Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package apko for openSUSE:Factory checked in
at 2025-02-13 18:39:10
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apko (Old)
and /work/SRC/openSUSE:Factory/.apko.new.8181 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apko"
Thu Feb 13 18:39:10 2025 rev:36 rq:1245531 version:0.25.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/apko/apko.changes 2025-01-31
16:05:16.358097786 +0100
+++ /work/SRC/openSUSE:Factory/.apko.new.8181/apko.changes 2025-02-13
18:39:17.836789584 +0100
@@ -1,0 +2,37 @@
+Thu Feb 13 06:17:28 UTC 2025 - opensuse_buildserv...@ojkastl.de
+
+- Update to version 0.25.0:
+ * spdx: explain SHA1 usage (#1501)
+ * Consider already selected packages during solve (#1406)
+ * build(deps): bump github.com/go-git/go-git/v5 from 5.13.1 to
+ 5.13.2 (#1491)
+ * build(deps): bump golang.org/x/sys from 0.29.0 to 0.30.0
+ (#1511)
+ * build(deps): bump golang.org/x/sync from 0.10.0 to 0.11.0
+ (#1510)
+ * build(deps): bump github.com/chainguard-dev/clog from 1.5.1 to
+ 1.6.1 (#1500)
+ * move some unnecessary logs to debug (#1522)
+ * build(deps): bump golang.org/x/time from 0.9.0 to 0.10.0
+ (#1509)
+ * build(deps): bump go.step.sm/crypto from 0.57.0 to 0.57.1
+ (#1504)
+ * build(deps): bump chainguard.dev/sdk from 0.1.29 to 0.1.31
+ (#1498)
+ * build(deps): bump docker/setup-qemu-action from 3.3.0 to 3.4.0
+ (#1515)
+ * build(deps): bump github.com/sigstore/cosign/v2 from 2.4.1 to
+ 2.4.2 (#1517)
+ * build(deps): bump golangci/golangci-lint-action from 6.3.0 to
+ 6.3.2 (#1521)
+ * clean up ci permissions and update golangci-lint (#1523)
+ * build(deps): bump goreleaser/goreleaser-action from 6.1.0 to
+ 6.2.1 (#1520)
+ * build(deps): bump google.golang.org/api from 0.217.0 to 0.220.0
+ (#1514)
+ * build(deps): bump sigstore/cosign-installer from 3.7.0 to 3.8.0
+ (#1513)
+ * build(deps): bump golangci/golangci-lint-action from 6.2.0 to
+ 6.3.0 (#1512)
+
+-------------------------------------------------------------------
Old:
----
apko-0.24.0.obscpio
New:
----
apko-0.25.0.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apko.spec ++++++
--- /var/tmp/diff_new_pack.SBVdrZ/_old 2025-02-13 18:39:18.616821896 +0100
+++ /var/tmp/diff_new_pack.SBVdrZ/_new 2025-02-13 18:39:18.616821896 +0100
@@ -17,7 +17,7 @@
Name: apko
-Version: 0.24.0
+Version: 0.25.0
Release: 0
Summary: Build OCI images from APK packages directly without Dockerfile
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.SBVdrZ/_old 2025-02-13 18:39:18.660823718 +0100
+++ /var/tmp/diff_new_pack.SBVdrZ/_new 2025-02-13 18:39:18.664823884 +0100
@@ -3,7 +3,7 @@
<param name="url">https://github.com/chainguard-dev/apko</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v0.24.0</param>
+ <param name="revision">v0.25.0</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.SBVdrZ/_old 2025-02-13 18:39:18.696825210 +0100
+++ /var/tmp/diff_new_pack.SBVdrZ/_new 2025-02-13 18:39:18.700825375 +0100
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/chainguard-dev/apko</param>
- <param
name="changesrevision">2668cf55135b756d3b19771deb5c6dc3b26a5233</param></service></servicedata>
+ <param
name="changesrevision">d47f064ae3c32dce4fb8f60ad288ac1664805373</param></service></servicedata>
(No newline at EOF)
++++++ apko-0.24.0.obscpio -> apko-0.25.0.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.24.0/.github/workflows/build-samples.yml
new/apko-0.25.0/.github/workflows/build-samples.yml
--- old/apko-0.24.0/.github/workflows/build-samples.yml 2025-01-31
00:07:05.000000000 +0100
+++ new/apko-0.25.0/.github/workflows/build-samples.yml 2025-02-12
22:02:32.000000000 +0100
@@ -7,6 +7,8 @@
branches: [ "main" ]
workflow_dispatch:
+permissions: {}
+
jobs:
# Build a single-arch nginx image for each arch.
build-nginx-on-all-arches:
@@ -31,7 +33,7 @@
go-version-file: 'go.mod'
check-latest: true
- name: Setup QEMU
- uses:
docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0
+ uses:
docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0
- run: |
make apko
./apko build ./examples/nginx.yaml nginx:build /tmp/nginx-${{
matrix.arch }}.tar --arch ${{ matrix.arch }}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.24.0/.github/workflows/build.yaml
new/apko-0.25.0/.github/workflows/build.yaml
--- old/apko-0.24.0/.github/workflows/build.yaml 2025-01-31
00:07:05.000000000 +0100
+++ new/apko-0.25.0/.github/workflows/build.yaml 2025-02-12
22:02:32.000000000 +0100
@@ -6,6 +6,8 @@
push:
branches: [ "main" ]
+permissions: {}
+
jobs:
build:
name: build
@@ -32,7 +34,7 @@
./apko version
- name: Setup cosign (needed in CI tests)
- uses:
sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
+ uses:
sigstore/cosign-installer@c56c2d3e59e4281cc41dea2217323ba5694b171e # v3.8.0
- name: Setup crane (needed in CI tests)
uses: imjasonh/setup-crane@31b88efe9de28ae0ffa220711af4b60be9435f6e #
v0.4
@@ -41,7 +43,7 @@
run: |
make ci
- - uses:
goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v2.8.1
+ - uses:
goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v2.8.1
with:
install-only: true
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.24.0/.github/workflows/codeql.yml
new/apko-0.25.0/.github/workflows/codeql.yml
--- old/apko-0.24.0/.github/workflows/codeql.yml 2025-01-31
00:07:05.000000000 +0100
+++ new/apko-0.25.0/.github/workflows/codeql.yml 2025-02-12
22:02:32.000000000 +0100
@@ -19,6 +19,8 @@
schedule:
- cron: '36 8 * * 6'
+permissions: {}
+
jobs:
analyze:
name: Analyze (${{ matrix.language }})
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.24.0/.github/workflows/go-tests.yaml
new/apko-0.25.0/.github/workflows/go-tests.yaml
--- old/apko-0.24.0/.github/workflows/go-tests.yaml 2025-01-31
00:07:05.000000000 +0100
+++ new/apko-0.25.0/.github/workflows/go-tests.yaml 2025-02-12
22:02:32.000000000 +0100
@@ -6,6 +6,8 @@
pull_request:
branches: [ "main" ]
+permissions: {}
+
jobs:
test:
runs-on: ubuntu-latest
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.24.0/.github/workflows/release.yaml
new/apko-0.25.0/.github/workflows/release.yaml
--- old/apko-0.24.0/.github/workflows/release.yaml 2025-01-31
00:07:05.000000000 +0100
+++ new/apko-0.25.0/.github/workflows/release.yaml 2025-02-12
22:02:32.000000000 +0100
@@ -6,6 +6,8 @@
tags:
- 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
+permissions: {}
+
jobs:
cli:
# Only release CLI for tagged releases
@@ -29,9 +31,9 @@
go-version-file: 'go.mod'
check-latest: true
- - uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da
# v3.7.0
+ - uses: sigstore/cosign-installer@c56c2d3e59e4281cc41dea2217323ba5694b171e
# v3.8.0
- - uses:
goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v2.8.1
+ - uses:
goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v2.8.1
with:
install-only: true
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.24.0/.github/workflows/verify.yaml
new/apko-0.25.0/.github/workflows/verify.yaml
--- old/apko-0.24.0/.github/workflows/verify.yaml 2025-01-31
00:07:05.000000000 +0100
+++ new/apko-0.25.0/.github/workflows/verify.yaml 2025-02-12
22:02:32.000000000 +0100
@@ -6,6 +6,8 @@
pull_request:
branches: [ "main" ]
+permissions: {}
+
jobs:
golangci:
name: lint
@@ -22,9 +24,9 @@
check-latest: true
- name: golangci-lint
- uses:
golangci/golangci-lint-action@ec5d18412c0aeab7936cb16880d708ba2a64e1ae # v6.2.0
+ uses:
golangci/golangci-lint-action@051d91933864810ecd5e2ea2cfd98f6a5bca5347 # v6.3.2
with:
- version: v1.61
+ version: v1.63
- run: |
make generate
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.24.0/.gitignore new/apko-0.25.0/.gitignore
--- old/apko-0.24.0/.gitignore 2025-01-31 00:07:05.000000000 +0100
+++ new/apko-0.25.0/.gitignore 2025-02-12 22:02:32.000000000 +0100
@@ -23,3 +23,5 @@
# SBOM outputs from apko
sbom-*
+
+.DS_Store
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.24.0/examples/abseil-regression.yaml
new/apko-0.25.0/examples/abseil-regression.yaml
--- old/apko-0.24.0/examples/abseil-regression.yaml 1970-01-01
01:00:00.000000000 +0100
+++ new/apko-0.25.0/examples/abseil-regression.yaml 2025-02-12
22:02:32.000000000 +0100
@@ -0,0 +1,13 @@
+# This was very slow once.
+contents:
+ keyring:
+ - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
+ repositories:
+ - https://packages.wolfi.dev/os
+
+ packages:
+ - abseil-cpp-dev
+ - pkgconf
+
+archs:
+- arm64
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.24.0/go.mod new/apko-0.25.0/go.mod
--- old/apko-0.24.0/go.mod 2025-01-31 00:07:05.000000000 +0100
+++ new/apko-0.25.0/go.mod 2025-02-12 22:02:32.000000000 +0100
@@ -3,10 +3,10 @@
go 1.23.4
require (
- chainguard.dev/sdk v0.1.29
- github.com/chainguard-dev/clog v1.5.1
+ chainguard.dev/sdk v0.1.31
+ github.com/chainguard-dev/clog v1.6.1
github.com/charmbracelet/log v0.4.0
- github.com/go-git/go-git/v5 v5.13.1
+ github.com/go-git/go-git/v5 v5.13.2
github.com/google/go-cmp v0.6.0
github.com/google/go-containerregistry v0.20.3
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
@@ -17,7 +17,7 @@
github.com/klauspost/pgzip v1.2.6
github.com/package-url/packageurl-go v0.1.3
github.com/psanford/memfs v0.0.0-20230130182539-4dbf7e3e865e
- github.com/sigstore/cosign/v2 v2.4.1
+ github.com/sigstore/cosign/v2 v2.4.2
github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966
github.com/spf13/cobra v1.8.1
github.com/stretchr/testify v1.10.0
@@ -26,27 +26,27 @@
go.lsp.dev/uri v0.3.0
go.opentelemetry.io/otel v1.34.0
go.opentelemetry.io/otel/trace v1.34.0
- go.step.sm/crypto v0.57.0
+ go.step.sm/crypto v0.57.1
golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f
- golang.org/x/sync v0.10.0
- golang.org/x/sys v0.29.0
- golang.org/x/time v0.9.0
- google.golang.org/api v0.217.0
+ golang.org/x/sync v0.11.0
+ golang.org/x/sys v0.30.0
+ golang.org/x/time v0.10.0
+ google.golang.org/api v0.220.0
gopkg.in/ini.v1 v1.67.0
gopkg.in/yaml.v3 v3.0.1
k8s.io/apimachinery v0.32.1
- sigs.k8s.io/release-utils v0.9.0
+ sigs.k8s.io/release-utils v0.11.0
)
require (
chainguard.dev/go-grpc-kit v0.17.7 // indirect
- cloud.google.com/go/auth v0.14.0 // indirect
+ cloud.google.com/go/auth v0.14.1 // indirect
cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect
cloud.google.com/go/compute/metadata v0.6.0 // indirect
dario.cat/mergo v1.0.1 // indirect
filippo.io/edwards25519 v1.1.0 // indirect
github.com/Microsoft/go-winio v0.6.2 // indirect
- github.com/ProtonMail/go-crypto v1.1.3 // indirect
+ github.com/ProtonMail/go-crypto v1.1.5 // indirect
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 //
indirect
github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
github.com/bahlo/generic-list-go v0.2.0 // indirect
@@ -73,7 +73,7 @@
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/go-chi/chi v4.1.2+incompatible // indirect
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
- github.com/go-git/go-billy/v5 v5.6.1 // indirect
+ github.com/go-git/go-billy/v5 v5.6.2 // indirect
github.com/go-jose/go-jose/v3 v3.0.3 // indirect
github.com/go-jose/go-jose/v4 v4.0.4 // indirect
github.com/go-logfmt/logfmt v0.6.0 // indirect
@@ -110,7 +110,7 @@
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mattn/go-runewidth v0.0.15 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
- github.com/mitchellh/mapstructure v1.5.0 // indirect
+ github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c
// indirect
github.com/moby/docker-image-spec v1.3.1 // indirect
github.com/muesli/reflow v0.3.0 // indirect
github.com/muesli/termenv v0.15.2 // indirect
@@ -119,23 +119,23 @@
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.1.0 // indirect
github.com/pierrec/lz4/v4 v4.1.21 // indirect
- github.com/pjbgf/sha1cd v0.3.0 // indirect
+ github.com/pjbgf/sha1cd v0.3.2 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 //
indirect
github.com/prometheus/client_golang v1.20.5 // indirect
github.com/prometheus/client_model v0.6.1 // indirect
- github.com/prometheus/common v0.60.1 // indirect
+ github.com/prometheus/common v0.62.0 // indirect
github.com/prometheus/procfs v0.15.1 // indirect
github.com/rivo/uniseg v0.4.7 // indirect
github.com/sassoftware/relic v7.2.1+incompatible // indirect
- github.com/secure-systems-lab/go-securesystemslib v0.8.0 // indirect
+ github.com/secure-systems-lab/go-securesystemslib v0.9.0 // indirect
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 //
indirect
- github.com/sigstore/protobuf-specs v0.3.2 // indirect
- github.com/sigstore/rekor v1.3.6 // indirect
- github.com/sigstore/sigstore v1.8.10 // indirect
+ github.com/sigstore/protobuf-specs v0.4.0 // indirect
+ github.com/sigstore/rekor v1.3.9 // indirect
+ github.com/sigstore/sigstore v1.8.12 // indirect
github.com/sirupsen/logrus v1.9.3 // indirect
github.com/skeema/knownhosts v1.3.0 // indirect
- github.com/spf13/pflag v1.0.5 // indirect
+ github.com/spf13/pflag v1.0.6 // indirect
github.com/theupdateframework/go-tuf v0.7.0 // indirect
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 //
indirect
github.com/u-root/uio v0.0.0-20240209044354-b3d14b93376a // indirect
@@ -144,8 +144,8 @@
github.com/xanzy/ssh-agent v0.3.3 // indirect
go.mongodb.org/mongo-driver v1.14.0 // indirect
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
-
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
v0.57.0 // indirect
- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0
// indirect
+
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
v0.58.0 // indirect
+ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0
// indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 // indirect
go.opentelemetry.io/otel/metric v1.34.0 // indirect
go.opentelemetry.io/proto/otlp v1.4.0 // indirect
@@ -157,10 +157,10 @@
golang.org/x/oauth2 v0.25.0 // indirect
golang.org/x/term v0.28.0 // indirect
golang.org/x/text v0.21.0 // indirect
- google.golang.org/genproto/googleapis/api
v0.0.0-20241209162323-e6fa225c2576 // indirect
- google.golang.org/genproto/googleapis/rpc
v0.0.0-20250106144421-5f5ef82da422 // indirect
- google.golang.org/grpc v1.69.4 // indirect
- google.golang.org/protobuf v1.36.3 // indirect
+ google.golang.org/genproto/googleapis/api
v0.0.0-20250115164207-1a7da9e5054f // indirect
+ google.golang.org/genproto/googleapis/rpc
v0.0.0-20250127172529-29210b9bc287 // indirect
+ google.golang.org/grpc v1.70.0 // indirect
+ google.golang.org/protobuf v1.36.4 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
gotest.tools/v3 v3.5.1 // indirect
)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.24.0/go.sum new/apko-0.25.0/go.sum
--- old/apko-0.24.0/go.sum 2025-01-31 00:07:05.000000000 +0100
+++ new/apko-0.25.0/go.sum 2025-02-12 22:02:32.000000000 +0100
@@ -1,10 +1,10 @@
chainguard.dev/go-grpc-kit v0.17.7
h1:TqHua7er5k8m6WM96y0Tm7IoLLkuZ5vh3+5SR1gruKg=
chainguard.dev/go-grpc-kit v0.17.7/go.mod
h1:JroMzTY9mdhKe/bvtyChgfECaNh80+bMZH3HS+TGXHw=
-chainguard.dev/sdk v0.1.29 h1:GNcCw5NoyvylhlUbVD8JMmrPaeYyrshaHHjEWnvcCGI=
-chainguard.dev/sdk v0.1.29/go.mod
h1:DqywTjZ5glB/gUCKkrecO0LywyfcAd5v7IPo2+d91qA=
+chainguard.dev/sdk v0.1.31 h1:Blvpa0Ji/tC1VVV8/l8UyQe022LoRxZLfgasyFE1EhQ=
+chainguard.dev/sdk v0.1.31/go.mod
h1:/zqikqbDCBAAlhIDuBl8V4bR9nmB1qLEIn2w9FxzNwI=
cloud.google.com/go v0.26.0/go.mod
h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go/auth v0.14.0
h1:A5C4dKV/Spdvxcl0ggWwWEzzP7AZMJSEIgrkngwhGYM=
-cloud.google.com/go/auth v0.14.0/go.mod
h1:CYsoRL1PdiDuqeQpZE0bP2pnPrGqFcOkI0nldEQis+A=
+cloud.google.com/go/auth v0.14.1
h1:AwoJbzUdxA/whv1qj3TLKwh3XX5sikny2fc40wUl+h0=
+cloud.google.com/go/auth v0.14.1/go.mod
h1:4JHUxlGXisL0AW8kXPtUF6ztuOksyfUQNFjfsOCXkPM=
cloud.google.com/go/auth/oauth2adapt v0.2.7
h1:/Lc7xODdqcEw8IrZ9SvwnlLX6j9FHQM74z6cBk9Rw6M=
cloud.google.com/go/auth/oauth2adapt v0.2.7/go.mod
h1:NTbTTzfvPl1Y3V1nPpOgl2w6d/FjO7NNUQaWSox6ZMc=
cloud.google.com/go/compute/metadata v0.6.0
h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I=
@@ -13,14 +13,14 @@
dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
filippo.io/edwards25519 v1.1.0/go.mod
h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
-github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161
h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
-github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod
h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
+github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c
h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
+github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod
h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
github.com/BurntSushi/toml v0.3.1/go.mod
h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/Microsoft/go-winio v0.5.2/go.mod
h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
github.com/Microsoft/go-winio v0.6.2
h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
github.com/Microsoft/go-winio v0.6.2/go.mod
h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
-github.com/ProtonMail/go-crypto v1.1.3
h1:nRBOetoydLeUb4nHajyO2bKqMLfWQ/ZPwkXqXxPxCFk=
-github.com/ProtonMail/go-crypto v1.1.3/go.mod
h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
+github.com/ProtonMail/go-crypto v1.1.5
h1:eoAQfK2dwL+tFSFpr7TbOaPNUbPiJj4fLYwwGE1FQO4=
+github.com/ProtonMail/go-crypto v1.1.5/go.mod
h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be
h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod
h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5
h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
@@ -44,8 +44,8 @@
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod
h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/cespare/xxhash/v2 v2.3.0
h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
github.com/cespare/xxhash/v2 v2.3.0/go.mod
h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/chainguard-dev/clog v1.5.1
h1:LeFeVlxiicswuTevtaXc0MXH1zV1iWkbg+H8iUuBTtQ=
-github.com/chainguard-dev/clog v1.5.1/go.mod
h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs=
+github.com/chainguard-dev/clog v1.6.1
h1:CeOhEqKQsO/QMESgOTqv/miI27P1eNcgGgL7uiofOvU=
+github.com/chainguard-dev/clog v1.6.1/go.mod
h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs=
github.com/charmbracelet/lipgloss v0.10.0
h1:KWeXFSexGcfahHX+54URiZGkBFazf70JNMtwg/AFW3s=
github.com/charmbracelet/lipgloss v0.10.0/go.mod
h1:Wig9DSfvANsxqkRsqj6x87irdy123SR4dOXlKa91ciE=
github.com/charmbracelet/log v0.4.0
h1:G9bQAcx8rWA2T3pWvx7YtPTPwgqpk7D68BX21IRW8ZM=
@@ -85,8 +85,8 @@
github.com/docker/go-units v0.5.0/go.mod
h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
github.com/dustin/go-humanize v1.0.1
h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
github.com/dustin/go-humanize v1.0.1/go.mod
h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
-github.com/elazarl/goproxy v1.2.3
h1:xwIyKHbaP5yfT6O9KIeYJR5549MXRQkoQMRXGztz8YQ=
-github.com/elazarl/goproxy v1.2.3/go.mod
h1:YfEbZtqP4AetfO6d40vWchF3znWX7C7Vd6ZMfdL8z64=
+github.com/elazarl/goproxy v1.4.0
h1:4GyuSbFa+s26+3rmYNSuUVsx+HgPrV1bk1jXI0l9wjM=
+github.com/elazarl/goproxy v1.4.0/go.mod
h1:X/5W/t+gzDyLfHW4DrMdpjqYjpXsURlBt9lpBDxZZZQ=
github.com/emirpasic/gods v1.18.1
h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
github.com/emirpasic/gods v1.18.1/go.mod
h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
github.com/envoyproxy/go-control-plane v0.9.0/go.mod
h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@@ -103,12 +103,12 @@
github.com/go-chi/chi v4.1.2+incompatible/go.mod
h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ=
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376
h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod
h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
-github.com/go-git/go-billy/v5 v5.6.1
h1:u+dcrgaguSSkbjzHwelEjc0Yj300NUevrrPphk/SoRA=
-github.com/go-git/go-billy/v5 v5.6.1/go.mod
h1:0AsLr1z2+Uksi4NlElmMblP5rPcDZNRCD8ujZCRR2BE=
+github.com/go-git/go-billy/v5 v5.6.2
h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UNbRM=
+github.com/go-git/go-billy/v5 v5.6.2/go.mod
h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU=
github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399
h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
github.com/go-git/go-git-fixtures/v4
v4.3.2-0.20231010084843-55a94097c399/go.mod
h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
-github.com/go-git/go-git/v5 v5.13.1
h1:DAQ9APonnlvSWpvolXWIuV6Q6zXy2wHbN4cVlNR5Q+M=
-github.com/go-git/go-git/v5 v5.13.1/go.mod
h1:qryJB4cSBoq3FRoBRf5A77joojuBcmPJ0qu3XXXVixc=
+github.com/go-git/go-git/v5 v5.13.2
h1:7O7xvsK7K+rZPKW6AQR1YyNhfywkv7B8/FsP3ki6Zv0=
+github.com/go-git/go-git/v5 v5.13.2/go.mod
h1:hWdW5P4YZRjmpGHwRH2v3zkWcNl6HeXaXQEMGb3NJ9A=
github.com/go-jose/go-jose/v3 v3.0.3
h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k=
github.com/go-jose/go-jose/v3 v3.0.3/go.mod
h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=
github.com/go-jose/go-jose/v4 v4.0.4
h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E=
@@ -236,12 +236,12 @@
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod
h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/mitchellh/go-homedir v1.1.0
h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
github.com/mitchellh/go-homedir v1.1.0/go.mod
h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/mapstructure v1.5.0
h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
-github.com/mitchellh/mapstructure v1.5.0/go.mod
h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c
h1:cqn374mizHuIWj+OSJCajGr/phAmuMug9qIX3l9CflE=
+github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c/go.mod
h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/moby/docker-image-spec v1.3.1
h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
github.com/moby/docker-image-spec v1.3.1/go.mod
h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
-github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
-github.com/moby/term v0.5.0/go.mod
h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
+github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=
+github.com/moby/term v0.5.2/go.mod
h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=
github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
github.com/morikuni/aec v1.0.0/go.mod
h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
github.com/muesli/reflow v0.3.0 h1:IFsN6K9NfGtjeggFP+68I4chLZV2yIKsXJFNZ+eWh6s=
@@ -263,8 +263,8 @@
github.com/package-url/packageurl-go v0.1.3/go.mod
h1:nKAWB8E6uk1MHqiS/lQb9pYBGH2+mdJ2PJc2s50dQY0=
github.com/pierrec/lz4/v4 v4.1.21
h1:yOVMLb6qSIDP67pl/5F7RepeKYu/VmTyEXvuMI5d9mQ=
github.com/pierrec/lz4/v4 v4.1.21/go.mod
h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
-github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
-github.com/pjbgf/sha1cd v0.3.0/go.mod
h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI=
+github.com/pjbgf/sha1cd v0.3.2 h1:a9wb0bp1oC2TGwStyn0Umc/IGKQnEgF0vVaZ8QF8eo4=
+github.com/pjbgf/sha1cd v0.3.2/go.mod
h1:zQWigSxVmsHEZow5qaLtPYxpcKMMQpa09ixqBxuCS6A=
github.com/pkg/errors v0.8.1/go.mod
h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod
h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -280,8 +280,8 @@
github.com/prometheus/client_model v0.6.1
h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
github.com/prometheus/client_model v0.6.1/go.mod
h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod
h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.60.1
h1:FUas6GcOw66yB/73KC+BOZoFJmbo/1pojoILArPAaSc=
-github.com/prometheus/common v0.60.1/go.mod
h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw=
+github.com/prometheus/common v0.62.0
h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io=
+github.com/prometheus/common v0.62.0/go.mod
h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I=
github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod
h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.15.1
h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
github.com/prometheus/procfs v0.15.1/go.mod
h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
@@ -291,23 +291,23 @@
github.com/rivo/uniseg v0.2.0/go.mod
h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
github.com/rivo/uniseg v0.4.7/go.mod
h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
-github.com/rogpeppe/go-internal v1.13.1
h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
-github.com/rogpeppe/go-internal v1.13.1/go.mod
h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
+github.com/rogpeppe/go-internal v1.13.2-0.20241226121412-a5dc8ff20d0a
h1:w3tdWGKbLGBPtR/8/oO74W6hmz0qE5q0z9aqSAewaaM=
+github.com/rogpeppe/go-internal v1.13.2-0.20241226121412-a5dc8ff20d0a/go.mod
h1:S8kfXMp+yh77OxPD4fdM6YUknrZpQxLhvxzS4gDHENY=
github.com/russross/blackfriday/v2 v2.1.0/go.mod
h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/sassoftware/relic v7.2.1+incompatible
h1:Pwyh1F3I0r4clFJXkSI8bOyJINGqpgjJU3DYAZeI05A=
github.com/sassoftware/relic v7.2.1+incompatible/go.mod
h1:CWfAxv73/iLZ17rbyhIEq3K9hs5w6FpNMdUT//qR+zk=
-github.com/secure-systems-lab/go-securesystemslib v0.8.0
h1:mr5An6X45Kb2nddcFlbmfHkLguCE9laoZCUzEEpIZXA=
-github.com/secure-systems-lab/go-securesystemslib v0.8.0/go.mod
h1:UH2VZVuJfCYR8WgMlCU1uFsOUU+KeyrTWcSS73NBOzU=
+github.com/secure-systems-lab/go-securesystemslib v0.9.0
h1:rf1HIbL64nUpEIZnjLZ3mcNEL9NBPB0iuVjyxvq3LZc=
+github.com/secure-systems-lab/go-securesystemslib v0.9.0/go.mod
h1:DVHKMcZ+V4/woA/peqr+L0joiRXbPpQ042GgJckkFgw=
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3
h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8=
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod
h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
-github.com/sigstore/cosign/v2 v2.4.1
h1:b8UXEfJFks3hmTwyxrRNrn6racpmccUycBHxDMkEPvU=
-github.com/sigstore/cosign/v2 v2.4.1/go.mod
h1:GvzjBeUKigI+XYnsoVQDmMAsMMc6engxztRSuxE+x9I=
-github.com/sigstore/protobuf-specs v0.3.2
h1:nCVARCN+fHjlNCk3ThNXwrZRqIommIeNKWwQvORuRQo=
-github.com/sigstore/protobuf-specs v0.3.2/go.mod
h1:RZ0uOdJR4OB3tLQeAyWoJFbNCBFrPQdcokntde4zRBA=
-github.com/sigstore/rekor v1.3.6
h1:QvpMMJVWAp69a3CHzdrLelqEqpTM3ByQRt5B5Kspbi8=
-github.com/sigstore/rekor v1.3.6/go.mod
h1:JDTSNNMdQ/PxdsS49DJkJ+pRJCO/83nbR5p3aZQteXc=
-github.com/sigstore/sigstore v1.8.10
h1:r4t+TYzJlG9JdFxMy+um9GZhZ2N1hBTyTex0AHEZxFs=
-github.com/sigstore/sigstore v1.8.10/go.mod
h1:BekjqxS5ZtHNJC4u3Q3Stvfx2eyisbW/lUZzmPU2u4A=
+github.com/sigstore/cosign/v2 v2.4.2
h1:6say+Sp8QS4EE217siehDOylnZRwP9p8NSdHpZHOz20=
+github.com/sigstore/cosign/v2 v2.4.2/go.mod
h1:nlFhNmoUCqpTLa2YSoudJnm1r8JijCN1YCZYnrC42Ds=
+github.com/sigstore/protobuf-specs v0.4.0
h1:yoZbdh0kZYKOSiVbYyA8J3f2wLh5aUk2SQB7LgAfIdU=
+github.com/sigstore/protobuf-specs v0.4.0/go.mod
h1:FKW5NYhnnFQ/Vb9RKtQk91iYd0MKJ9AxyqInEwU6+OI=
+github.com/sigstore/rekor v1.3.9
h1:sUjRpKVh/hhgqGMs0t+TubgYsksArZ6poLEC3MsGAzU=
+github.com/sigstore/rekor v1.3.9/go.mod
h1:xThNUhm6eNEmkJ/SiU/FVU7pLY2f380fSDZFsdDWlcM=
+github.com/sigstore/sigstore v1.8.12
h1:S8xMVZbE2z9ZBuQUEG737pxdLjnbOIcFi5v9UFfkJFc=
+github.com/sigstore/sigstore v1.8.12/go.mod
h1:+PYQAa8rfw0QdPpBcT+Gl3egKD9c+TUgAlF12H3Nmjo=
github.com/sirupsen/logrus v1.4.2/go.mod
h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
github.com/sirupsen/logrus v1.7.0/go.mod
h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/sirupsen/logrus v1.9.3
h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
@@ -320,8 +320,9 @@
github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod
h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc=
github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
github.com/spf13/cobra v1.8.1/go.mod
h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
github.com/spf13/pflag v1.0.5/go.mod
h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
+github.com/spf13/pflag v1.0.6/go.mod
h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/stretchr/objx v0.1.0/go.mod
h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.1.1/go.mod
h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.2.2/go.mod
h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
@@ -355,10 +356,10 @@
go.mongodb.org/mongo-driver v1.14.0/go.mod
h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c=
go.opentelemetry.io/auto/sdk v1.1.0
h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
go.opentelemetry.io/auto/sdk v1.1.0/go.mod
h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
v0.57.0 h1:qtFISDHKolvIxzSs0gIaiPUPR0Cucb0F2coHC7ZLdps=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
v0.57.0/go.mod h1:Y+Pop1Q6hCOnETWTW4NROK/q1hv50hM7yDaUTjG8lp8=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0
h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod
h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
v0.58.0 h1:PS8wXpbyaDJQ2VDHHncMe9Vct0Zn1fEjpsjrLxGJoSc=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
v0.58.0/go.mod h1:HDBUsEjOuRC0EzKZ1bSaRGZWUBAzo+MhAcUUORSr4D0=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0
h1:CV7UdSGJt/Ao6Gp4CXckLxVRRsRgDHoI8XjbL3PDl8s=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0/go.mod
h1:FRmFuRJfag1IZ2dPkHnEoSFVgTVPUd2qf5Vi69hLb8I=
go.opentelemetry.io/otel v1.34.0
h1:zRLXxLCgL1WyKsPVrgbSdMN4c0FMkDAskSTQP+0hdUY=
go.opentelemetry.io/otel v1.34.0/go.mod
h1:OWFPOQ+h4G8xpyjgqo4SxJYdDQ/qmRH+wivy7zzx9oI=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0
h1:Vh5HayB/0HHfOQA7Ctx69E/Y/DcQSMPpKANYVMQ7fBA=
@@ -367,16 +368,16 @@
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0/go.mod
h1:wAy0T/dUbs468uOlkT31xjvqQgEVXv58BRFWEgn5v/0=
go.opentelemetry.io/otel/metric v1.34.0
h1:+eTR3U0MyfWjRDhmFMxe2SsW64QrZ84AOhvqS7Y+PoQ=
go.opentelemetry.io/otel/metric v1.34.0/go.mod
h1:CEDrp0fy2D0MvkXE+dPV7cMi8tWZwX3dmaIhwPOaqHE=
-go.opentelemetry.io/otel/sdk v1.33.0
h1:iax7M131HuAm9QkZotNHEfstof92xM+N8sr3uHXc2IM=
-go.opentelemetry.io/otel/sdk v1.33.0/go.mod
h1:A1Q5oi7/9XaMlIWzPSxLRWOI8nG3FnzHJNbiENQuihM=
-go.opentelemetry.io/otel/sdk/metric v1.31.0
h1:i9hxxLJF/9kkvfHppyLL55aW7iIJz4JjxTeYusH7zMc=
-go.opentelemetry.io/otel/sdk/metric v1.31.0/go.mod
h1:CRInTMVvNhUKgSAMbKyTMxqOBC0zgyxzW55lZzX43Y8=
+go.opentelemetry.io/otel/sdk v1.34.0
h1:95zS4k/2GOy069d321O8jWgYsW3MzVV+KuSPKp7Wr1A=
+go.opentelemetry.io/otel/sdk v1.34.0/go.mod
h1:0e/pNiaMAqaykJGKbi+tSjWfNNHMTxoC9qANsCzbyxU=
+go.opentelemetry.io/otel/sdk/metric v1.32.0
h1:rZvFnvmvawYb0alrYkjraqJq0Z4ZUJAiyYCU9snn1CU=
+go.opentelemetry.io/otel/sdk/metric v1.32.0/go.mod
h1:PWeZlq0zt9YkYAp3gjKZ0eicRYvOh1Gd+X99x6GHpCQ=
go.opentelemetry.io/otel/trace v1.34.0
h1:+ouXS2V8Rd4hp4580a8q23bg0azF2nI8cqLYnC8mh/k=
go.opentelemetry.io/otel/trace v1.34.0/go.mod
h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE=
go.opentelemetry.io/proto/otlp v1.4.0
h1:TA9WRvW6zMwP+Ssb6fLoUIuirti1gGbP28GcKG1jgeg=
go.opentelemetry.io/proto/otlp v1.4.0/go.mod
h1:PPBWZIP98o2ElSqI35IHfu7hIhSwvc5N38Jw8pXuGFY=
-go.step.sm/crypto v0.57.0 h1:YjoRQDaJYAxHLVwjst0Bl0xcnoKzVwuHCJtEo2VSHYU=
-go.step.sm/crypto v0.57.0/go.mod
h1:+Lwp5gOVPaTa3H/Ul/TzGbxQPXZZcKIUGMS0lG6n9Go=
+go.step.sm/crypto v0.57.1 h1:bt7ugfc0m2/nJ9/uhQOtXRW3xQr8zJwL087FLQk9mvc=
+go.step.sm/crypto v0.57.1/go.mod
h1:wL25/Mh7edmo36AA93hf9agP493Zt3y4QBzB1wzwOjc=
go.uber.org/atomic v1.7.0/go.mod
h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
go.uber.org/goleak v1.1.10/go.mod
h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
@@ -434,8 +435,8 @@
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
-golang.org/x/sync v0.10.0/go.mod
h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
+golang.org/x/sync v0.11.0/go.mod
h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod
h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod
h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod
h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -454,8 +455,8 @@
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
-golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod
h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod
h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
@@ -472,8 +473,8 @@
golang.org/x/text v0.14.0/go.mod
h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
golang.org/x/text v0.21.0/go.mod
h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
-golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/time v0.10.0 h1:3usCWA8tQn0L8+hFJQNgzpWbd89begxN66o1Ojdn5L4=
+golang.org/x/time v0.10.0/go.mod
h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod
h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod
h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod
h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -492,27 +493,27 @@
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.217.0 h1:GYrUtD289o4zl1AhiTZL0jvQGa2RDLyC+kX1N/lfGOU=
-google.golang.org/api v0.217.0/go.mod
h1:qMc2E8cBAbQlRypBTBWHklNJlaZZJBwDv81B1Iu8oSI=
+google.golang.org/api v0.220.0 h1:3oMI4gdBgB72WFVwE1nerDD8W3HUOS4kypK6rRLbGns=
+google.golang.org/api v0.220.0/go.mod
h1:26ZAlY6aN/8WgpCzjPNy18QpYaz7Zgg1h0qe1GkZEmY=
google.golang.org/appengine v1.1.0/go.mod
h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod
h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod
h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod
h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod
h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576
h1:CkkIfIt50+lT6NHAVoRYEyAvQGFM7xEwXUUywFvEb3Q=
-google.golang.org/genproto/googleapis/api
v0.0.0-20241209162323-e6fa225c2576/go.mod
h1:1R3kvZ1dtP3+4p4d3G8uJ8rFk/fWlScl38vanWACI08=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422
h1:3UsHvIr4Wc2aW4brOaSCmcxh9ksica6fHEr8P1XhkYw=
-google.golang.org/genproto/googleapis/rpc
v0.0.0-20250106144421-5f5ef82da422/go.mod
h1:3ENsm/5D1mzDyhpzeRi1NR784I0BcofWBoSc5QqqMK4=
+google.golang.org/genproto/googleapis/api v0.0.0-20250115164207-1a7da9e5054f
h1:gap6+3Gk41EItBuyi4XX/bp4oqJ3UwuIMl25yGinuAA=
+google.golang.org/genproto/googleapis/api
v0.0.0-20250115164207-1a7da9e5054f/go.mod
h1:Ic02D47M+zbarjYYUlK57y316f2MoN0gjAwI3f2S95o=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250127172529-29210b9bc287
h1:J1H9f+LEdWAfHcez/4cvaVBox7cOYT+IU6rgqj5x++8=
+google.golang.org/genproto/googleapis/rpc
v0.0.0-20250127172529-29210b9bc287/go.mod
h1:8BS3B93F/U1juMFq9+EDk+qOT5CO1R9IzXxG3PTqiRk=
google.golang.org/grpc v1.18.0/go.mod
h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
google.golang.org/grpc v1.19.0/go.mod
h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.23.0/go.mod
h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.25.1/go.mod
h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
google.golang.org/grpc v1.27.0/go.mod
h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
google.golang.org/grpc v1.29.1/go.mod
h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
-google.golang.org/grpc v1.69.4 h1:MF5TftSMkd8GLw/m0KM6V8CMOCY6NZ1NQDPGFgbTt4A=
-google.golang.org/grpc v1.69.4/go.mod
h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4=
-google.golang.org/protobuf v1.36.3
h1:82DV7MYdb8anAVi3qge1wSnMDrnKK7ebr+I0hHRN1BU=
-google.golang.org/protobuf v1.36.3/go.mod
h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/grpc v1.70.0 h1:pWFv03aZoHzlRKHWicjsZytKAiYCtNS0dHbXnIdq7jQ=
+google.golang.org/grpc v1.70.0/go.mod
h1:ofIJqVKDXx/JiXrwr2IG4/zwdH9txy3IlF40RmcJSQw=
+google.golang.org/protobuf v1.36.4
h1:6A3ZDJHn/eNqc1i+IdefRzy/9PokBTPvcqMySR7NNIM=
+google.golang.org/protobuf v1.36.4/go.mod
h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod
h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod
h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod
h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -536,5 +537,5 @@
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod
h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
k8s.io/apimachinery v0.32.1 h1:683ENpaCBjma4CYqsmZyhEzrGz6cjn1MY/X2jB2hkZs=
k8s.io/apimachinery v0.32.1/go.mod
h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
-sigs.k8s.io/release-utils v0.9.0
h1:+JYA8E5YXzVj2Eh929woeRn1U82vLUQbpqKsgZPEmEo=
-sigs.k8s.io/release-utils v0.9.0/go.mod
h1:xZoCJyajMJ0wtgGXWuznbC1r9dw7iJzMp/+dCkf1UGw=
+sigs.k8s.io/release-utils v0.11.0
h1:FUVSw2dO67M7mfcQx9AITEGnTHoBOdJNbbQ3FT3o8mA=
+sigs.k8s.io/release-utils v0.11.0/go.mod
h1:wAlXz8xruzvqZUsorI64dZ3lbkiDnYSlI4IYC6l2yEA=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.24.0/internal/cli/build.go
new/apko-0.25.0/internal/cli/build.go
--- old/apko-0.24.0/internal/cli/build.go 2025-01-31 00:07:05.000000000
+0100
+++ new/apko-0.25.0/internal/cli/build.go 2025-02-12 22:02:32.000000000
+0100
@@ -206,7 +206,7 @@
ic.Archs = types.AllArchs
}
// save the final set we will build
- log.Infof("Building images for %d architectures: %+v", len(ic.Archs),
ic.Archs)
+ log.Debugf("Building images for %d architectures: %+v", len(ic.Archs),
ic.Archs)
// Probe the VCS URL if it is not set and we are asked to do so.
if o.WithVCS && ic.VCSUrl == "" {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.24.0/pkg/apk/apk/implementation.go
new/apko-0.25.0/pkg/apk/apk/implementation.go
--- old/apko-0.24.0/pkg/apk/apk/implementation.go 2025-01-31
00:07:05.000000000 +0100
+++ new/apko-0.25.0/pkg/apk/apk/implementation.go 2025-02-12
22:02:32.000000000 +0100
@@ -851,6 +851,7 @@
rc := retryablehttp.NewClient()
rc.HTTPClient = client
+ rc.Logger = clog.FromContext(ctx)
discoveryResponse, err := rc.StandardClient().Do(discoveryRequest)
if err != nil {
return nil, fmt.Errorf("failed to perform key discovery: %w",
err)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.24.0/pkg/apk/apk/repo.go
new/apko-0.25.0/pkg/apk/apk/repo.go
--- old/apko-0.24.0/pkg/apk/apk/repo.go 2025-01-31 00:07:05.000000000 +0100
+++ new/apko-0.25.0/pkg/apk/apk/repo.go 2025-02-12 22:02:32.000000000 +0100
@@ -105,7 +105,7 @@
ctx, span := otel.Tracer("go-apk").Start(ctx, "SetRepositories")
defer span.End()
- clog.InfoContextf(ctx, "setting apk repositories: %v", repos)
+ clog.DebugContextf(ctx, "setting apk repositories: %v", repos)
if len(repos) == 0 {
return fmt.Errorf("must provide at least one repository")
@@ -203,6 +203,9 @@
indexes []NamedIndex
nameMap map[string][]*repositoryPackage
installIfMap map[string][]*repositoryPackage // contains any package
that should be installed if the named package is installed
+
+ // Short-circuit providers we have already selected.
+ selected map[string]*RepositoryPackage
}
// Clone returns a copy of PkgResolver.
@@ -211,6 +214,7 @@
indexes: p.indexes,
nameMap: maps.Clone(p.nameMap),
installIfMap: maps.Clone(p.installIfMap),
+ selected: map[string]*RepositoryPackage{},
}
}
@@ -234,7 +238,8 @@
installIfMap = map[string][]*repositoryPackage{}
)
p := &PkgResolver{
- indexes: indexes,
+ indexes: indexes,
+ selected: map[string]*RepositoryPackage{},
}
// create a map of every package by name and version to its
RepositoryPackage
@@ -383,6 +388,35 @@
}
}
+func (p *PkgResolver) pick(pkg *RepositoryPackage) error {
+ if conflict, ok := p.selected[pkg.Name]; ok {
+ // Trying to re-select the same thing is fine actually.
+ if conflict == pkg {
+ return nil
+ }
+
+ return fmt.Errorf("selecting package %s conflicts with %s on
%q", pkg.Filename(), conflict.Filename(), pkg.Name)
+ }
+
+ p.selected[pkg.Name] = pkg
+
+ for _, prov := range pkg.Provides {
+ constraint := cachedResolvePackageNameVersionPin(prov)
+ if conflict, ok := p.selected[constraint.name]; ok {
+ return fmt.Errorf("selecting package %s conflicts with
%s on %q", pkg.Filename(), conflict.Filename(), constraint.name)
+ }
+
+ // We don't care about virtuals, actually.
+ if constraint.version == "" {
+ continue
+ }
+
+ p.selected[constraint.name] = pkg
+ }
+
+ return nil
+}
+
func (p *PkgResolver) disqualify(dq map[*RepositoryPackage]string, pkg
*RepositoryPackage, reason string) {
dq[pkg] = reason
@@ -452,7 +486,7 @@
// GetPackagesWithDependencies get all of the dependencies for the given
packages based on the
// indexes. Does not filter for installed already or not.
func (p *PkgResolver) GetPackagesWithDependencies(ctx context.Context,
packages []string, allArchs map[string][]NamedIndex) (toInstall
[]*RepositoryPackage, conflicts []string, err error) {
- _, span := otel.Tracer("go-apk").Start(ctx,
"GetPackageWithDependencies")
+ _, span := otel.Tracer("go-apk").Start(ctx,
"GetPackagesWithDependencies")
defer span.End()
// Tracks all the packages we have disqualified and the reason we
disqualified them.
@@ -494,10 +528,11 @@
// now get the dependencies for each package
for _, pkgName := range packages {
- pkg, deps, confs, err := p.GetPackageWithDependencies(pkgName,
dependenciesMap, dq)
+ pkg, deps, confs, err := p.GetPackageWithDependencies(ctx,
pkgName, dependenciesMap, dq)
if err != nil {
return toInstall, nil, &ConstraintError{pkgName, err}
}
+
for _, dep := range deps {
if _, ok := installTracked[dep.Name]; !ok {
toInstall = append(toInstall, dep)
@@ -527,7 +562,7 @@
// Requires the existing set because the logic for resolving dependencies
between competing
// options may depend on whether or not one already is installed.
// Must not modify the existing map directly.
-func (p *PkgResolver) GetPackageWithDependencies(pkgName string, existing
map[string]*RepositoryPackage, dq map[*RepositoryPackage]string)
(*RepositoryPackage, []*RepositoryPackage, []string, error) {
+func (p *PkgResolver) GetPackageWithDependencies(ctx context.Context, pkgName
string, existing map[string]*RepositoryPackage, dq
map[*RepositoryPackage]string) (*RepositoryPackage, []*RepositoryPackage,
[]string, error) {
parents := make(map[string]bool)
localExisting := make(map[string]*RepositoryPackage, len(existing))
existingOrigins := map[string]bool{}
@@ -544,10 +579,11 @@
}
pin := cachedResolvePackageNameVersionPin(pkgName).pin
- deps, conflicts, err := p.getPackageDependencies(pkg, pin, true,
parents, localExisting, existingOrigins, dq)
+ deps, conflicts, err := p.getPackageDependencies(ctx, pkg, pin,
parents, localExisting, existingOrigins, dq)
if err != nil {
return nil, nil, nil, &DepError{pkg, err}
}
+
// eliminate duplication in dependencies
added := make(map[string]*RepositoryPackage, len(deps))
dependencies := make([]*RepositoryPackage, 0, len(deps))
@@ -672,7 +708,10 @@
// It might change the order of install.
// In other words, this _should_ be a DAG (acyclical), but because the packages
// are just listing dependencies in text, it might be cyclical. We need to be
careful of that.
-func (p *PkgResolver) getPackageDependencies(pkg *RepositoryPackage, allowPin
string, allowSelfFulfill bool, parents map[string]bool, existing
map[string]*RepositoryPackage, existingOrigins map[string]bool, dq
map[*RepositoryPackage]string) (dependencies []*RepositoryPackage, conflicts
[]string, err error) {
+func (p *PkgResolver) getPackageDependencies(ctx context.Context, pkg
*RepositoryPackage, allowPin string, parents map[string]bool, existing
map[string]*RepositoryPackage, existingOrigins map[string]bool, dq
map[*RepositoryPackage]string) (dependencies []*RepositoryPackage, conflicts
[]string, err error) {
+ if err := ctx.Err(); err != nil {
+ return nil, nil, context.Cause(ctx)
+ }
// check if the package we are checking is one of our parents, avoid
cyclical graphs
if _, ok := parents[pkg.Name]; ok {
return nil, nil, nil
@@ -715,7 +754,7 @@
continue
}
- if allowSelfFulfill && pkg.Name == name {
+ if pkg.Name == name {
var (
actualVersion, requiredVersion Version
err1, err2 error
@@ -733,6 +772,30 @@
}
}
+ if picked, ok := p.selected[name]; ok {
+ if version == "" {
+ // If we don't care which version, and
we've already selected something, fantastic.
+ continue
+ }
+
+ actualVersion, err :=
cachedParseVersion(picked.Version)
+ if err != nil {
+ return nil, nil, err
+ }
+ requiredVersion, err :=
cachedParseVersion(version)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ // We do care which version and they match.
+ if compare.satisfies(actualVersion,
requiredVersion) {
+ continue
+ }
+
+ // We already selected something to satisfy
"name" and it does not match the "version" we need now.
+ return nil, nil, fmt.Errorf("we already
selected %q=%q which conflicts with %q=%q", picked.Name, picked.Version, name,
version)
+ }
+
// first see if it is a name of a package
depPkgWithVersions, ok := p.nameMap[name]
if !ok {
@@ -793,7 +856,12 @@
childParents[k] = true
}
childParents[pkg.Name] = true
- subDeps, confs, err := p.getPackageDependencies(depPkg,
allowPin, true, childParents, existing, existingOrigins, dq)
+
+ if err := p.pick(pkg); err != nil {
+ return nil, nil, err
+ }
+
+ subDeps, confs, err := p.getPackageDependencies(ctx, depPkg,
allowPin, childParents, existing, existingOrigins, dq)
if err != nil {
return nil, nil, &ConstraintError{name,
&DepError{depPkg, err}}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.24.0/pkg/apk/apk/repo_test.go
new/apko-0.25.0/pkg/apk/apk/repo_test.go
--- old/apko-0.24.0/pkg/apk/apk/repo_test.go 2025-01-31 00:07:05.000000000
+0100
+++ new/apko-0.25.0/pkg/apk/apk/repo_test.go 2025-02-12 22:02:32.000000000
+0100
@@ -128,7 +128,7 @@
a.SetClient(&http.Client{
Transport: &testLocalTransport{root: testPrimaryPkgDir,
basenameOnly: true},
})
- indexes, err := a.GetRepositoryIndexes(context.TODO(), false)
+ indexes, err := a.GetRepositoryIndexes(context.Background(),
false)
require.NoErrorf(t, err, "unable to get indexes")
require.Greater(t, len(indexes), 0, "no indexes found")
})
@@ -137,7 +137,7 @@
a.SetClient(&http.Client{
Transport: &testLocalTransport{root:
testRSA256IndexPkgDir, basenameOnly: true},
})
- indexes, err := a.GetRepositoryIndexes(context.TODO(), false)
+ indexes, err := a.GetRepositoryIndexes(context.Background(),
false)
require.NoErrorf(t, err, "unable to get indexes")
require.Greater(t, len(indexes), 0, "no indexes found")
})
@@ -149,7 +149,7 @@
a.SetClient(&http.Client{
Transport: &testLocalTransport{fail: true},
})
- _, err := a.GetRepositoryIndexes(context.TODO(), false)
+ _, err := a.GetRepositoryIndexes(context.Background(), false)
require.Error(t, err, "should fail when no cache and no
network")
})
t.Run("we can fetch, but do not cache indices without etag", func(t
*testing.T) {
@@ -161,7 +161,7 @@
a.SetClient(&http.Client{
Transport: &testLocalTransport{root: testPrimaryPkgDir,
basenameOnly: true},
})
- indexes, err := a.GetRepositoryIndexes(context.TODO(), false)
+ indexes, err := a.GetRepositoryIndexes(context.Background(),
false)
require.NoErrorf(t, err, "unable to get indexes")
require.Greater(t, len(indexes), 0, "no indexes found")
@@ -189,7 +189,7 @@
},
},
})
- indexes, err := a.GetRepositoryIndexes(context.TODO(), false)
+ indexes, err := a.GetRepositoryIndexes(context.Background(),
false)
require.NoErrorf(t, err, "unable to get indexes")
require.Greater(t, len(indexes), 0, "no indexes found")
// check that the contents are the same
@@ -227,7 +227,7 @@
Transport: &testLocalTransport{root: testPrimaryPkgDir,
basenameOnly: true, headers:
map[string][]string{http.CanonicalHeaderKey("etag"): {testEtag}}},
})
// Use the client to fill the cache.
- indexes, err := a.GetRepositoryIndexes(context.TODO(), false)
+ indexes, err := a.GetRepositoryIndexes(context.Background(),
false)
require.NoErrorf(t, err, "unable to get indexes")
require.Greater(t, len(indexes), 0, "no indexes found")
// Capture the initial index.
@@ -238,7 +238,7 @@
a.SetClient(&http.Client{
Transport: &testLocalTransport{root:
testAlternatePkgDir, basenameOnly: true, headers:
map[string][]string{http.CanonicalHeaderKey("etag"): {testEtag}}},
})
- indexes, err = a.GetRepositoryIndexes(context.TODO(), false)
+ indexes, err = a.GetRepositoryIndexes(context.Background(),
false)
require.NoErrorf(t, err, "unable to get indexes")
require.Greater(t, len(indexes), 0, "no indexes found")
// Capture the resulting index.
@@ -259,7 +259,7 @@
Transport: &testLocalTransport{root: testPrimaryPkgDir,
basenameOnly: true, headers:
map[string][]string{http.CanonicalHeaderKey("etag"): {testEtag}}},
})
// Use the client to fill the cache.
- indexes, err := a.GetRepositoryIndexes(context.TODO(), false)
+ indexes, err := a.GetRepositoryIndexes(context.Background(),
false)
require.NoErrorf(t, err, "unable to get indexes")
require.Greater(t, len(indexes), 0, "no indexes found")
// Capture the initial index.
@@ -272,7 +272,7 @@
Transport: &testLocalTransport{root:
testAlternatePkgDir, basenameOnly: true, headers:
map[string][]string{http.CanonicalHeaderKey("etag"): {testEtag + "change"}}},
})
- indexes, err = a.GetRepositoryIndexes(context.TODO(), false)
+ indexes, err = a.GetRepositoryIndexes(context.Background(),
false)
require.NoErrorf(t, err, "unable to get indexes")
require.Greater(t, len(indexes), 0, "no indexes found")
// Capture the resulting index.
@@ -297,7 +297,7 @@
headers:
map[string][]string{http.CanonicalHeaderKey("etag"): {fmt.Sprint(i)}},
},
})
- indexes, err :=
a.GetRepositoryIndexes(context.TODO(), false)
+ indexes, err :=
a.GetRepositoryIndexes(context.Background(), false)
require.NoErrorf(t, err, "unable to get
indexes")
require.Greater(t, len(indexes), 0, "no indexes
found")
return nil
@@ -594,7 +594,7 @@
_, index := testGetPackagesAndIndex()
resolver := NewPkgResolver(context.Background(),
testNamedRepositoryFromIndexes(index))
- _, pkgs, _, err :=
resolver.GetPackageWithDependencies("package1", nil,
map[*RepositoryPackage]string{})
+ _, pkgs, _, err :=
resolver.GetPackageWithDependencies(context.Background(), "package1", nil,
map[*RepositoryPackage]string{})
require.NoErrorf(t, err, "unable to get dependencies")
actual := make([]string, 0, len(pkgs))
@@ -609,7 +609,7 @@
_, index := testGetPackagesAndIndex()
resolver := NewPkgResolver(context.Background(),
testNamedRepositoryFromIndexes(index))
- _, pkgs, _, err :=
resolver.GetPackageWithDependencies("package3", nil,
map[*RepositoryPackage]string{})
+ _, pkgs, _, err :=
resolver.GetPackageWithDependencies(context.Background(), "package3", nil,
map[*RepositoryPackage]string{})
require.NoErrorf(t, err, "unable to get dependencies")
actual := make([]string, 0, len(pkgs))
@@ -618,34 +618,6 @@
}
require.True(t, reflect.DeepEqual(expected, actual),
"dependencies mismatch:\nactual %v\nexpect %v", actual, expected)
})
- t.Run("self-fulfill", func(t *testing.T) {
- _, index := testGetPackagesAndIndex()
-
- resolver := NewPkgResolver(context.Background(),
testNamedRepositoryFromIndexes(index))
- pkg6, err := resolver.ResolvePackage("package6",
map[*RepositoryPackage]string{})
- require.NoErrorf(t, err, "unable to resolve package6")
- require.GreaterOrEqual(t, len(pkg6), 1, "package6 should have
at least one match")
- tests := []struct {
- name string
- expected []string
- allow bool
- }{
- {"allowed", []string{"package5"}, true},
- {"not allowed", []string{"package6", "package5"},
false},
- }
- for _, tt := range tests {
- t.Run(tt.name, func(t *testing.T) {
- deps, _, err :=
resolver.getPackageDependencies(pkg6[0], "", tt.allow, nil, nil, nil,
map[*RepositoryPackage]string{})
- require.NoErrorf(t, err, "unable to get
dependencies")
-
- actual := make([]string, 0, len(deps))
- for _, p := range deps {
- actual = append(actual, p.Name)
- }
- require.True(t, reflect.DeepEqual(tt.expected,
actual), "dependencies mismatch:\nactual %v\nexpect %v", actual, tt.expected)
- })
- }
- })
t.Run("existing dependency", func(t *testing.T) {
origPkgs, index := testGetPackagesAndIndex()
resolver := NewPkgResolver(context.Background(),
testNamedRepositoryFromIndexes(index))
@@ -653,7 +625,7 @@
// start with regular resolution, just to compare
expectedName := "package5"
expectedVersion := "2.0.0" // highest version
- _, pkgs, _, err :=
resolver.GetPackageWithDependencies("package9", nil,
map[*RepositoryPackage]string{})
+ _, pkgs, _, err :=
resolver.GetPackageWithDependencies(context.Background(), "package9", nil,
map[*RepositoryPackage]string{})
require.NoErrorf(t, err, "unable to get dependencies")
require.Len(t, pkgs, 1, "package9 should have one dependency,
%s", expectedName)
require.Equal(t, expectedName, pkgs[0].Name)
@@ -669,7 +641,7 @@
break
}
}
- _, pkgs, _, err =
resolver.GetPackageWithDependencies("package9", existingPkgs,
map[*RepositoryPackage]string{})
+ _, pkgs, _, err =
resolver.GetPackageWithDependencies(context.Background(), "package9",
existingPkgs, map[*RepositoryPackage]string{})
require.NoErrorf(t, err, "unable to get dependencies")
require.Len(t, pkgs, 1, "package9 should have one dependency,
%s", expectedName)
require.Equal(t, expectedName, pkgs[0].Name)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.24.0/pkg/build/oci/publish.go
new/apko-0.25.0/pkg/build/oci/publish.go
--- old/apko-0.24.0/pkg/build/oci/publish.go 2025-01-31 00:07:05.000000000
+0100
+++ new/apko-0.25.0/pkg/build/oci/publish.go 2025-02-12 22:02:32.000000000
+0100
@@ -56,9 +56,7 @@
if err != nil {
return name.Digest{}, err
}
- if strings.HasPrefix(localSrcTag.Name(), fmt.Sprintf("%s/",
LocalDomain)) {
- log.Warnf("skipping local domain tagging %s as %s",
localSrcTag.Name(), localDstTag.Name())
- } else {
+ if !strings.HasPrefix(localSrcTag.Name(), fmt.Sprintf("%s/",
LocalDomain)) {
log.Infof("tagging local image %s as %s",
localSrcTag.Name(), localDstTag.Name())
if err := daemon.Tag(localSrcTag, localDstTag,
daemon.WithContext(ctx)); err != nil {
return name.Digest{}, err
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.24.0/pkg/build/options.go
new/apko-0.25.0/pkg/build/options.go
--- old/apko-0.24.0/pkg/build/options.go 2025-01-31 00:07:05.000000000
+0100
+++ new/apko-0.25.0/pkg/build/options.go 2025-02-12 22:02:32.000000000
+0100
@@ -44,7 +44,7 @@
var ic types.ImageConfiguration
hasher := sha2562.New()
- if err := ic.Load(ctx, configFile, includePaths, hasher); err
!= nil {
+ if err := ic.Load(ctx, configFile, includePaths, hasher); err
!= nil { //nolint:staticcheck
return fmt.Errorf("failed to load image configuration:
%w", err)
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.24.0/pkg/build/types/image_configuration.go
new/apko-0.25.0/pkg/build/types/image_configuration.go
--- old/apko-0.24.0/pkg/build/types/image_configuration.go 2025-01-31
00:07:05.000000000 +0100
+++ new/apko-0.25.0/pkg/build/types/image_configuration.go 2025-02-12
22:02:32.000000000 +0100
@@ -45,7 +45,7 @@
if url != "" {
ic.VCSUrl = url
- log.Infof("detected %s as VCS URL", ic.VCSUrl)
+ log.Debugf("detected %s as VCS URL", ic.VCSUrl)
}
}
@@ -179,6 +179,8 @@
// Load - loads an image configuration given a configuration file path.
// Populates configHasher with the configuration data loaded from the
imageConfigPath and the other referenced files.
// You can pass any dummy hasher (like fnv.New32()), if you don't care about
the hash of the configuration.
+//
+// Deprecated: This will be removed in a future release.
func (ic *ImageConfiguration) Load(ctx context.Context, imageConfigPath
string, includePaths []string, configHasher hash.Hash) error {
data, err := ic.readLocal(imageConfigPath, includePaths)
if err != nil {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.24.0/pkg/build/types/schema.json
new/apko-0.25.0/pkg/build/types/schema.json
--- old/apko-0.24.0/pkg/build/types/schema.json 2025-01-31 00:07:05.000000000
+0100
+++ new/apko-0.25.0/pkg/build/types/schema.json 2025-02-12 22:02:32.000000000
+0100
@@ -122,7 +122,7 @@
},
"include": {
"type": "string",
- "description": "Optional: Path to a local file containing additional
image configuration\n\nThe included configuration is deep merged with the
parent configuration"
+ "description": "Optional: Path to a local file containing additional
image configuration\n\nThe included configuration is deep merged with the
parent configuration\n\nDeprecated: This will be removed in a future release."
},
"volumes": {
"items": {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.24.0/pkg/build/types/types.go
new/apko-0.25.0/pkg/build/types/types.go
--- old/apko-0.24.0/pkg/build/types/types.go 2025-01-31 00:07:05.000000000
+0100
+++ new/apko-0.25.0/pkg/build/types/types.go 2025-02-12 22:02:32.000000000
+0100
@@ -181,6 +181,8 @@
// Optional: Path to a local file containing additional image
configuration
//
// The included configuration is deep merged with the parent
configuration
+ //
+ // Deprecated: This will be removed in a future release.
Include string `json:"include,omitempty" yaml:"include,omitempty"`
// Optional: A list of volumes to configure
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.24.0/pkg/sbom/generator/spdx/spdx.go
new/apko-0.25.0/pkg/sbom/generator/spdx/spdx.go
--- old/apko-0.24.0/pkg/sbom/generator/spdx/spdx.go 2025-01-31
00:07:05.000000000 +0100
+++ new/apko-0.25.0/pkg/sbom/generator/spdx/spdx.go 2025-02-12
22:02:32.000000000 +0100
@@ -466,6 +466,14 @@
DownloadLocation: url,
Originator: fmt.Sprintf("Person: %s", pkg.Maintainer),
SourceInfo: "Package info from apk database",
+ // This is APKv2 APKINDEX SHA1 file checksum
+ //
https://wiki.alpinelinux.org/wiki/Apk_spec#Package_Checksum_Field
+ // This is the only meaningful and signed checksum
+ // right now. This can be upgrade to SHA256 when
+ // switching to the v3 index format. Whilst SPDX
+ // supports other checksums, there is currently no
+ // other checksum that one can verify in APKINDEX or
+ // query with apk-tools
Checksums: []Checksum{
{
Algorithm: "SHA1",
@@ -709,6 +717,8 @@
checksums := []Checksum{}
packageName := vcsURL
if url, commitHash, found := strings.Cut(vcsURL, "@"); found {
+ // This is git commit hash, currently defined as SHA1
+ // SHA256 is only experimental in gitlab
checksums = append(checksums, Checksum{
Algorithm: "SHA1",
Value: commitHash,
++++++ apko.obsinfo ++++++
--- /var/tmp/diff_new_pack.SBVdrZ/_old 2025-02-13 18:39:19.100841945 +0100
+++ /var/tmp/diff_new_pack.SBVdrZ/_new 2025-02-13 18:39:19.104842111 +0100
@@ -1,5 +1,5 @@
name: apko
-version: 0.24.0
-mtime: 1738278425
-commit: 2668cf55135b756d3b19771deb5c6dc3b26a5233
+version: 0.25.0
+mtime: 1739394152
+commit: d47f064ae3c32dce4fb8f60ad288ac1664805373
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/apko/vendor.tar.gz
/work/SRC/openSUSE:Factory/.apko.new.8181/vendor.tar.gz differ: char 5, line 1
