builder Image group #309

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

🌱 Update Builder Image group #309

wants to merge 1 commit into from

Conversation

cluster-stack-bot[bot]
Copy link
Contributor

@cluster-stack-bot cluster-stack-bot bot commented Aug 1, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
docker.io/aquasec/trivy (source) stage minor 0.64.0 -> 0.66.0
docker.io/hadolint/hadolint stage minor v2.12.0-alpine -> v2.13.1-alpine
docker.io/library/alpine stage patch 3.22.0 -> 3.22.1
golangci/golangci-lint minor v2.2.1 -> v2.4.0
helm/helm minor v3.18.3 -> v3.19.0

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

aquasecurity/trivy (docker.io/aquasec/trivy)

v0.66.0

Compare Source

Features
  • add timeout handling for cache database operations (#​9307) (235c24e)
  • misconf: added audit config attribute (#​9249) (4d4a244)
  • secret: implement streaming secret scanner with byte offset tracking (#​9264) (5a5e097)
  • terraform: use .terraform cache for remote modules in plan scanning (#​9277) (298a994)
Bug Fixes

v0.65.0

Compare Source

Features
Bug Fixes

v0.64.1

Compare Source

Changelog

  • 86ee3c1 release: v0.64.1 [release/v0.64] (#​9122)
  • 4e12722 fix(misconf): skip rewriting expr if attr is nil [backport: release/v0.64] (#​9127)
  • 9a7d384 fix(cli): Add more non-sensitive flags to telemetry [backport: release/v0.64] (#​9124)
  • 53adfba fix(rootio): check full version to detect root.io packages [backport: release/v0.64] (#​9120)
  • 8cf1bf9 fix(alma): parse epochs from rpmqa file [backport: release/v0.64] (#​9119)
hadolint/hadolint (docker.io/hadolint/hadolint)

v2.13.1

Compare Source

What's Changed

New Contributors

Full Changelog: hadolint/hadolint@v2.12.0...v2.13.1

golangci/golangci-lint (golangci/golangci-lint)

v2.4.0

Compare Source

  1. Enhancements
    • 🎉 go1.25 support
  2. Linters new features or changes
    • exhaustruct: from v3.3.1 to 4.0.0 (new options: allow-empty, allow-empty-rx, allow-empty-returns, allow-empty-declarations)
  3. Linters bug fixes
    • godox: trim filepath from report messages
    • staticcheck: allow empty options
    • tagalign: from 1.4.2 to 1.4.3
  4. Documentation
    • 🌟 New website (with a search engine)

v2.3.1

Compare Source

  1. Linters bug fixes
    • gci: from 0.13.6 to 0.13.7
    • gosec: from 2.22.6 to 2.22.7
    • noctx: from 0.3.5 to 0.4.0
    • wsl: from 5.1.0 to 5.1.1
    • tagliatelle: force upper case for custom initialisms

v2.3.0

Compare Source

  1. Linters new features or changes
    • ginkgolinter: from 0.19.1 to 0.20.0 (new option: force-assertion-description)
    • iface: from 1.4.0 to 1.4.1 (report message improvements)
    • noctx: from 0.3.4 to 0.3.5 (new detections: log/slog, exec, crypto/tls)
    • revive: from 1.10.0 to 1.11.0 (new rule: enforce-switch-style)
    • wsl: from 5.0.0 to 5.1.0
  2. Linters bug fixes
    • gosec: from 2.22.5 to 2.22.6
    • noinlineerr: from 1.0.4 to 1.0.5
    • sloglint: from 0.11.0 to 0.11.1
  3. Misc.
    • fix: panic close of closed channel

v2.2.2

Compare Source

  1. Linters bug fixes
    • noinlineerr: from 1.0.3 to 1.0.4
  2. Documentation
    • Improve debug keys documentation
  3. Misc.
    • fix: panic close of closed channel
    • godot: add noinline value into the JSONSchema
helm/helm (helm/helm)

v3.19.0: Helm v3.19.0

Compare Source

Helm v3.19.0 is a feature release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Notable Changes

  • Fixed a helm pull regression from 3.18 - error pulling OCI charts with --password #​31230
  • Fixed a helm lint regression from Helm 3.18 - rejected JSON Schema $ref URLs that worked in 3.17.x #​31166
  • Fixed go mod tidy #​31154
  • Fixed k8s version parsing not matching original #​31091
  • Fixed charts failing when using a redirect registry #​31087
  • Fixed missing debug logging for OCI transport
  • Fixed broken legacy docker support for login #​30941
  • Fixed bugs from the move to ORAS v2
  • Fixed processing all hook deletions on failure #​30673
  • Feature for helm create added httproute from gateway-api to create chart template #​30658

Installation and Upgrading

Download Helm v3.19.0. The common platform binaries are here:

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 3.19.1 will contain only bug fixes.
  • 3.20.0 is the next feature release.

Changelog

  • bump version to v3.19.0 3d8990f (Scott Rigby)
  • fix: use username and password if provided 9a54bf1 (Evans Mungai)
  • chore(deps): bump the k8s-io group with 7 updates 5af0f68 (dependabot[bot])
  • chore(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1 e485606 (dependabot[bot])
  • chore(deps): bump github.com/stretchr/testify from 1.11.0 to 1.11.1 6355c3d (dependabot[bot])
  • chore(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.0 ec61f66 (dependabot[bot])
  • fix(helm-lint): fmt b278020 (Isaiah Lewis)
  • fix(helm-lint): Add TLSClientConfig d33ac5e (Isaiah Lewis)
  • fix(helm-lint): Add HTTP/HTTPS URL support for json schema references 8543709 (Isaiah Lewis)
  • chore(deps): bump the k8s-io group with 7 updates 89a3f90 (dependabot[bot])
  • fix: go mod tidy for v3 da4c583 (Terry Howe)
  • chore(deps): bump golang.org/x/crypto from 0.40.0 to 0.41.0 e40b1b3 (dependabot[bot])
  • chore(deps): bump golang.org/x/term from 0.33.0 to 0.34.0 a27e9db (dependabot[bot])
  • fix Chart.yaml handling f13afaa (Matt Farina)
  • Handle messy index files 039b0b1 (Matt Farina)
  • chore(deps): bump github.com/containerd/containerd from 1.7.27 to 1.7.28 bec98a9 (dependabot[bot])
  • json schema fix 6d9509a (Robert Sirchia)
  • fix: k8s version parsing to match original 807225e (Borys Hulii)
  • chore(deps): bump sigs.k8s.io/yaml from 1.5.0 to 1.6.0 cbbd569 (dependabot[bot])
  • Do not explicitly set SNI in HTTPGetter 5e8ff72 (Terry Howe)
  • chore(deps): bump github.com/spf13/pflag from 1.0.6 to 1.0.7 5b5fb5b (dependabot[bot])
  • chore(deps): bump the k8s-io group with 7 updates d12538a (dependabot[bot])
  • chore(deps): bump golang.org/x/crypto from 0.39.0 to 0.40.0 303f803 (dependabot[bot])
  • chore(deps): bump golang.org/x/term from 0.32.0 to 0.33.0 abcc2ed (dependabot[bot])
  • chore(deps): bump golang.org/x/text from 0.26.0 to 0.27.0 521c67b (dependabot[bot])
  • Disabling linter due to unknown issue 227c9cb (Matt Farina)
  • Updating link handling 4389fa6 (Matt Farina)
  • Bump github.com/Masterminds/semver/v3 from 3.3.0 to 3.3.1 372e403 (dependabot[bot])
  • build(deps): bump the k8s-io group with 7 updates 4fa5a64 (dependabot[bot])
  • build(deps): bump sigs.k8s.io/yaml from 1.4.0 to 1.5.0 6284ed8 (dependabot[bot])
  • fix: user username password for login 2c55a4e (Terry Howe)
  • Update pkg/registry/transport.go a16e986 (Terry Howe)
  • Update pkg/registry/transport.go cea26d8 (Terry Howe)
  • fix: add debug logging to oci transport b52bb41 (Terry Howe)
  • build(deps): bump golang.org/x/crypto from 0.38.0 to 0.39.0 45075cf (dependabot[bot])
  • build(deps): bump golang.org/x/text from 0.25.0 to 0.26.0 73a7826 (dependabot[bot])
  • fix: legacy docker support broken for login 733f94c (Terry Howe)
  • fix: plugin installer test with no Internet fc36041 (Terry Howe)
  • Handle an empty registry config file. cfe8cef (Matt Farina)
  • Prevent fetching newReference again as we have in calling method c33215d (Benoit Tigeot)
  • Prevent failure when resolving version tags in oras memory store f552b67 (Benoit Tigeot)
  • fix(client): skipnode utilization for PreCopy a18a52e (Brandt Keller)
  • test: Skip instead of returning early. looks more intentional fedf502 (Jesse Simpson)
  • test: tests repo stripping functionality fe512ba (Jesse Simpson)
  • test: include tests for Login based on different protocol prefixes 099a9e1 (Jesse Simpson)
  • fix(client): layers now returns manifest - remove duplicate from descriptors b07ab77 (Brandt Keller)
  • fix(client): return nil on non-allowed media types c225c12 (Brandt Keller)
  • Fix 3.18.0 regression: registry login with scheme c0f3ace (Scott Rigby)
  • Update pkg/plugin/plugin.go dce60ad (Benoit Tigeot)
  • Update pkg/plugin/plugin.go cda0865 (Benoit Tigeot)
  • Wait for Helm v4 before raising when platformCommand and Command are set 5d9d9a0 (Benoit Tigeot)
  • Revert "fix (helm) : toToml` renders int as float [ backport to v3 ]" c5249c1 (Matt Farina)
  • build(deps): bump the k8s-io group with 7 updates 5b0520d (dependabot[bot])
  • chore: update generalization warning message afefca8 (Feng Cao)
  • build(deps): bump oras.land/oras-go/v2 from 2.5.0 to 2.6.0 8d6d27c (dependabot[bot])
  • build(deps): bump the k8s-io group with 7 updates 502c0d5 (dependabot[bot])
  • build(deps): bump golang.org/x/crypto from 0.37.0 to 0.38.0 92be9ac (dependabot[bot])
  • fix: move warning to top of block eb5b6d5 (Feng Cao)
  • fix: govulncheck workflow 6b15f26 (Matthieu MOREL)
  • fix: replace fmt warning with slog 6b5c944 (Feng Cao)
  • fix: add warning when ignore repo flag 247bf7c (Feng Cao)
  • bump version to v3.18.0 9404459 (Robert Sirchia)
  • backport #​30673 to dev-v3 0a800e8 (Gerard Nguyen)
  • feat: add httproute from gateway-api to create chart template bd1b67b (Henrik Gerdes)

Full Changelog: helm/helm@v3.18.6...v3.19.0

v3.18.6: Helm v3.18.6

Compare Source

Helm v3.18.6 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.18.6. The common platform binaries are here:

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 3.19.0 is the next minor release and will be on September 11, 2025

Changelog

  • fix(helm-lint): fmt b76a950 (Isaiah Lewis)
  • fix(helm-lint): Add TLSClientConfig b79a421 (Isaiah Lewis)
  • fix(helm-lint): Add HTTP/HTTPS URL support for json schema references b9180e6 (Isaiah Lewis)

v3.18.5: Helm v3.18.5

Compare Source

Helm v3.18.5 is a security release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Security Advisories

Installation and Upgrading

Download Helm v3.18.5. The common platform binaries are here:

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 3.19.0 is the next minor release and will be on September 11, 2025

Changelog

  • fix Chart.yaml handling 7799b48 (Matt Farina)
  • Handle messy index files dd8502f (Matt Farina)
  • json schema fix cb8595b (Robert Sirchia)

v3.18.4: Helm v3.18.4

Compare Source

Helm v3.18.4 is a security release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Security Advisories

Installation and Upgrading

Download Helm v3.18.4. The common platform binaries are here:

Configuration

📅 Schedule: Branch creation - "on the first day of the month" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/cso-builder-image branch from 62e8a64 to 0e812c1 Compare August 3, 2025 11:24
@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/cso-builder-image branch 2 times, most recently from 974bced to b7e0dea Compare August 20, 2025 11:22
@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/cso-builder-image branch from b7e0dea to 49dc5e8 Compare September 3, 2025 11:20
@cluster-stack-bot
🌱 Update Builder Image group
fd94ed6 
| datasource  | package                     | from    | to      |
| ----------- | --------------------------- | ------- | ------- |
| docker      | docker.io/aquasec/trivy     | 0.64.0  | 0.66.0  |
| docker      | docker.io/hadolint/hadolint | v2.12.0 | v2.13.1 |
| docker      | docker.io/library/alpine    | 3.22.0  | 3.22.1  |
| github-tags | golangci/golangci-lint      | v2.2.1  | v2.4.0  |
| github-tags | helm/helm                   | v3.18.3 | v3.19.0 |
@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/cso-builder-image branch from 49dc5e8 to fd94ed6 Compare September 12, 2025 11:19
@cluster-stack-bot
Copy link
Contributor Author

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: undefined
Command failed: BUILD_IMAGE_TOKEN=**redacted** BUILD_IMAGE_USER=kranurag7 CI=true ./hack/upgrade-builder-image.sh
+ set -o errexit
+ set -o nounset
+ set -o pipefail
+++ dirname ./hack/upgrade-builder-image.sh
++ realpath ./hack/..
+ REPO_ROOT=/tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator
+ cd /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator
+ source /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/hack/semver-upgrade.sh
++ set -o errexit
++ set -o nounset
++ set -o pipefail
++ set -x
+ '[' true = true ']'
+ echo **redacted**
+ docker login ghcr.io -u kranurag7 --password-stdin

WARNING! Your credentials are stored unencrypted in '/home/ubuntu/.docker/config.json'.
Configure a credential helper to remove this warning. See
https://docs.docker.com/go/credential-store/

++ git fetch --quiet origin main
++ git show origin/main:.builder-image-version.txt
+ export VERSION=1.1.33
+ VERSION=1.1.33
++ semver_upgrade patch 1.1.33
++ IFS=.
++ read -r version minor patch
++ case "$1" in
++ tag=1.1.34
++ echo 1.1.34
+ export NEW_VERSION=1.1.34
+ NEW_VERSION=1.1.34
+ echo 1.1.34
+ echo 'Wrote new version 1.1.34 to .builder-image-version.txt'
+ docker manifest inspect ghcr.io/sovereigncloudstack/cso-builder:1.1.33
+ echo 0
+ sed -i -e '/^BUILDER_IMAGE_VERSION /s/:=.*$/:= 1.1.34/' Makefile
+ for FILE in ${REPO_ROOT}/.github/workflows/*
+ grep 'image: ghcr.io/sovereigncloudstack/cso-builder' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/build.yml
+ for FILE in ${REPO_ROOT}/.github/workflows/*
+ grep 'image: ghcr.io/sovereigncloudstack/cso-builder' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/kubebuilder-markers-checker.yml
+ for FILE in ${REPO_ROOT}/.github/workflows/*
+ grep 'image: ghcr.io/sovereigncloudstack/cso-builder' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/pr-lint.yml
+ sed -i -e '/image: ghcr\.io\/sovereigncloudstack\/cso-builder:/s/:.*$/: ghcr\.io\/sovereigncloudstack\/cso-builder:1.1.34/' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/pr-lint.yml
+ for FILE in ${REPO_ROOT}/.github/workflows/*
+ grep 'image: ghcr.io/sovereigncloudstack/cso-builder' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/pr-verify.yml
+ for FILE in ${REPO_ROOT}/.github/workflows/*
+ grep 'image: ghcr.io/sovereigncloudstack/cso-builder' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/release.yml
+ for FILE in ${REPO_ROOT}/.github/workflows/*
+ grep 'image: ghcr.io/sovereigncloudstack/cso-builder' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/schedule-cache-cleaner-cso-image.yml
+ for FILE in ${REPO_ROOT}/.github/workflows/*
+ grep 'image: ghcr.io/sovereigncloudstack/cso-builder' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/schedule-scan-image.yml
+ sed -i -e '/image: ghcr\.io\/sovereigncloudstack\/cso-builder:/s/:.*$/: ghcr\.io\/sovereigncloudstack\/cso-builder:1.1.34/' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/schedule-scan-image.yml
+ for FILE in ${REPO_ROOT}/.github/workflows/*
+ grep 'image: ghcr.io/sovereigncloudstack/cso-builder' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/schedule-update-bot.yaml
+ for FILE in ${REPO_ROOT}/.github/workflows/*
+ grep 'image: ghcr.io/sovereigncloudstack/cso-builder' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/test.yml
+ docker build -t ghcr.io/sovereigncloudstack/cso-builder:1.1.34 ./images/builder
DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
            Install the buildx component to build images with BuildKit:
            https://docs.docker.com/go/buildx/

The command '/bin/sh -c apk add -U --no-cache     curl     clusterctl=~${CLUSTERCTL_VERSION#v}     controller-gen=~${CONTROLLER_GEN_VERSION#v}     helm=~${HELM_VERSION#v}     kind=~${KIND_VERSION#v}     kubectl=~${KUBECTL_VERSION#v}     kustomize=~${KUSTOMIZE_VERSION#v}     trivy=~${TRIVY_VERSION#v}' returned a non-zero code: 4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
type/minor type/patch update/container
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants