From 5728158e3d2915d9bcedde53f11e5f0178cfa556 Mon Sep 17 00:00:00 2001 From: Natalie Arellano Date: Thu, 12 Oct 2023 10:01:06 -0400 Subject: [PATCH 1/7] Ensure the run image os/arch always matches: - the builder for `pack build` - the previous image for `pack rebase` Signed-off-by: Natalie Arellano --- pkg/client/build.go | 36 ++++++++++++++++++++++-------------- pkg/client/build_test.go | 9 +++++---- pkg/client/rebase.go | 17 ++++++++++++++++- pkg/client/rebase_test.go | 2 ++ 4 files changed, 45 insertions(+), 19 deletions(-) diff --git a/pkg/client/build.go b/pkg/client/build.go index c7c35465e..c94e862df 100644 --- a/pkg/client/build.go +++ b/pkg/client/build.go @@ -318,6 +318,16 @@ func (c *Client) Build(ctx context.Context, opts BuildOptions) error { return errors.Wrapf(err, "failed to fetch builder image '%s'", builderRef.Name()) } + builderOS, err := rawBuilderImage.OS() + if err != nil { + return errors.Wrapf(err, "getting builder OS") + } + + builderArch, err := rawBuilderImage.Architecture() + if err != nil { + return errors.Wrapf(err, "getting builder architecture") + } + bldr, err := c.getBuilder(rawBuilderImage) if err != nil { return errors.Wrapf(err, "invalid builder %s", style.Symbol(opts.Builder)) @@ -325,7 +335,11 @@ func (c *Client) Build(ctx context.Context, opts BuildOptions) error { runImageName := c.resolveRunImage(opts.RunImage, imgRegistry, builderRef.Context().RegistryStr(), bldr.DefaultRunImage(), opts.AdditionalMirrors, opts.Publish) - fetchOptions := image.FetchOptions{Daemon: !opts.Publish, PullPolicy: opts.PullPolicy} + fetchOptions := image.FetchOptions{ + Daemon: !opts.Publish, + PullPolicy: opts.PullPolicy, + Platform: fmt.Sprintf("%s/%s", builderOS, builderArch), + } if opts.Layout() { targetRunImagePath, err := layout.ParseRefToPath(runImageName) if err != nil { @@ -361,11 +375,6 @@ func (c *Client) Build(ctx context.Context, opts BuildOptions) error { return err } - imgOS, err := rawBuilderImage.OS() - if err != nil { - return errors.Wrapf(err, "getting builder OS") - } - // Default mode: if the TrustBuilder option is not set, trust the suggested builders. if opts.TrustBuilder == nil { opts.TrustBuilder = IsSuggestedBuilderFunc @@ -396,15 +405,14 @@ func (c *Client) Build(ctx context.Context, opts BuildOptions) error { lifecycleImageName = fmt.Sprintf("%s:%s", internalConfig.DefaultLifecycleImageRepo, lifecycleVersion.String()) } - imgArch, err := rawBuilderImage.Architecture() - if err != nil { - return errors.Wrapf(err, "getting builder architecture") - } - lifecycleImage, err := c.imageFetcher.Fetch( ctx, lifecycleImageName, - image.FetchOptions{Daemon: true, PullPolicy: opts.PullPolicy, Platform: fmt.Sprintf("%s/%s", imgOS, imgArch)}, + image.FetchOptions{ + Daemon: true, + PullPolicy: opts.PullPolicy, + Platform: fmt.Sprintf("%s/%s", builderOS, builderArch), + }, ) if err != nil { return fmt.Errorf("fetching lifecycle image: %w", err) @@ -455,7 +463,7 @@ func (c *Client) Build(ctx context.Context, opts BuildOptions) error { if !c.experimental { return fmt.Errorf("experimental features must be enabled when builder contains image extensions") } - if imgOS == "windows" { + if builderOS == "windows" { return fmt.Errorf("builder contains image extensions which are not supported for Windows builds") } if !(opts.PullPolicy == image.PullAlways) { @@ -467,7 +475,7 @@ func (c *Client) Build(ctx context.Context, opts BuildOptions) error { opts.ContainerConfig.Volumes = appendLayoutVolumes(opts.ContainerConfig.Volumes, pathsConfig) } - processedVolumes, warnings, err := processVolumes(imgOS, opts.ContainerConfig.Volumes) + processedVolumes, warnings, err := processVolumes(builderOS, opts.ContainerConfig.Volumes) if err != nil { return err } diff --git a/pkg/client/build_test.go b/pkg/client/build_test.go index 06b215104..2f43619c5 100644 --- a/pkg/client/build_test.go +++ b/pkg/client/build_test.go @@ -2085,11 +2085,12 @@ api = "0.2" })) h.AssertEq(t, fakeLifecycle.Opts.Publish, true) - args := fakeImageFetcher.FetchCalls["default/run"] - h.AssertEq(t, args.Daemon, false) - - args = fakeImageFetcher.FetchCalls[defaultBuilderName] + args := fakeImageFetcher.FetchCalls[defaultBuilderName] h.AssertEq(t, args.Daemon, true) + + args = fakeImageFetcher.FetchCalls["default/run"] + h.AssertEq(t, args.Daemon, false) + h.AssertEq(t, args.Platform, "linux/amd64") }) when("builder is untrusted", func() { diff --git a/pkg/client/rebase.go b/pkg/client/rebase.go index 168c72757..276c56026 100644 --- a/pkg/client/rebase.go +++ b/pkg/client/rebase.go @@ -2,6 +2,7 @@ package client import ( "context" + "fmt" "os" "path/filepath" @@ -60,6 +61,16 @@ func (c *Client) Rebase(ctx context.Context, opts RebaseOptions) error { return err } + appOS, err := appImage.OS() + if err != nil { + return errors.Wrapf(err, "getting app OS") + } + + appArch, err := appImage.Architecture() + if err != nil { + return errors.Wrapf(err, "getting app architecture") + } + var md files.LayersMetadataCompat if ok, err := dist.GetLabel(appImage, platform.LifecycleMetadataLabel, &md); err != nil { return err @@ -90,7 +101,11 @@ func (c *Client) Rebase(ctx context.Context, opts RebaseOptions) error { return errors.New("run image must be specified") } - baseImage, err := c.imageFetcher.Fetch(ctx, runImageName, image.FetchOptions{Daemon: !opts.Publish, PullPolicy: opts.PullPolicy}) + baseImage, err := c.imageFetcher.Fetch(ctx, runImageName, image.FetchOptions{ + Daemon: !opts.Publish, + PullPolicy: opts.PullPolicy, + Platform: fmt.Sprintf("%s/%s", appOS, appArch), + }) if err != nil { return err } diff --git a/pkg/client/rebase_test.go b/pkg/client/rebase_test.go index 86eff76de..101fb683a 100644 --- a/pkg/client/rebase_test.go +++ b/pkg/client/rebase_test.go @@ -258,6 +258,8 @@ func testRebase(t *testing.T, when spec.G, it spec.S) { h.AssertEq(t, fakeAppImage.Base(), "some/run") lbl, _ := fakeAppImage.Label("io.buildpacks.lifecycle.metadata") h.AssertContains(t, lbl, `"runImage":{"topLayer":"remote-top-layer-sha","reference":"remote-digest"`) + args := fakeImageFetcher.FetchCalls["some/run"] + h.AssertEq(t, args.Platform, "linux/amd64") }) }) }) From 83e94572b2a3676a02747135776f1439217b839d Mon Sep 17 00:00:00 2001 From: Natalie Arellano Date: Thu, 12 Oct 2023 11:30:07 -0400 Subject: [PATCH 2/7] When downloading buildpacks or extensions for `pack build` or `pack builder create`, ensure the os/arch matches the builder Signed-off-by: Natalie Arellano --- pkg/buildpack/downloader.go | 15 +++++++++++++-- pkg/buildpack/downloader_test.go | 24 +++++++++++++++--------- pkg/client/build.go | 13 ++++++++++--- pkg/client/build_test.go | 2 ++ pkg/client/create_builder.go | 12 +++++++++--- pkg/client/create_builder_test.go | 14 ++++++++++++-- 6 files changed, 61 insertions(+), 19 deletions(-) diff --git a/pkg/buildpack/downloader.go b/pkg/buildpack/downloader.go index 41a5a61cd..454afda0c 100644 --- a/pkg/buildpack/downloader.go +++ b/pkg/buildpack/downloader.go @@ -67,6 +67,9 @@ type DownloadOptions struct { // The OS of the builder image ImageOS string + // The OS/Architecture to download + Platform string + // Deprecated: the older alternative to buildpack URI ImageName string @@ -102,7 +105,11 @@ func (c *buildpackDownloader) Download(ctx context.Context, moduleURI string, op case PackageLocator: imageName := ParsePackageLocator(moduleURI) c.logger.Debugf("Downloading %s from image: %s", kind, style.Symbol(imageName)) - mainBP, depBPs, err = extractPackaged(ctx, kind, imageName, c.imageFetcher, image.FetchOptions{Daemon: opts.Daemon, PullPolicy: opts.PullPolicy}) + mainBP, depBPs, err = extractPackaged(ctx, kind, imageName, c.imageFetcher, image.FetchOptions{ + Daemon: opts.Daemon, + PullPolicy: opts.PullPolicy, + Platform: opts.Platform, + }) if err != nil { return nil, nil, errors.Wrapf(err, "extracting from registry %s", style.Symbol(moduleURI)) } @@ -113,7 +120,11 @@ func (c *buildpackDownloader) Download(ctx context.Context, moduleURI string, op return nil, nil, errors.Wrapf(err, "locating in registry: %s", style.Symbol(moduleURI)) } - mainBP, depBPs, err = extractPackaged(ctx, kind, address, c.imageFetcher, image.FetchOptions{Daemon: opts.Daemon, PullPolicy: opts.PullPolicy}) + mainBP, depBPs, err = extractPackaged(ctx, kind, address, c.imageFetcher, image.FetchOptions{ + Daemon: opts.Daemon, + PullPolicy: opts.PullPolicy, + Platform: opts.Platform, + }) if err != nil { return nil, nil, errors.Wrapf(err, "extracting from registry %s", style.Symbol(moduleURI)) } diff --git a/pkg/buildpack/downloader_test.go b/pkg/buildpack/downloader_test.go index 16c30b6e1..2aefdb571 100644 --- a/pkg/buildpack/downloader_test.go +++ b/pkg/buildpack/downloader_test.go @@ -127,8 +127,12 @@ func testBuildpackDownloader(t *testing.T, when spec.G, it spec.S) { downloadOptions = buildpack.DownloadOptions{ImageOS: "linux"} ) - shouldFetchPackageImageWith := func(demon bool, pull image.PullPolicy) { - mockImageFetcher.EXPECT().Fetch(gomock.Any(), packageImage.Name(), image.FetchOptions{Daemon: demon, PullPolicy: pull}).Return(packageImage, nil) + shouldFetchPackageImageWith := func(demon bool, pull image.PullPolicy, platform string) { + mockImageFetcher.EXPECT().Fetch(gomock.Any(), packageImage.Name(), image.FetchOptions{ + Daemon: demon, + PullPolicy: pull, + Platform: platform, + }).Return(packageImage, nil) } when("package image lives in cnb registry", func() { @@ -141,11 +145,12 @@ func testBuildpackDownloader(t *testing.T, when spec.G, it spec.S) { downloadOptions = buildpack.DownloadOptions{ RegistryName: "some-registry", ImageOS: "linux", + Platform: "linux/amd64", Daemon: true, PullPolicy: image.PullAlways, } - shouldFetchPackageImageWith(true, image.PullAlways) + shouldFetchPackageImageWith(true, image.PullAlways, "linux/amd64") mainBP, _, err := buildpackDownloader.Download(context.TODO(), "urn:cnb:registry:example/foo@1.1.0", downloadOptions) h.AssertNil(t, err) h.AssertEq(t, mainBP.Descriptor().Info().ID, "example/foo") @@ -161,7 +166,7 @@ func testBuildpackDownloader(t *testing.T, when spec.G, it spec.S) { PullPolicy: image.PullAlways, } - shouldFetchPackageImageWith(true, image.PullAlways) + shouldFetchPackageImageWith(true, image.PullAlways, "") mainBP, _, err := buildpackDownloader.Download(context.TODO(), "example/foo@1.1.0", downloadOptions) h.AssertNil(t, err) h.AssertEq(t, mainBP.Descriptor().Info().ID, "example/foo") @@ -185,10 +190,11 @@ func testBuildpackDownloader(t *testing.T, when spec.G, it spec.S) { Daemon: true, PullPolicy: image.PullAlways, ImageOS: "linux", + Platform: "linux/amd64", ImageName: "some/package:tag", } - shouldFetchPackageImageWith(true, image.PullAlways) + shouldFetchPackageImageWith(true, image.PullAlways, "linux/amd64") mainBP, _, err := buildpackDownloader.Download(context.TODO(), "", downloadOptions) h.AssertNil(t, err) h.AssertEq(t, mainBP.Descriptor().Info().ID, "example/foo") @@ -204,7 +210,7 @@ func testBuildpackDownloader(t *testing.T, when spec.G, it spec.S) { PullPolicy: image.PullAlways, } - shouldFetchPackageImageWith(true, image.PullAlways) + shouldFetchPackageImageWith(true, image.PullAlways, "") mainBP, _, err := buildpackDownloader.Download(context.TODO(), "", downloadOptions) h.AssertNil(t, err) h.AssertEq(t, mainBP.Descriptor().Info().ID, "example/foo") @@ -220,7 +226,7 @@ func testBuildpackDownloader(t *testing.T, when spec.G, it spec.S) { PullPolicy: image.PullAlways, } - shouldFetchPackageImageWith(false, image.PullAlways) + shouldFetchPackageImageWith(false, image.PullAlways, "") mainBP, _, err := buildpackDownloader.Download(context.TODO(), "", downloadOptions) h.AssertNil(t, err) h.AssertEq(t, mainBP.Descriptor().Info().ID, "example/foo") @@ -234,7 +240,7 @@ func testBuildpackDownloader(t *testing.T, when spec.G, it spec.S) { Daemon: false, PullPolicy: image.PullAlways, } - shouldFetchPackageImageWith(false, image.PullAlways) + shouldFetchPackageImageWith(false, image.PullAlways, "") mainBP, _, err := buildpackDownloader.Download(context.TODO(), packageImage.Name(), downloadOptions) h.AssertNil(t, err) h.AssertEq(t, mainBP.Descriptor().Info().ID, "example/foo") @@ -250,7 +256,7 @@ func testBuildpackDownloader(t *testing.T, when spec.G, it spec.S) { PullPolicy: image.PullNever, } - shouldFetchPackageImageWith(false, image.PullNever) + shouldFetchPackageImageWith(false, image.PullNever, "") mainBP, _, err := buildpackDownloader.Download(context.TODO(), "", downloadOptions) h.AssertNil(t, err) h.AssertEq(t, mainBP.Descriptor().Info().ID, "example/foo") diff --git a/pkg/client/build.go b/pkg/client/build.go index c94e862df..a46cab5e8 100644 --- a/pkg/client/build.go +++ b/pkg/client/build.go @@ -1032,13 +1032,19 @@ func (c *Client) fetchBuildpack(ctx context.Context, bp string, relativeBaseDir Version: version, } default: - imageOS, err := builderImage.OS() + builderOS, err := builderImage.OS() if err != nil { - return nil, nil, errors.Wrapf(err, "getting OS from %s", style.Symbol(builderImage.Name())) + return nil, nil, errors.Wrapf(err, "getting builder OS") + } + + builderArch, err := builderImage.Architecture() + if err != nil { + return nil, nil, errors.Wrapf(err, "getting builder architecture") } downloadOptions := buildpack.DownloadOptions{ RegistryName: registry, - ImageOS: imageOS, + ImageOS: builderOS, + Platform: fmt.Sprintf("%s/%s", builderOS, builderArch), RelativeBaseDir: relativeBaseDir, Daemon: !publish, PullPolicy: pullPolicy, @@ -1076,6 +1082,7 @@ func (c *Client) fetchBuildpackDependencies(ctx context.Context, bp string, pack mainBP, deps, err := c.buildpackDownloader.Download(ctx, dep.URI, buildpack.DownloadOptions{ RegistryName: downloadOptions.RegistryName, ImageOS: downloadOptions.ImageOS, + Platform: downloadOptions.Platform, Daemon: downloadOptions.Daemon, PullPolicy: downloadOptions.PullPolicy, RelativeBaseDir: filepath.Join(bp, packageCfg.Buildpack.URI), diff --git a/pkg/client/build_test.go b/pkg/client/build_test.go index 2f43619c5..ed5693f7c 100644 --- a/pkg/client/build_test.go +++ b/pkg/client/build_test.go @@ -1240,6 +1240,8 @@ api = "0.2" Version: "child.buildpack.version", }, }) + args := fakeImageFetcher.FetchCalls[fakePackage.Name()] + h.AssertEq(t, args.Platform, "linux/amd64") }) it("fails when no metadata label on package", func() { diff --git a/pkg/client/create_builder.go b/pkg/client/create_builder.go index 28cd2fa7c..dc03d73d6 100644 --- a/pkg/client/create_builder.go +++ b/pkg/client/create_builder.go @@ -256,14 +256,20 @@ func (c *Client) addExtensionsToBuilder(ctx context.Context, opts CreateBuilderO func (c *Client) addConfig(ctx context.Context, kind string, config pubbldr.ModuleConfig, opts CreateBuilderOptions, bldr *builder.Builder) error { c.logger.Debugf("Looking up %s %s", kind, style.Symbol(config.DisplayString())) - imageOS, err := bldr.Image().OS() + builderOS, err := bldr.Image().OS() if err != nil { - return errors.Wrapf(err, "getting OS from %s", style.Symbol(bldr.Image().Name())) + return errors.Wrapf(err, "getting builder OS") } + builderArch, err := bldr.Image().Architecture() + if err != nil { + return errors.Wrapf(err, "getting builder architecture") + } + mainBP, depBPs, err := c.buildpackDownloader.Download(ctx, config.URI, buildpack.DownloadOptions{ Daemon: !opts.Publish, ImageName: config.ImageName, - ImageOS: imageOS, + ImageOS: builderOS, + Platform: fmt.Sprintf("%s/%s", builderOS, builderArch), ModuleKind: kind, PullPolicy: opts.PullPolicy, RegistryName: opts.Registry, diff --git a/pkg/client/create_builder_test.go b/pkg/client/create_builder_test.go index 3b4cfc41e..ea0c95a93 100644 --- a/pkg/client/create_builder_test.go +++ b/pkg/client/create_builder_test.go @@ -843,12 +843,22 @@ func testCreateBuilder(t *testing.T, when spec.G, it spec.S) { buildpackBlob := blob.NewBlob(filepath.Join("testdata", "buildpack-api-0.4")) bp, err := buildpack.FromBuildpackRootBlob(buildpackBlob, archive.DefaultTarWriterFactory()) h.AssertNil(t, err) - mockBuildpackDownloader.EXPECT().Download(gomock.Any(), "https://example.fake/bp-one-with-api-4.tgz", gomock.Any()).Return(bp, bpDependencies, nil) + mockBuildpackDownloader.EXPECT().Download(gomock.Any(), "https://example.fake/bp-one-with-api-4.tgz", gomock.Any()).DoAndReturn( + func(ctx context.Context, buildpackURI string, opts buildpack.DownloadOptions) (buildpack.BuildModule, []buildpack.BuildModule, error) { + // test options + h.AssertEq(t, opts.Platform, "linux/amd64") + return bp, bpDependencies, nil + }) extensionBlob := blob.NewBlob(filepath.Join("testdata", "extension-api-0.9")) extension, err := buildpack.FromExtensionRootBlob(extensionBlob, archive.DefaultTarWriterFactory()) h.AssertNil(t, err) - mockBuildpackDownloader.EXPECT().Download(gomock.Any(), "https://example.fake/ext-one-with-api-9.tgz", gomock.Any()).Return(extension, nil, nil) + mockBuildpackDownloader.EXPECT().Download(gomock.Any(), "https://example.fake/ext-one-with-api-9.tgz", gomock.Any()).DoAndReturn( + func(ctx context.Context, buildpackURI string, opts buildpack.DownloadOptions) (buildpack.BuildModule, []buildpack.BuildModule, error) { + // test options + h.AssertEq(t, opts.Platform, "linux/amd64") + return extension, nil, nil + }) successfullyCreateDeterministicBuilder() From 97ed7b2460086eab95e92c487f9bfba3d85d9441 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 18 Oct 2023 22:50:55 +0000 Subject: [PATCH 3/7] build(deps): bump github.com/buildpacks/lifecycle from 0.17.1 to 0.17.2 Bumps [github.com/buildpacks/lifecycle](https://github.com/buildpacks/lifecycle) from 0.17.1 to 0.17.2. - [Release notes](https://github.com/buildpacks/lifecycle/releases) - [Changelog](https://github.com/buildpacks/lifecycle/blob/main/RELEASE.md) - [Commits](https://github.com/buildpacks/lifecycle/compare/v0.17.1...v0.17.2) --- updated-dependencies: - dependency-name: github.com/buildpacks/lifecycle dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Juan Bustamante --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index d4a8ecda6..833398d0e 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/Microsoft/go-winio v0.6.1 github.com/apex/log v1.9.0 github.com/buildpacks/imgutil v0.0.0-20230626185301-726f02e4225c - github.com/buildpacks/lifecycle v0.17.1 + github.com/buildpacks/lifecycle v0.17.2 github.com/docker/cli v24.0.6+incompatible github.com/docker/docker v24.0.6+incompatible github.com/docker/go-connections v0.4.0 diff --git a/go.sum b/go.sum index 14aae3e62..9c312db20 100644 --- a/go.sum +++ b/go.sum @@ -97,8 +97,8 @@ github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20230522190001- github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I= github.com/buildpacks/imgutil v0.0.0-20230626185301-726f02e4225c h1:HlRuSz+JGAzudNtNCfHIzXe0AEuHX6Vx8uZgmjvX02o= github.com/buildpacks/imgutil v0.0.0-20230626185301-726f02e4225c/go.mod h1:mBG5M3GJW5nknCEOOqtmMHyPYnSpw/5GEiciuYU/COw= -github.com/buildpacks/lifecycle v0.17.1 h1:sCNj83TH1YE8Z3+CKHoFx/HK+llCVF1RlQUbj3xdNBQ= -github.com/buildpacks/lifecycle v0.17.1/go.mod h1:WFzcNp1WG4bwgHuXtKxMg4tdU3AguL44ZlP3knANeVs= +github.com/buildpacks/lifecycle v0.17.2 h1:CfJYWHIC5v996idgjDamYHBTk+G+c1Qt7Yk80MlbWpw= +github.com/buildpacks/lifecycle v0.17.2/go.mod h1:h8MrqltqMM+HQnn2F2JOQaKWmeybZ54qvlNV3pAiAqw= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 h1:krfRl01rzPzxSxyLyrChD+U+MzsBXbm0OwYYB67uF+4= github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589/go.mod h1:OuDyvmLnMCwa2ep4Jkm6nyA0ocJuZlGyk2gGseVzERM= From 737d3e4c0bcc6a18ef811e7a2e0f07e66440bb2d Mon Sep 17 00:00:00 2001 From: Juan Bustamante Date: Thu, 26 Oct 2023 16:52:01 -0500 Subject: [PATCH 4/7] Updating default lifecycle version to 0.17.2 Signed-off-by: Juan Bustamante --- acceptance/testdata/pack_fixtures/report_output.txt | 2 +- internal/builder/lifecycle.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/acceptance/testdata/pack_fixtures/report_output.txt b/acceptance/testdata/pack_fixtures/report_output.txt index 58e3baa5d..beaae617b 100644 --- a/acceptance/testdata/pack_fixtures/report_output.txt +++ b/acceptance/testdata/pack_fixtures/report_output.txt @@ -2,7 +2,7 @@ Pack: Version: {{ .Version }} OS/Arch: {{ .OS }}/{{ .Arch }} -Default Lifecycle Version: 0.17.1 +Default Lifecycle Version: 0.17.2 Supported Platform APIs: 0.3, 0.4, 0.5, 0.6, 0.7, 0.8, 0.9, 0.10, 0.11, 0.12 diff --git a/internal/builder/lifecycle.go b/internal/builder/lifecycle.go index 318427902..6c3193d47 100644 --- a/internal/builder/lifecycle.go +++ b/internal/builder/lifecycle.go @@ -14,7 +14,7 @@ import ( // A snapshot of the latest tested lifecycle version values const ( - DefaultLifecycleVersion = "0.17.1" + DefaultLifecycleVersion = "0.17.2" DefaultBuildpackAPIVersion = "0.2" ) From fb7319ea88411be3ab4932d0dcde6c8db07a5d94 Mon Sep 17 00:00:00 2001 From: Ed Morley <501702+edmorley@users.noreply.github.com> Date: Fri, 27 Oct 2023 09:20:05 +0100 Subject: [PATCH 5/7] Group minor/patch version Go Dependabot updates into one PR Go minor/patch dependencies will now be grouped, using the new Dependabot grouping feature: https://github.blog/changelog/2023-08-17-grouped-version-updates-by-semantic-version-level-for-dependabot/ Major updates, as well as security updates will still be opened as separate PRs. I've not grouped GitHub Actions update PRs, since the volume is typically much lower for those. In addition, the schedule has been changed from daily to weekly. This reduces project maintenance toil (no more having to manually create combined update PRs), plus makes it less painful for contributors to subscribe to repository notifications (currently there is a lot of noise from Dependabot PRs being opened/auto-rebased etc). Signed-off-by: Ed Morley <501702+edmorley@users.noreply.github.com> --- .github/dependabot.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 393b765af..f1b8489ba 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,8 +4,13 @@ updates: - package-ecosystem: "gomod" directory: "/" schedule: - # Check for updates to GitHub Actions every weekday - interval: "daily" + interval: "weekly" + groups: + # Group all minor/patch go dependencies into a single PR. + go-dependencies: + update-types: + - "minor" + - "patch" labels: - "dependencies" - "go" @@ -15,8 +20,7 @@ updates: - package-ecosystem: "github-actions" directory: "/" schedule: - # Check for updates to GitHub Actions every weekday - interval: "daily" + interval: "weekly" labels: - "dependencies" - "github_actions" From 074586f43710a7fd4aebfaed1dd19329858282a0 Mon Sep 17 00:00:00 2001 From: Natalie Arellano Date: Fri, 27 Oct 2023 12:41:30 -0400 Subject: [PATCH 6/7] Add buildpacksio/pack:-base images to delivery Signed-off-by: Natalie Arellano --- .github/workflows/delivery-docker.yml | 26 +++++++++---------- .../workflows/delivery/docker/project.toml | 7 ----- Dockerfile | 6 ++--- 3 files changed, 16 insertions(+), 23 deletions(-) delete mode 100644 .github/workflows/delivery/docker/project.toml diff --git a/.github/workflows/delivery-docker.yml b/.github/workflows/delivery-docker.yml index 5db2c7e4b..10675f99d 100644 --- a/.github/workflows/delivery-docker.yml +++ b/.github/workflows/delivery-docker.yml @@ -16,12 +16,21 @@ on: default: false env: - BUILDER: "paketobuildpacks/builder-jammy-tiny" IMG_NAME: 'pack' USERNAME: 'buildpacksio' jobs: deliver-docker: + strategy: + matrix: + config: [tiny, base] + include: + - config: tiny + base_image: gcr.io/distroless/static + suffix: + - config: base + base_image: ubuntu:jammy + suffix: -base runs-on: ubuntu-latest steps: - name: Determine version @@ -42,16 +51,6 @@ jobs: uses: actions/checkout@v4 with: ref: v${{ steps.version.outputs.result }} - # This has to come after the first checkout, so it isn't clobbered - - name: Checkout delivery configuration - uses: actions/checkout@v4 - with: - path: ./head - - name: Setup Working Dir - shell: bash - run: | - rm project.toml || true - cp head/.github/workflows/delivery/docker/project.toml project.toml - name: Determine App Name run: 'echo "IMG_NAME=${{ env.USERNAME }}/${{ env.IMG_NAME }}" >> $GITHUB_ENV' - name: Login to Dockerhub @@ -65,12 +64,13 @@ jobs: - name: Buildx Build/Publish run: | docker buildx build . \ - --tag ${{ env.IMG_NAME }}:${{ steps.version.outputs.result }} \ + --tag ${{ env.IMG_NAME }}:${{ steps.version.outputs.result }}${{ matrix.suffix }} \ --platform linux/amd64,linux/arm64 \ --build-arg pack_version=${{ steps.version.outputs.result }} \ + --build-arg base_image=${{ matrix.base_image }} \ --provenance=false \ --push - name: Tag Image as Latest - if: ${{ github.event.release != '' || github.event.inputs.tag_latest }} + if: ${{ (github.event.release != '' || github.event.inputs.tag_latest) && matrix.config != 'base' }} run: | crane copy ${{ env.IMG_NAME }}:${{ steps.version.outputs.result }} ${{ env.IMG_NAME }}:latest diff --git a/.github/workflows/delivery/docker/project.toml b/.github/workflows/delivery/docker/project.toml deleted file mode 100644 index da9c5c982..000000000 --- a/.github/workflows/delivery/docker/project.toml +++ /dev/null @@ -1,7 +0,0 @@ -[project] -version = "1.0.2" -source-url = "https://github.com/buildpacks/pack" - -[[build.env]] -name = "BP_GO_TARGETS" -value = "./cmd/pack" diff --git a/Dockerfile b/Dockerfile index 70c75ed45..c81b2f0c0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,5 @@ +ARG base_image=gcr.io/distroless/static + FROM golang:1.20 as builder ARG pack_version ENV PACK_VERSION=$pack_version @@ -5,8 +7,6 @@ WORKDIR /app COPY . . RUN make build -FROM scratch +FROM ${base_image} COPY --from=builder /app/out/pack /usr/local/bin/pack -COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ -COPY --from=builder /tmp /tmp ENTRYPOINT [ "/usr/local/bin/pack" ] From 01fbd91d76a734dd1a5af22340d334b5500aaa11 Mon Sep 17 00:00:00 2001 From: Natalie Arellano Date: Mon, 30 Oct 2023 09:19:54 -0400 Subject: [PATCH 7/7] Add floating :base tag Signed-off-by: Natalie Arellano --- .github/workflows/delivery-docker.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/delivery-docker.yml b/.github/workflows/delivery-docker.yml index 10675f99d..c95619517 100644 --- a/.github/workflows/delivery-docker.yml +++ b/.github/workflows/delivery-docker.yml @@ -70,6 +70,10 @@ jobs: --build-arg base_image=${{ matrix.base_image }} \ --provenance=false \ --push + - name: Tag Image as Base + if: ${{ (github.event.release != '' || github.event.inputs.tag_latest) && matrix.config == 'base' }} + run: | + crane copy ${{ env.IMG_NAME }}:${{ steps.version.outputs.result }} ${{ env.IMG_NAME }}:base - name: Tag Image as Latest if: ${{ (github.event.release != '' || github.event.inputs.tag_latest) && matrix.config != 'base' }} run: |