From c549768dd5fbdcf7020bf899585d7d97797923ee Mon Sep 17 00:00:00 2001 From: Oliver Gould Date: Sat, 26 Jul 2025 04:27:24 +0000 Subject: [PATCH 1/2] build(deps): bump linkerd/dev to v47 --- .devcontainer/devcontainer.json | 2 +- .github/actions/helm-publish/action.yml | 2 +- .github/workflows/actions.yml | 4 ++-- .github/workflows/devcontainer.yml | 4 ++-- .github/workflows/go.yml | 6 +++--- .github/workflows/proto.yml | 2 +- .github/workflows/rust.yml | 10 +++++----- .github/workflows/shell.yml | 2 +- policy-controller/Dockerfile | 2 +- 9 files changed, 17 insertions(+), 17 deletions(-) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 4502033b492d1..97866413320d0 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,6 +1,6 @@ { "name": "linkerd2", - "image": "ghcr.io/linkerd/dev:v46", + "image": "ghcr.io/linkerd/dev:v47", // "dockerFile": "./Dockerfile", // "context": "..", "features": { diff --git a/.github/actions/helm-publish/action.yml b/.github/actions/helm-publish/action.yml index cea76fdef95ca..78fae6c2f6bb0 100644 --- a/.github/actions/helm-publish/action.yml +++ b/.github/actions/helm-publish/action.yml @@ -5,7 +5,7 @@ runs: steps: - name: Set up Cloud SDK uses: 'google-github-actions/setup-gcloud@6a7c903a70c8625ed6700fa299f5ddb4ca6022e9' - - uses: linkerd/dev/actions/setup-tools@v46 + - uses: linkerd/dev/actions/setup-tools@v47 - shell: bash run: | mkdir -p target/helm diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml index 4977697680005..6027522ad450f 100644 --- a/.github/workflows/actions.yml +++ b/.github/workflows/actions.yml @@ -14,13 +14,13 @@ jobs: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} timeout-minutes: 10 steps: - - uses: linkerd/dev/actions/setup-tools@v46 + - uses: linkerd/dev/actions/setup-tools@v47 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: just-dev lint-actions devcontainer-versions: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - - uses: linkerd/dev/actions/setup-tools@v46 + - uses: linkerd/dev/actions/setup-tools@v47 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: just-dev check-action-images diff --git a/.github/workflows/devcontainer.yml b/.github/workflows/devcontainer.yml index a6e1e07addddc..73a9ecf122d47 100644 --- a/.github/workflows/devcontainer.yml +++ b/.github/workflows/devcontainer.yml @@ -15,7 +15,7 @@ permissions: jobs: rust-version: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} - container: ghcr.io/linkerd/dev:v46-rust + container: ghcr.io/linkerd/dev:v47-rust steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - shell: bash @@ -39,6 +39,6 @@ jobs: devcontainer-image: runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - - uses: linkerd/dev/actions/setup-tools@v46 + - uses: linkerd/dev/actions/setup-tools@v47 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: just-dev pull-dev-image diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 399f2a8cbde4e..7e0e447309ad7 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -29,7 +29,7 @@ jobs: if: needs.meta.outputs.changed == 'true' timeout-minutes: 10 runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} - container: ghcr.io/linkerd/dev:v46-go + container: ghcr.io/linkerd/dev:v47-go steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 @@ -40,7 +40,7 @@ jobs: if: needs.meta.outputs.changed == 'true' timeout-minutes: 10 runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} - container: ghcr.io/linkerd/dev:v46-go + container: ghcr.io/linkerd/dev:v47-go steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 @@ -51,7 +51,7 @@ jobs: if: needs.meta.outputs.changed == 'true' timeout-minutes: 30 runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} - container: ghcr.io/linkerd/dev:v46-go + container: ghcr.io/linkerd/dev:v47-go steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 diff --git a/.github/workflows/proto.yml b/.github/workflows/proto.yml index f5ee622de23ba..fde946da42c02 100644 --- a/.github/workflows/proto.yml +++ b/.github/workflows/proto.yml @@ -15,7 +15,7 @@ jobs: proto-diff: timeout-minutes: 10 runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} - container: ghcr.io/linkerd/dev:v46-go + container: ghcr.io/linkerd/dev:v47-go steps: - run: apt update && apt install -y unzip - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index c281ea542019d..d771ea084e04d 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -27,7 +27,7 @@ jobs: audit: timeout-minutes: 10 runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} - container: ghcr.io/linkerd/dev:v46-rust + container: ghcr.io/linkerd/dev:v47-rust strategy: matrix: checks: @@ -43,7 +43,7 @@ jobs: fmt: timeout-minutes: 5 runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} - container: ghcr.io/linkerd/dev:v46-rust + container: ghcr.io/linkerd/dev:v47-rust steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 @@ -52,7 +52,7 @@ jobs: clippy: timeout-minutes: 20 runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} - container: ghcr.io/linkerd/dev:v46-rust + container: ghcr.io/linkerd/dev:v47-rust steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 @@ -63,7 +63,7 @@ jobs: check: timeout-minutes: 20 runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} - container: ghcr.io/linkerd/dev:v46-rust + container: ghcr.io/linkerd/dev:v47-rust steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 @@ -74,7 +74,7 @@ jobs: name: test runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} timeout-minutes: 15 - container: ghcr.io/linkerd/dev:v46-rust + container: ghcr.io/linkerd/dev:v47-rust steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 diff --git a/.github/workflows/shell.yml b/.github/workflows/shell.yml index 795cb27cb5c17..b83e964bde6cf 100644 --- a/.github/workflows/shell.yml +++ b/.github/workflows/shell.yml @@ -16,6 +16,6 @@ jobs: timeout-minutes: 10 runs-on: ${{ vars.LINKERD2_RUNNER || 'ubuntu-24.04' }} steps: - - uses: linkerd/dev/actions/setup-tools@v46 + - uses: linkerd/dev/actions/setup-tools@v47 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: just sh-lint diff --git a/policy-controller/Dockerfile b/policy-controller/Dockerfile index 542fa1040786b..3851aa2b984f8 100644 --- a/policy-controller/Dockerfile +++ b/policy-controller/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=$BUILDPLATFORM ghcr.io/linkerd/dev:v46-rust-musl AS controller +FROM --platform=$BUILDPLATFORM ghcr.io/linkerd/dev:v47-rust-musl AS controller ARG BUILD_TYPE="release" WORKDIR /build RUN mkdir -p target/bin From 2d2e83f78b96b2b569b39ab23ae8caa8d5bee8af Mon Sep 17 00:00:00 2001 From: Oliver Gould Date: Mon, 28 Jul 2025 14:54:44 +0000 Subject: [PATCH 2/2] build(policy-controller): produce auditable binaries --- policy-controller/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/policy-controller/Dockerfile b/policy-controller/Dockerfile index 3851aa2b984f8..ad3c149182b45 100644 --- a/policy-controller/Dockerfile +++ b/policy-controller/Dockerfile @@ -5,8 +5,9 @@ RUN mkdir -p target/bin COPY Cargo.toml Cargo.lock . COPY policy-controller policy-controller RUN cargo new policy-test --lib +ENV CARGO="cargo auditable" RUN --mount=type=cache,target=/usr/local/cargo/registry \ - cargo fetch + just-cargo fetch ARG TARGETARCH # Enable tokio runtime metrics ENV RUSTFLAGS="--cfg tokio_unstable"