forked from bitcoin/bitcoin
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add sbom and provenance in release for dockerhub; use jammy; apt remove as possible #6160
Merged
PastaPastaPasta
merged 1 commit into
dashpay:develop
from
PastaPastaPasta:modernize-release-dockerhub
Aug 1, 2024
Merged
feat: add sbom and provenance in release for dockerhub; use jammy; apt remove as possible #6160
PastaPastaPasta
merged 1 commit into
dashpay:develop
from
PastaPastaPasta:modernize-release-dockerhub
Aug 1, 2024
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…t remove as possible
PastaPastaPasta
changed the title
feat: add smob and provenance in release for dockerhub; use jammy; apt remove as possible
feat: add sbom and provenance in release for dockerhub; use jammy; apt remove as possible
Jul 28, 2024
UdjinM6
approved these changes
Aug 1, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
utACK 9178e8a
PastaPastaPasta
added a commit
to PastaPastaPasta/dash
that referenced
this pull request
Aug 1, 2024
…erhub; use jammy; apt remove as possible 9178e8a feat: add smob and provenance in release for dockerhub; use jammy; apt remove as possible (pasta) Pull request description: ## Issue being fixed or feature implemented Docker provenance refers to the origin and history of Docker images, including how they were built, modified, and by whom. An SBOM (Software Bill of Materials) is a detailed list of all components in a software application, providing transparency about libraries, dependencies, and versions used, which is crucial for security and compliance. ## What was done? Add SBOM and provenance to docker build; this may allow some level of validation that GitHub actions is actually doing what it says it is. See this for more information https://docs.docker.com/build/ci/github-actions/attestations/ ## How Has This Been Tested? Building with buildx with sbom and provenance flags locally ## Breaking Changes None ## Checklist: _Go over all the following points, and put an `x` in all the boxes that apply._ - [x] I have performed a self-review of my own code - [ ] I have commented my code, particularly in hard-to-understand areas - [ ] I have added or updated relevant unit/integration/functional/e2e tests - [ ] I have made corresponding changes to the documentation - [x] I have assigned this pull request to a milestone _(for repository code-owners and collaborators only)_ ACKs for top commit: UdjinM6: utACK 9178e8a Tree-SHA512: 6e3f35a0b30f002e2d5d80d6dd18ee554a1c15c62c1d4cbe1185f38977f55a199998515cf5bb9a027670f068f3d56ef33faa062d8c4122a886375d00afe6bf2f
PastaPastaPasta
added a commit
that referenced
this pull request
Aug 1, 2024
5619c8f docs: add release notes for v21.0.1 and archive v21.0.0 (pasta) 9e80d12 Merge #6163: fix: use blocks-only instead of address-only for inventory (pasta) e10c5c9 Merge #6160: feat: add sbom and provenance in release for dockerhub; use jammy; apt remove as possible (pasta) Pull request description: ## Issue being fixed or feature implemented Backport PRs for v21.0.1 ## What was done? See commits ## How Has This Been Tested? See CI ## Breaking Changes None ## Checklist: _Go over all the following points, and put an `x` in all the boxes that apply._ - [x] I have performed a self-review of my own code - [ ] I have commented my code, particularly in hard-to-understand areas - [ ] I have added or updated relevant unit/integration/functional/e2e tests - [ ] I have made corresponding changes to the documentation - [x] I have assigned this pull request to a milestone _(for repository code-owners and collaborators only)_ ACKs for top commit: knst: utACK 5619c8f kwvg: utACK 5619c8f UdjinM6: utACK 5619c8f Tree-SHA512: 42c1e31319775e5800da2d82af00cae3aa0cee3baadd0123a809efc246d4ca5d0e6a4166b574e6ddebf66c0a80f4ee1655caff085f1687bb533889414a9fd4cf
PastaPastaPasta
added a commit
that referenced
this pull request
Aug 2, 2024
56cc39d chore: bump version to 21.0.2 (pasta) 5619c8f docs: add release notes for v21.0.1 and archive v21.0.0 (pasta) 9e80d12 Merge #6163: fix: use blocks-only instead of address-only for inventory (pasta) e10c5c9 Merge #6160: feat: add sbom and provenance in release for dockerhub; use jammy; apt remove as possible (pasta) Pull request description: ## Issue being fixed or feature implemented ## What was done? ## How Has This Been Tested? ## Breaking Changes ## Checklist: - [ ] I have performed a self-review of my own code - [ ] I have commented my code, particularly in hard-to-understand areas - [ ] I have added or updated relevant unit/integration/functional/e2e tests - [ ] I have made corresponding changes to the documentation - [ ] I have assigned this pull request to a milestone _(for repository code-owners and collaborators only)_ ACKs for top commit: PastaPastaPasta: utACK 0c11f0e; kwvg: utACK 0c11f0e Tree-SHA512: c8f81678ba9a742b3e1a674ffc291e30d63900fd1e1328bf5528210d0a983b9c5c9b3960ce76fd6ed8fd7014a92e09dcfa093bcd7a4bad2e3ea2d5e849ee28bc
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue being fixed or feature implemented
Docker provenance refers to the origin and history of Docker images, including how they were built, modified, and by whom. An SBOM (Software Bill of Materials) is a detailed list of all components in a software application, providing transparency about libraries, dependencies, and versions used, which is crucial for security and compliance.
What was done?
Add SBOM and provenance to docker build; this may allow some level of validation that GitHub actions is actually doing what it says it is.
See this for more information https://docs.docker.com/build/ci/github-actions/attestations/
How Has This Been Tested?
Building with buildx with sbom and provenance flags locally
Breaking Changes
None
Checklist:
Go over all the following points, and put an
x
in all the boxes that apply.