ci: pin apk packages used in container base image

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
This commit is contained in:
Paul Meyer 2023-01-24 15:21:50 +01:00
parent b0a6db33fd
commit 88b4bc5857
3 changed files with 192 additions and 0 deletions

68
.github/workflows/package-hasher.yml vendored Normal file
View File

@ -0,0 +1,68 @@
name: Package hasher
on:
workflow_dispatch:
push:
branches:
- main
paths:
- ".github/workflows/package-hasher.yml"
- "hack/package-hasher/Containerfile.hasher.apk"
schedule:
- cron: "0 22 */3 * *" # every 3 days at 22:00 UTC
jobs:
hash:
runs-on: ubuntu-22.04
steps:
- name: Only run on main branch
if: github.ref != 'refs/heads/main'
run: |
echo "::error::This workflow only runs on the main branch"
exit 1
- name: Checkout Constellation
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Install oras
env:
ORAS_VERSION: 0.16.0
run: |
curl -fsSLO "https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_${ORAS_VERSION}_linux_amd64.tar.gz"
mkdir -p oras-install/
tar -zxf "oras_${ORAS_VERSION}_*.tar.gz" -C oras-install/
mv oras-install/oras /usr/local/bin/
rm -rf "oras_${ORAS_VERSION}_*.tar.gz" oras-install/
- name: Run apk hasher
env:
DOCKER_BUILDKIT: 1
run: docker build -o apko -f hack/package-hasher/Containerfile.apk.hasher .
- name: Upload apk packages to container registry content addressed storage
working-directory: apko/repository-apk
run: |
oras push \
-u ${{ github.actor }} \
-p ${{ secrets.GITHUB_TOKEN }} \
ghcr.io/edgelesssys/constellation/packages-apk:latest ./*.apk
- name: Remove apk packages
working-directory: apko
run: rm -rf repository-apk
- name: Create new PR
uses: peter-evans/create-pull-request@2b011faafdcbc9ceb11414d64d0573f37c774b04 # v4.2.3
with:
branch: ci/hasher/apk
title: "deps: update apk package hashes"
commit-message: "deps: update apk package hashes"
body: |
:robot: *This is an automated PR.* :robot:
This PR updates (the hashes of) apk packages. It is generated by the package-hasher workflow.
committer: edgelessci <edgelessci@users.noreply.github.com>
labels: dependencies
token: ${{ secrets.CI_GITHUB_REPOSITORY }}

97
apko/SHA256SUMS-apk-amd64 Normal file
View File

@ -0,0 +1,97 @@
948af973885559d30e7af8d435a5270f873160104ae6eb8578f0af1d74645b1f v3.17/main/x86_64/krb5-conf-1.0-r2.apk
2e951eaaf6d6f108df71428246856654c64f91c3ab0c41a815c35f663df73728 v3.17/main/x86_64/libcurl-7.87.0-r1.apk
a757df2384685f05d2d66a311475d18474fd9f41feadab36f1071704e3867910 v3.17/main/x86_64/glib-2.74.5-r0.apk
95f83a74e872b62360f6c6623a773e07a864e3313a127f57910caba368fed04b v3.17/community/x86_64/libvirt-libs-8.9.0-r4.apk
42f2618b35e9404d64f752c22f9cd2cb7a7d72328ceff4292b0a2a6be355fdc6 v3.17/main/x86_64/libffi-3.4.4-r0.apk
125c7f4c79671b98ed297515172be318943a6a35fa9f418b1ac49e2d689b07a2 v3.17/main/x86_64/libssl3-3.0.7-r2.apk
ecca312cb85b634352aef41f1561f3f3f262e85b57a620859df2d0cbe6972ded v3.17/main/x86_64/libtasn1-4.19.0-r0.apk
8f4177a26e25d9550e15cfa822cd1aa547c1168b0483483c1ea5614fce7bed46 v3.17/main/x86_64/libcrypto3-3.0.7-r2.apk
f9585399e58c15da6324f92e7ad92a757c01edb560e9c362ab4587c6158cd8e4 v3.17/main/x86_64/libverto-glib-0.3.2-r1.apk
455c58e9b66da6d7fe4b86cd9bab830e3963008b58bd87fe0e6b7aa05907af4c v3.17/main/x86_64/pkgconf-1.9.4-r0.apk
78e421c61e04405f4cf2e619f3f3322cf73c655c7e55a245a835f0dac6fb3b9f v3.17/main/x86_64/curl-7.87.0-r1.apk
27479b796bc8380af06dca70451ecd08c2ac87e0020b4352398535a7c8cf746e v3.17/main/x86_64/bsd-compat-headers-0.7.2-r3.apk
ba713024840265e1784a6bd3108b09fd3084925e32e5ed46e4f113d5981f5e4d v3.17/main/x86_64/libtirpc-dev-1.3.3-r0.apk
da8ff707e8430169696ea971175a9fbb76a3ad599e4399ead7998a4d0ddbf94f v3.17/main/x86_64/xz-libs-5.2.9-r0.apk
c1867e1f8bcdf1cee53b2e648a3f54f7f396c02b6e3131a445cc266962c5d5e0 v3.17/main/x86_64/libtirpc-conf-1.3.3-r0.apk
35a9efc76af2d2ef85c1768e6e9e87078d19e1f452e7173b0fa7e6e0d5fd63e8 v3.17/main/x86_64/libtirpc-1.3.3-r0.apk
3136d31832e74ac3fb53ec7f81dfdee5698a58ea72086533c4d1a82ceea5b72c v3.17/main/x86_64/fakeroot-1.29-r0.apk
90b29b27ce45dda7810f2a4a1b7aae08ca7714451872139ca531326ce86de27f v3.17/main/x86_64/brotli-libs-1.0.9-r9.apk
d1a3188b2e98957852418edbe5b32d816c428e34cd23f1003c99d4e52338ae1f v3.17/main/x86_64/alpine-keys-2.4-r1.apk
6c629bb064a357de1792f454bf7cca43d6d07ac88f1168addc49beaa7793c1b8 v3.17/main/x86_64/gawk-5.1.1-r1.apk
7b89c64c33bc978e73d7b35c9b7cd3ecffd9c599f7763035c212b3697adf89b6 v3.17/main/x86_64/ca-certificates-20220614-r4.apk
d3bd3c80ce21df5e525caab9b1bb96a1109c0524704e7dd7df93fdafe3d987a1 v3.17/main/x86_64/libcom_err-1.46.5-r4.apk
77342435302175fe0e9946d2b226d9d1a12e714849ddd7d4f421c93e63ca04f8 v3.17/main/x86_64/libcap2-2.66-r0.apk
8452b877c019221740dc13040c8bf314a05b43d23d73ee1833775bcd77c03dae v3.17/main/x86_64/busybox-binsh-1.35.0-r29.apk
9a8b03ad485f26e088f76e3787005c7437bbb4859ebd83261510d76845c6380e v3.17/main/x86_64/musl-obstack-1.2.3-r0.apk
eba236b90c510fe01e9ef0182e8dd671b30d4ceaade79f410da26dda22780afd v3.17/main/x86_64/openrc-0.45.2-r7.apk
68bd8ac9a65ac74957925229667362739455421b7e048f12b0c838814c8a3d23 v3.17/main/x86_64/krb5-server-ldap-1.20.1-r0.apk
f13865c26ebde846324dccea96d85f00a4a4d17338ff222e5cd80b8672e02247 v3.17/main/x86_64/gdbm-1.23-r0.apk
5c0be2a5a9bc708afe8dc94c9da40c66f4c22505d236ef163aa292a4cde159a6 v3.17/main/x86_64/libattr-2.5.1-r2.apk
2564f7bb9985495a12b30a283acd53ad1c5e742b405bba2a031581eaac94b8f9 v3.17/main/x86_64/lzip-1.23-r0.apk
6ca645108699bcbf917dfdf4fdfe4eb48e1f407ea048098709d20e865109ecfc v3.17/main/x86_64/libev-4.33-r0.apk
bdc90400c34b17772e2713154c3e4c34a8db37edace1e6dc8f07329eb09f4ac9 v3.17/main/x86_64/libintl-0.21.1-r1.apk
ede0b4fa32c44ed13ef23616856f173d6f9fd7de1787426e8009cbd04f03802d v3.17/main/x86_64/libnl3-3.7.0-r0.apk
b3ad8d88fdae82cb1bd350f84298059ac8287a2855136580b2828f75ef846c4b v3.17/main/x86_64/scanelf-1.3.5-r1.apk
a51399a9415101a98ffee5921fdf3fc24308c37e30cb4afe3c89ef9cf1da9bc7 v3.17/main/x86_64/krb5-libs-1.20.1-r0.apk
5a0730375e1f6d2f70d4385f9b63b0957024bd6e2a80dc784d066cf714362b07 v3.17/main/x86_64/libevent-2.1.12-r5.apk
9a60fb5126f84fabb1097bcb6d01bc0d298df8c362a69cd83178ae20d971cc38 v3.17/main/x86_64/attr-2.5.1-r2.apk
f2d4a6dce0cdcae4d3433d42c1abcf74deb1cb6cfe1330c08ef286f43ce8dc3c v3.17/main/x86_64/libucontext-1.2-r0.apk
166733b0a046d79914f413eea1b15479961d00bb2bebb93f1c8aa5dfe92a2311 v3.17/main/x86_64/libtirpc-nokrb-1.3.3-r0.apk
1a42c50ef0a1998b92bded41df051201dbc9cfc20fedbbb4b8b15e8fe1e11d99 v3.17/community/x86_64/libvirt-dev-8.9.0-r4.apk
7aa402e7e4c4de9059048935f2893ebe606c6ec057b59daf6fc198fbe1ffdc2a v3.17/main/x86_64/libmount-2.38.1-r1.apk
a84e314c5e4f63c391c1074f74063597b20e4a4eddae47064bd46a22b1ef8d87 v3.17/main/x86_64/krb5-dev-1.20.1-r0.apk
ed5b7c94e805c94306ec6411ddc1b2b67b94336b5b9a218967f4e55daad7313b v3.17/main/x86_64/busybox-suid-1.35.0-r29.apk
b1b3ac001c198712c2798ec70b8bb6245b06cdee342a4622f371f7df043ab82c v3.17/main/x86_64/libblkid-2.38.1-r1.apk
6c799e4779fb3cb018265293f1ba6047282cddd4a17312960ad695f8830f3a5b v3.17/main/x86_64/libc-utils-0.7.2-r3.apk
2a46230e00ba2e1c59c4d3dfc4bd74135d034191dc9fdf6606b3021c00efb5d3 v3.17/main/x86_64/mdev-conf-4.3-r0.apk
afcc0a285b823f73526c1995cf9ce71f91fc99ce0969a3494926df94e2589e68 v3.17/main/x86_64/ca-certificates-bundle-20220614-r4.apk
83dd5cc59510198067ba0e4db76208f669218469417b909f82c2f9fbb1e1f20a v3.17/main/x86_64/p11-kit-0.24.1-r1.apk
04f0a17f216e28f8d4f1351bb0dafb4798f39da6f8972d85c6da9dd118ed6ef7 v3.17/main/x86_64/gnutls-3.7.8-r2.apk
c0e98093cbf8c824ff490cad1a4ea0037c1ff6b0bcb7c7069acb03e4aaf021d3 v3.17/main/x86_64/abuild-3.10.0-r0.apk
2f380042d7e80f124291ffaeed21700af13fbf112866a4caa663226cc9ba3468 v3.17/main/x86_64/musl-utils-1.2.3-r4.apk
a39d435b6cea181f6513f5ee488034f814697c782c5958f81145600cf4755dbb v3.17/main/x86_64/alpine-conf-3.15.0-r0.apk
ff98cab12123a0729fb1f2815bfa9e1611e5567f06d85b340b85f55d89ffa9c6 v3.17/main/x86_64/alpine-baselayout-data-3.4.0-r0.apk
8731b00c9c091eb6a5e54c0c2582a5dfdc153f189efc9504e7130fc016489941 v3.17/main/x86_64/libsasl-2.1.28-r3.apk
1ab16d81c9e7b59c51692626ac58b55d779f40bca4313be3d591d56a873c9434 v3.17/main/x86_64/util-linux-dev-2.38.1-r1.apk
c5a2fe3a2f09f9d61d7c9f846c87f27896a36e3f1cb159aae1a3b355af959468 v3.17/main/x86_64/device-mapper-libs-2.03.17-r1.apk
ff4ad8bc76c05fcf45a4e0863e40d0050cd6fb850dea7e849f1371223c50d5d6 v3.17/main/x86_64/e2fsprogs-dev-1.46.5-r4.apk
e014f0cd42c14717faf791888303cd0283d69f1588e962d80dd942ac6c4ec4b9 v3.17/main/x86_64/tar-1.34-r1.apk
ceff279c448e9987e70a97a77fe57d84ff1eefd428345c525f2e21a00d1a54b4 v3.17/main/x86_64/ssl_client-1.35.0-r29.apk
81a7ce87cf47cc327488fd0c3259458135a7dcb45e4326e296e8b7d14dcfd950 v3.17/main/x86_64/cryptsetup-libs-2.5.0-r2.apk
0c083d8c3d2511e8387e487c83aaa429de5a76fbf0219404c3afde63b715d2a4 v3.17/main/x86_64/libfdisk-2.38.1-r1.apk
1e4149304c4acc0e93c72aadf8df0f4643aee35f0294bf2deae019cca1bf5085 v3.17/main/x86_64/pcre2-10.42-r0.apk
7349c446af97d7466d23373c634b129b05e10e243d36a5e1863a7d8808f97707 v3.17/main/x86_64/alpine-release-3.17.1-r0.apk
dc35929a53b3abaecb69b18dca79af25e38b8ab906aec5a912ec120b2cb4b731 v3.17/main/x86_64/zlib-1.2.13-r0.apk
d43569a2293a79ae7b7ee7d36f14b3f9893301a971e8534d104fa51a160b9607 v3.17/main/x86_64/libunistring-1.1-r0.apk
82874c31d2fc4aa5bb2c3e7240d419643c20c5740e1f2c91099b6f04aad200ad v3.17/main/x86_64/nghttp2-libs-1.51.0-r0.apk
f8aa5c5835ebe655d1dcdac3f702a807221df084a274112a0a72c7522e97f859 v3.17/main/x86_64/openssl-3.0.7-r2.apk
2a77f358c803ae9e2ec35ccf4906019df9b92d96c13e207d92ccabd13aec80eb v3.17/main/x86_64/musl-1.2.3-r4.apk
31db30def1c7d768d7656ff2a6a03550258675fdb9eedf9e0cf9dca999bd9273 v3.17/main/x86_64/patch-2.7.6-r8.apk
ac29bb040470e672d186c62bd9db5b7f0d29336b5992f024098a951754f43a22 v3.17/main/x86_64/apk-tools-2.12.10-r1.apk
adfebf5fc4004f1460f5971913fcca3ea3d6fa56412d32ffc48f191e336a1cc5 v3.17/main/x86_64/libcap-ng-0.8.3-r1.apk
a1060409c38e4d67e6ce67001108a35c2ade5a50cdff9c62fc555ef9a08717b9 v3.17/main/x86_64/libverto-libev-0.3.2-r1.apk
1786c38b65007a67aefac0af7add558b78b0d81d93c235370fbec7d6e11a34e2 v3.17/main/x86_64/e2fsprogs-libs-1.46.5-r4.apk
e67eeef6d97d10e3ef192ec7132134e0cc3b4166464f7b3e868db2ce690f079d v3.17/main/x86_64/cryptsetup-dev-2.5.0-r2.apk
862e8d30f9be1a41632c7c575fbc8f81199a5fda650bc47384422bc017e09c4d v3.17/main/x86_64/keyutils-libs-1.6.3-r1.apk
72c55bd08135fdb1aed79f2462e2e22c1cd3d7131d9ca5ea02c2f255474d67c3 v3.17/main/x86_64/argon2-libs-20190702-r2.apk
b11ee388df70b3d5ed5704190f19174927f6ffb30ac433555fe4a8fe0e2436ed v3.17/main/x86_64/alpine-base-3.17.1-r0.apk
935589dfe902b26cdbe09f54eb399ce2f5d6b5e13eb994de36abb495e4843df5 v3.17/main/x86_64/yajl-2.1.0-r5.apk
fee7860a5a1cb324bfe5ee4b5a68e834d57862743f062183681443e3387951da v3.17/main/x86_64/libverto-libevent-0.3.2-r1.apk
3f922d7d8dafdae6710d9d8bdc96eb72ed4d0a8192b39eda797034e00f38263e v3.17/main/x86_64/alpine-baselayout-3.4.0-r0.apk
8d7d1689b8abc539c81b286c8a5b8f3ebe7411b8f51fc07e5238b812ea7098bd v3.17/main/x86_64/json-c-0.16-r2.apk
c727fa15838b10908282453e3869081d3e93298dc6b55d45a4c3a48a89a676eb v3.17/main/x86_64/libsmartcols-2.38.1-r1.apk
3013bcbddf3ff9eb812791a2e87fc2a0b72910cfd415590d21faa96d3bbbf1bc v3.17/main/x86_64/libuuid-2.38.1-r1.apk
b51a7d5da574c6ecd2fc8bb711ea8d47e29875f0eb66ce6dc47f5fe53deeda47 v3.17/main/x86_64/gmp-6.2.1-r2.apk
b6f3592eb4fa228a8221f2b405cedbfe8fcadef07a7903a57d8e460af753fe48 v3.17/main/x86_64/nettle-3.8.1-r0.apk
697fa2e3c66699f33e011a61ec1857938c00709e2626822b0f42548bec942e28 v3.17/main/x86_64/busybox-1.35.0-r29.apk
8cf71d3c953a5fc83493e01dbe03ce893fad44eba87a606c8cb8a161159a02c1 v3.17/main/x86_64/libverto-dev-0.3.2-r1.apk
353f5caae4a1bcc06a0b44e540e5cec4740216482ec727121fd309ccfa150bf6 v3.17/main/x86_64/libldap-2.6.3-r6.apk
17af2d1ba520e8bf31c39f4756786ebe84faf89be852bc874f4adf56296ed896 v3.17/main/x86_64/libacl-2.3.1-r1.apk
495a88687dbc7a63e44c6555f1b6aca6ba80f772d359623f4da5edc362afae08 v3.17/main/x86_64/libstdc++-12.2.1_git20220924-r4.apk
f8239d8d4e8961e76e2e95caf9b6d2d89816b6f2562f7551aa8eb26c2268c6d6 v3.17/main/x86_64/busybox-openrc-1.35.0-r29.apk
0d5bc88d04d7da3ad800f4dcaee4b7876c9c6ff3d2537a7b3471e4f488b5a5f0 v3.17/main/x86_64/libxml2-2.10.3-r1.apk
c3f9bbfa11f8fedc1fd62e06b0bc8f0d6edabc05bc06e80ad25fc5799b0da20a v3.17/community/x86_64/gcompat-1.1.0-r0.apk
b413e1c8b38b53fb83ecc7b75a227aa7b520a9dac80f0d7c1fc912bc56416c2a v3.17/main/x86_64/busybox-mdev-openrc-1.35.0-r29.apk
2c0282ec5c2d78fe94b1e0ab676d6fe675e6656796b8a92e29ce4b17234add6a v3.17/main/x86_64/libgcc-12.2.1_git20220924-r4.apk
736d8808f17603015b7766e0f88c703451cba97d987dfd1c92ceed7b55ecf24d v3.17/main/x86_64/ifupdown-ng-0.12.1-r1.apk
f401d78b65a5067ef396c93a56950a87fa1b1fe3e1770489021f5924db7b10b0 v3.17/main/x86_64/libverto-0.3.2-r1.apk

View File

@ -0,0 +1,27 @@
# syntax=docker/dockerfile:1.5-labs
FROM alpine:3.17.1@sha256:93d5a28ff72d288d69b5997b8ba47396d2cbb62a72b5d87cd3351094b5d578a0 as builder
ADD --checksum=sha256:11968a8b706095a081ac30168849b351b0263a6df5c224119aa914d7e5afb0c1 \
https://github.com/reproducible-containers/repro-get/releases/download/v0.3.0/repro-get-v0.3.0.linux-amd64 \
/usr/bin/repro-get
RUN chmod +x /usr/bin/repro-get
RUN apk update && apk add \
alpine-base \
cryptsetup-dev \
gcompat \
libvirt-dev \
abuild
WORKDIR /out
# Dump the hashes of the installed packages
RUN repro-get hash generate > SHA256SUMS
# Export the apks
RUN repro-get cache export repository-apk
FROM scratch as output
COPY --from=builder /out/SHA256SUMS SHA256SUMS-apk-amd64
COPY --from=builder /out/repository-apk repository-apk