Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package docker for openSUSE:Factory checked in at 2025-06-24 20:46:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/docker (Old) and /work/SRC/openSUSE:Factory/.docker.new.7067 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "docker" Tue Jun 24 20:46:07 2025 rev:165 rq:1287937 version:unknown Changes: -------- --- /work/SRC/openSUSE:Factory/docker/docker.changes 2025-06-10 08:58:38.274919400 +0200 +++ /work/SRC/openSUSE:Factory/.docker.new.7067/docker.changes 2025-06-24 20:46:42.558236003 +0200 @@ -1,0 +2,25 @@ +Mon Jun 23 12:46:53 UTC 2025 - Aleksa Sarai <asa...@suse.com> + +[ This update is a no-op, only needed to work around unfortunate automated + packaging script behaviour on SLES. ] + +- The following patches were removed in openSUSE in the Docker 28.1.1-ce + update, but the patch names were later renamed in a SLES-only update before + Docker 28.1.1-ce was submitted to SLES. + + This causes the SLES build scripts to refuse the update because the patches + are not referenced in the changelog. There is no obvious place to put the + patch removals (the 28.1.1-ce update removing the patches chronologically + predates their renaming in SLES), so they are included here a dummy changelog + entry to work around the issue. + + - 0007-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch + - 0008-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch + +------------------------------------------------------------------- +Wed Jun 18 06:22:56 UTC 2025 - Aleksa Sarai <asa...@suse.com> + +- Update to docker-buildx v0.25.0. Upstream changelog: + <https://github.com/docker/buildx/releases/tag/v0.25.0> + +------------------------------------------------------------------- Old: ---- docker-buildx-0.24.0.tar.xz New: ---- docker-buildx-0.25.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ docker.spec ++++++ --- /var/tmp/diff_new_pack.bkwKBs/_old 2025-06-24 20:46:43.486274476 +0200 +++ /var/tmp/diff_new_pack.bkwKBs/_new 2025-06-24 20:46:43.490274642 +0200 @@ -60,7 +60,7 @@ %if %{with buildx} # MANUAL: This needs to be updated with every docker-buildx update. -%define buildx_version 0.24.0 +%define buildx_version 0.25.0 %endif # Used when generating the "build" information for Docker version. The value of ++++++ 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch ++++++ --- /var/tmp/diff_new_pack.bkwKBs/_old 2025-06-24 20:46:43.518275803 +0200 +++ /var/tmp/diff_new_pack.bkwKBs/_new 2025-06-24 20:46:43.518275803 +0200 @@ -1,4 +1,4 @@ -From 283afd39d38521d8943a60919b00117e8c0c9e1e Mon Sep 17 00:00:00 2001 +From 787e602882fb4e4ad1efd88b3e902efbccbe69bd Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <asa...@suse.de> Date: Wed, 8 Mar 2017 11:43:29 +1100 Subject: [PATCH 3/6] SECRETS: SUSE: implement SUSE container secrets @@ -18,8 +18,8 @@ Signed-off-by: Aleksa Sarai <asa...@suse.de> --- daemon/start.go | 5 + - daemon/suse_secrets.go | 437 +++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 442 insertions(+) + daemon/suse_secrets.go | 438 +++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 443 insertions(+) diff --git a/daemon/start.go b/daemon/start.go index eedb5ddc8a00..db878c8d5ad1 100644 @@ -38,7 +38,7 @@ if err != nil { return err diff --git a/daemon/suse_secrets.go b/daemon/suse_secrets.go -index b8f3d9f9c094..96bbe1b8ec81 100644 +index b8f3d9f9c094..5ab96651080b 100644 --- a/daemon/suse_secrets.go +++ b/daemon/suse_secrets.go @@ -18,15 +18,378 @@ @@ -420,13 +420,14 @@ // clearSuseSecrets removes any SecretReferences which were added by us // explicitly (this is detected by checking that the prefix has a 'suse_' // prefix, which is a prefix that cannot exist for normal swarm secrets). See -@@ -42,3 +405,77 @@ func (daemon *Daemon) clearSuseSecrets(c *container.Container) { +@@ -42,3 +405,78 @@ func (daemon *Daemon) clearSuseSecrets(c *container.Container) { } c.SecretReferences = without } + +func (daemon *Daemon) isRootless() bool { -+ return os.Geteuid() != 0 || Rootless(daemon.Config()) || rootless.RunningWithRootlessKit() ++ cfg := daemon.Config() ++ return os.Geteuid() != 0 || Rootless(&cfg) || rootless.RunningWithRootlessKit() +} + +func (daemon *Daemon) injectSuseSecretStore(c *container.Container) error { @@ -499,6 +500,6 @@ + return nil +} -- -2.49.0 +2.50.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.bkwKBs/_old 2025-06-24 20:46:43.578278291 +0200 +++ /var/tmp/diff_new_pack.bkwKBs/_new 2025-06-24 20:46:43.582278456 +0200 @@ -19,8 +19,8 @@ <param name="url">https://github.com/docker/buildx.git</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="versionformat">0.24.0</param> - <param name="revision">v0.24.0</param> + <param name="versionformat">0.25.0</param> + <param name="revision">v0.25.0</param> <param name="filename">docker-buildx</param> </service> <service name="recompress" mode="manual"> ++++++ docker-28.2.2_ce_45873be4a.tar.xz ++++++ /work/SRC/openSUSE:Factory/docker/docker-28.2.2_ce_45873be4a.tar.xz /work/SRC/openSUSE:Factory/.docker.new.7067/docker-28.2.2_ce_45873be4a.tar.xz differ: char 15, line 1 ++++++ docker-buildx-0.24.0.tar.xz -> docker-buildx-0.25.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/docker/docker-buildx-0.24.0.tar.xz /work/SRC/openSUSE:Factory/.docker.new.7067/docker-buildx-0.25.0.tar.xz differ: char 15, line 1 ++++++ docker-cli-28.2.2_ce.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/docker-cli-28.2.2_ce/.gitattributes new/docker-cli-28.2.2_ce/.gitattributes --- old/docker-cli-28.2.2_ce/.gitattributes 1970-01-01 01:00:00.000000000 +0100 +++ new/docker-cli-28.2.2_ce/.gitattributes 2025-05-30 11:39:08.000000000 +0200 @@ -0,0 +1,14 @@ +* text=auto + +Dockerfile* linguist-language=Dockerfile +vendor.mod linguist-language=Go-Module +vendor.sum linguist-language=Go-Checksums + +*.go -text diff=golang + +# scripts directory contains shell scripts +# without extensions, so we need to force +scripts/** text=auto eol=lf + +# shell scripts should always have LF +*.sh text eol=lf diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/docker-cli-28.2.2_ce/.github/CODEOWNERS new/docker-cli-28.2.2_ce/.github/CODEOWNERS --- old/docker-cli-28.2.2_ce/.github/CODEOWNERS 1970-01-01 01:00:00.000000000 +0100 +++ new/docker-cli-28.2.2_ce/.github/CODEOWNERS 2025-05-30 11:39:08.000000000 +0200 @@ -0,0 +1,6 @@ +# GitHub code owners +# See https://github.com/blog/2392-introducing-code-owners + +cli/command/stack/** @silvin-lubecki @docker/runtime-owners +contrib/completion/bash/** @albers @docker/runtime-owners +docs/** @thaJeztah @docker/runtime-owners diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/docker-cli-28.2.2_ce/.github/ISSUE_TEMPLATE/bug_report.yml new/docker-cli-28.2.2_ce/.github/ISSUE_TEMPLATE/bug_report.yml --- old/docker-cli-28.2.2_ce/.github/ISSUE_TEMPLATE/bug_report.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/docker-cli-28.2.2_ce/.github/ISSUE_TEMPLATE/bug_report.yml 2025-05-30 11:39:08.000000000 +0200 @@ -0,0 +1,146 @@ +name: Bug report +description: Create a report to help us improve! +labels: + - kind/bug + - status/0-triage +body: + - type: markdown + attributes: + value: | + Thank you for taking the time to report a bug! + If this is a security issue report it to the [Docker Security team](mailto:secur...@docker.com). + - type: textarea + id: description + attributes: + label: Description + description: Give a clear and concise description of the bug + validations: + required: true + - type: textarea + id: repro + attributes: + label: Reproduce + description: Steps to reproduce the bug + placeholder: | + 1. docker run ... + 2. docker kill ... + 3. docker rm ... + validations: + required: true + - type: textarea + id: expected + attributes: + label: Expected behavior + description: What is the expected behavior? + placeholder: | + E.g. "`docker rm` should remove the container and cleanup all associated data" + - type: textarea + id: version + attributes: + label: docker version + description: Output of `docker version` + render: bash + placeholder: | + Client: + Version: 20.10.17 + API version: 1.41 + Go version: go1.17.11 + Git commit: 100c70180fde3601def79a59cc3e996aa553c9b9 + Built: Mon Jun 6 21:36:39 UTC 2022 + OS/Arch: linux/amd64 + Context: default + Experimental: true + + Server: + Engine: + Version: 20.10.17 + API version: 1.41 (minimum version 1.12) + Go version: go1.17.11 + Git commit: a89b84221c8560e7a3dee2a653353429e7628424 + Built: Mon Jun 6 22:32:38 2022 + OS/Arch: linux/amd64 + Experimental: true + containerd: + Version: 1.6.6 + GitCommit: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1 + runc: + Version: 1.1.2 + GitCommit: a916309fff0f838eb94e928713dbc3c0d0ac7aa4 + docker-init: + Version: 0.19.0 + GitCommit: + validations: + required: true + - type: textarea + id: info + attributes: + label: docker info + description: Output of `docker info` + render: bash + placeholder: | + Client: + Context: default + Debug Mode: false + Plugins: + buildx: Docker Buildx (Docker Inc., 0.8.2) + compose: Docker Compose (Docker Inc., 2.6.0) + + Server: + Containers: 4 + Running: 2 + Paused: 0 + Stopped: 2 + Images: 80 + Server Version: 20.10.17 + Storage Driver: overlay2 + Backing Filesystem: xfs + Supports d_type: true + Native Overlay Diff: false + userxattr: false + Logging Driver: local + Cgroup Driver: cgroupfs + Cgroup Version: 1 + Plugins: + Volume: local + Network: bridge host ipvlan macvlan null overlay + Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog + Swarm: inactive + Runtimes: runc io.containerd.runc.v2 io.containerd.runtime.v1.linux + Default Runtime: runc + Init Binary: docker-init + containerd version: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1 + runc version: a916309fff0f838eb94e928713dbc3c0d0ac7aa4 + init version: + Security Options: + apparmor + seccomp + Profile: default + Kernel Version: 5.13.0-1031-azure + Operating System: Ubuntu 20.04.4 LTS + OSType: linux + Architecture: x86_64 + CPUs: 4 + Total Memory: 15.63GiB + Name: dev + ID: UC44:2RFL:7NQ5:GGFW:34O5:DYRE:CLOH:VLGZ:64AZ:GFXC:PY6H:SAHY + Docker Root Dir: /var/lib/docker + Debug Mode: true + File Descriptors: 46 + Goroutines: 134 + System Time: 2022-07-06T18:07:54.812439392Z + EventsListeners: 0 + Registry: https://index.docker.io/v1/ + Labels: + Experimental: true + Insecure Registries: + 127.0.0.0/8 + Live Restore Enabled: true + validations: + required: true + - type: textarea + id: additional + attributes: + label: Additional Info + description: Additional info you want to provide such as logs, system info, environment, etc. + validations: + required: false diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/docker-cli-28.2.2_ce/.github/ISSUE_TEMPLATE/config.yml new/docker-cli-28.2.2_ce/.github/ISSUE_TEMPLATE/config.yml --- old/docker-cli-28.2.2_ce/.github/ISSUE_TEMPLATE/config.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/docker-cli-28.2.2_ce/.github/ISSUE_TEMPLATE/config.yml 2025-05-30 11:39:08.000000000 +0200 @@ -0,0 +1,11 @@ +blank_issues_enabled: false +contact_links: + - name: "Contributing to Docker" + about: "Read guidelines and tips about contributing to Docker." + url: "https://github.com/docker/cli/blob/master/CONTRIBUTING.md"; + - name: "Security and Vulnerabilities" + about: "Report any security issues or vulnerabilities responsibly to the Docker security team. Do not use the public issue tracker." + url: "https://github.com/moby/moby/security/policy"; + - name: "General Support" + about: "Get the help you need to build, share, and run your Docker applications" + url: "https://www.docker.com/support/"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/docker-cli-28.2.2_ce/.github/ISSUE_TEMPLATE/feature_request.yml new/docker-cli-28.2.2_ce/.github/ISSUE_TEMPLATE/feature_request.yml --- old/docker-cli-28.2.2_ce/.github/ISSUE_TEMPLATE/feature_request.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/docker-cli-28.2.2_ce/.github/ISSUE_TEMPLATE/feature_request.yml 2025-05-30 11:39:08.000000000 +0200 @@ -0,0 +1,13 @@ +name: Feature request +description: Missing functionality? Come tell us about it! +labels: + - kind/feature + - status/0-triage +body: + - type: textarea + id: description + attributes: + label: Description + description: What is the feature you want to see? + validations: + required: true diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/docker-cli-28.2.2_ce/.github/PULL_REQUEST_TEMPLATE.md new/docker-cli-28.2.2_ce/.github/PULL_REQUEST_TEMPLATE.md --- old/docker-cli-28.2.2_ce/.github/PULL_REQUEST_TEMPLATE.md 1970-01-01 01:00:00.000000000 +0100 +++ new/docker-cli-28.2.2_ce/.github/PULL_REQUEST_TEMPLATE.md 2025-05-30 11:39:08.000000000 +0200 @@ -0,0 +1,37 @@ +<!-- +Make sure you've read and understood our contributing guidelines; +https://github.com/docker/cli/blob/master/CONTRIBUTING.md + +** Make sure all your commits include a signature generated with `git commit -s` ** + +For additional information on our contributing process, read our contributing +guide https://docs.docker.com/opensource/code/ + +If this is a bug fix, make sure your description includes "fixes #xxxx", or +"closes #xxxx" + +Provide the following information: +--> + +**- What I did** + +**- How I did it** + +**- How to verify it** + +**- Human readable description for the release notes** +<!-- +Write a short (one line) summary that describes the changes in this +pull request for inclusion in the changelog. +It must be placed inside the below triple backticks section. + +NOTE: Only fill this section if changes introduced in this PR are user-facing. +The PR must have a relevant impact/ label. +--> +```markdown changelog + + +``` + +**- A picture of a cute animal (not mandatory but encouraged)** + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/docker-cli-28.2.2_ce/.github/dependabot.yml new/docker-cli-28.2.2_ce/.github/dependabot.yml --- old/docker-cli-28.2.2_ce/.github/dependabot.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/docker-cli-28.2.2_ce/.github/dependabot.yml 2025-05-30 11:39:08.000000000 +0200 @@ -0,0 +1,9 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + labels: + - "area/testing" + - "status/2-code-review" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/docker-cli-28.2.2_ce/.github/workflows/build.yml new/docker-cli-28.2.2_ce/.github/workflows/build.yml --- old/docker-cli-28.2.2_ce/.github/workflows/build.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/docker-cli-28.2.2_ce/.github/workflows/build.yml 2025-05-30 11:39:08.000000000 +0200 @@ -0,0 +1,174 @@ +name: build + +# Default to 'contents: read', which grants actions to read commits. +# +# If any permission is set, any permission not included in the list is +# implicitly set to "none". +# +# see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +env: + VERSION: ${{ github.ref }} + +on: + workflow_dispatch: + push: + branches: + - 'master' + - '[0-9]+.[0-9]+' + - '[0-9]+.x' + tags: + - 'v*' + pull_request: + +jobs: + prepare: + runs-on: ubuntu-24.04 + outputs: + matrix: ${{ steps.platforms.outputs.matrix }} + steps: + - + name: Checkout + uses: actions/checkout@v4 + - + name: Create matrix + id: platforms + run: | + echo "matrix=$(docker buildx bake cross --print | jq -cr '.target."cross".platforms')" >>${GITHUB_OUTPUT} + - + name: Show matrix + run: | + echo ${{ steps.platforms.outputs.matrix }} + + build: + runs-on: ubuntu-24.04 + needs: + - prepare + strategy: + fail-fast: false + matrix: + target: + - binary + - dynbinary + platform: ${{ fromJson(needs.prepare.outputs.matrix) }} + use_glibc: + - "" + - glibc + steps: + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - + name: Build + uses: docker/bake-action@v6 + with: + targets: ${{ matrix.target }} + set: | + *.platform=${{ matrix.platform }} + env: + USE_GLIBC: ${{ matrix.use_glibc }} + - + name: Create tarball + working-directory: ./build + run: | + mkdir /tmp/out + platform=${{ matrix.platform }} + platformPair=${platform//\//-} + tar -cvzf "/tmp/out/docker-${platformPair}.tar.gz" . + if [ -z "${{ matrix.use_glibc }}" ]; then + echo "ARTIFACT_NAME=${{ matrix.target }}-${platformPair}" >> $GITHUB_ENV + else + echo "ARTIFACT_NAME=${{ matrix.target }}-${platformPair}-glibc" >> $GITHUB_ENV + fi + - + name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: ${{ env.ARTIFACT_NAME }} + path: /tmp/out/* + if-no-files-found: error + + bin-image: + runs-on: ubuntu-24.04 + if: ${{ github.event_name != 'pull_request' && github.repository == 'docker/cli' }} + steps: + - + name: Login to DockerHub + if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_CLIBIN_USERNAME }} + password: ${{ secrets.DOCKERHUB_CLIBIN_TOKEN }} + - + name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - + name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: dockereng/cli-bin + tags: | + type=semver,pattern={{version}} + type=ref,event=branch + type=ref,event=pr + type=sha + - + name: Build and push image + uses: docker/bake-action@v6 + with: + files: | + ./docker-bake.hcl + cwd://${{ steps.meta.outputs.bake-file }} + targets: bin-image-cross + push: ${{ github.event_name != 'pull_request' }} + set: | + *.cache-from=type=gha,scope=bin-image + *.cache-to=type=gha,scope=bin-image,mode=max + + prepare-plugins: + runs-on: ubuntu-24.04 + outputs: + matrix: ${{ steps.platforms.outputs.matrix }} + steps: + - + name: Checkout + uses: actions/checkout@v4 + - + name: Create matrix + id: platforms + run: | + echo "matrix=$(docker buildx bake plugins-cross --print | jq -cr '.target."plugins-cross".platforms')" >>${GITHUB_OUTPUT} + - + name: Show matrix + run: | + echo ${{ steps.platforms.outputs.matrix }} + + plugins: + runs-on: ubuntu-24.04 + needs: + - prepare-plugins + strategy: + fail-fast: false + matrix: + platform: ${{ fromJson(needs.prepare-plugins.outputs.matrix) }} + steps: + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - + name: Build + uses: docker/bake-action@v6 + with: + targets: plugins-cross + set: | + *.platform=${{ matrix.platform }} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/docker-cli-28.2.2_ce/.github/workflows/codeql.yml new/docker-cli-28.2.2_ce/.github/workflows/codeql.yml --- old/docker-cli-28.2.2_ce/.github/workflows/codeql.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/docker-cli-28.2.2_ce/.github/workflows/codeql.yml 2025-05-30 11:39:08.000000000 +0200 @@ -0,0 +1,79 @@ +name: codeql + +# Default to 'contents: read', which grants actions to read commits. +# +# If any permission is set, any permission not included in the list is +# implicitly set to "none". +# +# see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions +permissions: + contents: read + +on: + push: + branches: + - 'master' + - '[0-9]+.[0-9]+' + - '[0-9]+.x' + tags: + - 'v*' + pull_request: + # The branches below must be a subset of the branches above + branches: ["master"] + schedule: + # ┌───────────── minute (0 - 59) + # │ ┌───────────── hour (0 - 23) + # │ │ ┌───────────── day of the month (1 - 31) + # │ │ │ ┌───────────── month (1 - 12) + # │ │ │ │ ┌───────────── day of the week (0 - 6) (Sunday to Saturday) + # │ │ │ │ │ + # │ │ │ │ │ + # │ │ │ │ │ + # * * * * * + - cron: '0 9 * * 4' + +jobs: + codeql: + runs-on: ubuntu-24.04 + timeout-minutes: 10 + env: + DISABLE_WARN_OUTSIDE_CONTAINER: '1' + permissions: + actions: read + contents: read + security-events: write + + steps: + - + name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 2 + # CodeQL 2.16.4's auto-build added support for multi-module repositories, + # and is trying to be smart by searching for modules in every directory, + # including vendor directories. If no module is found, it's creating one + # which is ... not what we want, so let's give it a "go.mod". + # see: https://github.com/docker/cli/pull/4944#issuecomment-2002034698 + - + name: Create go.mod + run: | + ln -s vendor.mod go.mod + ln -s vendor.sum go.sum + - + name: Update Go + uses: actions/setup-go@v5 + with: + go-version: "1.24.3" + - + name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: go + - + name: Autobuild + uses: github/codeql-action/autobuild@v3 + - + name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:go" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/docker-cli-28.2.2_ce/.github/workflows/e2e.yml new/docker-cli-28.2.2_ce/.github/workflows/e2e.yml --- old/docker-cli-28.2.2_ce/.github/workflows/e2e.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/docker-cli-28.2.2_ce/.github/workflows/e2e.yml 2025-05-30 11:39:08.000000000 +0200 @@ -0,0 +1,80 @@ +name: e2e + +# Default to 'contents: read', which grants actions to read commits. +# +# If any permission is set, any permission not included in the list is +# implicitly set to "none". +# +# see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +on: + workflow_dispatch: + push: + branches: + - 'master' + - '[0-9]+.[0-9]+' + - '[0-9]+.x' + tags: + - 'v*' + pull_request: + +jobs: + tests: + runs-on: ubuntu-24.04 + strategy: + fail-fast: false + matrix: + target: + - local + - connhelper-ssh + base: + - alpine + - debian + engine-version: + - 28 # latest + - 27 # latest - 1 + - 26 # github actions default + - 23 # mirantis lts + steps: + - + name: Checkout + uses: actions/checkout@v4 + - + name: Update daemon.json + run: | + if [ ! -f /etc/docker/daemon.json ]; then + # ubuntu 24.04 runners no longer have a default daemon.json present + sudo mkdir -p /etc/docker/ + echo '{"experimental": true}' | sudo tee /etc/docker/daemon.json + else + # but if there is one; let's patch it to keep other options that may be set. + sudo jq '.experimental = true' < /etc/docker/daemon.json > /tmp/docker.json + sudo mv /tmp/docker.json /etc/docker/daemon.json + fi + sudo cat /etc/docker/daemon.json + sudo service docker restart + docker version + docker info + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - + name: Run ${{ matrix.target }} + run: | + make -f docker.Makefile test-e2e-${{ matrix.target }} + env: + BASE_VARIANT: ${{ matrix.base }} + ENGINE_VERSION: ${{ matrix.engine-version }} + TESTFLAGS: -coverprofile=/tmp/coverage/coverage.txt + - + name: Send to Codecov + uses: codecov/codecov-action@v5 + with: + files: ./build/coverage/coverage.txt + token: ${{ secrets.CODECOV_TOKEN }} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/docker-cli-28.2.2_ce/.github/workflows/test.yml new/docker-cli-28.2.2_ce/.github/workflows/test.yml --- old/docker-cli-28.2.2_ce/.github/workflows/test.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/docker-cli-28.2.2_ce/.github/workflows/test.yml 2025-05-30 11:39:08.000000000 +0200 @@ -0,0 +1,83 @@ +name: test + +# Default to 'contents: read', which grants actions to read commits. +# +# If any permission is set, any permission not included in the list is +# implicitly set to "none". +# +# see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +on: + workflow_dispatch: + push: + branches: + - 'master' + - '[0-9]+.[0-9]+' + - '[0-9]+.x' + tags: + - 'v*' + pull_request: + +jobs: + ctn: + runs-on: ubuntu-24.04 + steps: + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - + name: Test + uses: docker/bake-action@v6 + with: + targets: test-coverage + - + name: Send to Codecov + uses: codecov/codecov-action@v5 + with: + files: ./build/coverage/coverage.txt + token: ${{ secrets.CODECOV_TOKEN }} + + host: + runs-on: ${{ matrix.os }} + env: + GOPATH: ${{ github.workspace }} + GOBIN: ${{ github.workspace }}/bin + GO111MODULE: auto + strategy: + fail-fast: false + matrix: + os: + - macos-13 # macOS 13 on Intel + - macos-14 # macOS 14 on arm64 (Apple Silicon M1) +# - windows-2022 # FIXME: some tests are failing on the Windows runner, as well as on Appveyor since June 24, 2018: https://ci.appveyor.com/project/docker/cli/history + steps: + - + name: Checkout + uses: actions/checkout@v4 + with: + path: ${{ env.GOPATH }}/src/github.com/docker/cli + - + name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: "1.24.3" + - + name: Test + run: | + go test -coverprofile=/tmp/coverage.txt $(go list ./... | grep -vE '/vendor/|/e2e/') + go tool cover -func=/tmp/coverage.txt + working-directory: ${{ env.GOPATH }}/src/github.com/docker/cli + shell: bash + - + name: Send to Codecov + uses: codecov/codecov-action@v5 + with: + files: /tmp/coverage.txt + working-directory: ${{ env.GOPATH }}/src/github.com/docker/cli + token: ${{ secrets.CODECOV_TOKEN }} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/docker-cli-28.2.2_ce/.github/workflows/validate-pr.yml new/docker-cli-28.2.2_ce/.github/workflows/validate-pr.yml --- old/docker-cli-28.2.2_ce/.github/workflows/validate-pr.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/docker-cli-28.2.2_ce/.github/workflows/validate-pr.yml 2025-05-30 11:39:08.000000000 +0200 @@ -0,0 +1,88 @@ +name: validate-pr + +# Default to 'contents: read', which grants actions to read commits. +# +# If any permission is set, any permission not included in the list is +# implicitly set to "none". +# +# see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions +permissions: + contents: read + +on: + pull_request: + types: [opened, edited, labeled, unlabeled] + +jobs: + check-area-label: + runs-on: ubuntu-24.04 + timeout-minutes: 120 # guardrails timeout for the whole job + steps: + - name: Missing `area/` label + if: contains(join(github.event.pull_request.labels.*.name, ','), 'impact/') && !contains(join(github.event.pull_request.labels.*.name, ','), 'area/') + run: | + echo "::error::Every PR with an 'impact/*' label should also have an 'area/*' label" + exit 1 + - name: OK + run: exit 0 + + check-changelog: + runs-on: ubuntu-24.04 + timeout-minutes: 120 # guardrails timeout for the whole job + env: + HAS_IMPACT_LABEL: ${{ contains(join(github.event.pull_request.labels.*.name, ','), 'impact/') }} + PR_BODY: | + ${{ github.event.pull_request.body }} + steps: + - name: Check changelog description + run: | + # Extract the `markdown changelog` note code block + block=$(echo -n "$PR_BODY" | tr -d '\r' | awk '/^```markdown changelog$/{flag=1;next}/^```$/{flag=0}flag') + + # Strip empty lines + desc=$(echo "$block" | awk NF) + + if [ "$HAS_IMPACT_LABEL" = "true" ]; then + if [ -z "$desc" ]; then + echo "::error::Changelog section is empty. Please provide a description for the changelog." + exit 1 + fi + + len=$(echo -n "$desc" | wc -c) + if [[ $len -le 6 ]]; then + echo "::error::Description looks too short: $desc" + exit 1 + fi + else + if [ -n "$desc" ]; then + echo "::error::PR has a changelog description, but no changelog label" + echo "::error::Please add the relevant 'impact/' label to the PR or remove the changelog description" + exit 1 + fi + fi + + echo "This PR will be included in the release notes with the following note:" + echo "$desc" + + check-pr-branch: + runs-on: ubuntu-24.04 + timeout-minutes: 120 # guardrails timeout for the whole job + env: + PR_TITLE: ${{ github.event.pull_request.title }} + steps: + # Backports or PR that target a release branch directly should mention the target branch in the title, for example: + # [X.Y backport] Some change that needs backporting to X.Y + # [X.Y] Change directly targeting the X.Y branch + - name: Check release branch + id: title_branch + run: | + # get the intended major version prefix ("[27.1 backport]" -> "27.") from the PR title. + [[ "$PR_TITLE" =~ ^\[([0-9]*\.)[^]]*\] ]] && branch="${BASH_REMATCH[1]}" + + # get major version prefix from the release branch ("27.x -> "27.") + [[ "$GITHUB_BASE_REF" =~ ^([0-9]*\.) ]] && target_branch="${BASH_REMATCH[1]}" || target_branch="$GITHUB_BASE_REF" + + if [[ "$target_branch" != "$branch" ]] && ! [[ "$GITHUB_BASE_REF" == "master" && "$branch" == "" ]]; then + echo "::error::PR is opened against the $GITHUB_BASE_REF branch, but its title suggests otherwise." + exit 1 + fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/docker-cli-28.2.2_ce/.github/workflows/validate.yml new/docker-cli-28.2.2_ce/.github/workflows/validate.yml --- old/docker-cli-28.2.2_ce/.github/workflows/validate.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/docker-cli-28.2.2_ce/.github/workflows/validate.yml 2025-05-30 11:39:08.000000000 +0200 @@ -0,0 +1,82 @@ +name: validate + +# Default to 'contents: read', which grants actions to read commits. +# +# If any permission is set, any permission not included in the list is +# implicitly set to "none". +# +# see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +on: + workflow_dispatch: + push: + branches: + - 'master' + - '[0-9]+.[0-9]+' + - '[0-9]+.x' + tags: + - 'v*' + pull_request: + +jobs: + validate: + runs-on: ubuntu-24.04 + strategy: + fail-fast: false + matrix: + target: + - lint + - shellcheck + - validate-vendor + - update-authors # ensure authors update target runs fine + steps: + - + name: Run + uses: docker/bake-action@v6 + with: + targets: ${{ matrix.target }} + + # check that the generated Markdown and the checked-in files match + validate-md: + runs-on: ubuntu-24.04 + steps: + - + name: Checkout + uses: actions/checkout@v4 + - + name: Generate + shell: 'script --return --quiet --command "bash {0}"' + run: | + make -f docker.Makefile mddocs + - + name: Validate + run: | + if [[ $(git diff --stat) != '' ]]; then + echo 'fail: generated files do not match checked-in files' + git --no-pager diff + exit 1 + fi + + validate-make: + runs-on: ubuntu-24.04 + strategy: + fail-fast: false + matrix: + target: + - yamldocs # ensure yamldocs target runs fine + - manpages # ensure manpages target runs fine + steps: + - + name: Checkout + uses: actions/checkout@v4 + - + name: Run + shell: 'script --return --quiet --command "bash {0}"' + run: | + make -f docker.Makefile ${{ matrix.target }} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/docker-cli-28.2.2_ce/.gitignore new/docker-cli-28.2.2_ce/.gitignore --- old/docker-cli-28.2.2_ce/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/docker-cli-28.2.2_ce/.gitignore 2025-05-30 11:39:08.000000000 +0200 @@ -0,0 +1,17 @@ +# if you want to ignore files created by your editor/tools, +# consider a global .gitignore https://help.github.com/articles/ignoring-files +*.exe +*.exe~ +*.orig +.*.swp +.DS_Store +Thumbs.db +.editorconfig +/build/ +/cmd/docker/winresources/versioninfo.json +/cmd/docker/winresources/*.syso +profile.out + +# top-level go.mod is not meant to be checked in +/go.mod +/go.sum
