Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package regclient for openSUSE:Factory checked in at 2025-12-05 16:51:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/regclient (Old) and /work/SRC/openSUSE:Factory/.regclient.new.1939 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "regclient" Fri Dec 5 16:51:39 2025 rev:11 rq:1321050 version:0.11.0 Changes: -------- --- /work/SRC/openSUSE:Factory/regclient/regclient.changes 2025-11-10 19:21:06.621831689 +0100 +++ /work/SRC/openSUSE:Factory/.regclient.new.1939/regclient.changes 2025-12-05 16:53:14.235857569 +0100 @@ -1,0 +2,15 @@ +Thu Dec 04 06:08:31 UTC 2025 - Johannes Kastl <[email protected]> + +- Update to version 0.11.0: + * Features: + - Build artifacts for riscv64. (PR 1011) + - Generate FreeBSD amd64 binaries. (PR 1013) + - Add support for cosign v3 bundles. (PR 1018) + * Fixes: + - Fix ECR Helper version pin. (PR 1017) + - Fix the cosign use-signing-config flag. (PR 1019) + - Improve reproducibility in Dockerfiles. (PR 1020) + * Other Changes: + - Add a policy for LLM generated contributions. (PR 1016) + +------------------------------------------------------------------- Old: ---- regclient-0.10.0.obscpio New: ---- regclient-0.11.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ regclient.spec ++++++ --- /var/tmp/diff_new_pack.WjNiAh/_old 2025-12-05 16:53:15.203898042 +0100 +++ /var/tmp/diff_new_pack.WjNiAh/_new 2025-12-05 16:53:15.203898042 +0100 @@ -17,7 +17,7 @@ Name: regclient -Version: 0.10.0 +Version: 0.11.0 Release: 0 Summary: OCI Registry Client in Go and tooling using those libraries License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.WjNiAh/_old 2025-12-05 16:53:15.267900717 +0100 +++ /var/tmp/diff_new_pack.WjNiAh/_new 2025-12-05 16:53:15.271900885 +0100 @@ -3,7 +3,7 @@ <param name="url">https://github.com/regclient/regclient</param> <param name="scm">git</param> <param name="package-meta">yes</param> - <param name="revision">v0.10.0</param> + <param name="revision">v0.11.0</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.WjNiAh/_old 2025-12-05 16:53:15.315902724 +0100 +++ /var/tmp/diff_new_pack.WjNiAh/_new 2025-12-05 16:53:15.327903226 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/regclient/regclient</param> - <param name="changesrevision">c3de9bb7b04ad3cd96bb73bc0c72986b83572d12</param></service></servicedata> + <param name="changesrevision">9a4fd6b957345e2f625f0c18dfbea4db59fc2b23</param></service></servicedata> (No newline at EOF) ++++++ regclient-0.10.0.obscpio -> regclient-0.11.0.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/.git/HEAD new/regclient-0.11.0/.git/HEAD --- old/regclient-0.10.0/.git/HEAD 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/.git/HEAD 2025-12-01 20:38:07.000000000 +0100 @@ -1 +1 @@ -c3de9bb7b04ad3cd96bb73bc0c72986b83572d12 +9a4fd6b957345e2f625f0c18dfbea4db59fc2b23 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/.git/ORIG_HEAD new/regclient-0.11.0/.git/ORIG_HEAD --- old/regclient-0.10.0/.git/ORIG_HEAD 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/.git/ORIG_HEAD 2025-12-01 20:38:07.000000000 +0100 @@ -1 +1 @@ -c3de9bb7b04ad3cd96bb73bc0c72986b83572d12 +9a4fd6b957345e2f625f0c18dfbea4db59fc2b23 Binary files old/regclient-0.10.0/.git/index and new/regclient-0.11.0/.git/index differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/.git/logs/HEAD new/regclient-0.11.0/.git/logs/HEAD --- old/regclient-0.10.0/.git/logs/HEAD 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/.git/logs/HEAD 2025-12-01 20:38:07.000000000 +0100 @@ -1,2 +1,2 @@ -0000000000000000000000000000000000000000 2a0496d240396e626d9c30aab63064a812735ca7 Johannes Kastl <[email protected]> 1762779779 +0100 clone: from https://github.com/regclient/regclient -2a0496d240396e626d9c30aab63064a812735ca7 c3de9bb7b04ad3cd96bb73bc0c72986b83572d12 Johannes Kastl <[email protected]> 1762779779 +0100 checkout: moving from main to v0.10.0 +0000000000000000000000000000000000000000 1b734bf7e919e7df1e35417f33afd068b5bc07a2 kastl <[email protected]> 1764828511 +0100 clone: from https://github.com/regclient/regclient +1b734bf7e919e7df1e35417f33afd068b5bc07a2 9a4fd6b957345e2f625f0c18dfbea4db59fc2b23 kastl <[email protected]> 1764828511 +0100 checkout: moving from main to v0.11.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/.git/logs/refs/heads/main new/regclient-0.11.0/.git/logs/refs/heads/main --- old/regclient-0.10.0/.git/logs/refs/heads/main 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/.git/logs/refs/heads/main 2025-12-01 20:38:07.000000000 +0100 @@ -1 +1 @@ -0000000000000000000000000000000000000000 2a0496d240396e626d9c30aab63064a812735ca7 Johannes Kastl <[email protected]> 1762779779 +0100 clone: from https://github.com/regclient/regclient +0000000000000000000000000000000000000000 1b734bf7e919e7df1e35417f33afd068b5bc07a2 kastl <[email protected]> 1764828511 +0100 clone: from https://github.com/regclient/regclient diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/.git/logs/refs/remotes/origin/HEAD new/regclient-0.11.0/.git/logs/refs/remotes/origin/HEAD --- old/regclient-0.10.0/.git/logs/refs/remotes/origin/HEAD 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/.git/logs/refs/remotes/origin/HEAD 2025-12-01 20:38:07.000000000 +0100 @@ -1 +1 @@ -0000000000000000000000000000000000000000 2a0496d240396e626d9c30aab63064a812735ca7 Johannes Kastl <[email protected]> 1762779779 +0100 clone: from https://github.com/regclient/regclient +0000000000000000000000000000000000000000 1b734bf7e919e7df1e35417f33afd068b5bc07a2 kastl <[email protected]> 1764828511 +0100 clone: from https://github.com/regclient/regclient Binary files old/regclient-0.10.0/.git/objects/pack/pack-9b83ec8d296acf7a03f63199947c559ca30a13e8.idx and new/regclient-0.11.0/.git/objects/pack/pack-9b83ec8d296acf7a03f63199947c559ca30a13e8.idx differ Binary files old/regclient-0.10.0/.git/objects/pack/pack-9b83ec8d296acf7a03f63199947c559ca30a13e8.pack and new/regclient-0.11.0/.git/objects/pack/pack-9b83ec8d296acf7a03f63199947c559ca30a13e8.pack differ Binary files old/regclient-0.10.0/.git/objects/pack/pack-9b83ec8d296acf7a03f63199947c559ca30a13e8.rev and new/regclient-0.11.0/.git/objects/pack/pack-9b83ec8d296acf7a03f63199947c559ca30a13e8.rev differ Binary files old/regclient-0.10.0/.git/objects/pack/pack-d78df5fde3b1b54ff71823fa74ef53a7bf9c58d3.idx and new/regclient-0.11.0/.git/objects/pack/pack-d78df5fde3b1b54ff71823fa74ef53a7bf9c58d3.idx differ Binary files old/regclient-0.10.0/.git/objects/pack/pack-d78df5fde3b1b54ff71823fa74ef53a7bf9c58d3.pack and new/regclient-0.11.0/.git/objects/pack/pack-d78df5fde3b1b54ff71823fa74ef53a7bf9c58d3.pack differ Binary files old/regclient-0.10.0/.git/objects/pack/pack-d78df5fde3b1b54ff71823fa74ef53a7bf9c58d3.rev and new/regclient-0.11.0/.git/objects/pack/pack-d78df5fde3b1b54ff71823fa74ef53a7bf9c58d3.rev differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/.git/packed-refs new/regclient-0.11.0/.git/packed-refs --- old/regclient-0.10.0/.git/packed-refs 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/.git/packed-refs 2025-12-01 20:38:07.000000000 +0100 @@ -1,7 +1,8 @@ # pack-refs with: peeled fully-peeled sorted -2a0496d240396e626d9c30aab63064a812735ca7 refs/remotes/origin/main +1b734bf7e919e7df1e35417f33afd068b5bc07a2 refs/remotes/origin/main daa734a0b4dc9c19231cfe691a241f0ce2a7b2f4 refs/remotes/origin/releases/0.0 c3de9bb7b04ad3cd96bb73bc0c72986b83572d12 refs/remotes/origin/releases/0.10 +9a4fd6b957345e2f625f0c18dfbea4db59fc2b23 refs/remotes/origin/releases/0.11 4c6dd972a3c609f7c0997bb6e464aee431f8c971 refs/remotes/origin/releases/0.2 6a1a13c410f734f5e18a6032936bc6764814eae7 refs/remotes/origin/releases/0.3 847254c7ac7d6f027dcdfb196a9aa4c11eb61ed9 refs/remotes/origin/releases/0.4 @@ -24,6 +25,8 @@ ^daa734a0b4dc9c19231cfe691a241f0ce2a7b2f4 5b0d2934d50bc60c49b71003411f3c98b59345b1 refs/tags/v0.10.0 ^c3de9bb7b04ad3cd96bb73bc0c72986b83572d12 +3d39816ed1fd27384e80977617ca14dff38269b4 refs/tags/v0.11.0 +^9a4fd6b957345e2f625f0c18dfbea4db59fc2b23 f5e39881d000960a706d1840f2a43eac7b3fd9de refs/tags/v0.2.0 ^5906ef88ec6ec3f6709d286756d27b77982fa55b 25bacba961cde26845ce0bf5a90edbb8a2bdb2e4 refs/tags/v0.2.1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/.git/refs/heads/main new/regclient-0.11.0/.git/refs/heads/main --- old/regclient-0.10.0/.git/refs/heads/main 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/.git/refs/heads/main 2025-12-01 20:38:07.000000000 +0100 @@ -1 +1 @@ -2a0496d240396e626d9c30aab63064a812735ca7 +1b734bf7e919e7df1e35417f33afd068b5bc07a2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/.github/ISSUE_TEMPLATE/feature.md new/regclient-0.11.0/.github/ISSUE_TEMPLATE/feature.md --- old/regclient-0.10.0/.github/ISSUE_TEMPLATE/feature.md 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/.github/ISSUE_TEMPLATE/feature.md 2025-12-01 20:38:07.000000000 +0100 @@ -52,3 +52,4 @@ <!-- Links? References? Anything that will give us more context about the issue that you are encountering! --> +<!-- markdownlint-disable-file MD001 --> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/.github/ISSUE_TEMPLATE/issue.md new/regclient-0.11.0/.github/ISSUE_TEMPLATE/issue.md --- old/regclient-0.10.0/.github/ISSUE_TEMPLATE/issue.md 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/.github/ISSUE_TEMPLATE/issue.md 2025-12-01 20:38:07.000000000 +0100 @@ -52,3 +52,4 @@ <!-- Links? References? Anything that will give us more context about the issue that you are encountering! --> +<!-- markdownlint-disable-file MD001 --> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/.github/ISSUE_TEMPLATE/question.md new/regclient-0.11.0/.github/ISSUE_TEMPLATE/question.md --- old/regclient-0.10.0/.github/ISSUE_TEMPLATE/question.md 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/.github/ISSUE_TEMPLATE/question.md 2025-12-01 20:38:07.000000000 +0100 @@ -38,3 +38,4 @@ <!-- Links? References? Anything that will give us more context about the issue that you are encountering! --> +<!-- markdownlint-disable-file MD001 --> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/.github/PULL_REQUEST_TEMPLATE.md new/regclient-0.11.0/.github/PULL_REQUEST_TEMPLATE.md --- old/regclient-0.10.0/.github/PULL_REQUEST_TEMPLATE.md 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/.github/PULL_REQUEST_TEMPLATE.md 2025-12-01 20:38:07.000000000 +0100 @@ -27,8 +27,9 @@ <!-- Mark the following with an [X] to verify they are included --> - [ ] Tests have been added or not applicable -- [ ] Documentation has been added, updated, or not applicable +- [ ] Documentation updates are included or not applicable (most documentation should be in the regclient.org repo) - [ ] Changes have been rebased to main - [ ] Multiple commits to the same code have been squashed +- [ ] All changes have been human generated or created with a reproducible tool <!-- markdownlint-disable-file MD041 --> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/.github/workflows/ci-registry.yml new/regclient-0.11.0/.github/workflows/ci-registry.yml --- old/regclient-0.10.0/.github/workflows/ci-registry.yml 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/.github/workflows/ci-registry.yml 2025-12-01 20:38:07.000000000 +0100 @@ -23,10 +23,10 @@ steps: - name: Check out code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: "Set up Go ${{ env.RELEASE_GO_VER }}" - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: go-version: "${{ env.RELEASE_GO_VER }}" check-latest: true diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/.github/workflows/docker.yml new/regclient-0.11.0/.github/workflows/docker.yml --- old/regclient-0.10.0/.github/workflows/docker.yml 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/.github/workflows/docker.yml 2025-12-01 20:38:07.000000000 +0100 @@ -33,7 +33,7 @@ steps: - name: Check out code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Prepare id: prep @@ -108,7 +108,7 @@ with: context: . file: ./build/Dockerfile.${{ matrix.image }}.buildkit - platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x + platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x,linux/riscv64 target: release-${{ matrix.type }} outputs: type=oci,oci-artifact=true,dest=output/${{matrix.image}}-${{matrix.type}}.tar provenance: version=v1,mode=max @@ -122,18 +122,18 @@ if: github.event_name != 'pull_request' && github.repository_owner == 'regclient' uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 with: - cosign-release: "v2.6.1" + cosign-release: "v3.0.2" - name: Install syft if: github.event_name != 'pull_request' && github.repository_owner == 'regclient' - uses: anchore/sbom-action/download-syft@8e94d75ddd33f69f691467e42275782e4bfefe84 # v0.20.9 + uses: anchore/sbom-action/download-syft@fbfd9c6c189226748411491745178e0c2017392d # v0.20.10 id: syft with: - syft-version: "v1.37.0" + syft-version: "v1.38.0" # Dogfooding, use regctl to modify regclient images to improve reproducibility - name: Install regctl - uses: regclient/actions/regctl-installer@df29323daedc1f78ee74b261bd8d849327cb4ff0 # main + uses: regclient/actions/regctl-installer@ed5268e995795eb54f4187ada5728d118ad674f3 # main if: github.event_name != 'pull_request' && github.repository_owner == 'regclient' with: release: main @@ -209,6 +209,8 @@ else echo "Pushing ${tag}" regctl image copy --referrers "ocidir://output/${{matrix.image}}:${{matrix.type}}@${digest}" "${tag}" - cosign sign -y -r "${tag}@${digest}" + # sign both with and without the bundle to support older clients + cosign sign -y -r --new-bundle-format=false --use-signing-config=false "${tag}@${digest}" + cosign sign -y -r --new-bundle-format=true --use-signing-config=true "${tag}@${digest}" fi done diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/.github/workflows/go.yml new/regclient-0.11.0/.github/workflows/go.yml --- old/regclient-0.10.0/.github/workflows/go.yml 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/.github/workflows/go.yml 2025-12-01 20:38:07.000000000 +0100 @@ -32,10 +32,10 @@ steps: - name: Check out code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: "Set up Go ${{ matrix.gover }}" - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: go-version: "${{ matrix.gover }}" check-latest: true @@ -60,10 +60,10 @@ - name: Install syft if: startsWith( github.ref, 'refs/tags/v' ) || github.ref == 'refs/heads/main' - uses: anchore/sbom-action/download-syft@8e94d75ddd33f69f691467e42275782e4bfefe84 # v0.20.9 + uses: anchore/sbom-action/download-syft@fbfd9c6c189226748411491745178e0c2017392d # v0.20.10 id: syft with: - syft-version: "v1.37.0" + syft-version: "v1.38.0" - name: Build artifacts if: startsWith( github.ref, 'refs/tags/v' ) || github.ref == 'refs/heads/main' @@ -73,7 +73,7 @@ if: ( startsWith( github.ref, 'refs/tags/v' ) || github.ref == 'refs/heads/main' ) && matrix.gover == env.RELEASE_GO_VER uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 with: - cosign-release: "v2.6.1" + cosign-release: "v3.0.2" - name: Package artifacts if: ( startsWith( github.ref, 'refs/tags/v' ) || github.ref == 'refs/heads/main' ) && matrix.gover == env.RELEASE_GO_VER @@ -82,27 +82,35 @@ for artifact in \ regbot-darwin-amd64 \ regbot-darwin-arm64 \ + regbot-freebsd-amd64 \ regbot-linux-amd64 \ regbot-linux-arm64 \ regbot-linux-ppc64le \ regbot-linux-s390x \ + regbot-linux-riscv64 \ regbot-windows-amd64.exe \ regctl-darwin-amd64 \ regctl-darwin-arm64 \ + regctl-freebsd-amd64 \ regctl-linux-amd64 \ regctl-linux-arm64 \ regctl-linux-ppc64le \ regctl-linux-s390x \ + regctl-linux-riscv64 \ regctl-windows-amd64.exe \ regsync-darwin-amd64 \ regsync-darwin-arm64 \ + regsync-freebsd-amd64 \ regsync-linux-amd64 \ regsync-linux-arm64 \ regsync-linux-ppc64le \ regsync-linux-s390x \ + regsync-linux-riscv64 \ regsync-windows-amd64.exe \ ; do - cosign sign-blob -y --output-signature "${artifact%.exe}.sig" --output-certificate "${artifact%.exe}.pem" "${artifact}" + # sign content with and without the bundle to simplify client migrations + cosign sign-blob -y --new-bundle-format=false --use-signing-config=false --output-signature "${artifact%.exe}.sig" --output-certificate "${artifact%.exe}.pem" "${artifact}" + cosign sign-blob -y --new-bundle-format=true --use-signing-config=true --bundle "${artifact%.exe}.sigstore.json" "${artifact}" done tar -cvzf metadata.tgz *.sig *.pem *.json @@ -121,7 +129,7 @@ - name: Create release if: steps.release_details.outputs.valid == 'true' && matrix.gover == env.RELEASE_GO_VER id: release_create - uses: softprops/action-gh-release@5be0e66d93ac7ed76da52eca8bb058f665c3a5fe # v2.4.2 + uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -132,24 +140,30 @@ files: | ./artifacts/regbot-darwin-amd64 ./artifacts/regbot-darwin-arm64 + ./artifacts/regbot-freebsd-amd64 ./artifacts/regbot-linux-amd64 ./artifacts/regbot-linux-arm64 ./artifacts/regbot-linux-ppc64le ./artifacts/regbot-linux-s390x + ./artifacts/regbot-linux-riscv64 ./artifacts/regbot-windows-amd64.exe ./artifacts/regctl-darwin-amd64 ./artifacts/regctl-darwin-arm64 + ./artifacts/regctl-freebsd-amd64 ./artifacts/regctl-linux-amd64 ./artifacts/regctl-linux-arm64 ./artifacts/regctl-linux-ppc64le ./artifacts/regctl-linux-s390x + ./artifacts/regctl-linux-riscv64 ./artifacts/regctl-windows-amd64.exe ./artifacts/regsync-darwin-amd64 ./artifacts/regsync-darwin-arm64 + ./artifacts/regsync-freebsd-amd64 ./artifacts/regsync-linux-amd64 ./artifacts/regsync-linux-arm64 ./artifacts/regsync-linux-ppc64le ./artifacts/regsync-linux-s390x + ./artifacts/regsync-linux-riscv64 ./artifacts/regsync-windows-amd64.exe ./artifacts/metadata.tgz diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/.github/workflows/version-check.yml new/regclient-0.11.0/.github/workflows/version-check.yml --- old/regclient-0.10.0/.github/workflows/version-check.yml 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/.github/workflows/version-check.yml 2025-12-01 20:38:07.000000000 +0100 @@ -15,7 +15,7 @@ steps: - name: Check out code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Version Check uses: docker://ghcr.io/sudo-bmitch/version-bump:edge with: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/.github/workflows/vulnscans.yml new/regclient-0.11.0/.github/workflows/vulnscans.yml --- old/regclient-0.10.0/.github/workflows/vulnscans.yml 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/.github/workflows/vulnscans.yml 2025-12-01 20:38:07.000000000 +0100 @@ -17,10 +17,10 @@ steps: - name: Check out code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: "Set up Go" - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: go-version: "${{ env.RELEASE_GO_VER }}" check-latest: true diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/.version-bump.lock new/regclient-0.11.0/.version-bump.lock --- old/regclient-0.10.0/.version-bump.lock 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/.version-bump.lock 2025-12-01 20:38:07.000000000 +0100 @@ -1,6 +1,6 @@ {"name":"docker-arg-alpine-digest","key":"docker.io/library/alpine:3.22.2","version":"sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412"} {"name":"docker-arg-alpine-tag","key":"docker.io/library/alpine","version":"3.22.2"} -{"name":"docker-arg-ecr","key":"https://github.com/awslabs/amazon-ecr-credential-helper.git","version":"v0.10.1"} +{"name":"docker-arg-ecr","key":"https://github.com/awslabs/amazon-ecr-credential-helper.git","version":"v0.11.0"} {"name":"docker-arg-gcr","key":"https://github.com/GoogleCloudPlatform/docker-credential-gcr.git","version":"v2.1.30"} {"name":"docker-arg-go-digest","key":"docker.io/library/golang:1.25.4-alpine","version":"sha256:d3f0cf7723f3429e3f9ed846243970b20a2de7bae6a5b66fc5914e228d831bbb"} {"name":"docker-arg-go-tag","key":"docker.io/library/golang","version":"1.25.4"} @@ -9,44 +9,44 @@ {"name":"gha-alpine-digest","key":"docker.io/library/alpine:3.22.2","version":"sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412"} {"name":"gha-alpine-tag-base","key":"docker.io/library/alpine","version":"3"} {"name":"gha-alpine-tag-comment","key":"docker.io/library/alpine","version":"3.22.2"} -{"name":"gha-cosign-version","key":"https://github.com/sigstore/cosign.git","version":"v2.6.1"} +{"name":"gha-cosign-version","key":"https://github.com/sigstore/cosign.git","version":"v3.0.2"} {"name":"gha-golang-matrix","key":"golang-matrix","version":"[\"1.24\", \"1.25\"]"} {"name":"gha-golang-release","key":"golang-latest","version":"1.25"} -{"name":"gha-syft-version","key":"docker.io/anchore/syft","version":"v1.37.0"} -{"name":"gha-uses-commit","key":"https://github.com/actions/checkout.git:v5.0.0","version":"08c6903cd8c0fde910a37f88322edcfb5dd907a8"} -{"name":"gha-uses-commit","key":"https://github.com/actions/setup-go.git:v6.0.0","version":"44694675825211faa026b3c33043df3e48a5fa00"} +{"name":"gha-syft-version","key":"docker.io/anchore/syft","version":"v1.38.0"} +{"name":"gha-uses-commit","key":"https://github.com/actions/checkout.git:v6.0.0","version":"1af3b93b6815bc44a9784bd300feb67ff0d1eeb3"} +{"name":"gha-uses-commit","key":"https://github.com/actions/setup-go.git:v6.1.0","version":"4dc6199c7b1a012772edbd06daecab0f50c9053c"} {"name":"gha-uses-commit","key":"https://github.com/actions/stale.git:v10.1.0","version":"5f858e3efba33a5ca4407a664cc011ad407f2008"} {"name":"gha-uses-commit","key":"https://github.com/actions/upload-artifact.git:v5.0.0","version":"330a01c490aca151604b8cf639adc76d48f6c5d4"} -{"name":"gha-uses-commit","key":"https://github.com/anchore/sbom-action.git:v0.20.9","version":"8e94d75ddd33f69f691467e42275782e4bfefe84"} +{"name":"gha-uses-commit","key":"https://github.com/anchore/sbom-action.git:v0.20.10","version":"fbfd9c6c189226748411491745178e0c2017392d"} {"name":"gha-uses-commit","key":"https://github.com/docker/build-push-action.git:v6.18.0","version":"263435318d21b8e681c14492fe198d362a7d2c83"} {"name":"gha-uses-commit","key":"https://github.com/docker/login-action.git:v3.6.0","version":"5e57cd118135c172c3672efd75eb46360885c0ef"} {"name":"gha-uses-commit","key":"https://github.com/docker/setup-buildx-action.git:v3.11.1","version":"e468171a9de216ec08956ac3ada2f0791b6bd435"} -{"name":"gha-uses-commit","key":"https://github.com/regclient/actions.git:main","version":"df29323daedc1f78ee74b261bd8d849327cb4ff0"} +{"name":"gha-uses-commit","key":"https://github.com/regclient/actions.git:main","version":"ed5268e995795eb54f4187ada5728d118ad674f3"} {"name":"gha-uses-commit","key":"https://github.com/sigstore/cosign-installer.git:v4.0.0","version":"faadad0cce49287aee09b3a48701e75088a2c6ad"} -{"name":"gha-uses-commit","key":"https://github.com/softprops/action-gh-release.git:v2.4.2","version":"5be0e66d93ac7ed76da52eca8bb058f665c3a5fe"} -{"name":"gha-uses-semver","key":"https://github.com/actions/checkout.git","version":"v5.0.0"} -{"name":"gha-uses-semver","key":"https://github.com/actions/setup-go.git","version":"v6.0.0"} +{"name":"gha-uses-commit","key":"https://github.com/softprops/action-gh-release.git:v2.5.0","version":"a06a81a03ee405af7f2048a818ed3f03bbf83c7b"} +{"name":"gha-uses-semver","key":"https://github.com/actions/checkout.git","version":"v6.0.0"} +{"name":"gha-uses-semver","key":"https://github.com/actions/setup-go.git","version":"v6.1.0"} {"name":"gha-uses-semver","key":"https://github.com/actions/stale.git","version":"v10.1.0"} {"name":"gha-uses-semver","key":"https://github.com/actions/upload-artifact.git","version":"v5.0.0"} -{"name":"gha-uses-semver","key":"https://github.com/anchore/sbom-action.git","version":"v0.20.9"} +{"name":"gha-uses-semver","key":"https://github.com/anchore/sbom-action.git","version":"v0.20.10"} {"name":"gha-uses-semver","key":"https://github.com/docker/build-push-action.git","version":"v6.18.0"} {"name":"gha-uses-semver","key":"https://github.com/docker/login-action.git","version":"v3.6.0"} {"name":"gha-uses-semver","key":"https://github.com/docker/setup-buildx-action.git","version":"v3.11.1"} {"name":"gha-uses-semver","key":"https://github.com/sigstore/cosign-installer.git","version":"v4.0.0"} -{"name":"gha-uses-semver","key":"https://github.com/softprops/action-gh-release.git","version":"v2.4.2"} +{"name":"gha-uses-semver","key":"https://github.com/softprops/action-gh-release.git","version":"v2.5.0"} {"name":"go-mod-golang-release","key":"golang-oldest","version":"1.24.0"} {"name":"makefile-ci-distribution","key":"docker.io/library/registry","version":"3.0.0"} -{"name":"makefile-ci-zot","key":"ghcr.io/project-zot/zot-linux-amd64","version":"v2.1.10"} +{"name":"makefile-ci-zot","key":"ghcr.io/project-zot/zot-linux-amd64","version":"v2.1.11"} {"name":"makefile-go-vulncheck","key":"https://go.googlesource.com/vuln.git","version":"v1.1.4"} {"name":"makefile-gofumpt","key":"https://github.com/mvdan/gofumpt.git","version":"v0.9.2"} {"name":"makefile-gomajor","key":"https://github.com/icholy/gomajor.git","version":"v0.15.0"} {"name":"makefile-gosec","key":"https://github.com/securego/gosec.git","version":"v2.22.10"} -{"name":"makefile-markdown-lint","key":"docker.io/davidanson/markdownlint-cli2","version":"v0.18.1"} -{"name":"makefile-osv-scanner","key":"https://github.com/google/osv-scanner.git","version":"v2.2.4"} +{"name":"makefile-markdown-lint","key":"docker.io/davidanson/markdownlint-cli2","version":"v0.19.1"} +{"name":"makefile-osv-scanner","key":"https://github.com/google/osv-scanner.git","version":"v2.3.0"} {"name":"makefile-staticcheck","key":"https://github.com/dominikh/go-tools.git","version":"v0.6.1"} -{"name":"makefile-syft-container-digest","key":"anchore/syft:v1.37.0","version":"sha256:48d679480c6d272c1801cf30460556959c01d4826795be31d4fd8b53750b7d91"} -{"name":"makefile-syft-container-tag","key":"anchore/syft","version":"v1.37.0"} -{"name":"makefile-syft-version","key":"docker.io/anchore/syft","version":"v1.37.0"} +{"name":"makefile-syft-container-digest","key":"anchore/syft:v1.38.0","version":"sha256:825cad3a952c87676a6d07e9a3bb05ac9c401d598360070e970aa46d54c1727e"} +{"name":"makefile-syft-container-tag","key":"anchore/syft","version":"v1.38.0"} +{"name":"makefile-syft-version","key":"docker.io/anchore/syft","version":"v1.38.0"} {"name":"osv-golang-release","key":"docker.io/library/golang","version":"1.25.4"} {"name":"shell-alpine-digest","key":"docker.io/library/alpine:3.22.2","version":"sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412"} {"name":"shell-alpine-tag-base","key":"docker.io/library/alpine","version":"3"} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/.version-bump.yml new/regclient-0.11.0/.version-bump.yml --- old/regclient-0.10.0/.version-bump.yml 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/.version-bump.yml 2025-12-01 20:38:07.000000000 +0100 @@ -106,13 +106,14 @@ regexp: '^ARG ECR_HELPER_VER=(?P<Version>v?\d+\.\d+\.\d+)\s*$' sourceArgs: url: "https://github.com/awslabs/amazon-ecr-credential-helper.git"; - # temp hack to back rev due to missing tag on sub-module + # get the version for the ecr-login nested package in the repo + filter: + expr: '^ecr-login/v?\d+\.\d+\.\d+$' + # sort and output only the version number without the package name prefix sort: method: "semver" - offset: 1 - # TODO: support templating the output of a filter in version-bump so versions on the sub-module can be used - # filter: - # expr: '^ecr-login/v?\d+\.\d+\.\d+$' + template: '{{ index (split . "/") 1 }}' + template: '{{ index (split .Version "/") 1 }}' docker-arg-gcr: <<: *git-tag-semver scanArgs: @@ -161,7 +162,7 @@ sourceArgs: url: "https://github.com/sigstore/cosign.git"; filter: - expr: '^v?2\.\d+\.\d+$' # pin to v2 pending cosign-installer upgrade + expr: '^v?3\.\d+\.\d+$' # pin to v3, v4 will remove support for older clients gha-golang-matrix: <<: *registry-tag-semver key: "golang-matrix" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/CONTRIBUTING.md new/regclient-0.11.0/CONTRIBUTING.md --- old/regclient-0.10.0/CONTRIBUTING.md 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/CONTRIBUTING.md 2025-12-01 20:38:07.000000000 +0100 @@ -6,7 +6,7 @@ ## Reporting other issues -Please search for similar issues and if none are seen, report an issue at [github.com/regclient/regclient/issues](https://github.com/regclient/regclient/issues) +Please search for similar issues and if none are seen, report an issue at [github.com/regclient/regclient/issues](https://github.com/regclient/regclient/issues). ## Code style @@ -18,6 +18,12 @@ - Unit tests are strongly encouraged with a focus on test coverage of the successful path and common errors. - Linters and other style formatting tools are used, please run `make all` before committing any changes. +## LLM Policy + +This project expects all contributions to be developed by a human or created with a reproducible tool. +Developers using an AI/LLM tool to generate their contribution are expected to fully understand the entire contribution and the logic behind its design. +Contributions that appear to have been generated by an AI/LLM without a human review may result in a ban from future contributions to the project. + ## Pull requests PRs are welcome following the below guides: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/Makefile new/regclient-0.11.0/Makefile --- old/regclient-0.10.0/Makefile 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/Makefile 2025-12-01 20:38:07.000000000 +0100 @@ -1,9 +1,9 @@ COMMANDS?=regctl regsync regbot BINARIES?=$(addprefix bin/,$(COMMANDS)) IMAGES?=$(addprefix docker-,$(COMMANDS)) -ARTIFACT_PLATFORMS?=linux-amd64 linux-arm64 linux-ppc64le linux-s390x darwin-amd64 darwin-arm64 windows-amd64.exe +ARTIFACT_PLATFORMS?=linux-amd64 linux-arm64 linux-ppc64le linux-s390x linux-riscv64 darwin-amd64 darwin-arm64 windows-amd64.exe freebsd-amd64 ARTIFACTS?=$(foreach cmd,$(addprefix artifacts/,$(COMMANDS)),$(addprefix $(cmd)-,$(ARTIFACT_PLATFORMS))) -TEST_PLATFORMS?=linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x +IMAGE_PLATFORMS?=linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x,linux/riscv64 VCS_REPO?="https://github.com/regclient/regclient.git"; VCS_REF?=$(shell git rev-list -1 HEAD) ifneq ($(shell git status --porcelain 2>/dev/null),) @@ -35,16 +35,16 @@ -u "$(shell id -u):$(shell id -g)" \ $(VER_BUMP_CONTAINER) endif -MARKDOWN_LINT_VER?=v0.18.1 +MARKDOWN_LINT_VER?=v0.19.1 GOFUMPT_VER?=v0.9.2 GOMAJOR_VER?=v0.15.0 GOSEC_VER?=v2.22.10 GO_VULNCHECK_VER?=v1.1.4 -OSV_SCANNER_VER?=v2.2.4 +OSV_SCANNER_VER?=v2.3.0 SYFT?=$(shell command -v syft 2>/dev/null) SYFT_CMD_VER:=$(shell [ -x "$(SYFT)" ] && echo "v$$($(SYFT) version | awk '/^Version: / {print $$2}')" || echo "0") -SYFT_VERSION?=v1.37.0 -SYFT_CONTAINER?=anchore/syft:v1.37.0@sha256:48d679480c6d272c1801cf30460556959c01d4826795be31d4fd8b53750b7d91 +SYFT_VERSION?=v1.38.0 +SYFT_CONTAINER?=anchore/syft:v1.38.0@sha256:825cad3a952c87676a6d07e9a3bb05ac9c401d598360070e970aa46d54c1727e ifneq "$(SYFT_CMD_VER)" "$(SYFT_VERSION)" SYFT=docker run --rm \ -v "$(shell pwd)/:$(shell pwd)/" -w "$(shell pwd)" \ @@ -53,7 +53,7 @@ endif STATICCHECK_VER?=v0.6.1 CI_DISTRIBUTION_VER?=3.0.0 -CI_ZOT_VER?=v2.1.10 +CI_ZOT_VER?=v2.1.11 .PHONY: .FORCE .FORCE: @@ -137,15 +137,15 @@ oci-image: $(addprefix oci-image-,$(COMMANDS)) ## Build reproducible images to an OCI Layout oci-image-%: bin/regctl .FORCE - PATH="$(PWD)/bin:$(PATH)" build/oci-image.sh -r scratch -i "$*" -p "$(TEST_PLATFORMS)" - PATH="$(PWD)/bin:$(PATH)" build/oci-image.sh -r alpine -i "$*" -p "$(TEST_PLATFORMS)" -b "alpine:3" + PATH="$(PWD)/bin:$(PATH)" build/oci-image.sh -r scratch -i "$*" -p "$(IMAGE_PLATFORMS)" + PATH="$(PWD)/bin:$(PATH)" build/oci-image.sh -r alpine -i "$*" -p "$(IMAGE_PLATFORMS)" -b "alpine:3" .PHONY: test-docker test-docker: $(addprefix test-docker-,$(COMMANDS)) ## Build multi-platform docker images (but do not tag) test-docker-%: - docker buildx build --platform="$(TEST_PLATFORMS)" -f build/Dockerfile.$*.buildkit . - docker buildx build --platform="$(TEST_PLATFORMS)" -f build/Dockerfile.$*.buildkit --target release-alpine . + docker buildx build --platform="$(IMAGE_PLATFORMS)" -f build/Dockerfile.$*.buildkit . + docker buildx build --platform="$(IMAGE_PLATFORMS)" -f build/Dockerfile.$*.buildkit --target release-alpine . .PHONY: ci ci: ci-distribution ci-zot ## Run CI tests against self hosted registries diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/build/Dockerfile.regbot new/regclient-0.11.0/build/Dockerfile.regbot --- old/regclient-0.10.0/build/Dockerfile.regbot 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/build/Dockerfile.regbot 2025-12-01 20:38:07.000000000 +0100 @@ -1,7 +1,7 @@ ARG REGISTRY=docker.io ARG ALPINE_VER=3.22.2@sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412 ARG GO_VER=1.25.4-alpine@sha256:d3f0cf7723f3429e3f9ed846243970b20a2de7bae6a5b66fc5914e228d831bbb -ARG ECR_HELPER_VER=v0.10.1 +ARG ECR_HELPER_VER=v0.11.0 ARG GCR_HELPER_VER=v2.1.30 ARG LUNAJSON_COMMIT=3d10600874527d71519b33ecbb314eb93ccd1df6 ARG SEMVER_COMMIT=a4b708ba243208d46e575da870af969dca46a94d @@ -9,20 +9,21 @@ FROM ${REGISTRY}/library/golang:${GO_VER} AS golang RUN apk add --no-cache \ - ca-certificates \ git \ make WORKDIR /src FROM golang AS build -RUN addgroup -g 1000 appuser \ - && adduser -u 1000 -G appuser -D appuser \ - && mkdir -p /home/appuser/.docker \ - && chown -R appuser /home/appuser COPY go.* /src/ RUN go mod download COPY . /src/ RUN make bin/regbot + +FROM build AS debug +RUN addgroup -g 1000 appuser \ + && adduser -u 1000 -G appuser -D appuser \ + && mkdir -p /home/appuser/.docker \ + && chown -R appuser /home/appuser USER appuser CMD [ "/src/bin/regbot" ] @@ -61,9 +62,12 @@ && ln -s lunajson.lua json.lua \ && SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH:-$(date +%s)}" sh -c 'find . -exec touch --date="@${SOURCE_DATE_EPOCH}" {} \;' -FROM build AS release-base -USER root -RUN mkdir -p /output/etc/ssl/certs/ /output/home /output/tmp /output/usr/local/bin \ +FROM ${REGISTRY}/library/alpine:${ALPINE_VER} AS release-base +RUN addgroup -g 1000 appuser \ + && adduser -u 1000 -G appuser -D appuser \ + && mkdir -p /home/appuser/.docker \ + && chown -R appuser /home/appuser \ + && mkdir -p /output/etc/ssl/certs/ /output/home /output/tmp /output/usr/local/bin \ && cp -a /etc/passwd /etc/group /output/etc/ \ && cp -a /etc/ssl/certs/ca-certificates.crt /output/etc/ssl/certs/ \ && cp -a /home/appuser /output/home/ \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/build/Dockerfile.regbot.buildkit new/regclient-0.11.0/build/Dockerfile.regbot.buildkit --- old/regclient-0.10.0/build/Dockerfile.regbot.buildkit 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/build/Dockerfile.regbot.buildkit 2025-12-01 20:38:07.000000000 +0100 @@ -3,7 +3,7 @@ ARG REGISTRY=docker.io ARG ALPINE_VER=3.22.2@sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412 ARG GO_VER=1.25.4-alpine@sha256:d3f0cf7723f3429e3f9ed846243970b20a2de7bae6a5b66fc5914e228d831bbb -ARG ECR_HELPER_VER=v0.10.1 +ARG ECR_HELPER_VER=v0.11.0 ARG GCR_HELPER_VER=v2.1.30 ARG LUNAJSON_COMMIT=3d10600874527d71519b33ecbb314eb93ccd1df6 ARG SEMVER_COMMIT=a4b708ba243208d46e575da870af969dca46a94d @@ -11,16 +11,11 @@ FROM --platform=$BUILDPLATFORM ${REGISTRY}/library/golang:${GO_VER} AS golang RUN apk add --no-cache \ - ca-certificates \ git \ make WORKDIR /src FROM --platform=$BUILDPLATFORM golang AS build -RUN addgroup -g 1000 appuser \ - && adduser -u 1000 -G appuser -D appuser \ - && mkdir -p /home/appuser/.docker \ - && chown -R appuser /home/appuser COPY go.* /src/ ARG TARGETOS ARG TARGETARCH @@ -33,6 +28,12 @@ --mount=type=cache,id=goroot,target=/root/.cache/go-build \ GOOS=${TARGETOS} GOARCH=${TARGETARCH} \ make bin/regbot + +FROM --platform=$BUILDPLATFORM build AS debug +RUN addgroup -g 1000 appuser \ + && adduser -u 1000 -G appuser -D appuser \ + && mkdir -p /home/appuser/.docker \ + && chown -R appuser /home/appuser USER appuser CMD [ "bin/regbot" ] @@ -79,9 +80,12 @@ && ln -s lunajson.lua json.lua \ && SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH:-$(date +%s)}" sh -c 'find . -exec touch --date="@${SOURCE_DATE_EPOCH}" {} \;' -FROM --platform=$BUILDPLATFORM build AS release-base -USER root -RUN mkdir -p /output/etc/ssl/certs/ /output/home /output/tmp /output/usr/local/bin \ +FROM --platform=$BUILDPLATFORM ${REGISTRY}/library/alpine:${ALPINE_VER} AS release-base +RUN addgroup -g 1000 appuser \ + && adduser -u 1000 -G appuser -D appuser \ + && mkdir -p /home/appuser/.docker \ + && chown -R appuser /home/appuser \ + && mkdir -p /output/etc/ssl/certs/ /output/home /output/tmp /output/usr/local/bin \ && cp -a /etc/passwd /etc/group /output/etc/ \ && cp -a /etc/ssl/certs/ca-certificates.crt /output/etc/ssl/certs/ \ && cp -a /home/appuser /output/home/ \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/build/Dockerfile.regctl new/regclient-0.11.0/build/Dockerfile.regctl --- old/regclient-0.10.0/build/Dockerfile.regctl 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/build/Dockerfile.regctl 2025-12-01 20:38:07.000000000 +0100 @@ -1,26 +1,27 @@ ARG REGISTRY=docker.io ARG ALPINE_VER=3.22.2@sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412 ARG GO_VER=1.25.4-alpine@sha256:d3f0cf7723f3429e3f9ed846243970b20a2de7bae6a5b66fc5914e228d831bbb -ARG ECR_HELPER_VER=v0.10.1 +ARG ECR_HELPER_VER=v0.11.0 ARG GCR_HELPER_VER=v2.1.30 ARG VCS_VERSION=(devel) FROM ${REGISTRY}/library/golang:${GO_VER} AS golang RUN apk add --no-cache \ - ca-certificates \ git \ make WORKDIR /src FROM golang AS build -RUN addgroup -g 1000 appuser \ - && adduser -u 1000 -G appuser -D appuser \ - && mkdir -p /home/appuser/.regctl \ - && chown -R appuser /home/appuser/.regctl COPY go.* /src/ RUN go mod download COPY . /src/ RUN make bin/regctl + +FROM build AS debug +RUN addgroup -g 1000 appuser \ + && adduser -u 1000 -G appuser -D appuser \ + && mkdir -p /home/appuser/.docker /home/appuser/.regctl \ + && chown -R appuser /home/appuser/ USER appuser CMD [ "bin/regctl" ] @@ -42,9 +43,12 @@ && ( cp "${GOPATH}/bin/docker-credential-gcr" /usr/local/bin/docker-credential-gcr \ || cp "${GOPATH}/bin/${TARGETOS}_${TARGETARCH}/docker-credential-gcr" /usr/local/bin/docker-credential-gcr ) -FROM build AS release-base -USER root -RUN mkdir -p /output/etc/ssl/certs/ /output/home /output/tmp /output/usr/local/bin \ +FROM ${REGISTRY}/library/alpine:${ALPINE_VER} AS release-base +RUN addgroup -g 1000 appuser \ + && adduser -u 1000 -G appuser -D appuser \ + && mkdir -p /home/appuser/.docker /home/appuser/.regctl \ + && chown -R appuser /home/appuser/ \ + && mkdir -p /output/etc/ssl/certs/ /output/home /output/tmp /output/usr/local/bin \ && cp -a /etc/passwd /etc/group /output/etc/ \ && cp -a /etc/ssl/certs/ca-certificates.crt /output/etc/ssl/certs/ \ && cp -a /home/appuser /output/home/ \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/build/Dockerfile.regctl.buildkit new/regclient-0.11.0/build/Dockerfile.regctl.buildkit --- old/regclient-0.10.0/build/Dockerfile.regctl.buildkit 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/build/Dockerfile.regctl.buildkit 2025-12-01 20:38:07.000000000 +0100 @@ -3,22 +3,17 @@ ARG REGISTRY=docker.io ARG ALPINE_VER=3.22.2@sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412 ARG GO_VER=1.25.4-alpine@sha256:d3f0cf7723f3429e3f9ed846243970b20a2de7bae6a5b66fc5914e228d831bbb -ARG ECR_HELPER_VER=v0.10.1 +ARG ECR_HELPER_VER=v0.11.0 ARG GCR_HELPER_VER=v2.1.30 ARG VCS_VERSION=(devel) FROM --platform=$BUILDPLATFORM ${REGISTRY}/library/golang:${GO_VER} AS golang RUN apk add --no-cache \ - ca-certificates \ git \ make WORKDIR /src FROM --platform=$BUILDPLATFORM golang AS build -RUN addgroup -g 1000 appuser \ - && adduser -u 1000 -G appuser -D appuser \ - && mkdir -p /home/appuser/.regctl \ - && chown -R appuser /home/appuser/.regctl COPY go.* /src/ ARG TARGETOS ARG TARGETARCH @@ -31,6 +26,12 @@ --mount=type=cache,id=goroot,target=/root/.cache/go-build \ GOOS=${TARGETOS} GOARCH=${TARGETARCH} \ make bin/regctl + +FROM --platform=$BUILDPLATFORM build AS debug +RUN addgroup -g 1000 appuser \ + && adduser -u 1000 -G appuser -D appuser \ + && mkdir -p /home/appuser/.docker /home/appuser/.regctl \ + && chown -R appuser /home/appuser USER appuser CMD [ "bin/regctl" ] @@ -60,9 +61,12 @@ && ( cp "${GOPATH}/bin/docker-credential-gcr" /usr/local/bin/docker-credential-gcr \ || cp "${GOPATH}/bin/${TARGETOS}_${TARGETARCH}/docker-credential-gcr" /usr/local/bin/docker-credential-gcr ) -FROM --platform=$BUILDPLATFORM build AS release-base -USER root -RUN mkdir -p /output/etc/ssl/certs/ /output/home /output/tmp /output/usr/local/bin \ +FROM --platform=$BUILDPLATFORM ${REGISTRY}/library/alpine:${ALPINE_VER} AS release-base +RUN addgroup -g 1000 appuser \ + && adduser -u 1000 -G appuser -D appuser \ + && mkdir -p /home/appuser/.docker /home/appuser/.regctl \ + && chown -R appuser /home/appuser \ + && mkdir -p /output/etc/ssl/certs/ /output/home /output/tmp /output/usr/local/bin \ && cp -a /etc/passwd /etc/group /output/etc/ \ && cp -a /etc/ssl/certs/ca-certificates.crt /output/etc/ssl/certs/ \ && cp -a /home/appuser /output/home/ \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/build/Dockerfile.regsync new/regclient-0.11.0/build/Dockerfile.regsync --- old/regclient-0.10.0/build/Dockerfile.regsync 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/build/Dockerfile.regsync 2025-12-01 20:38:07.000000000 +0100 @@ -1,26 +1,27 @@ ARG REGISTRY=docker.io ARG ALPINE_VER=3.22.2@sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412 ARG GO_VER=1.25.4-alpine@sha256:d3f0cf7723f3429e3f9ed846243970b20a2de7bae6a5b66fc5914e228d831bbb -ARG ECR_HELPER_VER=v0.10.1 +ARG ECR_HELPER_VER=v0.11.0 ARG GCR_HELPER_VER=v2.1.30 ARG VCS_VERSION=(devel) FROM ${REGISTRY}/library/golang:${GO_VER} AS golang RUN apk add --no-cache \ - ca-certificates \ git \ make WORKDIR /src FROM golang AS build -RUN addgroup -g 1000 appuser \ - && adduser -u 1000 -G appuser -D appuser \ - && mkdir -p /home/appuser/.docker \ - && chown -R appuser /home/appuser COPY go.* /src/ RUN go mod download COPY . /src/ RUN make bin/regsync + +FROM build AS debug +RUN addgroup -g 1000 appuser \ + && adduser -u 1000 -G appuser -D appuser \ + && mkdir -p /home/appuser/.docker \ + && chown -R appuser /home/appuser USER appuser CMD [ "bin/regsync" ] @@ -42,9 +43,12 @@ && ( cp "${GOPATH}/bin/docker-credential-gcr" /usr/local/bin/docker-credential-gcr \ || cp "${GOPATH}/bin/${TARGETOS}_${TARGETARCH}/docker-credential-gcr" /usr/local/bin/docker-credential-gcr ) -FROM build AS release-base -USER root -RUN mkdir -p /output/etc/ssl/certs/ /output/home /output/tmp /output/usr/local/bin \ +FROM ${REGISTRY}/library/alpine:${ALPINE_VER} AS release-base +RUN addgroup -g 1000 appuser \ + && adduser -u 1000 -G appuser -D appuser \ + && mkdir -p /home/appuser/.docker \ + && chown -R appuser /home/appuser \ + && mkdir -p /output/etc/ssl/certs/ /output/home /output/tmp /output/usr/local/bin \ && cp -a /etc/passwd /etc/group /output/etc/ \ && cp -a /etc/ssl/certs/ca-certificates.crt /output/etc/ssl/certs/ \ && cp -a /home/appuser /output/home/ \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/build/Dockerfile.regsync.buildkit new/regclient-0.11.0/build/Dockerfile.regsync.buildkit --- old/regclient-0.10.0/build/Dockerfile.regsync.buildkit 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/build/Dockerfile.regsync.buildkit 2025-12-01 20:38:07.000000000 +0100 @@ -3,22 +3,17 @@ ARG REGISTRY=docker.io ARG ALPINE_VER=3.22.2@sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412 ARG GO_VER=1.25.4-alpine@sha256:d3f0cf7723f3429e3f9ed846243970b20a2de7bae6a5b66fc5914e228d831bbb -ARG ECR_HELPER_VER=v0.10.1 +ARG ECR_HELPER_VER=v0.11.0 ARG GCR_HELPER_VER=v2.1.30 ARG VCS_VERSION=(devel) FROM --platform=$BUILDPLATFORM ${REGISTRY}/library/golang:${GO_VER} AS golang RUN apk add --no-cache \ - ca-certificates \ git \ make WORKDIR /src FROM --platform=$BUILDPLATFORM golang AS build -RUN addgroup -g 1000 appuser \ - && adduser -u 1000 -G appuser -D appuser \ - && mkdir -p /home/appuser/.docker \ - && chown -R appuser /home/appuser COPY go.* /src/ ARG TARGETOS ARG TARGETARCH @@ -31,6 +26,12 @@ --mount=type=cache,id=goroot,target=/root/.cache/go-build \ GOOS=${TARGETOS} GOARCH=${TARGETARCH} \ make bin/regsync + +FROM --platform=$BUILDPLATFORM build AS debug +RUN addgroup -g 1000 appuser \ + && adduser -u 1000 -G appuser -D appuser \ + && mkdir -p /home/appuser/.docker \ + && chown -R appuser /home/appuser USER appuser CMD [ "bin/regsync" ] @@ -60,9 +61,12 @@ && ( cp "${GOPATH}/bin/docker-credential-gcr" /usr/local/bin/docker-credential-gcr \ || cp "${GOPATH}/bin/${TARGETOS}_${TARGETARCH}/docker-credential-gcr" /usr/local/bin/docker-credential-gcr ) -FROM --platform=$BUILDPLATFORM build AS release-base -USER root -RUN mkdir -p /output/etc/ssl/certs/ /output/home /output/tmp /output/usr/local/bin \ +FROM --platform=$BUILDPLATFORM ${REGISTRY}/library/alpine:${ALPINE_VER} AS release-base +RUN addgroup -g 1000 appuser \ + && adduser -u 1000 -G appuser -D appuser \ + && mkdir -p /home/appuser/.docker \ + && chown -R appuser /home/appuser \ + && mkdir -p /output/etc/ssl/certs/ /output/home /output/tmp /output/usr/local/bin \ && cp -a /etc/passwd /etc/group /output/etc/ \ && cp -a /etc/ssl/certs/ca-certificates.crt /output/etc/ssl/certs/ \ && cp -a /home/appuser /output/home/ \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/build/oci-image.sh new/regclient-0.11.0/build/oci-image.sh --- old/regclient-0.10.0/build/oci-image.sh 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/build/oci-image.sh 2025-12-01 20:38:07.000000000 +0100 @@ -2,7 +2,7 @@ set -e image="regctl" -platforms="linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x" +platforms="linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x,linux/riscv64" base_name="" release="scratch" push_tags="" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/cmd/regctl/completion.go new/regclient-0.11.0/cmd/regctl/completion.go --- old/regclient-0.10.0/cmd/regctl/completion.go 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/cmd/regctl/completion.go 2025-12-01 20:38:07.000000000 +0100 @@ -33,11 +33,11 @@ func completeArgPlatform(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { return []string{ - "local", "linux", "windows", + "local", "linux", "windows", "freebsd", "linux/amd64", "linux/386", "linux/arm/v5", "linux/arm/v6", "linux/arm/v7", "linux/arm64", "linux/mips64le", "linux/ppc64le", "linux/riscv64", "linux/s390x", - "windows/amd64", + "windows/amd64", "freebsd/amd64", }, cobra.ShellCompDirectiveNoFileComp } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/go.mod new/regclient-0.11.0/go.mod --- old/regclient-0.10.0/go.mod 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/go.mod 2025-12-01 20:38:07.000000000 +0100 @@ -4,8 +4,8 @@ require ( github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 - github.com/goccy/go-yaml v1.18.0 - github.com/klauspost/compress v1.18.1 + github.com/goccy/go-yaml v1.19.0 + github.com/klauspost/compress v1.18.2 github.com/olareg/olareg v0.1.2 github.com/opencontainers/go-digest v1.0.0 github.com/robfig/cron/v3 v3.0.1 @@ -14,7 +14,7 @@ github.com/ulikunitz/xz v0.5.15 github.com/yuin/gopher-lua v1.1.1 golang.org/x/sys v0.38.0 - golang.org/x/term v0.36.0 + golang.org/x/term v0.37.0 ) require ( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/go.sum new/regclient-0.11.0/go.sum --- old/regclient-0.10.0/go.sum 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/go.sum 2025-12-01 20:38:07.000000000 +0100 @@ -4,12 +4,12 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 h1:UhxFibDNY/bfvqU5CAUmr9zpesgbU6SWc8/B4mflAE4= github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE= -github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw= -github.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= +github.com/goccy/go-yaml v1.19.0 h1:EmkZ9RIsX+Uq4DYFowegAuJo8+xdX3T/2dwNPXbxEYE= +github.com/goccy/go-yaml v1.19.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/klauspost/compress v1.18.1 h1:bcSGx7UbpBqMChDtsF28Lw6v/G94LPrrbMbdC3JH2co= -github.com/klauspost/compress v1.18.1/go.mod h1:ZQFFVG+MdnR0P+l6wpXgIL4NTtwiKIdBnrBd8Nrxr+0= +github.com/klauspost/compress v1.18.2 h1:iiPHWW0YrcFgpBYhsA6D1+fqHssJscY/Tm/y2Uqnapk= +github.com/klauspost/compress v1.18.2/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4= github.com/olareg/olareg v0.1.2 h1:75G8X6E9FUlzL/CSjgFcYfMgNzlc7CxULpUUNsZBIvI= github.com/olareg/olareg v0.1.2/go.mod h1:TWs+N6pO1S4bdB6eerzUm/ITRQ6kw91mVf9ZYeGtw+Y= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= @@ -36,8 +36,8 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= -golang.org/x/term v0.36.0 h1:zMPR+aF8gfksFprF/Nc/rd1wRS1EI6nDBGyWAvDzx2Q= -golang.org/x/term v0.36.0/go.mod h1:Qu394IJq6V6dCBRgwqshf3mPF85AqzYEzofzRdZkWss= +golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU= +golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/release.md new/regclient-0.11.0/release.md --- old/regclient-0.10.0/release.md 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/release.md 2025-12-01 20:38:07.000000000 +0100 @@ -1,46 +1,30 @@ -# Release v0.10.0 +# Release v0.11.0 Features: -- Feat: Support DOCKER_AUTH_CONFIG variable. ([PR 996][pr-996]) -- Feat: Add regctl repo copy. ([PR 997][pr-997]) -- Feat: regsync support for semantic versioning(semver) for matching tags ([PR 1005][pr-1005]) -- Feat: Add `tagSets` to regsync. ([PR 1008][pr-1008]) - -Changes: - -- Chore: Add go:fix lines to deprecated code. ([PR 994][pr-994]) -- Chore: Add gofumpt to the build. ([PR 995][pr-995]) -- Chore: Remove the unused bps field. ([PR 998][pr-998]) -- Fix: Handle semver compare of numeric prerelease ([PR 1007][pr-1007]) - -Security: - -- CVE-2025-58187: Fixed with Go upgrade (<https://osv.dev/GO-2025-4007>). -- CVE-2025-58189: Fixed with Go upgrade (<https://osv.dev/GO-2025-4008>). -- CVE-2025-61723: Fixed with Go upgrade (<https://osv.dev/GO-2025-4009>). -- CVE-2025-47912: Fixed with Go upgrade (<https://osv.dev/GO-2025-4010>). -- CVE-2025-58185: Fixed with Go upgrade (<https://osv.dev/GO-2025-4011>). -- CVE-2025-58186: Fixed with Go upgrade (<https://osv.dev/GO-2025-4012>). -- CVE-2025-58188: Fixed with Go upgrade (<https://osv.dev/GO-2025-4013>). -- CVE-2025-58183: Fixed with Go upgrade (<https://osv.dev/GO-2025-4014>). -- CVE-2025-9230: Fixed with Alpine image upgrade. -- CVE-2025-9230: Fixed with Alpine image upgrade. -- CVE-2025-9232: Fixed with Alpine image upgrade. -- CVE-2025-9232: Fixed with Alpine image upgrade. -- CVE-2025-9231: Fixed with Alpine image upgrade. -- CVE-2025-9231: Fixed with Alpine image upgrade. +- Build artifacts for riscv64. ([PR 1011][pr-1011]) +- Generate FreeBSD amd64 binaries. ([PR 1013][pr-1013]) +- Add support for cosign v3 bundles. ([PR 1018][pr-1018]) + +Fixes: + +- Fix ECR Helper version pin. ([PR 1017][pr-1017]) +- Fix the cosign use-signing-config flag. ([PR 1019][pr-1019]) +- Improve reproducibility in Dockerfiles. ([PR 1020][pr-1020]) + +Other Changes: + +- Add a policy for LLM generated contributions. ([PR 1016][pr-1016]) Contributors: -- @daimoniac +- @ffgan - @sudo-bmitch -[pr-994]: https://github.com/regclient/regclient/pull/994 -[pr-995]: https://github.com/regclient/regclient/pull/995 -[pr-996]: https://github.com/regclient/regclient/pull/996 -[pr-997]: https://github.com/regclient/regclient/pull/997 -[pr-998]: https://github.com/regclient/regclient/pull/998 -[pr-1005]: https://github.com/regclient/regclient/pull/1005 -[pr-1007]: https://github.com/regclient/regclient/pull/1007 -[pr-1008]: https://github.com/regclient/regclient/pull/1008 +[pr-1011]: https://github.com/regclient/regclient/pull/1011 +[pr-1013]: https://github.com/regclient/regclient/pull/1013 +[pr-1016]: https://github.com/regclient/regclient/pull/1016 +[pr-1017]: https://github.com/regclient/regclient/pull/1017 +[pr-1018]: https://github.com/regclient/regclient/pull/1018 +[pr-1019]: https://github.com/regclient/regclient/pull/1019 +[pr-1020]: https://github.com/regclient/regclient/pull/1020 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/types/platform/compare.go new/regclient-0.11.0/types/platform/compare.go --- old/regclient-0.10.0/types/platform/compare.go 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/types/platform/compare.go 2025-12-01 20:38:07.000000000 +0100 @@ -77,7 +77,7 @@ // This accounts for Docker Desktop for Mac and Windows using a Linux VM. func (c *compare) Compatible(target Platform) bool { (&target).normalize() - if c.host.OS == "linux" { + if c.host.OS == "linux" || c.host.OS == "freebsd" { return c.host.OS == target.OS && c.host.Architecture == target.Architecture && variantCompatible(c.host.Variant, target.Variant) } else if c.host.OS == "windows" { @@ -109,7 +109,7 @@ if c.host.OS != target.OS { return false } - if c.host.OS == "linux" { + if c.host.OS == "linux" || c.host.OS == "freebsd" { return c.host.Architecture == target.Architecture && c.host.Variant == target.Variant } else if c.host.OS == "windows" { return c.host.Architecture == target.Architecture && c.host.Variant == target.Variant && diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/regclient-0.10.0/types/platform/compare_test.go new/regclient-0.11.0/types/platform/compare_test.go --- old/regclient-0.10.0/types/platform/compare_test.go 2025-11-09 21:27:16.000000000 +0100 +++ new/regclient-0.11.0/types/platform/compare_test.go 2025-12-01 20:38:07.000000000 +0100 @@ -123,6 +123,31 @@ expectBetter: false, }, { + name: "freebsd host", + host: Platform{OS: "freebsd", Architecture: "amd64"}, + target: Platform{OS: "linux", Architecture: "amd64"}, + expectMatch: false, + expectCompat: false, + expectBetter: false, + }, + { + name: "freebsd match", + host: Platform{OS: "freebsd", Architecture: "amd64", Variant: "v2"}, + target: Platform{OS: "freebsd", Architecture: "amd64", Variant: "v2"}, + prev: Platform{OS: "freebsd", Architecture: "amd64"}, + expectMatch: true, + expectCompat: true, + expectBetter: true, + }, + { + name: "freebsd target", + host: Platform{OS: "linux", Architecture: "amd64"}, + target: Platform{OS: "freebsd", Architecture: "amd64"}, + expectMatch: false, + expectCompat: false, + expectBetter: false, + }, + { name: "windows compatible", host: Platform{OS: "windows", Architecture: "amd64"}, target: Platform{OS: "linux", Architecture: "amd64"}, ++++++ regclient.obsinfo ++++++ --- /var/tmp/diff_new_pack.WjNiAh/_old 2025-12-05 16:53:16.367946709 +0100 +++ /var/tmp/diff_new_pack.WjNiAh/_new 2025-12-05 16:53:16.371946876 +0100 @@ -1,5 +1,5 @@ name: regclient -version: 0.10.0 -mtime: 1762720036 -commit: c3de9bb7b04ad3cd96bb73bc0c72986b83572d12 +version: 0.11.0 +mtime: 1764617887 +commit: 9a4fd6b957345e2f625f0c18dfbea4db59fc2b23 ++++++ vendor.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor/github.com/goccy/go-yaml/ast/ast.go new/vendor/github.com/goccy/go-yaml/ast/ast.go --- old/vendor/github.com/goccy/go-yaml/ast/ast.go 2025-11-09 21:27:16.000000000 +0100 +++ new/vendor/github.com/goccy/go-yaml/ast/ast.go 2025-12-01 20:38:07.000000000 +0100 @@ -1450,16 +1450,25 @@ } return fmt.Sprintf("%s%s: %s", space, n.Key.String(), value) } else if keyIndentLevel < valueIndentLevel && !n.IsFlowStyle { + valueStr := n.Value.String() + // For flow-style values indented on the next line, we need to add the proper indentation + if m, ok := n.Value.(*MappingNode); ok && m.IsFlowStyle { + valueIndent := strings.Repeat(" ", n.Value.GetToken().Position.Column-1) + valueStr = valueIndent + valueStr + } else if s, ok := n.Value.(*SequenceNode); ok && s.IsFlowStyle { + valueIndent := strings.Repeat(" ", n.Value.GetToken().Position.Column-1) + valueStr = valueIndent + valueStr + } if keyComment != nil { return fmt.Sprintf( "%s%s: %s\n%s", space, n.Key.stringWithoutComment(), keyComment.String(), - n.Value.String(), + valueStr, ) } - return fmt.Sprintf("%s%s:\n%s", space, n.Key.String(), n.Value.String()) + return fmt.Sprintf("%s%s:\n%s", space, n.Key.String(), valueStr) } else if m, ok := n.Value.(*MappingNode); ok && (m.IsFlowStyle || len(m.Values) == 0) { return fmt.Sprintf("%s%s: %s", space, n.Key.String(), n.Value.String()) } else if s, ok := n.Value.(*SequenceNode); ok && (s.IsFlowStyle || len(s.Values) == 0) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor/github.com/goccy/go-yaml/decode.go new/vendor/github.com/goccy/go-yaml/decode.go --- old/vendor/github.com/goccy/go-yaml/decode.go 2025-11-09 21:27:16.000000000 +0100 +++ new/vendor/github.com/goccy/go-yaml/decode.go 2025-12-01 20:38:07.000000000 +0100 @@ -40,6 +40,7 @@ isResolvedReference bool validator StructValidator disallowUnknownField bool + allowedFieldPrefixes []string allowDuplicateMapKey bool useOrderedMap bool useJSONUnmarshaler bool @@ -1446,12 +1447,21 @@ // Unknown fields are expected (they could be fields from the parent struct). if len(unknownFields) != 0 && d.disallowUnknownField && src.GetToken() != nil { for key, node := range unknownFields { - return errors.ErrUnknownField(fmt.Sprintf(`unknown field "%s"`, key), node.GetToken()) + var ok bool + for _, prefix := range d.allowedFieldPrefixes { + if strings.HasPrefix(key, prefix) { + ok = true + break + } + } + if !ok { + return errors.ErrUnknownField(fmt.Sprintf(`unknown field "%s"`, key), node.GetToken()) + } } } if d.validator != nil { - if err := d.validator.Struct(dst.Addr().Interface()); err != nil { + if err := d.validator.Struct(dst.Interface()); err != nil { ev := reflect.ValueOf(err) if ev.Type().Kind() == reflect.Slice { for i := 0; i < ev.Len(); i++ { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor/github.com/goccy/go-yaml/encode.go new/vendor/github.com/goccy/go-yaml/encode.go --- old/vendor/github.com/goccy/go-yaml/encode.go 2025-11-09 21:27:16.000000000 +0100 +++ new/vendor/github.com/goccy/go-yaml/encode.go 2025-12-01 20:38:07.000000000 +0100 @@ -712,9 +712,15 @@ anchorNode.Value = encoded encoded = anchorNode } + + kn, err := e.encodeValue(ctx, reflect.ValueOf(key), column) + keyNode, ok := kn.(ast.MapKeyNode) + if !ok || err != nil { + keyNode = e.encodeString(fmt.Sprint(key), column) + } node.Values = append(node.Values, ast.MappingValue( nil, - e.encodeString(keyText, column), + keyNode, encoded, )) e.setSmartAnchor(vRef, keyText) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor/github.com/goccy/go-yaml/option.go new/vendor/github.com/goccy/go-yaml/option.go --- old/vendor/github.com/goccy/go-yaml/option.go 2025-11-09 21:27:16.000000000 +0100 +++ new/vendor/github.com/goccy/go-yaml/option.go 2025-12-01 20:38:07.000000000 +0100 @@ -69,6 +69,15 @@ } } +// AllowFieldPrefixes, when paired with [DisallowUnknownField], allows fields +// with the specified prefixes to bypass the unknown field check. +func AllowFieldPrefixes(prefixes ...string) DecodeOption { + return func(d *Decoder) error { + d.allowedFieldPrefixes = append(d.allowedFieldPrefixes, prefixes...) + return nil + } +} + // AllowDuplicateMapKey ignore syntax error when mapping keys that are duplicates. func AllowDuplicateMapKey() DecodeOption { return func(d *Decoder) error { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor/github.com/goccy/go-yaml/path.go new/vendor/github.com/goccy/go-yaml/path.go --- old/vendor/github.com/goccy/go-yaml/path.go 2025-11-09 21:27:16.000000000 +0100 +++ new/vendor/github.com/goccy/go-yaml/path.go 2025-12-01 20:38:07.000000000 +0100 @@ -258,6 +258,10 @@ // FilterFile filter from ast.File by YAMLPath. func (p *Path) FilterFile(f *ast.File) (ast.Node, error) { for _, doc := range f.Docs { + // For simplicity, directives cannot be the target of operations + if doc.Body != nil && doc.Body.Type() == ast.DirectiveType { + continue + } node, err := p.FilterNode(doc.Body) if err != nil { return nil, err @@ -352,6 +356,10 @@ // ReplaceNode replace ast.File with ast.Node. func (p *Path) ReplaceWithNode(dst *ast.File, node ast.Node) error { for _, doc := range dst.Docs { + // For simplicity, directives cannot be the target of operations + if doc.Body != nil && doc.Body.Type() == ast.DirectiveType { + continue + } if node.Type() == ast.DocumentType { node = node.(*ast.DocumentNode).Body } @@ -364,7 +372,7 @@ // AnnotateSource add annotation to passed source ( see section 5.1 in README.md ). func (p *Path) AnnotateSource(source []byte, colored bool) ([]byte, error) { - file, err := parser.ParseBytes([]byte(source), 0) + file, err := parser.ParseBytes(source, 0) if err != nil { return nil, err } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor/github.com/goccy/go-yaml/scanner/scanner.go new/vendor/github.com/goccy/go-yaml/scanner/scanner.go --- old/vendor/github.com/goccy/go-yaml/scanner/scanner.go 2025-11-09 21:27:16.000000000 +0100 +++ new/vendor/github.com/goccy/go-yaml/scanner/scanner.go 2025-12-01 20:38:07.000000000 +0100 @@ -777,6 +777,15 @@ func (s *Scanner) scanMultiLine(ctx *Context, c rune) error { state := ctx.getMultiLineState() ctx.addOriginBuf(c) + // normalize CR and CRLF to LF + if c == '\r' { + if ctx.nextChar() == '\n' { + ctx.addOriginBuf('\n') + s.progress(ctx, 1) + s.offset++ + } + c = '\n' + } if ctx.isEOS() { if s.isFirstCharAtLine && c == ' ' { state.addIndent(ctx, s.column) @@ -1148,14 +1157,25 @@ s.progress(ctx, 1) // skip '|' or '>' character var progress int + var crlf bool for idx, c := range ctx.src[ctx.idx:] { progress = idx ctx.addOriginBuf(c) if s.isNewLineChar(c) { + nextIdx := ctx.idx + idx + 1 + if c == '\r' && nextIdx < len(ctx.src) && ctx.src[nextIdx] == '\n' { + crlf = true + continue // process \n in the next iteration + } break } } - value := strings.TrimRight(ctx.source(ctx.idx, ctx.idx+progress), " ") + endPos := ctx.idx + progress + if crlf { + // Exclude \r + endPos = endPos - 1 + } + value := strings.TrimRight(ctx.source(ctx.idx, endPos), " ") commentValueIndex := strings.Index(value, "#") opt := value if commentValueIndex > 0 { @@ -1189,7 +1209,7 @@ ctx.setFolded(s.lastDelimColumn, opt) } if commentIndex > 0 { - comment := string(value[commentValueIndex+1:]) + comment := value[commentValueIndex+1:] s.offset += len(headerBuf) s.column += len(headerBuf) ctx.addToken(token.Comment(comment, string(ctx.obuf[len(headerBuf):]), s.pos())) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor/github.com/goccy/go-yaml/yaml.go new/vendor/github.com/goccy/go-yaml/yaml.go --- old/vendor/github.com/goccy/go-yaml/yaml.go 2025-11-09 21:27:16.000000000 +0100 +++ new/vendor/github.com/goccy/go-yaml/yaml.go 2025-12-01 20:38:07.000000000 +0100 @@ -324,3 +324,34 @@ return unmarshaler(ctx, v.(*T), b) } } + +// RawMessage is a raw encoded YAML value. It implements [BytesMarshaler] and +// [BytesUnmarshaler] and can be used to delay YAML decoding or precompute a YAML +// encoding. +// It also implements [json.Marshaler] and [json.Unmarshaler]. +// +// This is similar to [json.RawMessage] in the stdlib. +type RawMessage []byte + +func (m RawMessage) MarshalYAML() ([]byte, error) { + if m == nil { + return []byte("null"), nil + } + return m, nil +} + +func (m *RawMessage) UnmarshalYAML(dt []byte) error { + if m == nil { + return errors.New("yaml.RawMessage: UnmarshalYAML on nil pointer") + } + *m = append((*m)[0:0], dt...) + return nil +} + +func (m *RawMessage) UnmarshalJSON(b []byte) error { + return m.UnmarshalYAML(b) +} + +func (m RawMessage) MarshalJSON() ([]byte, error) { + return YAMLToJSON(m) +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor/github.com/klauspost/compress/README.md new/vendor/github.com/klauspost/compress/README.md --- old/vendor/github.com/klauspost/compress/README.md 2025-11-09 21:27:16.000000000 +0100 +++ new/vendor/github.com/klauspost/compress/README.md 2025-12-01 20:38:07.000000000 +0100 @@ -27,6 +27,16 @@ # changelog +* Oct 20, 2025 - [1.18.1](https://github.com/klauspost/compress/releases/tag/v1.18.1) + * zstd: Add simple zstd EncodeTo/DecodeTo functions https://github.com/klauspost/compress/pull/1079 + * zstd: Fix incorrect buffer size in dictionary encodes https://github.com/klauspost/compress/pull/1059 + * s2: check for cap, not len of buffer in EncodeBetter/Best by @vdarulis in https://github.com/klauspost/compress/pull/1080 + * zlib: Avoiding extra allocation in zlib.reader.Reset by @travelpolicy in https://github.com/klauspost/compress/pull/1086 + * gzhttp: remove redundant err check in zstdReader by @ryanfowler in https://github.com/klauspost/compress/pull/1090 + * flate: Faster load+store https://github.com/klauspost/compress/pull/1104 + * flate: Simplify matchlen https://github.com/klauspost/compress/pull/1101 + * flate: Use exact sizes for huffman tables https://github.com/klauspost/compress/pull/1103 + * Feb 19th, 2025 - [1.18.0](https://github.com/klauspost/compress/releases/tag/v1.18.0) * Add unsafe little endian loaders https://github.com/klauspost/compress/pull/1036 * fix: check `r.err != nil` but return a nil value error `err` by @alingse in https://github.com/klauspost/compress/pull/1028 @@ -36,6 +46,9 @@ * flate: Fix matchlen L5+L6 https://github.com/klauspost/compress/pull/1049 * flate: Cleanup & reduce casts https://github.com/klauspost/compress/pull/1050 +<details> + <summary>See changes to v1.17.x</summary> + * Oct 11th, 2024 - [1.17.11](https://github.com/klauspost/compress/releases/tag/v1.17.11) * zstd: Fix extra CRC written with multiple Close calls https://github.com/klauspost/compress/pull/1017 * s2: Don't use stack for index tables https://github.com/klauspost/compress/pull/1014 @@ -102,7 +115,8 @@ * s2: Do 2 overlapping match checks https://github.com/klauspost/compress/pull/839 * flate: Add amd64 assembly matchlen https://github.com/klauspost/compress/pull/837 * gzip: Copy bufio.Reader on Reset by @thatguystone in https://github.com/klauspost/compress/pull/860 - + +</details> <details> <summary>See changes to v1.16.x</summary> @@ -669,3 +683,4 @@ # license This code is licensed under the same conditions as the original Go code. See LICENSE file. + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor/golang.org/x/term/terminal.go new/vendor/golang.org/x/term/terminal.go --- old/vendor/golang.org/x/term/terminal.go 2025-11-09 21:27:16.000000000 +0100 +++ new/vendor/golang.org/x/term/terminal.go 2025-12-01 20:38:07.000000000 +0100 @@ -413,7 +413,7 @@ } } -// countToLeftWord returns then number of characters from the cursor to the +// countToLeftWord returns the number of characters from the cursor to the // start of the previous word. func (t *Terminal) countToLeftWord() int { if t.pos == 0 { @@ -438,7 +438,7 @@ return t.pos - pos } -// countToRightWord returns then number of characters from the cursor to the +// countToRightWord returns the number of characters from the cursor to the // start of the next word. func (t *Terminal) countToRightWord() int { pos := t.pos @@ -478,7 +478,7 @@ return length } -// histroryAt unlocks the terminal and relocks it while calling History.At. +// historyAt unlocks the terminal and relocks it while calling History.At. func (t *Terminal) historyAt(idx int) (string, bool) { t.lock.Unlock() // Unlock to avoid deadlock if History methods use the output writer. defer t.lock.Lock() // panic in At (or Len) protection. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor/modules.txt new/vendor/modules.txt --- old/vendor/modules.txt 2025-11-09 21:27:16.000000000 +0100 +++ new/vendor/modules.txt 2025-12-01 20:38:07.000000000 +0100 @@ -1,7 +1,7 @@ # github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 ## explicit github.com/docker/libtrust -# github.com/goccy/go-yaml v1.18.0 +# github.com/goccy/go-yaml v1.19.0 ## explicit; go 1.21.0 github.com/goccy/go-yaml github.com/goccy/go-yaml/ast @@ -15,7 +15,7 @@ # github.com/inconshreveable/mousetrap v1.1.0 ## explicit; go 1.18 github.com/inconshreveable/mousetrap -# github.com/klauspost/compress v1.18.1 +# github.com/klauspost/compress v1.18.2 ## explicit; go 1.23 github.com/klauspost/compress github.com/klauspost/compress/fse @@ -66,6 +66,6 @@ golang.org/x/sys/plan9 golang.org/x/sys/unix golang.org/x/sys/windows -# golang.org/x/term v0.36.0 +# golang.org/x/term v0.37.0 ## explicit; go 1.24.0 golang.org/x/term
