From 33164268a76b6ec590aa9b70ca9fc32251833db5 Mon Sep 17 00:00:00 2001 From: Zhenya Tikhonov Date: Sun, 28 Jun 2026 18:34:37 +0400 Subject: [PATCH 1/6] build: use DHI sources; add dependabot --- .github/PULL_REQUEST_TEMPLATE.md | 20 ++-- .github/actions/bump-version/action.yml | 87 +++++++++++++++ .github/dependabot.yml | 57 ++++++++++ .github/workflows/dependabot-version-bump.yml | 38 +++++++ .github/workflows/version-bump.yml | 81 ++++++++++++++ Dockerfile | 20 ++-- codefresh.yml | 100 ------------------ 7 files changed, 282 insertions(+), 121 deletions(-) create mode 100644 .github/actions/bump-version/action.yml create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/dependabot-version-bump.yml create mode 100644 .github/workflows/version-bump.yml delete mode 100644 codefresh.yml diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 45d2319..fdb3537 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,18 +1,16 @@ ## What -## Why - -## Notes - - -## Labels - -Assign the following labels to the PR: - -`security` - to trigger image scanning in CI build + ## PR Comments Add the following comments to the PR: -`/e2e` - to trigger E2E build +* `/e2e` - to trigger E2E build +* `/bump patch` - to bump the patch version +* `/bump minor` - to bump the minor version +* `/bump major` - to bump the major version diff --git a/.github/actions/bump-version/action.yml b/.github/actions/bump-version/action.yml new file mode 100644 index 0000000..62313f9 --- /dev/null +++ b/.github/actions/bump-version/action.yml @@ -0,0 +1,87 @@ +name: Bump version +description: Compute and apply a semver bump to service.yaml, commit, push, and report on the PR. + +inputs: + bump: + description: Version component to bump (major, minor, or patch) + required: true + base: + description: Base branch name + required: true + head: + description: Head branch name + required: true + pr: + description: Pull request number + required: true + github-token: + description: GitHub token + required: true + +runs: + using: composite + steps: + - name: Check out PR branch + uses: actions/checkout@v4 + with: + ref: ${{ inputs.head }} + fetch-depth: 0 + token: ${{ inputs.github-token }} + + - name: Compute and apply version bump + id: bump + shell: bash + env: + BUMP: ${{ inputs.bump }} + BASE: ${{ inputs.base }} + run: | + git fetch origin "$BASE" --depth=1 + base_version=$(git show "origin/$BASE:service.yaml" | grep '^version:' | awk '{print $2}') + echo "Base ($BASE) version: $base_version" + + IFS='.' read -r major minor patch <<< "$base_version" + case "$BUMP" in + major) major=$((major + 1)); minor=0; patch=0 ;; + minor) minor=$((minor + 1)); patch=0 ;; + patch) patch=$((patch + 1)) ;; + esac + new_version="${major}.${minor}.${patch}" + echo "New version: $new_version" + echo "new_version=$new_version" >> "$GITHUB_OUTPUT" + echo "base_version=$base_version" >> "$GITHUB_OUTPUT" + + # Reset to base version first, then apply bump — result depends only on + # base branch, never on a previous bump. + sed -i "s/^version:.*/version: $new_version/" service.yaml + + if git diff --quiet -- service.yaml; then + echo "changed=false" >> "$GITHUB_OUTPUT" + else + echo "changed=true" >> "$GITHUB_OUTPUT" + fi + + - name: Commit and push + if: steps.bump.outputs.changed == 'true' + shell: bash + env: + NEW_VERSION: ${{ steps.bump.outputs.new_version }} + HEAD: ${{ inputs.head }} + run: | + git config user.name 'github-actions[bot]' + git config user.email '41898282+github-actions[bot]@users.noreply.github.com' + git add service.yaml + git commit -m "ci: bump version to ${NEW_VERSION}" + git push origin "HEAD:${HEAD}" + + - name: Report result + shell: bash + env: + GH_TOKEN: ${{ inputs.github-token }} + PR: ${{ inputs.pr }} + run: | + if [ '${{ steps.bump.outputs.changed }}' = 'true' ]; then + body="✅ Bumped version to \`${{ steps.bump.outputs.new_version }}\` (\`${{ inputs.bump }}\` from \`${{ steps.bump.outputs.base_version }}\` on \`${{ inputs.base }}\`)." + else + body="ℹ️ Version is already \`${{ steps.bump.outputs.new_version }}\` (\`${{ inputs.bump }}\` from \`${{ steps.bump.outputs.base_version }}\` on \`${{ inputs.base }}\`). Nothing to do." + fi + gh pr comment "$PR" --repo "${{ github.repository }}" --body "$body" diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..60e7f4f --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,57 @@ +# Please see the documentation for all configuration options: +# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 + +registries: + docker-registry: + type: docker-registry + url: https://registry.hub.docker.com + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + +multi-ecosystem-groups: + docker-weekly: + schedule: + interval: "weekly" + +updates: + - package-ecosystem: "gomod" + directory: "/cleaner/dind-cleaner" + schedule: + interval: "weekly" + labels: + - "dependabot" + - "review-required" + - "gomod" + cooldown: + default-days: 7 + groups: + minor-and-patch-security: + applies-to: security-updates + update-types: + - "minor" + - "patch" + + - package-ecosystem: "docker" + directory: "/" + registries: "*" + schedule: + interval: "weekly" + labels: + - "dependabot" + - "review-required" + - "docker" + multi-ecosystem-group: "docker-weekly" + patterns: + - "*" + ignore: + - dependency-name: "octopusdeploy/dhi-golang" + update-types: + - version-update:semver-major + - dependency-name: "octopusdeploy/dhi-node-exporter" + update-types: + - version-update:semver-major + - dependency-name: "docker" + update-types: + - version-update:semver-major diff --git a/.github/workflows/dependabot-version-bump.yml b/.github/workflows/dependabot-version-bump.yml new file mode 100644 index 0000000..cf82b71 --- /dev/null +++ b/.github/workflows/dependabot-version-bump.yml @@ -0,0 +1,38 @@ +name: Auto bump patch version for dependabot PRs + +# Bumps the "version" field in service.yaml (patch increment) whenever a PR +# with the "dependabot" label is opened or has the label added. +# +# The new version is always computed relative to the PR's target (base) branch, +# so re-labelling never stacks bumps — the result is always base + 1 patch. + +on: + pull_request: + types: [opened, labeled] + +permissions: + contents: write + pull-requests: write + +jobs: + bump-version: + if: contains(github.event.pull_request.labels.*.name, 'dependabot') + runs-on: ubuntu-latest + steps: + - name: Resolve PR branches + id: pr + run: | + echo "head=${{ github.event.pull_request.head.ref }}" >> "$GITHUB_OUTPUT" + echo "base=${{ github.event.pull_request.base.ref }}" >> "$GITHUB_OUTPUT" + + - name: Check out repository + uses: actions/checkout@v4 + + - name: Bump patch version + uses: ./.github/actions/bump-version + with: + bump: patch + base: ${{ steps.pr.outputs.base }} + head: ${{ steps.pr.outputs.head }} + pr: ${{ github.event.pull_request.number }} + github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml new file mode 100644 index 0000000..e8149e6 --- /dev/null +++ b/.github/workflows/version-bump.yml @@ -0,0 +1,81 @@ +name: Bump version on comment + +# Bumps the "version" field in service.yaml when a maintainer comments +# "/bump major", "/bump minor" or "/bump patch" on a pull request. +# +# The new version is always computed relative to the PR's target (base) branch, +# so commenting several times only ever produces a single bump from the base — +# it never stacks on top of a previous comment. + +on: + issue_comment: + types: [created] + +permissions: + contents: write + pull-requests: write + +jobs: + bump-version: + # Only run on PR comments, only for users that can write to the repo, and + # only when the comment is one of the supported /bump commands. + if: > + github.event.issue.pull_request && + contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.comment.author_association) && + (startsWith(github.event.comment.body, '/bump major') || + startsWith(github.event.comment.body, '/bump minor') || + startsWith(github.event.comment.body, '/bump patch')) + runs-on: ubuntu-latest + steps: + - name: Acknowledge command + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh api \ + --method POST \ + "/repos/${{ github.repository }}/issues/comments/${{ github.event.comment.id }}/reactions" \ + -f content='eyes' + + - name: Parse command + id: parse + env: + COMMENT_BODY: ${{ github.event.comment.body }} + run: | + # Pass the comment via env (never interpolated into the script) to + # avoid shell injection from untrusted comment content. + # Only parse the first line: integrations (e.g. Linear) may append + # extra lines such as "". + bump=$(printf '%s' "$COMMENT_BODY" | awk 'NR==1{print $2}') + case "$bump" in + major|minor|patch) + echo "bump=$bump" >> "$GITHUB_OUTPUT" + ;; + *) + echo "::error::Unsupported version command: '$bump'" + exit 1 + ;; + esac + + - name: Resolve PR branches + id: pr + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh pr view "${{ github.event.issue.number }}" \ + --repo "${{ github.repository }}" \ + --json headRefName,baseRefName \ + > pr.json + echo "head=$(jq -r .headRefName pr.json)" >> "$GITHUB_OUTPUT" + echo "base=$(jq -r .baseRefName pr.json)" >> "$GITHUB_OUTPUT" + + - name: Check out repository + uses: actions/checkout@v4 + + - name: Bump version + uses: ./.github/actions/bump-version + with: + bump: ${{ steps.parse.outputs.bump }} + base: ${{ steps.pr.outputs.base }} + head: ${{ steps.pr.outputs.head }} + pr: ${{ github.event.issue.number }} + github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/Dockerfile b/Dockerfile index 0fbe97c..f220506 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,8 @@ # CI relies on this ARG. Don't remove or rename it ARG DOCKER_VERSION=29.5.3 -# dind-cleaner -FROM golang:1.26-alpine3.23 AS cleaner +# DHI source: https://hub.docker.com/repository/docker/octopusdeploy/dhi-golang +FROM octopusdeploy/dhi-golang:1.26-alpine3.24@sha256:02e9edbf516c55d7448caef215c0c8eba5d843f101434bfb4359df4cd75cc1df AS cleaner COPY cleaner/dind-cleaner/* /go/src/github.com/codefresh-io/dind-cleaner/ WORKDIR /go/src/github.com/codefresh-io/dind-cleaner/ RUN go mod tidy @@ -12,14 +12,17 @@ RUN CGO_ENABLED=0 go build -o /usr/local/bin/dind-cleaner ./cmd \ && rm -rf /go/* -# bbolt -FROM golang:1.26-alpine3.23 AS bbolt +# DHI source: https://hub.docker.com/repository/docker/octopusdeploy/dhi-golang +FROM octopusdeploy/dhi-golang:1.26-alpine3.24@sha256:02e9edbf516c55d7448caef215c0c8eba5d843f101434bfb4359df4cd75cc1df AS bbolt RUN go install go.etcd.io/bbolt/cmd/bbolt@latest -# Main +# DHI source: https://hub.docker.com/repository/docker/octopusdeploy/dhi-node-exporter +FROM octopusdeploy/dhi-node-exporter:1.11.1-alpine3.23@sha256:8cd8b3f56f6c319a03c7a2224e99d07e34241ae9ced308df5a6fee41d61ea905 as node-exporter + + FROM docker:${DOCKER_VERSION}-dind AS prod -RUN echo 'http://dl-cdn.alpinelinux.org/alpine/v3.23/main' >> /etc/apk/repositories \ +RUN echo 'http://dl-cdn.alpinelinux.org/alpine/v3.24/main' >> /etc/apk/repositories \ && apk upgrade && apk add --no-cache \ bash \ # Add fuse-overlayfs for compatibility with rootless. Volumes created with rootless might use fuse-overlay formatted volumes. If those volumes are later used by dind that runs with root it'll require fuse-overlay to be able to read the volume @@ -30,12 +33,9 @@ RUN echo 'http://dl-cdn.alpinelinux.org/alpine/v3.23/main' >> /etc/apk/repositor # Backward compatibility with kernels that do not support `iptables-nft`. Check #CR-23033 for details. RUN update-alternatives --install $(which iptables) iptables $(which iptables-legacy) 10 \ && update-alternatives --install $(which ip6tables) ip6tables $(which ip6tables-legacy) 10 -# DHI source: https://hub.docker.com/repository/docker/octopusdeploy/dhi-node-exporter -COPY --from=docker.io/octopusdeploy/dhi-node-exporter:1.11.1-alpine3.23@sha256:8cd8b3f56f6c319a03c7a2224e99d07e34241ae9ced308df5a6fee41d61ea905 /usr/bin/node_exporter /bin/ +COPY --from=node-exporter /usr/bin/node_exporter /bin/ COPY --from=bbolt /go/bin/bbolt /bin/ COPY --from=cleaner /usr/local/bin/dind-cleaner /bin/ - WORKDIR /dind ADD . /dind - ENTRYPOINT ["./run.sh"] diff --git a/codefresh.yml b/codefresh.yml deleted file mode 100644 index 72cbdfd..0000000 --- a/codefresh.yml +++ /dev/null @@ -1,100 +0,0 @@ -version: "1.0" -stages: - - clone - - prepare - - build - - release -steps: - - main_clone: - title: 'Cloning main repository...' - stage: clone - type: git-clone - repo: ${{CF_REPO_OWNER}}/${{CF_REPO_NAME}} - revision: ${{CF_BRANCH}} - git: ${{GIT_CONTEXT}} - - prepare_env_vars: - title: 'Preparing environment variables...' - stage: prepare - image: codefreshio/ci-helpers - working_directory: ${{main_clone}} - commands: - - cf_export DOCKER_VERSION=20.10.13 - - cf_export SERVICE_VERSION=$(yq r service.yaml version) - - cf_export IMAGE_NAME=codefresh/dind - - validate_version: - title: 'Validating the service version...' - stage: prepare - image: codefreshio/ci-helpers - fail_fast: false - commands: - - | - err() { echo -e "\e[31m$@\e[0m" ; return 1 ; } - ok() { echo -e "\e[32m$@\e[0m" ; return 0 ; } - - current_version=${SERVICE_VERSION} - last_version=$(git describe --abbrev=0 --tags) - echo "Current version is $current_version, last version - $last_version" - semver-cli greater $current_version $last_version && ok "Version check ok" || err "Please the update the version in the service.yaml file" - - build_image: - title: "Building the image..." - stage: build - type: build - working_directory: ${{main_clone}} - build_arguments: - - DOCKER_VERSION=${{DOCKER_VERSION}} - dockerfile: ./Dockerfile - image_name: ${{IMAGE_NAME}} - tag: ${{CF_BRANCH_TAG_NORMALIZED}} - - approve_existing_version_update: - type: pending-approval - stage: release - title: "Are you sure you want to update already existing image version?" - description: | - "Used for reverting changes without raising the service version" - when: - branch: - only: [master] - steps: - - name: validate_version - on: - - failure - - release: - type: parallel - stage: release - steps: - - add_git_tag: - title: "Adding Git tag..." - stage: release - image: codefreshio/ci-helpers - commands: - - source /get-token/get-gh-token.sh - - | - curl --fail -X POST -d '{"ref": "refs/tags/${{SERVICE_VERSION}}","sha": "${{CF_REVISION}}"}' -H "Content-Type: application/json" -H "Authorization: token ${GITHUB_TOKEN}" https://api.github.com/repos/${{CF_REPO_OWNER}}/${{CF_REPO_NAME}}/git/refs - when: - branch: - only: [master] - steps: - - name: validate_version - on: - - success - - push_image_prod: - type: push - title: "Pushing the image to the public registry..." - stage: release - image_name: '${{IMAGE_NAME}}' - registry: "${{REGISTRY_INTEGRATION}}" - candidate: "${{build_image}}" - tags: - - "${{DOCKER_VERSION}}-v${{SERVICE_VERSION}}" - - "latest" - when: - branch: - only: [master] From e04ecf3ad403e0f45225fce7fe23cffe6c32742c Mon Sep 17 00:00:00 2001 From: Zhenya Tikhonov Date: Sun, 28 Jun 2026 18:34:54 +0400 Subject: [PATCH 2/6] fix: address package incompatibilities --- cleaner/dind-cleaner/cmd/main.go | 15 +++++----- cleaner/dind-cleaner/go.mod | 14 ++-------- cleaner/dind-cleaner/go.sum | 48 ++++---------------------------- 3 files changed, 15 insertions(+), 62 deletions(-) diff --git a/cleaner/dind-cleaner/cmd/main.go b/cleaner/dind-cleaner/cmd/main.go index a68bef1..ff17f62 100644 --- a/cleaner/dind-cleaner/cmd/main.go +++ b/cleaner/dind-cleaner/cmd/main.go @@ -18,14 +18,13 @@ package main import ( "bufio" + "context" "flag" - "github.com/docker/docker/api/types/image" "os" "time" - "github.com/docker/docker/client" "github.com/golang/glog" - "golang.org/x/net/context" + "github.com/moby/moby/client" ) func readFileLines(path string) ([]string, error) { @@ -75,7 +74,7 @@ func cleanImages(retainedImagesList []string, retainPeriod int64) { os.Setenv("DOCKER_API_VERSION", "1.35") } - cli, err := client.NewClientWithOpts( + cli, err := client.New( client.FromEnv, ) if err != nil { @@ -106,17 +105,17 @@ func cleanImages(retainedImagesList []string, retainPeriod int64) { // 1. Get All Images ctx := context.Background() - imagesFullList, err := cli.ImageList(ctx, image.ListOptions{All: true}) + imagesFullList, err := cli.ImageList(ctx, client.ImageListOptions{All: true}) if err != nil { panic(err) } - glog.Infof("Found %d images in docker", len(imagesFullList)) + glog.Infof("Found %d images in docker", len(imagesFullList.Items)) currentTs := time.Now().Unix() // 2. fill map of imageToCleanStruct images := make(map[string]*imageToCleanStruct) - for _, img := range imagesFullList { + for _, img := range imagesFullList.Items { images[img.ID] = &imageToCleanStruct{ ID: img.ID, Created: img.Created, @@ -176,7 +175,7 @@ func cleanImages(retainedImagesList []string, retainPeriod int64) { // add image delete here var err error if !*dryRun { - _, err = cli.ImageRemove(ctx, imageID, image.RemoveOptions{Force: true, PruneChildren: false}) + _, err = cli.ImageRemove(ctx, imageID, client.ImageRemoveOptions{Force: true, PruneChildren: false}) } else { glog.Infof("DRY RUN - do not actually delete") } diff --git a/cleaner/dind-cleaner/go.mod b/cleaner/dind-cleaner/go.mod index 192ca15..f4be6ad 100644 --- a/cleaner/dind-cleaner/go.mod +++ b/cleaner/dind-cleaner/go.mod @@ -3,9 +3,8 @@ module github.com/codefresh-io/dind-cleaner go 1.26.0 require ( - github.com/docker/docker v28.5.2+incompatible github.com/golang/glog v1.2.5 - golang.org/x/net v0.53.0 + github.com/moby/moby/client v0.5.0 ) require ( @@ -13,7 +12,6 @@ require ( github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/containerd/errdefs v1.0.0 // indirect github.com/containerd/errdefs/pkg v0.3.0 // indirect - github.com/containerd/log v0.1.0 // indirect github.com/distribution/reference v0.6.0 // indirect github.com/docker/go-connections v0.7.0 // indirect github.com/docker/go-units v0.5.0 // indirect @@ -21,21 +19,13 @@ require ( github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect - github.com/moby/sys/atomicwriter v0.1.0 // indirect - github.com/moby/term v0.5.2 // indirect - github.com/morikuni/aec v1.1.0 // indirect + github.com/moby/moby/api v1.55.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.1 // indirect - github.com/pkg/errors v0.9.1 // indirect go.opentelemetry.io/auto/sdk v1.2.1 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.68.0 // indirect go.opentelemetry.io/otel v1.43.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.43.0 // indirect go.opentelemetry.io/otel/metric v1.43.0 // indirect go.opentelemetry.io/otel/trace v1.43.0 // indirect golang.org/x/sys v0.43.0 // indirect - golang.org/x/time v0.15.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20260427160629-7cedc36a6bc4 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20260427160629-7cedc36a6bc4 // indirect - gotest.tools/v3 v3.5.2 // indirect ) diff --git a/cleaner/dind-cleaner/go.sum b/cleaner/dind-cleaner/go.sum index 74548a2..41dfd60 100644 --- a/cleaner/dind-cleaner/go.sum +++ b/cleaner/dind-cleaner/go.sum @@ -1,23 +1,15 @@ -github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg= -github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= -github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM= -github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI= github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE= github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk= -github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= -github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/docker v28.5.2+incompatible h1:DBX0Y0zAjZbSrm1uzOkdr1onVghKaftjlSWt4AFexzM= -github.com/docker/docker v28.5.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/go-connections v0.7.0 h1:6SsRfJddP22WMrCkj19x9WKjEDTB+ahsdiGYf0mN39c= github.com/docker/go-connections v0.7.0/go.mod h1:no1qkHdjq7kLMGUXYAduOhYPSJxxvgWBh7ogVvptn3Q= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= @@ -35,28 +27,18 @@ github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 h1:HWRh5R2+9EifMyIHV7ZV+MIZqgz+PMpZ14Jynv3O2Zs= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0/go.mod h1:JfhWUomR1baixubs02l85lZYYOm7LV6om4ceouMv45c= github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= -github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw= -github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs= -github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU= -github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko= -github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ= -github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc= -github.com/morikuni/aec v1.1.0 h1:vBBl0pUnvi/Je71dsRrhMBtreIqNMYErSAbEeb8jrXQ= -github.com/morikuni/aec v1.1.0/go.mod h1:xDRgiq/iw5l+zkao76YTKzKttOp2cwPEne25HDkJnBw= +github.com/moby/moby/api v1.55.0 h1:2/sexvQyqIWS8pRSCFddBfpW2qE7vR7FCL+vN8pxwMc= +github.com/moby/moby/api v1.55.0/go.mod h1:+RQ6wluLwtYaTd1WnPLykIDPekkuyD/ROWQClE83pzs= +github.com/moby/moby/client v0.5.0 h1:5XhyPk2fuOWf6RlSFa3MkIIgDZkF25xToXW8Q/BH7cc= +github.com/moby/moby/client v0.5.0/go.mod h1:rcVpF8ncl9vo5gaIBdol6CnbEtSj1uxMvEV/UrykF/s= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M= -github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= -github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= @@ -65,10 +47,6 @@ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.68.0 h1:CqXxU8V go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.68.0/go.mod h1:BuhAPThV8PBHBvg8ZzZ/Ok3idOdhWIodywz2xEcRbJo= go.opentelemetry.io/otel v1.43.0 h1:mYIM03dnh5zfN7HautFE4ieIig9amkNANT+xcVxAj9I= go.opentelemetry.io/otel v1.43.0/go.mod h1:JuG+u74mvjvcm8vj8pI5XiHy1zDeoCS2LB1spIq7Ay0= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0 h1:88Y4s2C8oTui1LGM6bTWkw0ICGcOLCAI5l6zsD1j20k= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0/go.mod h1:Vl1/iaggsuRlrHf/hfPJPvVag77kKyvrLeD10kpMl+A= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.43.0 h1:3iZJKlCZufyRzPzlQhUIWVmfltrXuGyfjREgGP3UUjc= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.43.0/go.mod h1:/G+nUPfhq2e+qiXMGxMwumDrP5jtzU+mWN7/sjT2rak= go.opentelemetry.io/otel/metric v1.43.0 h1:d7638QeInOnuwOONPp4JAOGfbCEpYb+K6DVWvdxGzgM= go.opentelemetry.io/otel/metric v1.43.0/go.mod h1:RDnPtIxvqlgO8GRW18W6Z/4P462ldprJtfxHxyKd2PY= go.opentelemetry.io/otel/sdk v1.43.0 h1:pi5mE86i5rTeLXqoF/hhiBtUNcrAGHLKQdhg4h4V9Dg= @@ -77,25 +55,11 @@ go.opentelemetry.io/otel/sdk/metric v1.43.0 h1:S88dyqXjJkuBNLeMcVPRFXpRw2fuwdvfC go.opentelemetry.io/otel/sdk/metric v1.43.0/go.mod h1:C/RJtwSEJ5hzTiUz5pXF1kILHStzb9zFlIEe85bhj6A= go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09nk+3A= go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0= -go.opentelemetry.io/proto/otlp v1.10.0 h1:IQRWgT5srOCYfiWnpqUYz9CVmbO8bFmKcwYxpuCSL2g= -go.opentelemetry.io/proto/otlp v1.10.0/go.mod h1:/CV4QoCR/S9yaPj8utp3lvQPoqMtxXdzn7ozvvozVqk= -golang.org/x/net v0.53.0 h1:d+qAbo5L0orcWAr0a9JweQpjXF19LMXJE8Ey7hwOdUA= -golang.org/x/net v0.53.0/go.mod h1:JvMuJH7rrdiCfbeHoo3fCQU24Lf5JJwT9W3sJFulfgs= golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI= golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= -golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg= -golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164= -golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U= -golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno= -google.golang.org/genproto/googleapis/api v0.0.0-20260427160629-7cedc36a6bc4 h1:yOzSCGPx+cp5VO7IxvZ9SBFF7j1tZVcNtlHR2iYKtVo= -google.golang.org/genproto/googleapis/api v0.0.0-20260427160629-7cedc36a6bc4/go.mod h1:Q9HWtNeE7tM9npdIsEvqXj1QJIvVoeAV3rtXtS715Cw= -google.golang.org/genproto/googleapis/rpc v0.0.0-20260427160629-7cedc36a6bc4 h1:tEkOQcXgF6dH1G+MVKZrfpYvozGrzb91k6ha7jireSM= -google.golang.org/genproto/googleapis/rpc v0.0.0-20260427160629-7cedc36a6bc4/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8= -google.golang.org/grpc v1.80.0 h1:Xr6m2WmWZLETvUNvIUmeD5OAagMw3FiKmMlTdViWsHM= -google.golang.org/grpc v1.80.0/go.mod h1:ho/dLnxwi3EDJA4Zghp7k2Ec1+c2jqup0bFkw07bwF4= -google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= -google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q= gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA= +pgregory.net/rapid v1.2.0 h1:keKAYRcjm+e1F0oAuU5F5+YPAWcyxNNRK2wud503Gnk= +pgregory.net/rapid v1.2.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04= From 1316914848406479659148609b2c4a9aa80fa52f Mon Sep 17 00:00:00 2001 From: Zhenya Tikhonov Date: Sun, 28 Jun 2026 18:35:15 +0400 Subject: [PATCH 3/6] ci: bump version --- service.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/service.yaml b/service.yaml index 270013b..6caec54 100644 --- a/service.yaml +++ b/service.yaml @@ -1 +1 @@ -version: 3.0.17 +version: 3.0.18 From 4929d6925cc0d865b5f304b26f7e054d2c22b4fc Mon Sep 17 00:00:00 2001 From: Zhenya Tikhonov Date: Sun, 28 Jun 2026 18:41:52 +0400 Subject: [PATCH 4/6] style: fix casing issue in Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index f220506..94dba54 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,7 @@ RUN go install go.etcd.io/bbolt/cmd/bbolt@latest # DHI source: https://hub.docker.com/repository/docker/octopusdeploy/dhi-node-exporter -FROM octopusdeploy/dhi-node-exporter:1.11.1-alpine3.23@sha256:8cd8b3f56f6c319a03c7a2224e99d07e34241ae9ced308df5a6fee41d61ea905 as node-exporter +FROM octopusdeploy/dhi-node-exporter:1.11.1-alpine3.23@sha256:8cd8b3f56f6c319a03c7a2224e99d07e34241ae9ced308df5a6fee41d61ea905 AS node-exporter FROM docker:${DOCKER_VERSION}-dind AS prod From cc07922259138d8a1d39c6a8f1692eb6d15d2e72 Mon Sep 17 00:00:00 2001 From: Zhenya Tikhonov Date: Sun, 28 Jun 2026 18:45:55 +0400 Subject: [PATCH 5/6] fix: use dev images for intermedate stages --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 94dba54..e152954 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ ARG DOCKER_VERSION=29.5.3 # DHI source: https://hub.docker.com/repository/docker/octopusdeploy/dhi-golang -FROM octopusdeploy/dhi-golang:1.26-alpine3.24@sha256:02e9edbf516c55d7448caef215c0c8eba5d843f101434bfb4359df4cd75cc1df AS cleaner +FROM octopusdeploy/dhi-golang:1.26-alpine3.24-dev@sha256:e48a91483983467f426cae8656aa16be252c6f2e290125e10db01259352a54ca COPY cleaner/dind-cleaner/* /go/src/github.com/codefresh-io/dind-cleaner/ WORKDIR /go/src/github.com/codefresh-io/dind-cleaner/ RUN go mod tidy @@ -13,7 +13,7 @@ RUN CGO_ENABLED=0 go build -o /usr/local/bin/dind-cleaner ./cmd \ # DHI source: https://hub.docker.com/repository/docker/octopusdeploy/dhi-golang -FROM octopusdeploy/dhi-golang:1.26-alpine3.24@sha256:02e9edbf516c55d7448caef215c0c8eba5d843f101434bfb4359df4cd75cc1df AS bbolt +FROM octopusdeploy/dhi-golang:1.26-alpine3.24-dev@sha256:e48a91483983467f426cae8656aa16be252c6f2e290125e10db01259352a54ca RUN go install go.etcd.io/bbolt/cmd/bbolt@latest From 956e933e164cde79c7efd639589159a6cab428b2 Mon Sep 17 00:00:00 2001 From: Zhenya Tikhonov Date: Sun, 28 Jun 2026 18:48:25 +0400 Subject: [PATCH 6/6] fix: revert stages manes --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index e152954..19737b2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ ARG DOCKER_VERSION=29.5.3 # DHI source: https://hub.docker.com/repository/docker/octopusdeploy/dhi-golang -FROM octopusdeploy/dhi-golang:1.26-alpine3.24-dev@sha256:e48a91483983467f426cae8656aa16be252c6f2e290125e10db01259352a54ca +FROM octopusdeploy/dhi-golang:1.26-alpine3.24-dev@sha256:e48a91483983467f426cae8656aa16be252c6f2e290125e10db01259352a54ca AS cleaner COPY cleaner/dind-cleaner/* /go/src/github.com/codefresh-io/dind-cleaner/ WORKDIR /go/src/github.com/codefresh-io/dind-cleaner/ RUN go mod tidy @@ -13,7 +13,7 @@ RUN CGO_ENABLED=0 go build -o /usr/local/bin/dind-cleaner ./cmd \ # DHI source: https://hub.docker.com/repository/docker/octopusdeploy/dhi-golang -FROM octopusdeploy/dhi-golang:1.26-alpine3.24-dev@sha256:e48a91483983467f426cae8656aa16be252c6f2e290125e10db01259352a54ca +FROM octopusdeploy/dhi-golang:1.26-alpine3.24-dev@sha256:e48a91483983467f426cae8656aa16be252c6f2e290125e10db01259352a54ca AS bbolt RUN go install go.etcd.io/bbolt/cmd/bbolt@latest @@ -22,7 +22,7 @@ FROM octopusdeploy/dhi-node-exporter:1.11.1-alpine3.23@sha256:8cd8b3f56f6c319a03 FROM docker:${DOCKER_VERSION}-dind AS prod -RUN echo 'http://dl-cdn.alpinelinux.org/alpine/v3.24/main' >> /etc/apk/repositories \ +RUN echo 'http://dl-cdn.alpinelinux.org/alpine/v3.23/main' >> /etc/apk/repositories \ && apk upgrade && apk add --no-cache \ bash \ # Add fuse-overlayfs for compatibility with rootless. Volumes created with rootless might use fuse-overlay formatted volumes. If those volumes are later used by dind that runs with root it'll require fuse-overlay to be able to read the volume