diff --git a/Dockerfile b/Dockerfile index d0fad70ac..880ff8b2f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.26.3@sha256:2d6c80227255c3112a4d08e67ba98e58efd3846daf15d9d7d4c389565d881b1a AS builder +FROM golang:1.26.4@sha256:f96cc555eb8db430159a3aa6797cd5bae561945b7b0fe7d0e284c63a3b291609 AS builder ENV APP_ROOT=/opt/app-root ENV GOPATH=$APP_ROOT @@ -29,14 +29,14 @@ RUN go build -ldflags "${SERVER_LDFLAGS}" ./cmd/timestamp-server RUN CGO_ENABLED=0 go build -gcflags "all=-N -l" -ldflags "${SERVER_LDFLAGS}" -o timestamp-server_debug ./cmd/timestamp-server # debug compile options & debugger -FROM registry.redhat.io/ubi9/go-toolset:9.7-1774618347@sha256:a05a1c82b3ce23864a831084ff21a907128f4707ca3f455ba99717c0c2c4d6c1 as debug +FROM registry.redhat.io/ubi9/go-toolset:9.8-1782852234@sha256:c49814b6ba0491ff490264fa1a993a0709c0a685f1a101177992fe2c3c9fa89e as debug RUN go install github.com/go-delve/delve/cmd/dlv@v1.9.0 # overwrite server and include debugger COPY --from=builder /opt/app-root/src/timestamp-server_debug /usr/local/bin/timestamp-server # Multi-Stage production build -FROM golang:1.26.3@sha256:2d6c80227255c3112a4d08e67ba98e58efd3846daf15d9d7d4c389565d881b1a AS deploy +FROM golang:1.26.4@sha256:f96cc555eb8db430159a3aa6797cd5bae561945b7b0fe7d0e284c63a3b291609 AS deploy # Retrieve the binary from the previous stage COPY --from=builder /opt/app-root/src/timestamp-server /usr/local/bin/timestamp-server diff --git a/Dockerfile.cli-stack.rh b/Dockerfile.cli-stack.rh index a7690285c..079d3098a 100644 --- a/Dockerfile.cli-stack.rh +++ b/Dockerfile.cli-stack.rh @@ -1,4 +1,4 @@ -FROM registry.redhat.io/ubi9/go-toolset:9.8@sha256:355b23fe885cf565c9313a7e98db742df0aec21456244e808942c56489594251 AS build-cross-platform +FROM registry.redhat.io/ubi9/go-toolset:9.8-1782852234@sha256:9ef42b045aaabcaff14b76c75c086ec1479fbc7502c0587efdcedb2d721c46e5 AS build-cross-platform ENV APP_ROOT=/opt/app-root \ GOPATH=/opt/app-root @@ -16,7 +16,7 @@ FROM --platform=linux/arm64 quay.io/securesign/fetch-tsa-certs@sha256:daad6bc6 FROM --platform=linux/ppc64le quay.io/securesign/fetch-tsa-certs@sha256:daad6bc6bdf71db415cbdc139292e8db63582314484bc6582609d5c30b404b54 AS build-ppc64le FROM --platform=linux/s390x quay.io/securesign/fetch-tsa-certs@sha256:daad6bc6bdf71db415cbdc139292e8db63582314484bc6582609d5c30b404b54 AS build-s390x -FROM registry.redhat.io/ubi9/go-toolset:9.8@sha256:355b23fe885cf565c9313a7e98db742df0aec21456244e808942c56489594251 AS packager +FROM registry.redhat.io/ubi9/go-toolset:9.8-1782852234@sha256:9ef42b045aaabcaff14b76c75c086ec1479fbc7502c0587efdcedb2d721c46e5 AS packager USER root RUN mkdir -p /binaries @@ -53,7 +53,7 @@ RUN tar -czf /binaries/fetch_tsa_certs_windows_amd64.tar.gz -C /tmp fetch_tsa_ce RUN chmod -R a+rX /binaries # Final minimal image with all binaries -FROM registry.redhat.io/ubi9/ubi-micro:9.8@sha256:b498b3ea26111ab4b81d65139f2ebd2ef9a2abb7a4588b7fdcc54889f95e9caa +FROM registry.redhat.io/ubi9/ubi-micro:9.8-1782840931@sha256:35de56a9413112f1474e392ebc35e0cf6f0fb484c8e8877bbae59b513694b41f LABEL description="Flat image containing fetch-tsa-certs CLI binaries for all platforms and architectures" LABEL io.k8s.description="Flat image containing fetch-tsa-certs CLI binaries for all platforms and architectures" diff --git a/Dockerfile.fetch_tsa_certs.rh b/Dockerfile.fetch_tsa_certs.rh index df2340f0a..167b58bea 100644 --- a/Dockerfile.fetch_tsa_certs.rh +++ b/Dockerfile.fetch_tsa_certs.rh @@ -1,4 +1,4 @@ -FROM registry.redhat.io/ubi9/go-toolset:9.8@sha256:355b23fe885cf565c9313a7e98db742df0aec21456244e808942c56489594251 as build-env +FROM registry.redhat.io/ubi9/go-toolset:9.8-1782852234@sha256:9ef42b045aaabcaff14b76c75c086ec1479fbc7502c0587efdcedb2d721c46e5 as build-env ENV APP_ROOT=/opt/app-root ENV GOPATH=$APP_ROOT ENV CGO_ENABLED=0 @@ -14,7 +14,7 @@ ADD ./Build.mak $APP_ROOT/src/Build.mak RUN make -f Build.mak fetch-tsa-certs-linux -FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:83006d535923fcf1345067873524a3980316f51794f01d8655be55d6e9387183 +FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:463cae32c6f6f5594b11a5c22de275016bd8545ce58a6373388e8b24f13fc15c ENV APP_ROOT=/opt/app-root WORKDIR $APP_ROOT/src/ diff --git a/Dockerfile.tsa.rh b/Dockerfile.tsa.rh index 2eb212cdf..b41d9a116 100644 --- a/Dockerfile.tsa.rh +++ b/Dockerfile.tsa.rh @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM registry.redhat.io/ubi9/go-toolset:9.8@sha256:355b23fe885cf565c9313a7e98db742df0aec21456244e808942c56489594251 AS builder +FROM registry.redhat.io/ubi9/go-toolset:9.8-1782852234@sha256:9ef42b045aaabcaff14b76c75c086ec1479fbc7502c0587efdcedb2d721c46e5 AS builder ENV CGO_ENABLED=0 ENV GOFIPS140=v1.0.0 ENV APP_ROOT=/opt/app-root @@ -29,14 +29,14 @@ RUN git config --global --add safe.directory /opt/app-root/src && \ go build -mod=readonly -tags=no_openssl -ldflags "${SERVER_LDFLAGS}" ./cmd/timestamp-server # debug compile options & debugger -FROM registry.redhat.io/ubi9/go-toolset:9.8@sha256:355b23fe885cf565c9313a7e98db742df0aec21456244e808942c56489594251 AS debug +FROM registry.redhat.io/ubi9/go-toolset:9.8-1782852234@sha256:9ef42b045aaabcaff14b76c75c086ec1479fbc7502c0587efdcedb2d721c46e5 AS debug RUN go install github.com/go-delve/delve/cmd/dlv@v1.9.0 # overwrite server and include debugger COPY --from=builder /opt/app-root/src/timestamp-server_debug /usr/local/bin/timestamp-server # Multi-Stage production build -FROM registry.access.redhat.com/ubi9-minimal@sha256:f5346fbb587b72b5376e66272935d22c62af78be2e8ea1dcf3e9e46865a9a2ee AS deploy +FROM registry.access.redhat.com/ubi9-minimal@sha256:8201445bebcb5bd4fe23fcc2a76cd5fec029ab401d270926a1563c03b36f0137 AS deploy LABEL description="The timestamp-authority is a process that provides a timestamp record of when a document was created or modified." LABEL io.k8s.description="The timestamp-authority is a process that provides a timestamp record of when a document was created or modified."