Xxc #1
Open
Xxc #1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Remove github actions job for pack-cli arch package
…=true Fixes https://github.com/buildpacks/pack-private/issues/22 Signed-off-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Natalie Arellano <narellano@vmware.com>
… unit tests Signed-off-by: Natalie Arellano <narellano@vmware.com>
Run build containers with updated settings
Use the untrusted flow when buildpacks are added to a trusted builder
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Ensure that the user has not requested to build an image with the same name as a builder of a lifecyle image. Signed-off-by: Aidan Delaney <adelaney21@bloomberg.net> Signed-off-by: Aidan Delaney <aidan.delaney@gmail.com> Signed-off-by: Aidan Delaney <adelaney21@bloomberg.net>
…emon Validate image name
Warn if NOT --pull-policy=always in container
Launch build containers in a separate ephemeral Docker bridge network
…ontainer Signed-off-by: Natalie Arellano <narellano@vmware.com>
When creating volume caches, incorporate "pack volume key" to avoid name collisions
Fixes from security review
Trust buildpacks provided when `--buildpack` is provided on the command line. Signed-off-by: Aidan Delaney <adelaney21@bloomberg.net>
Use the term "extra buildpacks" instead of "additional buildpacks" Signed-off-by: Aidan Delaney <adelaney21@bloomberg.net>
…ed repository. Signed-off-by: Hiroshi Hayakawa <hhiroshell@gmail.com>
…d repository. Signed-off-by: hhiroshell <hhiroshell@gmail.com>
Signed-off-by: hhiroshell <hhiroshell@gmail.com>
Signed-off-by: hhiroshell <hhiroshell@gmail.com>
Co-authored-by: Natalie Arellano <narellano@vmware.com> Signed-off-by: Hiroshi Hayakawa <hhiroshell@gmail.com>
Co-authored-by: Natalie Arellano <narellano@vmware.com> Signed-off-by: Hiroshi Hayakawa <hhiroshell@gmail.com>
Signed-off-by: Natalie Arellano <narellano@vmware.com>
…buildpacks Trust buildpacks in addition to those on the builder
--- updated-dependencies: - dependency-name: github.com/docker/cli dependency-version: 28.3.2+incompatible dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/docker/docker dependency-version: 28.3.2+incompatible dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: golang.org/x/crypto dependency-version: 0.40.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/mod dependency-version: 0.26.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/sync dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/sys dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/term dependency-version: 0.33.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/text dependency-version: 0.27.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the go-dependencies group with 3 updates: [github.com/docker/cli](https://github.com/docker/cli), [github.com/docker/docker](https://github.com/docker/docker) and [github.com/onsi/gomega](https://github.com/onsi/gomega). Updates `github.com/docker/cli` from 28.3.2+incompatible to 28.3.3+incompatible - [Commits](docker/cli@v28.3.2...v28.3.3) Updates `github.com/docker/docker` from 28.3.2+incompatible to 28.3.3+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v28.3.2...v28.3.3) Updates `github.com/onsi/gomega` from 1.37.0 to 1.38.0 - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.37.0...v1.38.0) --- updated-dependencies: - dependency-name: github.com/docker/cli dependency-version: 28.3.3+incompatible dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/docker/docker dependency-version: 28.3.3+incompatible dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/onsi/gomega dependency-version: 1.38.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update imgutil to improve containerd storage driver performance - Always try the fast path first (omitting base layers) regardless of storage type. This greatly speeds up creating ephemeral builders in pack when it saves to the daemon. - Added log lines around ephemeral builder creation to help show time spent. Signed-off-by: Jesse Brown <jabrown85@gmail.com> * fixup! Update imgutil to improve containerd storage driver performance Signed-off-by: Jesse Brown <jabrown85@gmail.com> --------- Signed-off-by: Jesse Brown <jabrown85@gmail.com>
Bumps the go-dependencies group with 6 updates: | Package | From | To | | --- | --- | --- | | [github.com/docker/go-connections](https://github.com/docker/go-connections) | `0.5.0` | `0.6.0` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.40.0` | `0.41.0` | | [golang.org/x/mod](https://github.com/golang/mod) | `0.26.0` | `0.27.0` | | [golang.org/x/sys](https://github.com/golang/sys) | `0.34.0` | `0.35.0` | | [golang.org/x/term](https://github.com/golang/term) | `0.33.0` | `0.34.0` | | [golang.org/x/text](https://github.com/golang/text) | `0.27.0` | `0.28.0` | Updates `github.com/docker/go-connections` from 0.5.0 to 0.6.0 - [Commits](docker/go-connections@v0.5.0...v0.6.0) Updates `golang.org/x/crypto` from 0.40.0 to 0.41.0 - [Commits](golang/crypto@v0.40.0...v0.41.0) Updates `golang.org/x/mod` from 0.26.0 to 0.27.0 - [Commits](golang/mod@v0.26.0...v0.27.0) Updates `golang.org/x/sys` from 0.34.0 to 0.35.0 - [Commits](golang/sys@v0.34.0...v0.35.0) Updates `golang.org/x/term` from 0.33.0 to 0.34.0 - [Commits](golang/term@v0.33.0...v0.34.0) Updates `golang.org/x/text` from 0.27.0 to 0.28.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.27.0...v0.28.0) --- updated-dependencies: - dependency-name: github.com/docker/go-connections dependency-version: 0.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/crypto dependency-version: 0.41.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/mod dependency-version: 0.27.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/sys dependency-version: 0.35.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/term dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/text dependency-version: 0.28.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [buildpacks/github-actions](https://github.com/buildpacks/github-actions) from 5.9.2 to 5.9.3. - [Release notes](https://github.com/buildpacks/github-actions/releases) - [Commits](buildpacks/github-actions@v5.9.2...v5.9.3) --- updated-dependencies: - dependency-name: buildpacks/github-actions dependency-version: 5.9.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 5. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v4...v5) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure) from 2.3.0 to 2.4.0. - [Release notes](https://github.com/go-viper/mapstructure/releases) - [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md) - [Commits](go-viper/mapstructure@v2.3.0...v2.4.0) --- updated-dependencies: - dependency-name: github.com/go-viper/mapstructure/v2 dependency-version: 2.4.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Fix Ubuntu PPA build failures for pack v0.38.2+ This fixes multiple critical issues preventing successful Ubuntu PPA builds: 1. **Update debian/compat**: 9 → 13 (modern debhelper compatibility) - Eliminates deprecation warnings - Ensures compatibility with current build environments 2. **Fix debian/control**: - Update debhelper dependency: (>=9) → (>= 13) to match compat level - Update Go requirement: (>=1.16) → (>=1.24) to match actual project needs 3. **Fix debian/rules Go cache handling**: - Change cache location: /tmp/.cache/go-build → $(CURDIR)/.cache/go-build - Avoids permission issues in Launchpad build environment - Use direct go build command instead of dh_auto_build for better control 4. **Update workflow Go version**: Update GO_DEP_ENTRY to require golang (>=1.24) These changes address the root causes of PPA build failures while maintaining compatibility with the GitHub Actions workflow and template system. Fixes #2417 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Fix debhelper compatibility for older Ubuntu distributions The previous fix used debhelper compat level 13, but Ubuntu Focal (20.04) only has debhelper 12 available in the main repository. This was causing build failures with 'Unmet build dependencies: debhelper (>= 13)'. Changes: - debian/compat: 13 → 11 (widely supported across all Ubuntu LTS versions) - debian/control: Update Build-Depends to 'debhelper (>= 11)' Compat level 11 provides all the modern features we need while maintaining compatibility with Ubuntu Bionic (18.04), Focal (20.04), and newer releases. Fixes the build failures seen in GitHub Actions run 16804133863. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Fix debian/rules build command for proper dh integration The direct 'go build' command was failing during Debian package testing because the temporary build directory didn't have the full source structure. This was causing 'stat /tmp/.../cmd/pack: directory not found' errors. Changes: - Restore 'dh_auto_build -- build' command for proper debhelper integration - Keep the Go cache environment variables and custom GOCACHE location - Maintain the cache cleanup to avoid permission issues The dh_auto_build command properly handles the build context and source directory structure that's expected in Debian packaging workflows. Fixes the build failures seen in GitHub Actions run 16804298363. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Revert to original working debian/rules build command The original dh_auto_build approach was working correctly. The main issues were Go version compatibility and debhelper version requirements, which have now been fixed separately. Changes: - Restore original 'dh_auto_build -- build' command - Use original /tmp/.cache/go-build cache location - Keep all environment variables and flags as originally designed This maintains compatibility with the existing packaging approach while incorporating the Go 1.24+ and debhelper 11 compatibility fixes. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> --------- Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: Claude <noreply@anthropic.com>
Ubuntu 18.04 LTS (Bionic Beaver) reached End of Life on May 31, 2023, and is causing build failures for pack v0.38.0+ due to Go 1.24 incompatibility on i386 architecture. Changes: - Remove 'bionic' from the Ubuntu delivery workflow matrix - Remove the bionic-specific delivery step from the workflow Impact: - Users on Ubuntu 18.04 should upgrade to a supported version (20.04+) - Last available pack version for Bionic remains v0.37.0 Supported Ubuntu versions after this change: - Ubuntu 20.04 LTS (Focal) - Ubuntu 22.04 LTS (Jammy) - Ubuntu 24.04 LTS (Noble) - Ubuntu 24.10 (Oracular) - Ubuntu 25.04 (Plucky) Fixes #2435 🤖 Generated with [Claude Code](https://claude.ai/code) Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: Claude <noreply@anthropic.com>
Bumps [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure) from 2.3.0 to 2.4.0. - [Release notes](https://github.com/go-viper/mapstructure/releases) - [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md) - [Commits](go-viper/mapstructure@v2.3.0...v2.4.0) --- updated-dependencies: - dependency-name: github.com/go-viper/mapstructure/v2 dependency-version: 2.4.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [buildpacks/github-actions](https://github.com/buildpacks/github-actions) from 5.9.3 to 5.9.4. - [Release notes](https://github.com/buildpacks/github-actions/releases) - [Commits](buildpacks/github-actions@v5.9.3...v5.9.4) --- updated-dependencies: - dependency-name: buildpacks/github-actions dependency-version: 5.9.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5 to 6. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v5...v6) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…4 updates (#2449) Bumps the go-dependencies group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/docker/cli](https://github.com/docker/cli) | `28.3.3+incompatible` | `28.5.0+incompatible` | | [github.com/docker/docker](https://github.com/docker/docker) | `28.3.3+incompatible` | `28.5.0+incompatible` | | [github.com/gdamore/tcell/v2](https://github.com/gdamore/tcell) | `2.8.1` | `2.9.0` | | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.16.2` | `5.16.3` | | [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.38.0` | `1.38.2` | | [github.com/rivo/tview](https://github.com/rivo/tview) | `0.0.0-20220307222120-9994674d60a8` | `0.42.0` | | [github.com/spf13/cobra](https://github.com/spf13/cobra) | `1.9.1` | `1.10.1` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.41.0` | `0.42.0` | | [golang.org/x/mod](https://github.com/golang/mod) | `0.27.0` | `0.28.0` | | [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.30.0` | `0.31.0` | Updates `github.com/docker/cli` from 28.3.3+incompatible to 28.5.0+incompatible - [Commits](docker/cli@v28.3.3...v28.5.0) Updates `github.com/docker/docker` from 28.3.3+incompatible to 28.5.0+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v28.3.3...v28.5.0) Updates `github.com/gdamore/tcell/v2` from 2.8.1 to 2.9.0 - [Release notes](https://github.com/gdamore/tcell/releases) - [Changelog](https://github.com/gdamore/tcell/blob/main/CHANGESv2.md) - [Commits](gdamore/tcell@v2.8.1...v2.9.0) Updates `github.com/go-git/go-git/v5` from 5.16.2 to 5.16.3 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.16.2...v5.16.3) Updates `github.com/onsi/gomega` from 1.38.0 to 1.38.2 - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.38.0...v1.38.2) Updates `github.com/rivo/tview` from 0.0.0-20220307222120-9994674d60a8 to 0.42.0 - [Release notes](https://github.com/rivo/tview/releases) - [Commits](https://github.com/rivo/tview/commits/v0.42.0) Updates `github.com/spf13/cobra` from 1.9.1 to 1.10.1 - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](spf13/cobra@v1.9.1...v1.10.1) Updates `golang.org/x/crypto` from 0.41.0 to 0.42.0 - [Commits](golang/crypto@v0.41.0...v0.42.0) Updates `golang.org/x/mod` from 0.27.0 to 0.28.0 - [Commits](golang/mod@v0.27.0...v0.28.0) Updates `golang.org/x/oauth2` from 0.30.0 to 0.31.0 - [Commits](golang/oauth2@v0.30.0...v0.31.0) Updates `golang.org/x/sync` from 0.16.0 to 0.17.0 - [Commits](golang/sync@v0.16.0...v0.17.0) Updates `golang.org/x/sys` from 0.35.0 to 0.36.0 - [Commits](golang/sys@v0.35.0...v0.36.0) Updates `golang.org/x/term` from 0.34.0 to 0.35.0 - [Commits](golang/term@v0.34.0...v0.35.0) Updates `golang.org/x/text` from 0.28.0 to 0.29.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.28.0...v0.29.0) --- updated-dependencies: - dependency-name: github.com/docker/cli dependency-version: 28.5.0+incompatible dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/docker/docker dependency-version: 28.5.0+incompatible dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/gdamore/tcell/v2 dependency-version: 2.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.16.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/onsi/gomega dependency-version: 1.38.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/rivo/tview dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/spf13/cobra dependency-version: 1.10.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/crypto dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/mod dependency-version: 0.28.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/oauth2 dependency-version: 0.31.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/sync dependency-version: 0.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/sys dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/term dependency-version: 0.35.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/text dependency-version: 0.29.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…@octokit/rest (#2338) Bumps [@octokit/plugin-paginate-rest](https://github.com/octokit/plugin-paginate-rest.js) to 9.2.2 and updates ancestor dependencies [@octokit/plugin-paginate-rest](https://github.com/octokit/plugin-paginate-rest.js), [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) and [@octokit/rest](https://github.com/octokit/rest.js). These dependencies need to be updated together. Updates `@octokit/plugin-paginate-rest` from 2.2.3 to 9.2.2 - [Release notes](https://github.com/octokit/plugin-paginate-rest.js/releases) - [Commits](octokit/plugin-paginate-rest.js@v2.2.3...v9.2.2) Updates `@actions/github` from 4.0.0 to 6.0.0 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github) Updates `@octokit/rest` from 18.0.0 to 21.1.1 - [Release notes](https://github.com/octokit/rest.js/releases) - [Commits](octokit/rest.js@v18.0.0...v21.1.1) --- updated-dependencies: - dependency-name: "@octokit/plugin-paginate-rest" dependency-type: indirect - dependency-name: "@actions/github" dependency-type: direct:production - dependency-name: "@octokit/rest" dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…#2370) Bumps [@octokit/request](https://github.com/octokit/request.js) to 8.4.1 and updates ancestor dependencies [@octokit/request](https://github.com/octokit/request.js), [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) and [@octokit/rest](https://github.com/octokit/rest.js). These dependencies need to be updated together. Updates `@octokit/request` from 5.6.3 to 8.4.1 - [Release notes](https://github.com/octokit/request.js/releases) - [Commits](octokit/request.js@v5.6.3...v8.4.1) Updates `@actions/github` from 4.0.0 to 6.0.0 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github) Updates `@octokit/rest` from 18.0.0 to 21.1.1 - [Release notes](https://github.com/octokit/rest.js/releases) - [Commits](octokit/rest.js@v18.0.0...v21.1.1) --- updated-dependencies: - dependency-name: "@octokit/request" dependency-version: 8.4.1 dependency-type: indirect - dependency-name: "@actions/github" dependency-version: 6.0.0 dependency-type: direct:production - dependency-name: "@octokit/rest" dependency-version: 21.1.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the go-dependencies group with 8 updates: | Package | From | To | | --- | --- | --- | | [github.com/docker/cli](https://github.com/docker/cli) | `28.5.0+incompatible` | `28.5.1+incompatible` | | [github.com/docker/docker](https://github.com/docker/docker) | `28.5.0+incompatible` | `28.5.1+incompatible` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.42.0` | `0.43.0` | | [golang.org/x/mod](https://github.com/golang/mod) | `0.28.0` | `0.29.0` | | [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.31.0` | `0.32.0` | | [golang.org/x/sys](https://github.com/golang/sys) | `0.36.0` | `0.37.0` | | [golang.org/x/term](https://github.com/golang/term) | `0.35.0` | `0.36.0` | | [golang.org/x/text](https://github.com/golang/text) | `0.29.0` | `0.30.0` | Updates `github.com/docker/cli` from 28.5.0+incompatible to 28.5.1+incompatible - [Commits](docker/cli@v28.5.0...v28.5.1) Updates `github.com/docker/docker` from 28.5.0+incompatible to 28.5.1+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v28.5.0...v28.5.1) Updates `golang.org/x/crypto` from 0.42.0 to 0.43.0 - [Commits](golang/crypto@v0.42.0...v0.43.0) Updates `golang.org/x/mod` from 0.28.0 to 0.29.0 - [Commits](golang/mod@v0.28.0...v0.29.0) Updates `golang.org/x/oauth2` from 0.31.0 to 0.32.0 - [Commits](golang/oauth2@v0.31.0...v0.32.0) Updates `golang.org/x/sys` from 0.36.0 to 0.37.0 - [Commits](golang/sys@v0.36.0...v0.37.0) Updates `golang.org/x/term` from 0.35.0 to 0.36.0 - [Commits](golang/term@v0.35.0...v0.36.0) Updates `golang.org/x/text` from 0.29.0 to 0.30.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.29.0...v0.30.0) --- updated-dependencies: - dependency-name: github.com/docker/cli dependency-version: 28.5.1+incompatible dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/docker/docker dependency-version: 28.5.1+incompatible dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: golang.org/x/crypto dependency-version: 0.43.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/mod dependency-version: 0.29.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/oauth2 dependency-version: 0.32.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/sys dependency-version: 0.37.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/term dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/text dependency-version: 0.30.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Use Docker API version negotiation instead of hardcoded version Fixes #2464 This change replaces all hardcoded Docker API version 1.38 references with WithAPIVersionNegotiation(), allowing pack to automatically adapt to the Docker daemon's supported API version. Changes: - Updated main client initialization to use API version negotiation - Updated SSH Docker client to use API version negotiation - Updated all test files to use API version negotiation - Upgraded fake-lifecycle test dependencies from Docker client v1.4.2 (2019) to v28.5.1 - Fixed fake-lifecycle imports and API calls for compatibility with modern Docker client Benefits: - Works with modern Docker daemons requiring API 1.44+ (Docker 27+) - Backward compatible with older Docker versions - Future-proof - no need to update hardcoded versions - Solves Windows runner issue without requiring Docker 27 upgrade 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Update Example_build test to use newer builder with modern lifecycle The cnbs/sample-builder:noble builder includes a recent lifecycle version that supports Docker API 1.44+, fixing the test failure on systems with modern Docker daemons (Docker 27+). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Downgrade fake-lifecycle dependencies for Go 1.23 compatibility Updated fake-lifecycle test module to support Go 1.23.4 (Windows runner): - Downgraded lifecycle from v0.20.11 to v0.19.3 - Downgraded go-containerregistry from v0.20.6 to v0.19.2 - Set Go requirement to 1.23 (compatible with Go 1.23.4) - Updated Dockerfile to use golang:1.23 base image The older versions still support Docker API 1.44+ and work correctly with modern Docker daemons requiring minimum API version 1.44. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> --------- Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: Claude <noreply@anthropic.com>
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.43.0 to 0.45.0. - [Commits](golang/crypto@v0.43.0...v0.45.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.45.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Juan Bustamante <bustamantejj@gmail.com>
…o v1.13.0 (#2476) * build(deps): bump @octokit/plugin-paginate-rest, @actions/github and @octokit/rest (#2338) Bumps [@octokit/plugin-paginate-rest](https://github.com/octokit/plugin-paginate-rest.js) to 9.2.2 and updates ancestor dependencies [@octokit/plugin-paginate-rest](https://github.com/octokit/plugin-paginate-rest.js), [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) and [@octokit/rest](https://github.com/octokit/rest.js). These dependencies need to be updated together. Updates `@octokit/plugin-paginate-rest` from 2.2.3 to 9.2.2 - [Release notes](https://github.com/octokit/plugin-paginate-rest.js/releases) - [Commits](octokit/plugin-paginate-rest.js@v2.2.3...v9.2.2) Updates `@actions/github` from 4.0.0 to 6.0.0 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github) Updates `@octokit/rest` from 18.0.0 to 21.1.1 - [Release notes](https://github.com/octokit/rest.js/releases) - [Commits](octokit/rest.js@v18.0.0...v21.1.1) --- updated-dependencies: - dependency-name: "@octokit/plugin-paginate-rest" dependency-type: indirect - dependency-name: "@actions/github" dependency-type: direct:production - dependency-name: "@octokit/rest" dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * build(deps): bump @octokit/request, @actions/github and @octokit/rest (#2370) Bumps [@octokit/request](https://github.com/octokit/request.js) to 8.4.1 and updates ancestor dependencies [@octokit/request](https://github.com/octokit/request.js), [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) and [@octokit/rest](https://github.com/octokit/rest.js). These dependencies need to be updated together. Updates `@octokit/request` from 5.6.3 to 8.4.1 - [Release notes](https://github.com/octokit/request.js/releases) - [Commits](octokit/request.js@v5.6.3...v8.4.1) Updates `@actions/github` from 4.0.0 to 6.0.0 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github) Updates `@octokit/rest` from 18.0.0 to 21.1.1 - [Release notes](https://github.com/octokit/rest.js/releases) - [Commits](octokit/rest.js@v18.0.0...v21.1.1) --- updated-dependencies: - dependency-name: "@octokit/request" dependency-version: 8.4.1 dependency-type: indirect - dependency-name: "@actions/github" dependency-version: 6.0.0 dependency-type: direct:production - dependency-name: "@octokit/rest" dependency-version: 21.1.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * build(deps): bump the go-dependencies group with 8 updates (#2453) Bumps the go-dependencies group with 8 updates: | Package | From | To | | --- | --- | --- | | [github.com/docker/cli](https://github.com/docker/cli) | `28.5.0+incompatible` | `28.5.1+incompatible` | | [github.com/docker/docker](https://github.com/docker/docker) | `28.5.0+incompatible` | `28.5.1+incompatible` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.42.0` | `0.43.0` | | [golang.org/x/mod](https://github.com/golang/mod) | `0.28.0` | `0.29.0` | | [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.31.0` | `0.32.0` | | [golang.org/x/sys](https://github.com/golang/sys) | `0.36.0` | `0.37.0` | | [golang.org/x/term](https://github.com/golang/term) | `0.35.0` | `0.36.0` | | [golang.org/x/text](https://github.com/golang/text) | `0.29.0` | `0.30.0` | Updates `github.com/docker/cli` from 28.5.0+incompatible to 28.5.1+incompatible - [Commits](docker/cli@v28.5.0...v28.5.1) Updates `github.com/docker/docker` from 28.5.0+incompatible to 28.5.1+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v28.5.0...v28.5.1) Updates `golang.org/x/crypto` from 0.42.0 to 0.43.0 - [Commits](golang/crypto@v0.42.0...v0.43.0) Updates `golang.org/x/mod` from 0.28.0 to 0.29.0 - [Commits](golang/mod@v0.28.0...v0.29.0) Updates `golang.org/x/oauth2` from 0.31.0 to 0.32.0 - [Commits](golang/oauth2@v0.31.0...v0.32.0) Updates `golang.org/x/sys` from 0.36.0 to 0.37.0 - [Commits](golang/sys@v0.36.0...v0.37.0) Updates `golang.org/x/term` from 0.35.0 to 0.36.0 - [Commits](golang/term@v0.35.0...v0.36.0) Updates `golang.org/x/text` from 0.29.0 to 0.30.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.29.0...v0.30.0) --- updated-dependencies: - dependency-name: github.com/docker/cli dependency-version: 28.5.1+incompatible dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/docker/docker dependency-version: 28.5.1+incompatible dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: golang.org/x/crypto dependency-version: 0.43.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/mod dependency-version: 0.29.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/oauth2 dependency-version: 0.32.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/sys dependency-version: 0.37.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/term dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/text dependency-version: 0.30.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * fix(security): resolve CVE-GHSA-cgrx-mc8f-2prm by upgrading selinux to v1.13.0 Migrated from unmaintained GoogleContainerTools/kaniko to the actively maintained Chainguard fork (v1.25.4), updated lifecycle to v0.20.19, and upgraded opencontainers/selinux from v1.12.0 to v1.13.0 to fix GHSA-cgrx-mc8f-2prm. This also upgraded golang.org/x/crypto from v0.43.0 to v0.45.0, resolving additional CVEs. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Use Docker API version negotiation instead of hardcoded version Fixes #2464 This change replaces all hardcoded Docker API version 1.38 references with WithAPIVersionNegotiation(), allowing pack to automatically adapt to the Docker daemon's supported API version. Changes: - Updated main client initialization to use API version negotiation - Updated SSH Docker client to use API version negotiation - Updated all test files to use API version negotiation - Upgraded fake-lifecycle test dependencies from Docker client v1.4.2 (2019) to v28.5.1 - Fixed fake-lifecycle imports and API calls for compatibility with modern Docker client Benefits: - Works with modern Docker daemons requiring API 1.44+ (Docker 27+) - Backward compatible with older Docker versions - Future-proof - no need to update hardcoded versions - Solves Windows runner issue without requiring Docker 27 upgrade 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Update Example_build test to use newer builder with modern lifecycle The cnbs/sample-builder:noble builder includes a recent lifecycle version that supports Docker API 1.44+, fixing the test failure on systems with modern Docker daemons (Docker 27+). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Downgrade fake-lifecycle dependencies for Go 1.23 compatibility Updated fake-lifecycle test module to support Go 1.23.4 (Windows runner): - Downgraded lifecycle from v0.20.11 to v0.19.3 - Downgraded go-containerregistry from v0.20.6 to v0.19.2 - Set Go requirement to 1.23 (compatible with Go 1.23.4) - Updated Dockerfile to use golang:1.23 base image The older versions still support Docker API 1.44+ and work correctly with modern Docker daemons requiring minimum API version 1.44. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * updating fake-lifecycle go version Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Use Docker API version negotiation instead of hardcoded version (#2474) * Use Docker API version negotiation instead of hardcoded version Fixes #2464 This change replaces all hardcoded Docker API version 1.38 references with WithAPIVersionNegotiation(), allowing pack to automatically adapt to the Docker daemon's supported API version. Changes: - Updated main client initialization to use API version negotiation - Updated SSH Docker client to use API version negotiation - Updated all test files to use API version negotiation - Upgraded fake-lifecycle test dependencies from Docker client v1.4.2 (2019) to v28.5.1 - Fixed fake-lifecycle imports and API calls for compatibility with modern Docker client Benefits: - Works with modern Docker daemons requiring API 1.44+ (Docker 27+) - Backward compatible with older Docker versions - Future-proof - no need to update hardcoded versions - Solves Windows runner issue without requiring Docker 27 upgrade 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Update Example_build test to use newer builder with modern lifecycle The cnbs/sample-builder:noble builder includes a recent lifecycle version that supports Docker API 1.44+, fixing the test failure on systems with modern Docker daemons (Docker 27+). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Downgrade fake-lifecycle dependencies for Go 1.23 compatibility Updated fake-lifecycle test module to support Go 1.23.4 (Windows runner): - Downgraded lifecycle from v0.20.11 to v0.19.3 - Downgraded go-containerregistry from v0.20.6 to v0.19.2 - Set Go requirement to 1.23 (compatible with Go 1.23.4) - Updated Dockerfile to use golang:1.23 base image The older versions still support Docker API 1.44+ and work correctly with modern Docker daemons requiring minimum API version 1.44. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> --------- Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: Claude <noreply@anthropic.com> * fix code format Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Claude <noreply@anthropic.com>
… updates (#2479) Bumps the go-dependencies group with 3 updates in the / directory: [github.com/chainguard-dev/kaniko](https://github.com/chainguard-dev/kaniko), [github.com/gdamore/tcell/v2](https://github.com/gdamore/tcell) and [golang.org/x/mod](https://github.com/golang/mod). Updates `github.com/chainguard-dev/kaniko` from 1.25.4 to 1.25.5 - [Release notes](https://github.com/chainguard-dev/kaniko/releases) - [Changelog](https://github.com/chainguard-dev/kaniko/blob/main/CHANGELOG.md) - [Commits](chainguard-forks/kaniko@v1.25.4...v1.25.5) Updates `github.com/gdamore/tcell/v2` from 2.9.0 to 2.11.0 - [Release notes](https://github.com/gdamore/tcell/releases) - [Changelog](https://github.com/gdamore/tcell/blob/main/CHANGESv2.md) - [Commits](gdamore/tcell@v2.9.0...v2.11.0) Updates `golang.org/x/mod` from 0.29.0 to 0.30.0 - [Commits](golang/mod@v0.29.0...v0.30.0) --- updated-dependencies: - dependency-name: github.com/chainguard-dev/kaniko dependency-version: 1.25.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/gdamore/tcell/v2 dependency-version: 2.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/mod dependency-version: 0.30.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* When fetching lifecycle image, use a platform-specific digest to avoid containerd storage issues Signed-off-by: Natalie Arellano <natalie.p.arellano@gmail.com> * Log platform-specific digest resolution Add debug message showing original tag and resolved digest when FetchForPlatform resolves manifest lists, improving visibility and maintaining test compatibility. Signed-off-by: Natalie Arellano <natalie.p.arellano@gmail.com> * Make lifecycle image cleanup optional Ignore errors when lifecycle image doesn't exist by tag during cleanup, as it may have been pulled by digest instead. Signed-off-by: Natalie Arellano <natalie.p.arellano@gmail.com> * Add comprehensive test coverage for FetchForPlatform method This commit adds test coverage for the FetchForPlatform implementation, specifically testing the platform-specific digest resolution logic including the manifest list code path. Changes: - Add 10 test cases covering various scenarios: * Nil target delegation to regular Fetch * Multi-platform image resolution for different architectures * True manifest list handling with multiple platforms * Platform matching and mismatch error cases * Single-platform image validation * Insecure registry support * Platform variant handling * Non-existent image error handling - Add SetUpRandomRemoteIndexWithPlatforms helper in testhelpers * Uses imgutil for image creation and index management * Follows the pattern from manifest_create.go * Creates multi-platform indexes using CNBIndex * Properly sets platform metadata (OS, Architecture) All 41 tests in the image package pass successfully. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Fix platform mismatch in insecure registries test The test was creating an image without specifying a platform (defaulting to linux/amd64) but then trying to fetch it with runtime.GOOS/GOARCH, which fails on Windows runners where the OS is "windows". Now the test creates the image with the same platform it will fetch, ensuring consistency across all platforms. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> --------- Signed-off-by: Natalie Arellano <natalie.p.arellano@gmail.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: Claude <noreply@anthropic.com>
Build and lint using go 1.25 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: Claude <noreply@anthropic.com>
Update remaining references to lifecycle version to match go.mod which already has v0.20.19 Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
…#2414 (#2432) * fix: allow image extensions based on buildpack API Signed-off-by: vky5 <vky05@proton.me> * Move extension validation to client layer and check Platform API version - Move validation from command layer (builder_create.go, create_builder.go) to client layer (pkg/client/create_builder.go) - Check Platform API version instead of lifecycle version to determine if extensions are stable (>= 0.13) or experimental (< 0.13) - Use lifecycle's LessThan() method for version comparison - Add comprehensive tests for Platform API validation scenarios: * Platform API >= 0.13 allows extensions without experimental flag * Platform API < 0.13 requires experimental flag for extensions * Builders without extensions work regardless of Platform API version - Create platform-0.13 test lifecycle data with Platform API 0.3-0.13 - Add prepareExtensions() test helper that configures both extensions and appropriate lifecycle for testing This fixes the issue where users get experimental extension errors even when using lifecycle with Platform API 0.13 where extensions are stable. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Run make format to remove extra blank lines 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Fix linting errors by removing deprecated API usage - Remove fallback to deprecated descriptor.API.PlatformVersion - Use only descriptor.APIs.Platform.Supported (new API) - Skip validation if Platform API information is unavailable - Remove unused github.com/buildpacks/lifecycle/api import This fixes staticcheck SA1019 warnings about using deprecated API fields. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> --------- Signed-off-by: vky5 <vky05@proton.me> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: Claude <noreply@anthropic.com>
Upgrades imgutil from v0.0.0-20250814164739-4b1c8875ba7e to v0.0.0-20250909162057-9db16db815e3 to fix an issue where builder images created with Docker's containerd snapshotter storage driver had malformed manifests. The bug caused the first several base image layers to be replaced with empty blob references in the manifest, while the config retained correct diff_ids. This created invalid images that failed OCI spec validation with tools like skopeo. The fix was already merged in buildpacks/imgutil#297, which reverted the problematic "fast path" optimization commits. Resolves #2490 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: Claude <noreply@anthropic.com>
… updates (#2494) Bumps the go-dependencies group with 3 updates in the / directory: [github.com/gdamore/tcell/v2](https://github.com/gdamore/tcell), [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) and [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry). Updates `github.com/gdamore/tcell/v2` from 2.11.0 to 2.12.2 - [Release notes](https://github.com/gdamore/tcell/releases) - [Changelog](https://github.com/gdamore/tcell/blob/main/CHANGESv2.md) - [Commits](gdamore/tcell@v2.11.0...v2.12.2) Updates `github.com/go-git/go-git/v5` from 5.16.3 to 5.16.4 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.16.3...v5.16.4) Updates `github.com/google/go-containerregistry` from 0.20.6 to 0.20.7 - [Release notes](https://github.com/google/go-containerregistry/releases) - [Commits](google/go-containerregistry@v0.20.6...v0.20.7) --- updated-dependencies: - dependency-name: github.com/gdamore/tcell/v2 dependency-version: 2.12.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.16.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/google/go-containerregistry dependency-version: 0.20.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
#2498) * fix: Skip platform-specific digest resolution with --pull-policy never When using --pull-policy never, pack now skips the platform-specific digest resolution that requires network access to fetch the manifest list. Instead, it uses the image name directly from the daemon. This fix addresses issue #2496 where builds fail when using --pull-policy never because pack cannot resolve the platform-specific digest of the lifecycle image without network access. The trade-off is that users may encounter containerd storage issues if Docker is configured to use containerd storage. In such cases, users should manually pull the platform-specific digest or use a different pull policy. Related to PR #2467 which introduced platform-specific digest resolution to fix containerd storage issues. Fixes #2496 Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * test: Use daemon OS instead of runtime OS in PullNever test This fixes test failures on Windows runners running Linux containers. The test was using runtime.GOOS which returns 'windows' on Windows hosts, but the Docker daemon may be running Linux containers. Now we use the daemon's actual OS type queried via docker.Info(). Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> --------- Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
#2501) This commit updates the Go version from 1.25.3 to 1.25.5 to fix two security vulnerabilities in the Go standard library. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
…nners (#2506) This commit addresses issue #2505 by removing the dependency on the Equinix Metal self-hosted Windows LCOW runner, which is being sunset. Changes: - Replaced windows-lcow config with windows config using windows-latest runner - Set NO_DOCKER=true for Windows testing (GitHub runners don't support LCOW) - Added step to install Make via Chocolatey for Windows runner - Windows tests will run unit tests without Docker-dependent tests - Maintains pack.exe artifact generation for Chocolatey distribution The new configuration: - Runs basic pack CLI tests on Windows to validate it works - Does not run Docker/LCOW tests (requires nested virtualization) - Ensures Windows binaries continue to be built for releases - Uses GitHub-hosted infrastructure instead of self-hosted Equinix Metal Resolves #2505 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
…2507) Ubuntu 24.10 "Oracular Oriole" has reached End of Life (July 11, 2025) and the Ubuntu repositories have been removed from the main archive, causing delivery workflow failures. Fixes #2504 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Output
Before
After
Documentation
Related
Resolves #___