From 52411a77326e036371479c4d3e6b974f91d86a2b Mon Sep 17 00:00:00 2001 From: Arjun Raja Yogidas Date: Thu, 16 Oct 2025 21:28:48 +0000 Subject: [PATCH 1/5] fix: ci permissions block for release-please Signed-off-by: Arjun Raja Yogidas --- .github/workflows/release-please.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/release-please.yaml b/.github/workflows/release-please.yaml index e4cacc043..f74245e5a 100644 --- a/.github/workflows/release-please.yaml +++ b/.github/workflows/release-please.yaml @@ -25,4 +25,7 @@ jobs: name: Trigger release-automation.yaml if PR is merged needs: [release-please] if: ${{ needs.release-please.outputs.release_created == 'true' }} + permissions: + contents: write # Required for uploading release assets + id-token: write # Required for AWS OIDC authentication uses: ./.github/workflows/release-automation.yaml From 8d04eeec0cedffb7f615f54a50d812742a8396c5 Mon Sep 17 00:00:00 2001 From: Arjun Raja Yogidas Date: Thu, 16 Oct 2025 21:28:48 +0000 Subject: [PATCH 2/5] fix: ci permissions block for release-please Signed-off-by: Arjun Raja Yogidas --- .github/workflows/release-please.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release-please.yaml b/.github/workflows/release-please.yaml index e4cacc043..c799107f5 100644 --- a/.github/workflows/release-please.yaml +++ b/.github/workflows/release-please.yaml @@ -6,7 +6,7 @@ on: name: release-please permissions: - contents: read + contents: write pull-requests: write jobs: @@ -25,4 +25,7 @@ jobs: name: Trigger release-automation.yaml if PR is merged needs: [release-please] if: ${{ needs.release-please.outputs.release_created == 'true' }} + permissions: + contents: write # Required for uploading release assets + id-token: write # Required for AWS OIDC authentication uses: ./.github/workflows/release-automation.yaml From 7100d7c57de8c56dc277da0407cc9d11ca65f353 Mon Sep 17 00:00:00 2001 From: Arjun Raja Yogidas Date: Thu, 16 Oct 2025 21:28:48 +0000 Subject: [PATCH 3/5] fix: ci permissions block for release-please Signed-off-by: Arjun Raja Yogidas --- .github/workflows/release-automation.yaml | 2 +- .github/workflows/release-please.yaml | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-automation.yaml b/.github/workflows/release-automation.yaml index 1ab83738c..e2d1c5c24 100644 --- a/.github/workflows/release-automation.yaml +++ b/.github/workflows/release-automation.yaml @@ -62,7 +62,7 @@ jobs: # This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on. # More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings id-token: write - contents: read # this is required for actions/checkout + contents: write # this is required for actions/checkout secrets: inherit with: ref_name: ${{ needs.get-latest-tag.outputs.tag }} diff --git a/.github/workflows/release-please.yaml b/.github/workflows/release-please.yaml index e4cacc043..785fcc4a8 100644 --- a/.github/workflows/release-please.yaml +++ b/.github/workflows/release-please.yaml @@ -6,7 +6,7 @@ on: name: release-please permissions: - contents: read + contents: write # Required for trigger-release-automation job pull-requests: write jobs: @@ -25,4 +25,7 @@ jobs: name: Trigger release-automation.yaml if PR is merged needs: [release-please] if: ${{ needs.release-please.outputs.release_created == 'true' }} + permissions: + contents: write # Required for uploading release assets + id-token: write # Required for AWS OIDC authentication uses: ./.github/workflows/release-automation.yaml From 177fac5810888dd4c9d13fd6baf95e9909f85a9a Mon Sep 17 00:00:00 2001 From: Arjun Raja Yogidas Date: Thu, 16 Oct 2025 21:28:48 +0000 Subject: [PATCH 4/5] fix: ci permissions block for release-please Signed-off-by: Arjun Raja Yogidas --- .github/workflows/release-automation.yaml | 2 +- .github/workflows/release-please.yaml | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release-automation.yaml b/.github/workflows/release-automation.yaml index 1ab83738c..e2d1c5c24 100644 --- a/.github/workflows/release-automation.yaml +++ b/.github/workflows/release-automation.yaml @@ -62,7 +62,7 @@ jobs: # This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on. # More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings id-token: write - contents: read # this is required for actions/checkout + contents: write # this is required for actions/checkout secrets: inherit with: ref_name: ${{ needs.get-latest-tag.outputs.tag }} diff --git a/.github/workflows/release-please.yaml b/.github/workflows/release-please.yaml index e4cacc043..ef4469cf7 100644 --- a/.github/workflows/release-please.yaml +++ b/.github/workflows/release-please.yaml @@ -6,14 +6,14 @@ on: name: release-please permissions: - contents: read + contents: write # Required for trigger-release-automation job pull-requests: write jobs: release-please: runs-on: ubuntu-latest permissions: - contents: read + contents: write pull-requests: write timeout-minutes: 2 outputs: @@ -25,4 +25,7 @@ jobs: name: Trigger release-automation.yaml if PR is merged needs: [release-please] if: ${{ needs.release-please.outputs.release_created == 'true' }} + permissions: + contents: write # Required for uploading release assets + id-token: write # Required for AWS OIDC authentication uses: ./.github/workflows/release-automation.yaml From 229d2aef564ad48e6b3965678ca1c24cc7042903 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 17 Oct 2025 12:28:42 +0000 Subject: [PATCH 5/5] build(deps): bump the docker group with 2 updates Bumps the docker group with 2 updates: [github.com/docker/cli](https://github.com/docker/cli) and [github.com/docker/docker](https://github.com/docker/docker). Updates `github.com/docker/cli` from 28.4.0+incompatible to 28.5.1+incompatible - [Commits](https://github.com/docker/cli/compare/v28.4.0...v28.5.1) Updates `github.com/docker/docker` from 28.4.0+incompatible to 28.5.1+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v28.4.0...v28.5.1) --- updated-dependencies: - dependency-name: github.com/docker/cli dependency-version: 28.5.1+incompatible dependency-type: direct:production update-type: version-update:semver-minor dependency-group: docker - dependency-name: github.com/docker/docker dependency-version: 28.5.1+incompatible dependency-type: direct:production update-type: version-update:semver-minor dependency-group: docker ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 6bc14f88c..8c8352fd2 100644 --- a/go.mod +++ b/go.mod @@ -6,8 +6,8 @@ require ( github.com/aws/aws-sdk-go-v2 v1.39.0 github.com/containerd/cgroups v1.1.0 github.com/containerd/nerdctl/v2 v2.1.4 - github.com/docker/cli v28.4.0+incompatible - github.com/docker/docker v28.4.0+incompatible + github.com/docker/cli v28.5.1+incompatible + github.com/docker/docker v28.5.1+incompatible github.com/docker/go-connections v0.6.0 github.com/google/go-licenses v1.6.1-0.20230903011517-706b9c60edd4 github.com/lima-vm/lima v1.2.1 diff --git a/go.sum b/go.sum index 03f1c03f9..c62eb3bb0 100644 --- a/go.sum +++ b/go.sum @@ -86,10 +86,10 @@ github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/cli v28.4.0+incompatible h1:RBcf3Kjw2pMtwui5V0DIMdyeab8glEw5QY0UUU4C9kY= -github.com/docker/cli v28.4.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/docker v28.4.0+incompatible h1:KVC7bz5zJY/4AZe/78BIvCnPsLaC9T/zh72xnlrTTOk= -github.com/docker/docker v28.4.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/cli v28.5.1+incompatible h1:ESutzBALAD6qyCLqbQSEf1a/U8Ybms5agw59yGVc+yY= +github.com/docker/cli v28.5.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/docker v28.5.1+incompatible h1:Bm8DchhSD2J6PsFzxC35TZo4TLGR2PdW/E69rU45NhM= +github.com/docker/docker v28.5.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo= github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94=