Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package flux2-cli for openSUSE:Factory checked in at 2025-06-02 22:00:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/flux2-cli (Old) and /work/SRC/openSUSE:Factory/.flux2-cli.new.16005 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "flux2-cli" Mon Jun 2 22:00:52 2025 rev:18 rq:1281850 version:2.6.1 Changes: -------- --- /work/SRC/openSUSE:Factory/flux2-cli/flux2-cli.changes 2025-02-26 17:18:48.619933952 +0100 +++ /work/SRC/openSUSE:Factory/.flux2-cli.new.16005/flux2-cli.changes 2025-06-02 22:01:06.422580993 +0200 @@ -1,0 +2,74 @@ +Mon Jun 02 07:08:57 UTC 2025 - Johannes Kastl <opensuse_buildserv...@ojkastl.de> + +- Update to version 2.6.1: + Flux v2.6.1 is a patch release that comes with various fixes. + Users are encouraged to upgrade for the best experience. + * Fixes: + - Fix a bug introduced in image-reflector-controller v0.35.0 + that was causing spurious error events for policies during + image repository reconciliation. + - Fix excessive logging in image-automation-controller after a + restart when the image tags cache is empty. + * Components changelog + - image-reflector-controller v0.35.1 + * What's Changed + - [release/v2.6.x] Update image-reflector-controller to v0.35.1 + by @fluxcdbot in #5382 + - [release/v2.6.x] Add digest pinning to image automation + testing by @fluxcdbot in #5384 + +------------------------------------------------------------------- +Mon Jun 02 07:01:25 UTC 2025 - Johannes Kastl <opensuse_buildserv...@ojkastl.de> + +- Update to version 2.6.0: + https://github.com/fluxcd/flux2/releases/tag/v2.6.0 + Flux v2.6.0 is a feature release. Users are encouraged to upgrade + for the best experience. + For a compressive overview of new features and API changes + included in this release, please refer to the Announcing Flux 2.6 + GA blog post. + https://fluxcd.io/blog/2025/05/flux-v2.6.0/ + Overview of the new features: + * General availability release for the Flux OCI Artifacts APIs + and flux artifact commands + * Support for OCI digests pinning (ImagePolicy, + ImageUpdateAutomation) + * Object-level workload identity authentication (OCIRepository, + ImageRepository, Kustomization, Alert Provider) + * Cache registry credentials for cloud providers (OCIRepository, + ImageRepository) + * Git HTTP/S Mutual TLS authentication (GitRepository, + ImageUpdateAutomation) + * Support for sparse checkout (GitRepository) + * Support for GitHub App authentication (Alert Provider) + * Support for managed Identity authentication to Azure Event Hub + (Alert Provider) + * Customize the ID of the Git commit status with CEL expressions + (Alert Provider) + * WaitForTermination deletion policy (Kustomization) + * DisableChartDigestTracking feature gate (HelmRelease) + * OpenShift compatibility + Flux can be installed on Red Hat OpenShift cluster directly + from OperatorHub using Flux Operator. + The operator allows the configuration of Flux multi-tenancy + lockdown, network policies, persistent storage, sharding, + vertical scaling and the synchronization of the cluster state + from Git repositories, OCI artifacts, and S3-compatible + storage. + * Components changelog + - source-controller v1.6.0 + - kustomize-controller v1.6.0 + - notification-controller v1.6.0 + - helm-controller v1.3.0 + - image-reflector-controller v0.35.0 + - image-automation-controller v0.41.0 + * CLI-related changes + - Update CLI to OCIRepository v1 (GA) + - Add --interval and --reflect-digest flags to flux create + image policy + - Fix `flux trace` for HRs from `OCIRepository`s + - fix: allow recursive dry-run over local sources + - build(deps): bump helm.sh/helm/v3 from 3.17.0 to 3.17.3 + - Fix command debug hr not taking targetPath into account + +------------------------------------------------------------------- Old: ---- flux2-cli-2.5.0.obscpio flux2-cli-2.5.1.obscpio New: ---- flux2-cli-2.6.1.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ flux2-cli.spec ++++++ --- /var/tmp/diff_new_pack.xAX9lh/_old 2025-06-02 22:01:07.406621804 +0200 +++ /var/tmp/diff_new_pack.xAX9lh/_new 2025-06-02 22:01:07.406621804 +0200 @@ -20,15 +20,15 @@ # check these versions on updates # see flux2/manifests/bases/*/kustomization.yaml -%define helm_controller_version v1.2.0 -%define image_automation_controller_version v0.40.0 -%define image_reflector_controller_version v0.34.0 -%define kustomize_controller_version v1.5.1 -%define notification_controller_version v1.5.0 -%define source_controller_version v1.5.0 +%define helm_controller_version v1.3.0 +%define image_automation_controller_version v0.41.0 +%define image_reflector_controller_version v0.35.1 +%define kustomize_controller_version v1.6.0 +%define notification_controller_version v1.6.0 +%define source_controller_version v1.6.0 Name: flux2-cli -Version: 2.5.1 +Version: 2.6.1 Release: 0 Summary: CLI for Flux2CD License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.xAX9lh/_old 2025-06-02 22:01:07.462624127 +0200 +++ /var/tmp/diff_new_pack.xAX9lh/_new 2025-06-02 22:01:07.466624292 +0200 @@ -3,7 +3,7 @@ <param name="url">https://github.com/fluxcd/flux2</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v2.5.1</param> + <param name="revision">v2.6.1</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.xAX9lh/_old 2025-06-02 22:01:07.494625454 +0200 +++ /var/tmp/diff_new_pack.xAX9lh/_new 2025-06-02 22:01:07.498625619 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/fluxcd/flux2</param> - <param name="changesrevision">8d5f40dca5aa5d3c0fc3414457dda15a0ac92fa4</param></service></servicedata> + <param name="changesrevision">b73c7f7191086ca7629840e680e71873349787f8</param></service></servicedata> (No newline at EOF) ++++++ flux2-cli-2.5.0.obscpio -> flux2-cli-2.6.1.obscpio ++++++ ++++ 7842 lines of diff (skipped) ++++++ flux2-cli.obsinfo ++++++ --- /var/tmp/diff_new_pack.xAX9lh/_old 2025-06-02 22:01:07.854640385 +0200 +++ /var/tmp/diff_new_pack.xAX9lh/_new 2025-06-02 22:01:07.858640551 +0200 @@ -1,5 +1,5 @@ name: flux2-cli -version: 2.5.1 -mtime: 1740499227 -commit: 8d5f40dca5aa5d3c0fc3414457dda15a0ac92fa4 +version: 2.6.1 +mtime: 1748806567 +commit: b73c7f7191086ca7629840e680e71873349787f8 ++++++ helm-controller.deployment.yaml ++++++ --- /var/tmp/diff_new_pack.xAX9lh/_old 2025-06-02 22:01:07.902642376 +0200 +++ /var/tmp/diff_new_pack.xAX9lh/_new 2025-06-02 22:01:07.902642376 +0200 @@ -28,7 +28,7 @@ valueFrom: fieldRef: fieldPath: metadata.namespace - image: fluxcd/helm-controller:v1.2.0 + image: fluxcd/helm-controller:v1.3.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: ++++++ image-automation-controller.crds.yaml ++++++ --- /var/tmp/diff_new_pack.xAX9lh/_old 2025-06-02 22:01:07.930643537 +0200 +++ /var/tmp/diff_new_pack.xAX9lh/_new 2025-06-02 22:01:07.934643703 +0200 @@ -690,6 +690,9 @@ additionalProperties: description: ImageRef represents an image reference. properties: + digest: + description: Digest is the image's digest. + type: string name: description: Name is the bare image's name. type: string ++++++ image-automation-controller.deployment.yaml ++++++ --- /var/tmp/diff_new_pack.xAX9lh/_old 2025-06-02 22:01:07.958644698 +0200 +++ /var/tmp/diff_new_pack.xAX9lh/_new 2025-06-02 22:01:07.958644698 +0200 @@ -28,7 +28,7 @@ valueFrom: fieldRef: fieldPath: metadata.namespace - image: fluxcd/image-automation-controller:v0.40.0 + image: fluxcd/image-automation-controller:v0.41.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: ++++++ image-reflector-controller.crds.yaml ++++++ --- /var/tmp/diff_new_pack.xAX9lh/_old 2025-06-02 22:01:07.990646025 +0200 +++ /var/tmp/diff_new_pack.xAX9lh/_new 2025-06-02 22:01:07.998646357 +0200 @@ -236,6 +236,25 @@ ImagePolicySpec defines the parameters for calculating the ImagePolicy. properties: + digestReflectionPolicy: + default: Never + description: |- + DigestReflectionPolicy governs the setting of the `.status.latestRef.digest` field. + + Never: The digest field will always be set to the empty string. + + IfNotPresent: The digest field will be set to the digest of the elected + latest image if the field is empty and the image did not change. + + Always: The digest field will always be set to the digest of the elected + latest image. + + Default: Never. + enum: + - Always + - IfNotPresent + - Never + type: string filterTags: description: |- FilterTags enables filtering for only a subset of tags based on a set of @@ -268,6 +287,15 @@ required: - name type: object + interval: + description: |- + Interval is the length of time to wait between + refreshing the digest of the latest tag when the + reflection policy is set to "Always". + + Defaults to 10m. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string policy: description: |- Policy gives the particulars of the policy to be followed in @@ -321,6 +349,15 @@ - imageRepositoryRef - policy type: object + x-kubernetes-validations: + - message: spec.interval is only accepted when spec.digestReflectionPolicy + is set to 'Always' + rule: '!has(self.interval) || (has(self.digestReflectionPolicy) && self.digestReflectionPolicy + == ''Always'')' + - message: spec.interval must be set when spec.digestReflectionPolicy + is set to 'Always' + rule: has(self.interval) || !has(self.digestReflectionPolicy) || self.digestReflectionPolicy + != 'Always' status: default: observedGeneration: -1 @@ -387,7 +424,28 @@ LatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy. + + Deprecated: Replaced by the composite "latestRef" field. type: string + latestRef: + description: |- + LatestRef gives the first in the list of images scanned by + the image repository, when filtered and ordered according + to the policy. + properties: + digest: + description: Digest is the image's digest. + type: string + name: + description: Name is the bare image's name. + type: string + tag: + description: Tag is the image's tag. + type: string + required: + - name + - tag + type: object observedGeneration: format: int64 type: integer @@ -395,7 +453,27 @@ description: |- ObservedPreviousImage is the observed previous LatestImage. It is used to keep track of the previous and current images. + + Deprecated: Replaced by the composite "observedPreviousRef" field. type: string + observedPreviousRef: + description: |- + ObservedPreviousRef is the observed previous LatestRef. It is used + to keep track of the previous and current images. + properties: + digest: + description: Digest is the image's digest. + type: string + name: + description: Name is the bare image's name. + type: string + tag: + description: Tag is the image's tag. + type: string + required: + - name + - tag + type: object type: object type: object served: true ++++++ image-reflector-controller.deployment.yaml ++++++ --- /var/tmp/diff_new_pack.xAX9lh/_old 2025-06-02 22:01:08.018647186 +0200 +++ /var/tmp/diff_new_pack.xAX9lh/_new 2025-06-02 22:01:08.022647352 +0200 @@ -28,7 +28,7 @@ valueFrom: fieldRef: fieldPath: metadata.namespace - image: fluxcd/image-reflector-controller:v0.34.0 + image: fluxcd/image-reflector-controller:v0.35.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: ++++++ kustomize-controller.crds.yaml ++++++ --- /var/tmp/diff_new_pack.xAX9lh/_old 2025-06-02 22:01:08.050648514 +0200 +++ /var/tmp/diff_new_pack.xAX9lh/_new 2025-06-02 22:01:08.050648514 +0200 @@ -85,8 +85,11 @@ - sops type: string secretRef: - description: The secret name containing the private OpenPGP keys - used for decryption. + description: |- + The secret name containing the private OpenPGP keys used for decryption. + A static credential for a cloud provider defined inside the Secret + takes priority to secret-less authentication with the ServiceAccountName + field. properties: name: description: Name of the referent. @@ -94,6 +97,14 @@ required: - name type: object + serviceAccountName: + description: |- + ServiceAccountName is the name of the service account used to + authenticate with KMS services from cloud providers. If a + static credential for a given cloud provider is defined + inside the Secret referenced by SecretRef, that static + credential takes priority. + type: string required: - provider type: object @@ -101,11 +112,12 @@ description: |- DeletionPolicy can be used to control garbage collection when this Kustomization is deleted. Valid values are ('MirrorPrune', 'Delete', - 'Orphan'). 'MirrorPrune' mirrors the Prune field (orphan if false, - delete if true). Defaults to 'MirrorPrune'. + 'WaitForTermination', 'Orphan'). 'MirrorPrune' mirrors the Prune field + (orphan if false, delete if true). Defaults to 'MirrorPrune'. enum: - MirrorPrune - Delete + - WaitForTermination - Orphan type: string dependsOn: ++++++ kustomize-controller.deployment.yaml ++++++ --- /var/tmp/diff_new_pack.xAX9lh/_old 2025-06-02 22:01:08.074649509 +0200 +++ /var/tmp/diff_new_pack.xAX9lh/_new 2025-06-02 22:01:08.078649675 +0200 @@ -28,7 +28,7 @@ valueFrom: fieldRef: fieldPath: metadata.namespace - image: fluxcd/kustomize-controller:v1.5.1 + image: fluxcd/kustomize-controller:v1.6.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: ++++++ notification-controller.crds.yaml ++++++ --- /var/tmp/diff_new_pack.xAX9lh/_old 2025-06-02 22:01:08.102650670 +0200 +++ /var/tmp/diff_new_pack.xAX9lh/_new 2025-06-02 22:01:08.106650836 +0200 @@ -301,12 +301,12 @@ description: |- Name of the referent If multiple resources are targeted `*` may be set. - maxLength: 53 + maxLength: 253 minLength: 1 type: string namespace: description: Namespace of the referent - maxLength: 53 + maxLength: 253 minLength: 1 type: string required: @@ -518,12 +518,12 @@ description: |- Name of the referent If multiple resources are targeted `*` may be set. - maxLength: 53 + maxLength: 253 minLength: 1 type: string namespace: description: Namespace of the referent - maxLength: 53 + maxLength: 253 minLength: 1 type: string required: @@ -1036,6 +1036,14 @@ should be posted. maxLength: 2048 type: string + commitStatusExpr: + description: |- + CommitStatusExpr is a CEL expression that evaluates to a string value + that can be used to generate a custom commit status message for use + with eligible Provider types (github, gitlab, gitea, bitbucketserver, + bitbucket, azuredevops). Supported variables are: event, provider, + and alert. + type: string interval: description: |- Interval at which to reconcile the Provider with its Secret references. @@ -1058,6 +1066,13 @@ required: - name type: object + serviceAccountName: + description: |- + ServiceAccountName is the name of the service account used to + authenticate with services from cloud providers. An error is thrown if a + static credential is also defined inside the Secret referenced by the + SecretRef. + type: string suspend: description: |- Suspend tells the controller to suspend subsequent @@ -1105,6 +1120,12 @@ required: - type type: object + x-kubernetes-validations: + - message: spec.commitStatusExpr is only supported for the 'github', 'gitlab', + 'gitea', 'bitbucketserver', 'bitbucket', 'azuredevops' provider types + rule: self.type == 'github' || self.type == 'gitlab' || self.type == + 'gitea' || self.type == 'bitbucketserver' || self.type == 'bitbucket' + || self.type == 'azuredevops' || !has(self.commitStatusExpr) type: object served: true storage: true @@ -1220,12 +1241,12 @@ description: |- Name of the referent If multiple resources are targeted `*` may be set. - maxLength: 53 + maxLength: 253 minLength: 1 type: string namespace: description: Namespace of the referent - maxLength: 53 + maxLength: 253 minLength: 1 type: string required: @@ -1647,12 +1668,12 @@ description: |- Name of the referent If multiple resources are targeted `*` may be set. - maxLength: 53 + maxLength: 253 minLength: 1 type: string namespace: description: Namespace of the referent - maxLength: 53 + maxLength: 253 minLength: 1 type: string required: ++++++ notification-controller.deployment.yaml ++++++ --- /var/tmp/diff_new_pack.xAX9lh/_old 2025-06-02 22:01:08.130651832 +0200 +++ /var/tmp/diff_new_pack.xAX9lh/_new 2025-06-02 22:01:08.134651998 +0200 @@ -60,7 +60,7 @@ valueFrom: fieldRef: fieldPath: metadata.namespace - image: fluxcd/notification-controller:v1.5.0 + image: fluxcd/notification-controller:v1.6.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: ++++++ source-controller.crds.yaml ++++++ --- /var/tmp/diff_new_pack.xAX9lh/_old 2025-06-02 22:01:08.166653325 +0200 +++ /var/tmp/diff_new_pack.xAX9lh/_new 2025-06-02 22:01:08.170653491 +0200 @@ -1157,6 +1157,14 @@ required: - name type: object + sparseCheckout: + description: |- + SparseCheckout specifies a list of directories to checkout when cloning + the repository. If specified, only these directories are included in the + Artifact produced for this GitRepository. + items: + type: string + type: array suspend: description: |- Suspend tells the controller to suspend the reconciliation of this @@ -1426,6 +1434,13 @@ ObservedRecurseSubmodules is the observed resource submodules configuration used to produce the current Artifact. type: boolean + observedSparseCheckout: + description: |- + ObservedSparseCheckout is the observed list of directories used to + produce the current Artifact. + items: + type: string + type: array sourceVerificationMode: description: |- SourceVerificationMode is the last used verification mode indicating @@ -4090,6 +4105,400 @@ - jsonPath: .metadata.creationTimestamp name: Age type: date + name: v1 + schema: + openAPIV3Schema: + description: OCIRepository is the Schema for the ocirepositories API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: OCIRepositorySpec defines the desired state of OCIRepository + properties: + certSecretRef: + description: |- + CertSecretRef can be given the name of a Secret containing + either or both of + + - a PEM-encoded client certificate (`tls.crt`) and private + key (`tls.key`); + - a PEM-encoded CA certificate (`ca.crt`) + + and whichever are supplied, will be used for connecting to the + registry. The client cert and key are useful if you are + authenticating with a certificate; the CA cert is useful if + you are using a self-signed server certificate. The Secret must + be of type `Opaque` or `kubernetes.io/tls`. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + ignore: + description: |- + Ignore overrides the set of excluded patterns in the .sourceignore format + (which is the same as .gitignore). If not provided, a default will be used, + consult the documentation for your version to find out what those are. + type: string + insecure: + description: Insecure allows connecting to a non-TLS HTTP container + registry. + type: boolean + interval: + description: |- + Interval at which the OCIRepository URL is checked for updates. + This interval is approximate and may be subject to jitter to ensure + efficient use of resources. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + layerSelector: + description: |- + LayerSelector specifies which layer should be extracted from the OCI artifact. + When not specified, the first layer found in the artifact is selected. + properties: + mediaType: + description: |- + MediaType specifies the OCI media type of the layer + which should be extracted from the OCI Artifact. The + first layer matching this type is selected. + type: string + operation: + description: |- + Operation specifies how the selected layer should be processed. + By default, the layer compressed content is extracted to storage. + When the operation is set to 'copy', the layer compressed content + is persisted to storage as it is. + enum: + - extract + - copy + type: string + type: object + provider: + default: generic + description: |- + The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'. + When not specified, defaults to 'generic'. + enum: + - generic + - aws + - azure + - gcp + type: string + proxySecretRef: + description: |- + ProxySecretRef specifies the Secret containing the proxy configuration + to use while communicating with the container registry. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + ref: + description: |- + The OCI reference to pull and monitor for changes, + defaults to the latest tag. + properties: + digest: + description: |- + Digest is the image digest to pull, takes precedence over SemVer. + The value should be in the format 'sha256:<HASH>'. + type: string + semver: + description: |- + SemVer is the range of tags to pull selecting the latest within + the range, takes precedence over Tag. + type: string + semverFilter: + description: SemverFilter is a regex pattern to filter the tags + within the SemVer range. + type: string + tag: + description: Tag is the image tag to pull, defaults to latest. + type: string + type: object + secretRef: + description: |- + SecretRef contains the secret name containing the registry login + credentials to resolve image metadata. + The secret must be of type kubernetes.io/dockerconfigjson. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + serviceAccountName: + description: |- + ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate + the image pull if the service account has attached pull secrets. For more information: + https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account + type: string + suspend: + description: This flag tells the controller to suspend the reconciliation + of this source. + type: boolean + timeout: + default: 60s + description: The timeout for remote OCI Repository operations like + pulling, defaults to 60s. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ + type: string + url: + description: |- + URL is a reference to an OCI artifact repository hosted + on a remote container registry. + pattern: ^oci://.*$ + type: string + verify: + description: |- + Verify contains the secret name containing the trusted public keys + used to verify the signature and specifies which provider to use to check + whether OCI image is authentic. + properties: + matchOIDCIdentity: + description: |- + MatchOIDCIdentity specifies the identity matching criteria to use + while verifying an OCI artifact which was signed using Cosign keyless + signing. The artifact's identity is deemed to be verified if any of the + specified matchers match against the identity. + items: + description: |- + OIDCIdentityMatch specifies options for verifying the certificate identity, + i.e. the issuer and the subject of the certificate. + properties: + issuer: + description: |- + Issuer specifies the regex pattern to match against to verify + the OIDC issuer in the Fulcio certificate. The pattern must be a + valid Go regular expression. + type: string + subject: + description: |- + Subject specifies the regex pattern to match against to verify + the identity subject in the Fulcio certificate. The pattern must + be a valid Go regular expression. + type: string + required: + - issuer + - subject + type: object + type: array + provider: + default: cosign + description: Provider specifies the technology used to sign the + OCI Artifact. + enum: + - cosign + - notation + type: string + secretRef: + description: |- + SecretRef specifies the Kubernetes Secret containing the + trusted public keys. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + required: + - provider + type: object + required: + - interval + - url + type: object + status: + default: + observedGeneration: -1 + description: OCIRepositoryStatus defines the observed state of OCIRepository + properties: + artifact: + description: Artifact represents the output of the last successful + OCI Repository sync. + properties: + digest: + description: Digest is the digest of the file in the form of '<algorithm>:<checksum>'. + pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the timestamp corresponding to the last update of the + Artifact. + format: date-time + type: string + metadata: + additionalProperties: + type: string + description: Metadata holds upstream information such as OCI annotations. + type: object + path: + description: |- + Path is the relative file path of the Artifact. It can be used to locate + the file in the root of the Artifact storage on the local file system of + the controller managing the Source. + type: string + revision: + description: |- + Revision is a human-readable identifier traceable in the origin source + system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. + type: string + size: + description: Size is the number of bytes in the file. + format: int64 + type: integer + url: + description: |- + URL is the HTTP address of the Artifact as exposed by the controller + managing the Source. It can be used to retrieve the Artifact for + consumption, e.g. by another controller applying the Artifact contents. + type: string + required: + - lastUpdateTime + - path + - revision + - url + type: object + conditions: + description: Conditions holds the conditions for the OCIRepository. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: |- + LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value + can be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + observedIgnore: + description: |- + ObservedIgnore is the observed exclusion patterns used for constructing + the source artifact. + type: string + observedLayerSelector: + description: |- + ObservedLayerSelector is the observed layer selector used for constructing + the source artifact. + properties: + mediaType: + description: |- + MediaType specifies the OCI media type of the layer + which should be extracted from the OCI Artifact. The + first layer matching this type is selected. + type: string + operation: + description: |- + Operation specifies how the selected layer should be processed. + By default, the layer compressed content is extracted to storage. + When the operation is set to 'copy', the layer compressed content + is persisted to storage as it is. + enum: + - extract + - copy + type: string + type: object + url: + description: URL is the download link for the artifact output of the + last OCI Repository sync. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + deprecationWarning: v1beta2 OCIRepository is deprecated, upgrade to v1 name: v1beta2 schema: openAPIV3Schema: @@ -4483,7 +4892,7 @@ type: object type: object served: true - storage: true + storage: false subresources: status: {} ++++++ source-controller.deployment.yaml ++++++ --- /var/tmp/diff_new_pack.xAX9lh/_old 2025-06-02 22:01:08.194654486 +0200 +++ /var/tmp/diff_new_pack.xAX9lh/_new 2025-06-02 22:01:08.198654652 +0200 @@ -50,7 +50,7 @@ fieldPath: metadata.namespace - name: TUF_ROOT value: /tmp/.sigstore - image: fluxcd/source-controller:v1.5.0 + image: fluxcd/source-controller:v1.6.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/flux2-cli/vendor.tar.gz /work/SRC/openSUSE:Factory/.flux2-cli.new.16005/vendor.tar.gz differ: char 5, line 1
