Merge branch 'main' into token-permissions

Kong · Jan 14, 2025 · 2a156af · 2a156af
2 parents c3445f5 + 1999824
commit 2a156af
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 8 deletions.
diff --git a/.github/actions/redhat-opdev-preflight-action/Dockerfile b/.github/actions/redhat-opdev-preflight-action/Dockerfile
@@ -1,4 +1,4 @@
-FROM docker:20.10
+FROM docker:20.10@sha256:2967f0819c84dd589ed0a023b9d25dcfe7a3c123d5bf784ffbb77edf55335f0c
 
 RUN apk add bash
 

diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,6 @@
 ### Standard binary
 # Build the manager binary
-FROM --platform=$BUILDPLATFORM golang:1.23.4 AS builder
+FROM --platform=$BUILDPLATFORM golang:1.23.4@sha256:7ea4c9dcb2b97ff8ee80a67db3d44f98c8ffa0d191399197007d8459c1453041 AS builder
 
 ARG GOPATH
 ARG GOCACHE
@@ -49,7 +49,7 @@ RUN --mount=type=cache,target=$GOPATH/pkg/mod \
 ### FIPS 140-2 binary
 # Build the manager binary
 # https://github.com/golang/go/tree/dev.boringcrypto/misc/boring#building-from-docker
-FROM us-docker.pkg.dev/google.com/api-project-999119582588/go-boringcrypto/golang:1.18.10b7 AS builder-fips
+FROM us-docker.pkg.dev/google.com/api-project-999119582588/go-boringcrypto/golang:1.18.10b7@sha256:b9b51e25f7325e56bfffc8d0b1ffa42630a5286d05d7fd6526fec63ba9d81df3 AS builder-fips
 
 ARG TARGETPLATFORM
 ARG TARGETOS
@@ -80,7 +80,7 @@ ARG REPO_INFO
 RUN CGO_ENABLED=0 GOOS=linux GOARCH="${TARGETARCH}" GO111MODULE=on make _build.fips
 
 ### distroless FIPS 140-2
-FROM gcr.io/distroless/static:nonroot AS distroless-fips
+FROM gcr.io/distroless/static:nonroot@sha256:6ec5aa99dc335666e79dc64e4a6c8b89c33a543a1967f20d360922a80dd21f02 AS distroless-fips
 WORKDIR /
 COPY --from=builder-fips /workspace/manager .
 USER 1000:1000
@@ -90,7 +90,7 @@ ENTRYPOINT ["/manager"]
 ### Distroless/default
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot AS distroless
+FROM gcr.io/distroless/static:nonroot@sha256:6ec5aa99dc335666e79dc64e4a6c8b89c33a543a1967f20d360922a80dd21f02 AS distroless
 ARG TAG
 ARG TARGETPLATFORM
 ARG TARGETOS

diff --git a/Dockerfile.debug b/Dockerfile.debug
@@ -1,5 +1,5 @@
 # Build a manager binary with debug symbols and download Delve
-FROM --platform=$BUILDPLATFORM golang:1.23.4 AS builder
+FROM --platform=$BUILDPLATFORM golang:1.23.4@sha256:7ea4c9dcb2b97ff8ee80a67db3d44f98c8ffa0d191399197007d8459c1453041 AS builder
 
 ARG GOPATH
 ARG GOCACHE
@@ -46,8 +46,9 @@ RUN --mount=type=cache,target=$GOPATH/pkg/mod \
 
 ### Debug
 # Create an image that runs a debug build with Delve installed
-FROM golang:1.23.4 AS debug
-RUN go install github.com/go-delve/delve/cmd/dlv@latest
+FROM --platform=$BUILDPLATFORM golang:1.23.4@sha256:7ea4c9dcb2b97ff8ee80a67db3d44f98c8ffa0d191399197007d8459c1453041 AS debug
+# renovate: datasource=github-releases depName=go-delve/delve
+RUN go install github.com/go-delve/delve/cmd/[email protected]
 # We want all source so Delve file location operations work
 COPY --from=builder /workspace/bin/manager-debug /
 USER 65532:65532

diff --git a/renovate.json b/renovate.json
@@ -49,6 +49,16 @@
       "matchStrings": [
         "'(?<currentValue>.+)' # renovate: datasource=(?<datasource>.*) versioning=(?<versioning>.*) depName=(?<depName>.+) (packageName=(?<packageName>.+))"
       ]
+    },
+    {
+      "description": "Match versions in Dockerfile.* that are properly annotated with `# renovate: datasource={} depName={}`.",
+      "customType": "regex",
+      "fileMatch": [
+        "^Dockerfile.*$"
+      ],
+      "matchStrings": [
+        "# renovate: datasource=(?<datasource>.*) depName=(?<depName>.+)\\n.*@(?<currentValue>.*)"
+      ]
     }
   ],
   "customDatasources": {