diff --git a/Dockerfile b/Dockerfile index dd9b4ea3e..c42806c2e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.26.3@sha256:633d23bf362cb40dd72b4f277288a8929697d77537f9c801b81aeced19b5bdf3 AS builder +FROM golang:1.26.4@sha256:32c0e6e5c4f6707717051091b4d0b077464a679eaab563e11474efc5328e2aa5 AS builder ENV APP_ROOT=/opt/app-root ENV GOPATH=$APP_ROOT @@ -31,7 +31,7 @@ RUN CGO_ENABLED=0 go build -gcflags "all=-N -l" -ldflags "${SERVER_LDFLAGS}" -o RUN go test -c -ldflags "${SERVER_LDFLAGS}" -cover -covermode=count -coverpkg=./... -o rekor-server_test ./cmd/rekor-server # Multi-Stage production build -FROM golang:1.26.3@sha256:633d23bf362cb40dd72b4f277288a8929697d77537f9c801b81aeced19b5bdf3 AS deploy +FROM golang:1.26.4@sha256:32c0e6e5c4f6707717051091b4d0b077464a679eaab563e11474efc5328e2aa5 AS deploy # Retrieve the binary from the previous stage COPY --from=builder /opt/app-root/src/rekor-server /usr/local/bin/rekor-server diff --git a/Dockerfile.backfill-redis.rh b/Dockerfile.backfill-redis.rh index 9eeb8e8e7..aecf18996 100644 --- a/Dockerfile.backfill-redis.rh +++ b/Dockerfile.backfill-redis.rh @@ -1,6 +1,6 @@ # Build stage -FROM registry.redhat.io/ubi9/go-toolset:9.8-1781757851@sha256:b2c0898987b688a95f4d2f38abdfd929f45903948831783153019ab749495c72 AS build-env +FROM registry.redhat.io/ubi9/go-toolset:9.8-1782377916@sha256:17c888d75753f128f6cbdc5587932c3abd2632ca8e0931aa27b9a60c7a75ac62 AS build-env ENV GOEXPERIMENT=strictfipsruntime ENV CGO_ENABLED=1 @@ -18,7 +18,7 @@ ARG SERVER_LDFLAGS RUN go build -mod=readonly -trimpath -ldflags "$(SERVER_LDFLAGS)" -o backfill-redis ./cmd/backfill-index # Install stage -FROM registry.redhat.io/rhel9/redis-6@sha256:97b2bd2e027af8838cb2e01538fcd202199827ed59c9c871e64d93e03c40173f +FROM registry.redhat.io/rhel9/redis-6@sha256:3a243218d38169a179692f76d050ac5226984d62c968b444c666ab7ecfa06317 COPY --from=build-env /opt/app-root/src/backfill-redis /usr/local/bin/backfill-redis COPY LICENSE /licenses/license.txt WORKDIR /opt/app-root/src/home diff --git a/Dockerfile.cli-stack.rh b/Dockerfile.cli-stack.rh index 5a4d16ed5..7c766737a 100644 --- a/Dockerfile.cli-stack.rh +++ b/Dockerfile.cli-stack.rh @@ -1,4 +1,4 @@ -FROM registry.redhat.io/ubi9/go-toolset:9.8-1781757851@sha256:b2c0898987b688a95f4d2f38abdfd929f45903948831783153019ab749495c72 AS build-cross-platform +FROM registry.redhat.io/ubi9/go-toolset:9.8-1782377916@sha256:17c888d75753f128f6cbdc5587932c3abd2632ca8e0931aa27b9a60c7a75ac62 AS build-cross-platform ENV APP_ROOT=/opt/app-root \ GOPATH=/opt/app-root \ GOFLAGS="-buildvcs=false" @@ -26,7 +26,7 @@ FROM --platform=linux/arm64 quay.io/securesign/rekor-cli@sha256:0bbeaf5bf98bce FROM --platform=linux/ppc64le quay.io/securesign/rekor-cli@sha256:0bbeaf5bf98bce31979d0e9ba6b767dd773194aee30388785281d0140c114d09 AS build-ppc64le FROM --platform=linux/s390x quay.io/securesign/rekor-cli@sha256:0bbeaf5bf98bce31979d0e9ba6b767dd773194aee30388785281d0140c114d09 AS build-s390x -FROM registry.redhat.io/ubi9/go-toolset:9.8-1781757851@sha256:b2c0898987b688a95f4d2f38abdfd929f45903948831783153019ab749495c72 AS packager +FROM registry.redhat.io/ubi9/go-toolset:9.8-1782377916@sha256:17c888d75753f128f6cbdc5587932c3abd2632ca8e0931aa27b9a60c7a75ac62 AS packager USER root RUN mkdir -p /binaries @@ -63,7 +63,7 @@ RUN tar -czf /binaries/rekor_cli_windows_amd64.tar.gz -C /tmp rekor_cli_windows_ RUN chmod -R a+rX /binaries # Final minimal image with all binaries -FROM registry.redhat.io/ubi9/ubi-micro:9.8@sha256:b498b3ea26111ab4b81d65139f2ebd2ef9a2abb7a4588b7fdcc54889f95e9caa +FROM registry.redhat.io/ubi9/ubi-micro:9.8-1782363471@sha256:fdf68a4f5f88cca14ae906bbec6e0fbbffe92b5b91e73e0862c961234d63b986 LABEL description="Flat image containing rekor-cli binaries for all platforms and architectures" LABEL io.k8s.description="Flat image containing rekor-cli binaries for all platforms and architectures" diff --git a/Dockerfile.rekor-cli.rh b/Dockerfile.rekor-cli.rh index ce63c6676..40fe36033 100644 --- a/Dockerfile.rekor-cli.rh +++ b/Dockerfile.rekor-cli.rh @@ -1,5 +1,5 @@ #Build stage# -FROM registry.redhat.io/ubi9/go-toolset:9.8-1781757851@sha256:b2c0898987b688a95f4d2f38abdfd929f45903948831783153019ab749495c72 AS build-env +FROM registry.redhat.io/ubi9/go-toolset:9.8-1782377916@sha256:17c888d75753f128f6cbdc5587932c3abd2632ca8e0931aa27b9a60c7a75ac62 AS build-env ENV APP_ROOT=/opt/app-root \ GOPATH=/opt/app-root @@ -22,7 +22,7 @@ RUN git update-index --assume-unchanged Dockerfile.rekor-cli.rh && \ git update-index --no-assume-unchanged Dockerfile.rekor-cli.rh #Install stage -FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:12db9874bd753eb98b1ab3d840e75de5d6842ac0604fbd68c012adefe97140be +FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:44bc70ef6e6ea9a70e353be97f4722e10358d09fbb9494ca943b2a641049690e LABEL description="Rekor-cli is a command line interface (CLI) tool used to interact with a rekor server." LABEL io.k8s.description="Rekor-cli is a command line interface (CLI) tool used to interact with a rekor server." diff --git a/Dockerfile.rekor-server.rh b/Dockerfile.rekor-server.rh index 3ce6e894b..272247c9a 100644 --- a/Dockerfile.rekor-server.rh +++ b/Dockerfile.rekor-server.rh @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM registry.redhat.io/ubi9/go-toolset:9.8-1781757851@sha256:b2c0898987b688a95f4d2f38abdfd929f45903948831783153019ab749495c72 AS build-env +FROM registry.redhat.io/ubi9/go-toolset:9.8-1782377916@sha256:17c888d75753f128f6cbdc5587932c3abd2632ca8e0931aa27b9a60c7a75ac62 AS build-env RUN mkdir -p /opt/app-root && mkdir -p /opt/app-root/src && mkdir -p /opt/app-root/src/cmd && mkdir -p /opt/app-root/src/pkg && git config --global --add safe.directory /opt/app-root/src @@ -61,7 +61,7 @@ RUN mkdir -p /var/run/attestations && \ COPY --from=build-env /opt/app-root/src/rekor-server_test /usr/local/bin/rekor-server # Multi-Stage production build -FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:12db9874bd753eb98b1ab3d840e75de5d6842ac0604fbd68c012adefe97140be as deploy +FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:44bc70ef6e6ea9a70e353be97f4722e10358d09fbb9494ca943b2a641049690e as deploy LABEL description="Rekor aims to provide an immutable, tamper-resistant ledger of metadata generated within a software project’s supply chain." LABEL io.k8s.description="Rekor-Server provides a tamper resistant ledger." diff --git a/Dockerfile.trillian-log-server b/Dockerfile.trillian-log-server index 832d95aef..c485d5ece 100644 --- a/Dockerfile.trillian-log-server +++ b/Dockerfile.trillian-log-server @@ -14,7 +14,7 @@ FROM ghcr.io/sigstore/scaffolding/trillian_log_server:v1.7.2@sha256:d953a8eb3f9311e55ebee754de234f1f63e4db2d5e76c15326c288fb0887bb11 AS server -FROM golang:1.26.3@sha256:633d23bf362cb40dd72b4f277288a8929697d77537f9c801b81aeced19b5bdf3 AS deploy +FROM golang:1.26.4@sha256:32c0e6e5c4f6707717051091b4d0b077464a679eaab563e11474efc5328e2aa5 AS deploy COPY --from=server /ko-app/trillian_log_server /usr/local/bin/trillian-log-server diff --git a/Dockerfile.trillian-log-signer b/Dockerfile.trillian-log-signer index eb97af572..c46907c51 100644 --- a/Dockerfile.trillian-log-signer +++ b/Dockerfile.trillian-log-signer @@ -14,7 +14,7 @@ FROM ghcr.io/sigstore/scaffolding/trillian_log_signer:v1.7.2@sha256:51631983a7e6f0b3faeb188c590e65b9793a6a6617e0631f8b4fd68e98d0460e AS server -FROM golang:1.26.3@sha256:633d23bf362cb40dd72b4f277288a8929697d77537f9c801b81aeced19b5bdf3 AS deploy +FROM golang:1.26.4@sha256:32c0e6e5c4f6707717051091b4d0b077464a679eaab563e11474efc5328e2aa5 AS deploy COPY --from=server /ko-app/trillian_log_signer /usr/local/bin/trillian-log-signer