From 81fbe749b3b3357797a27abdfe5b3bdb47f4419bd8b9702411e30a0b8c8385b7 Mon Sep 17 00:00:00 2001 From: Johannes Kastl Date: Sat, 14 Oct 2023 06:44:48 +0000 Subject: [PATCH] Accepting request 1117770 from home:ojkastl_buildservice:Branch_devel_tools_building update to 0.5.0 OBS-URL: https://build.opensuse.org/request/show/1117770 OBS-URL: https://build.opensuse.org/package/show/devel:tools:building/melange?expand=0&rev=4 --- _service | 8 +- _servicedata | 2 +- melange-0.3.2.obscpio | 3 - melange-0.5.0.obscpio | 3 + melange.changes | 460 ++++++++++++++++++++++++++++++++++++++++++ melange.obsinfo | 6 +- melange.spec | 7 +- vendor.tar.gz | 4 +- 8 files changed, 476 insertions(+), 17 deletions(-) delete mode 100644 melange-0.3.2.obscpio create mode 100644 melange-0.5.0.obscpio diff --git a/_service b/_service index 9fe43ab..a6675cf 100644 --- a/_service +++ b/_service @@ -1,14 +1,14 @@ - + https://github.com/chainguard-dev/melange git .git - v0.3.2 + v0.5.0 @PARENT_TAG@ enable v(.*) - + melange @@ -16,6 +16,6 @@ *.tar gz - + diff --git a/_servicedata b/_servicedata index 24fba4e..d34b2fd 100644 --- a/_servicedata +++ b/_servicedata @@ -1,4 +1,4 @@ https://github.com/chainguard-dev/melange - 4ed1d07ef6955379e936cf237f8dfec382454f47 \ No newline at end of file + b54700f86a4b7d626b519e0ba064b3b1c7e42fbc \ No newline at end of file diff --git a/melange-0.3.2.obscpio b/melange-0.3.2.obscpio deleted file mode 100644 index 2210c73..0000000 --- a/melange-0.3.2.obscpio +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b4326653ccfc8d995b1e72b0ba6d88183f54c558f1c7284602bc66e16f3c8adb -size 2993676 diff --git a/melange-0.5.0.obscpio b/melange-0.5.0.obscpio new file mode 100644 index 0000000..1c8d386 --- /dev/null +++ b/melange-0.5.0.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f1f6403bb8174b212ec04472d0a708abd644eae338251b1a1de0ab3435d632ba +size 4016140 diff --git a/melange.changes b/melange.changes index 1da1f4a..8c3be66 100644 --- a/melange.changes +++ b/melange.changes @@ -1,3 +1,463 @@ +------------------------------------------------------------------- +Sat Oct 14 06:40:13 UTC 2023 - kastl@b1-systems.de + +- Update to version 0.5.0: + * Enable linters to warn (via callback) instead of just failing. + * build(deps): bump github.com/package-url/packageurl-go + * build(deps): bump go.opentelemetry.io/otel from 1.18.0 to + 1.19.0 + * Add a PR checklist to melange. + * Fix yaml typo in linter docs + * nit: fix mistake in function docs + * Apply suggestions from code review + * Document disabling lints and when to do so. + * Update linter docs + * strip linter: properly close file + * Make improvements/suggestions + * Add stripped file linter + * update alpine-go to latest git to fix indexing + * pipelines: strip: use -g by default when stripping + * build(deps): bump google.golang.org/api from 0.142.0 to 0.143.0 + * do not delete extensions and plugins with ruby/clean + * build(deps): bump k8s.io/api from 0.28.1 to 0.28.2 + * build(deps): bump google.golang.org/api from 0.138.0 to 0.142.0 + * build(deps): bump k8s.io/client-go from 0.28.1 to 0.28.2 + * build(deps): bump github.com/opencontainers/image-spec + * build(deps): bump github.com/docker/docker + * build(deps): bump cloud.google.com/go/storage from 1.32.0 to + 1.33.0 + * build(deps): bump github.com/klauspost/compress from 1.16.7 to + 1.17.0 + * build(deps): bump actions/setup-go from 4.0.1 to 4.1.0 + * build(deps): bump actions/checkout from 4.0.0 to 4.1.0 + * add docs for -compat packages + * Disable empty check on git-checkout + * build: refactor package linter invocation + * Refactor the linter into a submodule. + * Remove no provides check per @kaniini + * Respect subpackage no-provides + * Add post-file walk linting and empty package linting + * exa is dead, use mdbook as a rust CI test instead. + * bump apko to e9722fc + * build: do not run linters on skipped subpackages + * linter: when subpackages are linted use the subpackage name as + the package config name + * Only run worldwrite linter on regular files + * Add worldwrite linter + * Add dev, opt, and srv linters + * fix the arch + * Use Warnf over WARNING + * log and continue when .pc file can't be loaded + * fix the dir name as we already expect dir to be set explicit + * Disable linters on -compat packages + * Update build.yaml + * add goreleaser pipeline + * Unexport linter struct and linterFunc + * Don't export the linter map + * Add tests + * build(deps): bump sigstore/cosign-installer from 3.1.1 to 3.1.2 + * Bump goreleaser/goreleaser-action from 4.6.0 to 5.0.0 + * Bump docker/login-action from 2.2.0 to 3.0.0 + * chore: remove CODEOWNERS file + * Add more linters + * Appease golint + * Fix tests + * Remove debugging print statement + * Implement subpackage linting + * Add package (but not subpackage) linting + * build(deps): bump golangci/golangci-lint-action from 3.6.0 to + 3.7.0 + * Update golangci-lint to 1.54 + * git-checkout: Allow tags to matched annotated tag SHAs, don't + allow fuzzy matching of refs. + * build(deps): bump actions/checkout from 3.5.3 to 4.0.0 + * Bump k8s test workflows to Go 1.21 + * Bump go to 1.21 + * pipeline: fix downward propagation to referenced external + pipeline nodes + * config: tests: add workdir propagation test + * remove cmake. Signed-off-by: Ville Aikas + + * forgot to remove one -dev + * Remove specifying the php-dev version. + * Add pecl pipelines for phpize & install. Signed-off-by: Ville + Aikas + * package: only constrain library search paths for provides + entries + * Fix some python generation issues: + * Refactor application of pipeline variables to config and add + tests + * Pipeline: make env overrides work recursively + * Add environment var overriding to the pipeline. + * Bump goreleaser/goreleaser-action from 4.3.0 to 4.6.0 + * Bump actions/upload-artifact from 3.1.2 to 3.1.3 + * package: constrain library SCA to library search paths only + * Replace the elements of the subpackage + * construct the package.full-version in higher context than just + pipeline. + * docs: fix link in pkg/build/pipelines/README.md + * docs: add documentation for built-in pipelines + * document / examples for ${{package.full-version}} + Signed-off-by: Ville Aikas + * add ${{package.full-version}} = + ${{package.version}}-r${{package.epoch}} Signed-off-by: Ville + Aikas + * Changes from code review. + * config: copy all subpackage variables when doing a range + expansion + * feat: add output logs for the apkbuild converter + * Fix issue: #658 Signed-off-by: Ville Aikas + + * feat: add new Perl pipelines for install and clean + * package: just skip symlinks for now + * workflows: add ncurses to the presubmit test matrix + * package: dereference symlinks for aliased pkg-config modules + * Fix syntax in maven pipeline (and add test). + * more debug crap. Signed-off-by: Ville Aikas + + * remove debug crap. Signed-off-by: Ville Aikas + + * Environment is required, adjust the tests. + * Change GeneratedMelangeConfig to embed pkg/config/config + instead of redefining it. + * Change default python-version from 3.11 to 3. + * remove extra backtick. + * let's try again. + * update docs + * Bunch of lint fixes. No functional changes. + * Add a maven/configure-mirror pipeline to redirect to GCP. + * yikes, only 2 fatal lints... nice... + * update docs. + * Add flags for resolving git tags, release-monitoring + * Update pkg/build/pipelines/python/build-wheel.yaml + * Update pkg/build/pipelines/python/build-wheel.yaml + * add builtin pipelines for python + * update generated docs. Signed-off-by: Ville Aikas + + * remove unused vars. They do not have short form, so can use + this variant. Signed-off-by: Ville Aikas + + * Add --wolfi-defaults flag, clean up flag handling. + * readlinkfs: ignore some security-module specific xattrs + * feat: support --recurse-submodules in git clone + * Print the path to generated melange config. + * build(deps): bump go.opentelemetry.io/otel from 1.16.0 to + 1.17.0 + * build(deps): bump cloud.google.com/go/storage from 1.31.0 to + 1.32.0 + * build(deps): bump google.golang.org/api from 0.136.0 to 0.138.0 + * build(deps): bump k8s.io/api from 0.28.0 to 0.28.1 + * build(deps): bump github.com/lima-vm/lima from 0.17.0 to 0.17.2 + * build(deps): bump k8s.io/client-go from 0.28.0 to 0.28.1 + * Bump apko and fix everything I broke + * docs: typo in go-build example + * run make docs + * cli: index: add --signing-key, --source and --merge options + * default for github actions is bubblewwrap. + * update lint rule. + * Fix the links to commands, fix the URLs generated. + * sign: do not rename across device boundaries + * add --force option to recreate apk indexes with given + signatures + * pipelines: use ${{targets.contextdir}} where it makes sense + * pipeline: add ${{targets.package.foo}} expansions + * pipeline: add ${{targets.contextdir}}, representing the current + target dir + * Bump pkg-config again to actually pick up the openblas fix. + * Bump pkgconfig to pick up the openblas fix. + * feedback + verbiage from Erika. + * Set reasonable concurrency levels for pgzip + * appease linter + * support substitutions in provides lists + * Start of exhaustively documenting the build filele. + * plumb through SDE to EmitSignature + * add melange sign command, slightly refactor and make public the + signing methods + * add test for substituting needs.packages + * allow override go version for uses: go/build and go/install + * Support for setting context in .melange.k8s.yaml + * Add docs about custom pipelines, defining and using. + * build(deps): bump actions/setup-go from 4.0.1 to 4.1.0 + * Teach melange about the forthcoming version-transform block + * doc and lint revisions (#598) + * build(deps): bump google.golang.org/api from 0.134.0 to 0.136.0 + * container: bubblewrap: do not defer closing files + * build(deps): bump golang.org/x/sys from 0.10.0 to 0.11.0 + * build(deps): bump github.com/lima-vm/lima from 0.16.0 to 0.17.0 + * build(deps): bump github.com/google/go-containerregistry + * build: package: add pkgconf-based SCA to catalog SDKs which use + it + * Docstring typo fixes + * Docstring fixes + * Appease the go fmt Gods + * Test two var transforms at once + * Test var transforms on a basic level + * Add ${{build.arch}} as a possible variable in bump + * Make var transforms work in bump + * remove paralell test for TestKubernetesRunnerConfig + * add fail-fast to false + * update code running goimports + * add goimports + * publish brew formula during release + * update actions to use git hashes + * update golangci-lint to v1.53 series + * Adjust the var substitution stuff a bit + * Move var substitution stuff into config + * config: Change root to a pointer in the config struct, and add + an accessor + * renovate: update to use new config infrastructure + * build: Add root node to the config + * Appease the golangci-lint Gods + * build_test: fix tests in a better way + * Make all tests pass + * build: add parameter where one was missing + * build(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to + 5.8.1 + * pipelines: meson/configure: explicitly invoke meson setup + action + * build(deps): bump github.com/docker/docker + * Refactor the config/logging stuff out of build + * build(deps): bump google.golang.org/api from 0.133.0 to 0.134.0 + * build(deps): bump github.com/docker/docker + * Several fixes to k8s runner. + * build(deps): bump github.com/klauspost/pgzip from 1.2.5 to + 1.2.6 + * build(deps): bump google.golang.org/api from 0.129.0 to 0.133.0 + * Remove `wget -q` from `fetch` + * add k8s runner config loading from envvars + * Log errors bundling, enable GGCR Warn/Progress logs + * Tweak the strip pipeline so that it never fails for deleted + files + * convert/python: check if release is found + * Make sure we log errors. + * Fix subpackage SBOM generation + * define constants for runners destination mount paths + * skip the cache mount for kubernetes runner builds + * Add more otel spans to k8s runner + * build(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to + 5.8.0 + * build(deps): bump k8s.io/client-go from 0.27.3 to 0.27.4 + * Avoid using pargzip for compression + * add a retryable (tgz) fetcher for the k8s runner + * Pod names must be RFC1123 compliant + * Correct the variable name in the patch pipeline + * pipelines: git-checkout: harden variable expansions + * pipelines: patch: refactor series/patches handling + * pipelines: fetch: harden variable expansions + * add retries to a subset of k8s runner exec failures + * delete builder pod post build by default + * properly pass workspace env/volumes to k8s builder pods + * use go-apk.FullFS for retrieving builder workspaces + * Finally fix python convert tests. + * Comment python test. + * add dir option to ruby pipelines as not all gemspecs live in + the root folder + * fix containerID for lima when tarring up + * lima startup issues fixed + * pull in apko with fix for blank SOURCE_DATE_EPOCH + * Change git-checkout depth default to 1 + * workflows: wolfi-presubmit: use package/ instead of packages/ + for package names + * build: package: forcibly treat libc as a shared library + * docs: explain how build cache works practically + * Bump apko dep to pick up otel spans + * Fix failing test for env var wipeout + * Add failing test for env var wipeout + * add otel spans + * build(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 + * Remove use of deprecated WaitImmediate + * Add ! char to ignore. + * Add missing context propagation + * Rename index.Context to index.Index + * Rename Contexts to Builds + +------------------------------------------------------------------- +Sat Oct 14 06:38:30 UTC 2023 - kastl@b1-systems.de + +- Update to version 0.4.0: + * build(deps): bump github.com/opencontainers/image-spec + * add release notes for Melange 0.4.0 + * build(deps): bump cloud.google.com/go/storage from 1.30.1 to + 1.31.0 + * build(deps): bump google.golang.org/api from 0.128.0 to 0.129.0 + * appease linter for now + * update apko to 0.9.0 + * build(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 + * some small UX improvements for k8s runner + * build(deps): bump github.com/package-url/packageurl-go + * update apko and go-apk to use pinned deps correctly + * build: scan subpackage pipelines for dependencies + * add a split/debug pipeline + * ensure bundles are rooted correctly + * build(deps): bump google.golang.org/api from 0.125.0 to 0.127.0 + * build(deps): bump actions/checkout from 3.5.2 to 3.5.3 + * add a kubernetes pod runner + * build(deps): bump docker/login-action from 2.1.0 to 2.2.0 + * build(deps): bump golangci/golangci-lint-action from 3.4.0 to + 3.6.0 + * build(deps): bump goreleaser/goreleaser-action from 4.2.0 to + 4.3.0 + * add strip prefix and suffix update config for release monitor + * import apko and go-apk with better debug logging + * Switch from calling Glob to two Stats + * workflows: add wolfi-presubmit + * cli: build: fix destination variable for --apk-cache-dir + * build: PopulateCache: do not populate the cache dir when it is + empty + * fix apk caching directory + * import apko and go-apk with package caching + * Change the default for delete to false. + * pipeline: fetch: optionally delete fetched artifacts after + unpacking + * cond: allow underscores and capitalization in variable + expressions + * run tests with race detector + * warn and fallback to SOURCE_DATE_EPOCH=0 when specified but + empty + * index: use deep copy when loading pre-existing index data + * build(deps): bump github.com/lima-vm/lima from 0.14.2 to 0.16.0 + * build(deps): bump actions/setup-go from 4.0.0 to 4.0.1 + * index: appease linter by moving the deferred close to after the + error check + * build(deps): bump github.com/containerd/containerd from 1.6.15 + to 1.6.18 + * build: generate APKINDEX.json when writing packages index + * index: add WriteJSONIndex function + * index: split out the indexing logic itself to UpdateIndex + * index: WriteArchiveIndex: use destination file path as primary + input + * index: use SourceIndexFile for loading index data rather than + IndexFile + * index: factor out loading of pre-existent indices and index + state management + * index: factor out index writing into WriteArchiveIndex + * Bump apko and fix what that breaks + * add wolfictl + * upgrade alpine-lima to 3.18 + * Allow uppercase and plus, allow numbers as first char + * Validate configuration at the end of parsing + * Remove secfixes and advisories altogether + * include filename when parsing fails + * Require that build config YAML has only known fields + * Refactor tests for configuration load method + * build(deps): bump google.golang.org/api from 0.119.0 to 0.123.0 + * readlinkfs: implement go-apk fs.XattrFS interfaces + * Pull in the latest go-apk for xattrs support + * build(deps): bump github.com/docker/docker + * Pull in index builddate support. + * Install should first build melange binary... + * Make makefile work on Mac and Linux. + * build(deps): bump sigstore/cosign-installer from 3.0.2 to 3.0.5 + * add a boolean so built in melange pipelines can be used in + subpackages as they need to write to a different target folder + * ensure range data replaces `with` options during a pipeline + * Update README.md + * Update distroless references + * default for mac is docker, not bwrap + * add extra logging when runner fails to TestUsability + * Add go vendor support to the go build pipeline. + * add multiple runner options + * use latest version of melange in lima configuration file + * Set `builddate` in our `.PKGINFO` control data. + * add field docs + * build(deps): bump golang.org/x/sync from 0.1.0 to 0.2.0 + * pipelines: patch: add support for quilt patch-series files + * Add an optional "deps" paramter to the go/build pipeline. + * chore: signing issues + * chore: corrections in mac instructions + * chore: corrections in mac instructions + * build: package: skip SONAME analysis when ELF interpreter + setting is present + * Add trimpath to the go pipeline. + * update docs + * build: add support for configurable logging policies + * Add name method to build config + * build(deps): bump gitlab.alpinelinux.org/alpine/go + * move signing funcs to rely on external go-apk library + * use go-apk library instead of apko + * update alpine-go to include replaces hotfix + * simplify DataItems to use the builtin marshallable map type + * add `ignore-regex-patterns` update config to indicate you want + to ignore string patterns that match an upstream version + * add a strip-suffix: key to melange update struct to indicate + stripping a suffix from an upstream GitHub version + * bump to latest apko which handles file overwrites + * cli: build: warn when no work to do instead of throwing an + error + * build(deps): bump github.com/docker/docker + * upgrade apko to 20230421 snapshot + * build(deps): bump google.golang.org/api from 0.116.0 to 0.119.0 + * build: update tests to use apko log.Logger + * build: use apko_log.Logger everywhere + * build: logger: conform to apko_log.Logger shape + * adapt to new apko logging framework + * update apko dependency to 20230420 snapshot + * update apko dependency to 20230419 snapshot + * config parsing: fix handling of filesystems + * bump test: fix panic by requiring no error + * Stop repeating errors on build command + * build(deps): bump actions/checkout from 3.5.0 to 3.5.2 + * fix 403 error when melange bumping some packages, + https://www.netfilter.org for example needs it + * update apko to 20230413 snapshot + * Print full uri to debug file download errors + * Do not depend on concrete logger + * pipelines: autoconf/make-install: delete all GNU libtool + metadata files + * remove flawed test + * build: package: append subpackages to build log + * Use formatted YAML encoder from yam + * build: readlinkfs: chase apko ReadlinkFS API break + * upgrade apko snapshot to 20230411 + * build(deps): bump google.golang.org/api from 0.114.0 to 0.116.0 + * build(deps): bump sigstore/cosign-installer from 3.0.1 to 3.0.2 + * go mod tidy again + * index: convert to using logrus + * build: package: use logrus.Entry for logging + * update apko for formatting fixes + * build: remove actualArchs variable, no longer used + * fix tests + * container: use warning level for stderr output + * pipeline: downgrade dumpWith() to use debug level + * switch to using logrus + * update to apko git + * feat: send useragent in HTTP requests + * export mutate functions as these are very useful to be called + outside of the build package + * warn if target-architecture:['all'], remove from examples + * feat: respect target-architecture to filter archs + * index: rework architecture filtering + * update docs + * build(deps): bump actions/add-to-project from 0.4.1 to 0.5.0 + * cli: index: add --arch flag + * index: print warning and skip packages which do not match the + expected architecture + * index: add ExpectedArch to index.Context + * add a `update.manual:` key to indicate a package should be + manually updated + * fix: log package new names+versions when regenerating index + * make original test commit sha different from the new expected + sha to ensure test works + * melange bump: optional flag to modify git-checkout pipeline + expected-commit value + * Bump apko to pick up busybox detection fix. + * Fix goreleaser cosign flags + * package: allow any library which has a SONAME to be a provider + * build: fix SBOM language gathering for subpackage pipelines + * package: ensure the package output directories always exist for + scanning + * build: introduce Context.IsBuildLess and skip a lot of + setup/teardown for buildless packages + * build: allow a package to be defined without a pipeline + * Add darwin goreleaser target (macOS) + * fix build + * release image after the binary + * update makefile + * cleanup goreleaser and ko config + * clean up, update version comments for ci jobs + * upgrade to use go1.20 + * upgrade alpine pkgs lima + ------------------------------------------------------------------- Mon Apr 03 12:43:01 UTC 2023 - kastl@b1-systems.de diff --git a/melange.obsinfo b/melange.obsinfo index ef02132..7ced341 100644 --- a/melange.obsinfo +++ b/melange.obsinfo @@ -1,4 +1,4 @@ name: melange -version: 0.3.2 -mtime: 1680282202 -commit: 4ed1d07ef6955379e936cf237f8dfec382454f47 +version: 0.5.0 +mtime: 1696461776 +commit: b54700f86a4b7d626b519e0ba064b3b1c7e42fbc diff --git a/melange.spec b/melange.spec index 74b0c7b..2feb5cf 100644 --- a/melange.spec +++ b/melange.spec @@ -19,14 +19,14 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: melange -Version: 0.3.2 +Version: 0.5.0 Release: 0 Summary: Build APKs from source code License: Apache-2.0 URL: https://github.com/chainguard-dev/melange Source: melange-%{version}.tar.gz Source1: vendor.tar.gz -BuildRequires: go >= 1.18 +BuildRequires: go >= 1.20 %description Build apk packages using declarative pipelines. @@ -69,8 +69,7 @@ BuildArch: noarch zsh command line completion support for %{name}. %prep -%setup -q -%setup -q -T -D -a 1 +%autosetup -p 1 -a 1 %build DATE_FMT="+%%Y-%%m-%%dT%%H:%%M:%%SZ" diff --git a/vendor.tar.gz b/vendor.tar.gz index 1953704..630e5bf 100644 --- a/vendor.tar.gz +++ b/vendor.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:48c070fb74298a20cde0fc435795d78f8da9226fe1806eff01dd7f16ac1b5308 -size 7938263 +oid sha256:d8841d1cacba18b6b54758270dc21143c2b4b4a23664f4b7e322019355b21934 +size 10914140