Merge branch 'Azure:master' into tdum/remove-azurepsdrive-log

tudordumitriu · web-flow · commit 8508a9751ad8 · 2026-01-08T12:18:59.000+02:00
diff --git a/.github/workflows/update-pinned-libs.yml b/.github/workflows/update-pinned-libs.yml
@@ -0,0 +1,197 @@
+name: Update Pinned Library Versions
+
+on:
+  schedule:
+    # Check for updates every 2 weeks (1st and 15th of each month) at 6:00 AM UTC
+    - cron: '0 6 1,15 * *'
+  workflow_dispatch: # Allow manual trigger
+
+jobs:
+  check-library-versions:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Get current Istio version
+        id: current-istio
+        run: |
+          CURRENT_VERSION=$(grep 'ENV ISTIO_VERSION=' linux/base.Dockerfile | cut -d'=' -f2)
+          if [ -z "${CURRENT_VERSION}" ]; then
+            echo "Error: Unable to determine current Istio version from linux/base.Dockerfile" >&2
+            exit 1
+          fi
+          echo "version=${CURRENT_VERSION}" >> $GITHUB_OUTPUT
+          echo "Current Istio version: ${CURRENT_VERSION}"
+
+      - name: Get latest Istio version
+        id: latest-istio
+        run: |
+          set -e
+          LATEST_VERSION=$(curl -fsSL https://api.github.com/repos/istio/istio/releases/latest | jq -er '.tag_name') || {
+            echo "Error: Failed to fetch latest Istio release information from GitHub API." >&2
+            exit 1
+          }
+          
+          if [ -z "${LATEST_VERSION}" ] || [ "${LATEST_VERSION}" = "null" ]; then
+            echo "Error: Received empty or invalid latest Istio version from GitHub API." >&2
+            exit 1
+          fi
+          
+          echo "version=${LATEST_VERSION}" >> $GITHUB_OUTPUT
+          echo "Latest Istio version: ${LATEST_VERSION}"
+
+      - name: Compare Istio versions
+        id: compare-istio
+        run: |
+          CURRENT="${{ steps.current-istio.outputs.version }}"
+          LATEST="${{ steps.latest-istio.outputs.version }}"
+          
+          if [ "${CURRENT}" != "${LATEST}" ]; then
+            echo "needs_update=true" >> $GITHUB_OUTPUT
+            echo "Istio update needed: ${CURRENT} -> ${LATEST}"
+          else
+            echo "needs_update=false" >> $GITHUB_OUTPUT
+            echo "Istio already on latest version: ${CURRENT}"
+          fi
+
+      - name: Get current RootlessKit version
+        id: current-rootlesskit
+        run: |
+          CURRENT_VERSION=$(grep 'ROOTLESSKIT_VERSION=' linux/base.Dockerfile | grep -o 'v[0-9.]*')
+          if [ -z "${CURRENT_VERSION}" ]; then
+            echo "Error: Unable to determine current RootlessKit version from linux/base.Dockerfile" >&2
+            exit 1
+          fi
+          echo "version=${CURRENT_VERSION}" >> $GITHUB_OUTPUT
+          echo "Current RootlessKit version: ${CURRENT_VERSION}"
+
+      - name: Get latest RootlessKit version
+        id: latest-rootlesskit
+        run: |
+          set -e
+          LATEST_VERSION=$(curl -fsSL https://api.github.com/repos/rootless-containers/rootlesskit/releases/latest | jq -er '.tag_name') || {
+            echo "Error: Failed to fetch latest RootlessKit release information from GitHub API." >&2
+            exit 1
+          }
+          
+          if [ -z "${LATEST_VERSION}" ] || [ "${LATEST_VERSION}" = "null" ]; then
+            echo "Error: Received empty or invalid latest RootlessKit version from GitHub API." >&2
+            exit 1
+          fi
+          
+          echo "version=${LATEST_VERSION}" >> $GITHUB_OUTPUT
+          echo "Latest RootlessKit version: ${LATEST_VERSION}"
+
+      - name: Compare RootlessKit versions
+        id: compare-rootlesskit
+        run: |
+          CURRENT="${{ steps.current-rootlesskit.outputs.version }}"
+          LATEST="${{ steps.latest-rootlesskit.outputs.version }}"
+          
+          if [ "${CURRENT}" != "${LATEST}" ]; then
+            echo "needs_update=true" >> $GITHUB_OUTPUT
+            echo "RootlessKit update needed: ${CURRENT} -> ${LATEST}"
+          else
+            echo "needs_update=false" >> $GITHUB_OUTPUT
+            echo "RootlessKit already on latest version: ${CURRENT}"
+          fi
+
+      - name: Update Istio in Dockerfile
+        if: steps.compare-istio.outputs.needs_update == 'true'
+        run: |
+          LATEST="${{ steps.latest-istio.outputs.version }}"
+
+          # Ensure the expected ENV ISTIO_VERSION line exists before attempting to update
+          if ! grep -q '^ENV ISTIO_VERSION=' linux/base.Dockerfile; then
+            echo "Error: Could not find 'ENV ISTIO_VERSION=' line in linux/base.Dockerfile"
+            exit 1
+          fi
+
+          sed -i "s/^ENV ISTIO_VERSION=.*/ENV ISTIO_VERSION=${LATEST}/" linux/base.Dockerfile
+
+          # Verify that the update was applied successfully
+          if ! grep -q "^ENV ISTIO_VERSION=${LATEST}$" linux/base.Dockerfile; then
+            echo "Error: Failed to update ISTIO_VERSION to ${LATEST} in linux/base.Dockerfile"
+            exit 1
+          fi
+          echo "Updated ISTIO_VERSION to ${LATEST}"
+
+      - name: Update RootlessKit in Dockerfile
+        if: steps.compare-rootlesskit.outputs.needs_update == 'true'
+        run: |
+          LATEST="${{ steps.latest-rootlesskit.outputs.version }}"
+
+          if ! grep -q 'ROOTLESSKIT_VERSION=' linux/base.Dockerfile; then
+            echo "Error: Could not find 'ROOTLESSKIT_VERSION=' line in linux/base.Dockerfile"
+            exit 1
+          fi
+
+          sed -i "s/ROOTLESSKIT_VERSION=v[0-9.]*/ROOTLESSKIT_VERSION=${LATEST}/" linux/base.Dockerfile
+
+          if ! grep -q "ROOTLESSKIT_VERSION=${LATEST}" linux/base.Dockerfile; then
+            echo "Error: Failed to update ROOTLESSKIT_VERSION to ${LATEST} in linux/base.Dockerfile"
+            exit 1
+          fi
+          echo "Updated ROOTLESSKIT_VERSION to ${LATEST}"
+
+      - name: Create and push branch with updates
+        if: steps.compare-istio.outputs.needs_update == 'true' || steps.compare-rootlesskit.outputs.needs_update == 'true'
+        run: |
+          BRANCH_NAME="update-pinned-libs-$(date +%Y%m%d)"
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git checkout -b "$BRANCH_NAME"
+          git add linux/base.Dockerfile
+          git commit -m "Upkeep: Update pinned library versions"
+          git push origin "$BRANCH_NAME"
+          echo "branch=$BRANCH_NAME" >> $GITHUB_OUTPUT
+        id: push-branch
+
+      - name: Create Pull Request
+        if: steps.compare-istio.outputs.needs_update == 'true' || steps.compare-rootlesskit.outputs.needs_update == 'true'
+        env:
+          GH_TOKEN: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
+        run: |
+          CURRENT_ISTIO="${{ steps.current-istio.outputs.version }}"
+          LATEST_ISTIO="${{ steps.latest-istio.outputs.version }}"
+          CURRENT_ROOTLESSKIT="${{ steps.current-rootlesskit.outputs.version }}"
+          LATEST_ROOTLESSKIT="${{ steps.latest-rootlesskit.outputs.version }}"
+          BRANCH_NAME="${{ steps.push-branch.outputs.branch }}"
+          
+          UPDATES=""
+          RELEASE_NOTES=""
+          
+          if [ "${{ steps.compare-istio.outputs.needs_update }}" == "true" ]; then
+            UPDATES="${UPDATES}- **Istio**: ${CURRENT_ISTIO} to ${LATEST_ISTIO}\n"
+            RELEASE_NOTES="${RELEASE_NOTES}- Istio ${LATEST_ISTIO}: https://github.com/istio/istio/releases/tag/${LATEST_ISTIO}\n"
+          fi
+          
+          if [ "${{ steps.compare-rootlesskit.outputs.needs_update }}" == "true" ]; then
+            UPDATES="${UPDATES}- **RootlessKit**: ${CURRENT_ROOTLESSKIT} to ${LATEST_ROOTLESSKIT}\n"
+            RELEASE_NOTES="${RELEASE_NOTES}- RootlessKit ${LATEST_ROOTLESSKIT}: https://github.com/rootless-containers/rootlesskit/releases/tag/${LATEST_ROOTLESSKIT}\n"
+          fi
+          
+          gh pr create \
+            --title "chore: update pinned library versions" \
+            --body "## Automated Library Version Updates
+          
+          This PR updates the following pinned library versions:
+          
+          ${UPDATES}
+          ### Changes
+          - Updated version variables in linux/base.Dockerfile
+          
+          ### Release Notes
+          ${RELEASE_NOTES}
+          ---
+          This PR was automatically created by the Update Pinned Library Versions workflow." \
+            --base master \
+            --head "${BRANCH_NAME}" \
+            --label "version_upgrade,automated_pr"
diff --git a/linux/base.Dockerfile b/linux/base.Dockerfile
@@ -172,7 +172,7 @@ RUN chmod 755 /usr/local/bin/ansible* \
 
 
 # Install specific version of Istio from GitHub releases
-ENV ISTIO_VERSION=1.28.1
+ENV ISTIO_VERSION=1.28.2
 RUN export TMP_DIR=$(mktemp -d) \
   && cd "${TMP_DIR}" \
   && curl -L https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-linux-amd64.tar.gz -o istio.tar.gz \
diff --git a/tests/command_list b/tests/command_list
@@ -35,7 +35,6 @@ applygnupgdefaults
 apropos
 ar
 arch
-aria_s3_copy
 arp
 arpaname
 arping
@@ -766,34 +765,14 @@ mapfile
 mariadb
 mariadb-access
 mariadb-admin
-mariadb-backup
 mariadb-binlog
 mariadb-check
-mariadb-client-test
-mariadb-client-test-embedded
-mariadb-conv
-mariadb-convert-table-format
-mariadbd-multi
-mariadbd-safe
-mariadbd-safe-helper
 mariadb-dump
-mariadb-dumpslow
-mariadb-embedded
 mariadb-find-rows
-mariadb-fix-extensions
-mariadb-hotcopy
 mariadb-import
-mariadb-install-db
-mariadb-ldb
 mariadb-plugin
-mariadb-secure-installation
-mariadb-setpermission
 mariadb-show
 mariadb-slap
-mariadb-test
-mariadb-test-embedded
-mariadb-tzinfo-to-sql
-mariadb-upgrade
 mariadb-waitpid
 matchpathcon
 mcookie
@@ -850,30 +829,18 @@ mv
 mvn
 mvnDebug
 mvnyjp
-myrocks_hotbackup
 mysql
 mysqlaccess
 mysqladmin
 mysqlbinlog
 mysqlcheck
-mysql_client_test
-mysql_client_test_embedded
-mysql_convert_table_format
 mysqldump
-mysql_embedded
 mysql_find_rows
-mysql_fix_extensions
 mysqlimport
-mysql_ldb
 mysql_plugin
-mysql_setpermission
 mysqlshow
 mysqlslap
-mysqltest
-mysqltest_embedded
-mysql_upgrade
 mysql_waitpid
-mytop
 named-checkzone
 named-compilezone
 named-nzd2nzf
@@ -944,7 +911,6 @@ peekfd
 perl
 perl5.38.2
 perldoc
-perror
 pfbtops
 pg_amcheck
 pg_archivecleanup
@@ -1199,7 +1165,6 @@ ssh-agent
 ssh-copy-id
 ssh-keygen
 ssh-keyscan
-sst_dump
 start-puppet-agent
 stat
 stdbuf
