diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 078d698..8641c84 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -195,7 +195,7 @@ jobs: run: exit 0 - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.29.0 + uses: aquasecurity/trivy-action@0.34.2 with: image-ref: envbox:latest format: sarif @@ -270,6 +270,6 @@ jobs: - name: Tag and push envbox-preview run: | VERSION=$(./scripts/version.sh)-dev-$(git rev-parse --short HEAD) - BASE=ghcr.io/coder/envbox-preview + BASE=ghcr.io/${{ github.repository_owner }}/envbox-preview docker tag envbox "${BASE}:${VERSION}" docker push "${BASE}:${VERSION}" diff --git a/.github/workflows/latest.yaml b/.github/workflows/latest.yaml index d389663..31d486b 100644 --- a/.github/workflows/latest.yaml +++ b/.github/workflows/latest.yaml @@ -36,10 +36,10 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Create Manifest run: | - docker manifest create ghcr.io/coder/envbox:latest \ - --amend ghcr.io/coder/envbox:${{ github.event.inputs.tag }}-amd64 \ - --amend ghcr.io/coder/envbox:${{ github.event.inputs.tag }}-arm64 + docker manifest create ghcr.io/${{ github.repository_owner }}/envbox:latest \ + --amend ghcr.io/${{ github.repository_owner }}/envbox:${{ github.event.inputs.tag }}-amd64 \ + --amend ghcr.io/${{ github.repository_owner }}/envbox:${{ github.event.inputs.tag }}-arm64 - name: Push Manifest run: | - docker manifest push ghcr.io/coder/envbox:latest + docker manifest push ghcr.io/${{ github.repository_owner }}/envbox:latest diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index ccba56b..61b7069 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -31,11 +31,11 @@ jobs: include: - os: ubuntu-22.04 arch: linux/amd64 - sha: b7ac389e5a19592cadf16e0ca30e40919516128f6e1b7f99e1cb4ff64554172e + sha: eeff273671467b8fa351ab3d40709759462dc03d9f7b50a1b207b37982ce40a9 arch-suffix: amd64 - os: depot-ubuntu-22.04-arm arch: linux/arm64 - sha: 16d80123ba53058cf90f5a68686e297621ea97942602682e34b3352783908f91 + sha: eae9c0e91ddd39bd1826d6a7a313a73d42a8449ef5113e9d6d118b559cb809ba arch-suffix: arm64 runs-on: ${{ matrix.os }} steps: @@ -79,10 +79,10 @@ jobs: run: make -j ARCH=${{ matrix.arch }} SYSBOX_SHA=${{ matrix.sha }} build/image/envbox - name: Tag Image - run: docker tag envbox ghcr.io/coder/envbox:${{ github.event.inputs.version }}-${{ matrix.arch-suffix }} + run: docker tag envbox ghcr.io/${{ github.repository_owner }}/envbox:${{ github.event.inputs.version }}-${{ matrix.arch-suffix }} - name: Push Image - run: docker push ghcr.io/coder/envbox:${{ github.event.inputs.version }}-${{ matrix.arch-suffix }} + run: docker push ghcr.io/${{ github.repository_owner }}/envbox:${{ github.event.inputs.version }}-${{ matrix.arch-suffix }} manifest: runs-on: ubuntu-22.04 needs: release @@ -100,12 +100,12 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Create Manifest run: | - docker manifest create ghcr.io/coder/envbox:${{ github.event.inputs.version }} \ - --amend ghcr.io/coder/envbox:${{ github.event.inputs.version }}-amd64 \ - --amend ghcr.io/coder/envbox:${{ github.event.inputs.version }}-arm64 + docker manifest create ghcr.io/${{ github.repository_owner }}/envbox:${{ github.event.inputs.version }} \ + --amend ghcr.io/${{ github.repository_owner }}/envbox:${{ github.event.inputs.version }}-amd64 \ + --amend ghcr.io/${{ github.repository_owner }}/envbox:${{ github.event.inputs.version }}-arm64 - name: Push Manifest run: | - docker manifest push ghcr.io/coder/envbox:${{ github.event.inputs.version }} + docker manifest push ghcr.io/${{ github.repository_owner }}/envbox:${{ github.event.inputs.version }} tag: runs-on: ubuntu-22.04 diff --git a/deploy/Dockerfile b/deploy/Dockerfile index 1bf3ee3..56e6354 100644 --- a/deploy/Dockerfile +++ b/deploy/Dockerfile @@ -2,11 +2,11 @@ FROM ubuntu:jammy ARG TARGETARCH -# This should be updated in the Makefile whenever the version is changed. +# This should be updated in the Makefile whenever the version is changed. # We don't hardcode it here because we have to be able to build both # amd and arm ARG SYSBOX_SHA -ARG SYSBOX_VERSION="0.6.7" +ARG SYSBOX_VERSION="0.7.0" ARG SYSBOX_DEB="sysbox-ce_$SYSBOX_VERSION-0.linux_$TARGETARCH.deb" # Copy configuration files to appropriate locations @@ -20,9 +20,9 @@ LABEL \ # Basic utilities ARG DEBIAN_FRONTEND=noninteractive -# Pin docker to avoid any breaking API changes between the Go client and -# the server. -ARG DOCKER_VERSION="5:27.3.1-1~ubuntu.22.04~jammy" +# Pin docker to avoid any breaking API changes between the Go client and +# the server. Use latest LTS/stable from https://download.docker.com/linux/ubuntu/dists/jammy/pool/stable/ +ARG DOCKER_VERSION="5:29.2.1-1~ubuntu.22.04~jammy" # Ignore other repositories, as some require HTTPS RUN apt-get update --quiet --option Dir::Etc::SourceParts="" && \ apt-get upgrade -y && \ @@ -33,7 +33,7 @@ RUN apt-get update --quiet --option Dir::Etc::SourceParts="" && \ ca-certificates \ curl \ dialog \ - fuse \ + fuse3 \ iproute2 \ jq \ kmod \ diff --git a/dockerutil/client.go b/dockerutil/client.go index c860fbc..829e225 100644 --- a/dockerutil/client.go +++ b/dockerutil/client.go @@ -32,7 +32,10 @@ func WithClient(ctx context.Context, client Client) context.Context { func ExtractClient(ctx context.Context) (Client, error) { client := ctx.Value(clientKey{}) if client == nil { - client, err := dockerclient.NewClientWithOpts(dockerclient.FromEnv) + client, err := dockerclient.NewClientWithOpts( + dockerclient.FromEnv, + dockerclient.WithAPIVersionNegotiation(), // use daemon's max API (e.g. 1.47) so we don't exceed it + ) if err != nil { return nil, xerrors.Errorf("new env client: %w", err) }