Xxc #1
Open
Xxc #1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Signed-off-by: Natalie Arellano <narellano@vmware.com>
… unit tests Signed-off-by: Natalie Arellano <narellano@vmware.com>
Run build containers with updated settings
Use the untrusted flow when buildpacks are added to a trusted builder
Signed-off-by: Natalie Arellano <narellano@vmware.com>
Ensure that the user has not requested to build an image with the same name as a builder of a lifecyle image. Signed-off-by: Aidan Delaney <adelaney21@bloomberg.net> Signed-off-by: Aidan Delaney <aidan.delaney@gmail.com> Signed-off-by: Aidan Delaney <adelaney21@bloomberg.net>
…emon Validate image name
Warn if NOT --pull-policy=always in container
Launch build containers in a separate ephemeral Docker bridge network
…ontainer Signed-off-by: Natalie Arellano <narellano@vmware.com>
When creating volume caches, incorporate "pack volume key" to avoid name collisions
Fixes from security review
Trust buildpacks provided when `--buildpack` is provided on the command line. Signed-off-by: Aidan Delaney <adelaney21@bloomberg.net>
Use the term "extra buildpacks" instead of "additional buildpacks" Signed-off-by: Aidan Delaney <adelaney21@bloomberg.net>
…ed repository. Signed-off-by: Hiroshi Hayakawa <hhiroshell@gmail.com>
…d repository. Signed-off-by: hhiroshell <hhiroshell@gmail.com>
Signed-off-by: hhiroshell <hhiroshell@gmail.com>
Signed-off-by: hhiroshell <hhiroshell@gmail.com>
Co-authored-by: Natalie Arellano <narellano@vmware.com> Signed-off-by: Hiroshi Hayakawa <hhiroshell@gmail.com>
Co-authored-by: Natalie Arellano <narellano@vmware.com> Signed-off-by: Hiroshi Hayakawa <hhiroshell@gmail.com>
Signed-off-by: Natalie Arellano <narellano@vmware.com>
…buildpacks Trust buildpacks in addition to those on the builder
…edia type Signed-off-by: Pavel Busko <pavel.busko@sap.com>
Signed-off-by: Anthony Dahanne <anthony.dahanne@gmail.com>
Add a helper script for testing GitHub Actions on forked repositories
Bumps [buildpacks/github-actions](https://github.com/buildpacks/github-actions) from 5.9.2 to 5.9.3. - [Release notes](https://github.com/buildpacks/github-actions/releases) - [Commits](buildpacks/github-actions@v5.9.2...v5.9.3) --- updated-dependencies: - dependency-name: buildpacks/github-actions dependency-version: 5.9.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 5. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v4...v5) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure) from 2.3.0 to 2.4.0. - [Release notes](https://github.com/go-viper/mapstructure/releases) - [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md) - [Commits](go-viper/mapstructure@v2.3.0...v2.4.0) --- updated-dependencies: - dependency-name: github.com/go-viper/mapstructure/v2 dependency-version: 2.4.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Fix Ubuntu PPA build failures for pack v0.38.2+ This fixes multiple critical issues preventing successful Ubuntu PPA builds: 1. **Update debian/compat**: 9 → 13 (modern debhelper compatibility) - Eliminates deprecation warnings - Ensures compatibility with current build environments 2. **Fix debian/control**: - Update debhelper dependency: (>=9) → (>= 13) to match compat level - Update Go requirement: (>=1.16) → (>=1.24) to match actual project needs 3. **Fix debian/rules Go cache handling**: - Change cache location: /tmp/.cache/go-build → $(CURDIR)/.cache/go-build - Avoids permission issues in Launchpad build environment - Use direct go build command instead of dh_auto_build for better control 4. **Update workflow Go version**: Update GO_DEP_ENTRY to require golang (>=1.24) These changes address the root causes of PPA build failures while maintaining compatibility with the GitHub Actions workflow and template system. Fixes #2417 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Fix debhelper compatibility for older Ubuntu distributions The previous fix used debhelper compat level 13, but Ubuntu Focal (20.04) only has debhelper 12 available in the main repository. This was causing build failures with 'Unmet build dependencies: debhelper (>= 13)'. Changes: - debian/compat: 13 → 11 (widely supported across all Ubuntu LTS versions) - debian/control: Update Build-Depends to 'debhelper (>= 11)' Compat level 11 provides all the modern features we need while maintaining compatibility with Ubuntu Bionic (18.04), Focal (20.04), and newer releases. Fixes the build failures seen in GitHub Actions run 16804133863. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Fix debian/rules build command for proper dh integration The direct 'go build' command was failing during Debian package testing because the temporary build directory didn't have the full source structure. This was causing 'stat /tmp/.../cmd/pack: directory not found' errors. Changes: - Restore 'dh_auto_build -- build' command for proper debhelper integration - Keep the Go cache environment variables and custom GOCACHE location - Maintain the cache cleanup to avoid permission issues The dh_auto_build command properly handles the build context and source directory structure that's expected in Debian packaging workflows. Fixes the build failures seen in GitHub Actions run 16804298363. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Revert to original working debian/rules build command The original dh_auto_build approach was working correctly. The main issues were Go version compatibility and debhelper version requirements, which have now been fixed separately. Changes: - Restore original 'dh_auto_build -- build' command - Use original /tmp/.cache/go-build cache location - Keep all environment variables and flags as originally designed This maintains compatibility with the existing packaging approach while incorporating the Go 1.24+ and debhelper 11 compatibility fixes. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> --------- Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: Claude <noreply@anthropic.com>
Ubuntu 18.04 LTS (Bionic Beaver) reached End of Life on May 31, 2023, and is causing build failures for pack v0.38.0+ due to Go 1.24 incompatibility on i386 architecture. Changes: - Remove 'bionic' from the Ubuntu delivery workflow matrix - Remove the bionic-specific delivery step from the workflow Impact: - Users on Ubuntu 18.04 should upgrade to a supported version (20.04+) - Last available pack version for Bionic remains v0.37.0 Supported Ubuntu versions after this change: - Ubuntu 20.04 LTS (Focal) - Ubuntu 22.04 LTS (Jammy) - Ubuntu 24.04 LTS (Noble) - Ubuntu 24.10 (Oracular) - Ubuntu 25.04 (Plucky) Fixes #2435 🤖 Generated with [Claude Code](https://claude.ai/code) Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: Claude <noreply@anthropic.com>
Bumps [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure) from 2.3.0 to 2.4.0. - [Release notes](https://github.com/go-viper/mapstructure/releases) - [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md) - [Commits](go-viper/mapstructure@v2.3.0...v2.4.0) --- updated-dependencies: - dependency-name: github.com/go-viper/mapstructure/v2 dependency-version: 2.4.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [buildpacks/github-actions](https://github.com/buildpacks/github-actions) from 5.9.3 to 5.9.4. - [Release notes](https://github.com/buildpacks/github-actions/releases) - [Commits](buildpacks/github-actions@v5.9.3...v5.9.4) --- updated-dependencies: - dependency-name: buildpacks/github-actions dependency-version: 5.9.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5 to 6. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v5...v6) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…4 updates (#2449) Bumps the go-dependencies group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/docker/cli](https://github.com/docker/cli) | `28.3.3+incompatible` | `28.5.0+incompatible` | | [github.com/docker/docker](https://github.com/docker/docker) | `28.3.3+incompatible` | `28.5.0+incompatible` | | [github.com/gdamore/tcell/v2](https://github.com/gdamore/tcell) | `2.8.1` | `2.9.0` | | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.16.2` | `5.16.3` | | [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.38.0` | `1.38.2` | | [github.com/rivo/tview](https://github.com/rivo/tview) | `0.0.0-20220307222120-9994674d60a8` | `0.42.0` | | [github.com/spf13/cobra](https://github.com/spf13/cobra) | `1.9.1` | `1.10.1` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.41.0` | `0.42.0` | | [golang.org/x/mod](https://github.com/golang/mod) | `0.27.0` | `0.28.0` | | [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.30.0` | `0.31.0` | Updates `github.com/docker/cli` from 28.3.3+incompatible to 28.5.0+incompatible - [Commits](docker/cli@v28.3.3...v28.5.0) Updates `github.com/docker/docker` from 28.3.3+incompatible to 28.5.0+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v28.3.3...v28.5.0) Updates `github.com/gdamore/tcell/v2` from 2.8.1 to 2.9.0 - [Release notes](https://github.com/gdamore/tcell/releases) - [Changelog](https://github.com/gdamore/tcell/blob/main/CHANGESv2.md) - [Commits](gdamore/tcell@v2.8.1...v2.9.0) Updates `github.com/go-git/go-git/v5` from 5.16.2 to 5.16.3 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.16.2...v5.16.3) Updates `github.com/onsi/gomega` from 1.38.0 to 1.38.2 - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.38.0...v1.38.2) Updates `github.com/rivo/tview` from 0.0.0-20220307222120-9994674d60a8 to 0.42.0 - [Release notes](https://github.com/rivo/tview/releases) - [Commits](https://github.com/rivo/tview/commits/v0.42.0) Updates `github.com/spf13/cobra` from 1.9.1 to 1.10.1 - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](spf13/cobra@v1.9.1...v1.10.1) Updates `golang.org/x/crypto` from 0.41.0 to 0.42.0 - [Commits](golang/crypto@v0.41.0...v0.42.0) Updates `golang.org/x/mod` from 0.27.0 to 0.28.0 - [Commits](golang/mod@v0.27.0...v0.28.0) Updates `golang.org/x/oauth2` from 0.30.0 to 0.31.0 - [Commits](golang/oauth2@v0.30.0...v0.31.0) Updates `golang.org/x/sync` from 0.16.0 to 0.17.0 - [Commits](golang/sync@v0.16.0...v0.17.0) Updates `golang.org/x/sys` from 0.35.0 to 0.36.0 - [Commits](golang/sys@v0.35.0...v0.36.0) Updates `golang.org/x/term` from 0.34.0 to 0.35.0 - [Commits](golang/term@v0.34.0...v0.35.0) Updates `golang.org/x/text` from 0.28.0 to 0.29.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.28.0...v0.29.0) --- updated-dependencies: - dependency-name: github.com/docker/cli dependency-version: 28.5.0+incompatible dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/docker/docker dependency-version: 28.5.0+incompatible dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/gdamore/tcell/v2 dependency-version: 2.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.16.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/onsi/gomega dependency-version: 1.38.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/rivo/tview dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/spf13/cobra dependency-version: 1.10.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/crypto dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/mod dependency-version: 0.28.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/oauth2 dependency-version: 0.31.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/sync dependency-version: 0.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/sys dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/term dependency-version: 0.35.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/text dependency-version: 0.29.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…@octokit/rest (#2338) Bumps [@octokit/plugin-paginate-rest](https://github.com/octokit/plugin-paginate-rest.js) to 9.2.2 and updates ancestor dependencies [@octokit/plugin-paginate-rest](https://github.com/octokit/plugin-paginate-rest.js), [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) and [@octokit/rest](https://github.com/octokit/rest.js). These dependencies need to be updated together. Updates `@octokit/plugin-paginate-rest` from 2.2.3 to 9.2.2 - [Release notes](https://github.com/octokit/plugin-paginate-rest.js/releases) - [Commits](octokit/plugin-paginate-rest.js@v2.2.3...v9.2.2) Updates `@actions/github` from 4.0.0 to 6.0.0 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github) Updates `@octokit/rest` from 18.0.0 to 21.1.1 - [Release notes](https://github.com/octokit/rest.js/releases) - [Commits](octokit/rest.js@v18.0.0...v21.1.1) --- updated-dependencies: - dependency-name: "@octokit/plugin-paginate-rest" dependency-type: indirect - dependency-name: "@actions/github" dependency-type: direct:production - dependency-name: "@octokit/rest" dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…#2370) Bumps [@octokit/request](https://github.com/octokit/request.js) to 8.4.1 and updates ancestor dependencies [@octokit/request](https://github.com/octokit/request.js), [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) and [@octokit/rest](https://github.com/octokit/rest.js). These dependencies need to be updated together. Updates `@octokit/request` from 5.6.3 to 8.4.1 - [Release notes](https://github.com/octokit/request.js/releases) - [Commits](octokit/request.js@v5.6.3...v8.4.1) Updates `@actions/github` from 4.0.0 to 6.0.0 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github) Updates `@octokit/rest` from 18.0.0 to 21.1.1 - [Release notes](https://github.com/octokit/rest.js/releases) - [Commits](octokit/rest.js@v18.0.0...v21.1.1) --- updated-dependencies: - dependency-name: "@octokit/request" dependency-version: 8.4.1 dependency-type: indirect - dependency-name: "@actions/github" dependency-version: 6.0.0 dependency-type: direct:production - dependency-name: "@octokit/rest" dependency-version: 21.1.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the go-dependencies group with 8 updates: | Package | From | To | | --- | --- | --- | | [github.com/docker/cli](https://github.com/docker/cli) | `28.5.0+incompatible` | `28.5.1+incompatible` | | [github.com/docker/docker](https://github.com/docker/docker) | `28.5.0+incompatible` | `28.5.1+incompatible` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.42.0` | `0.43.0` | | [golang.org/x/mod](https://github.com/golang/mod) | `0.28.0` | `0.29.0` | | [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.31.0` | `0.32.0` | | [golang.org/x/sys](https://github.com/golang/sys) | `0.36.0` | `0.37.0` | | [golang.org/x/term](https://github.com/golang/term) | `0.35.0` | `0.36.0` | | [golang.org/x/text](https://github.com/golang/text) | `0.29.0` | `0.30.0` | Updates `github.com/docker/cli` from 28.5.0+incompatible to 28.5.1+incompatible - [Commits](docker/cli@v28.5.0...v28.5.1) Updates `github.com/docker/docker` from 28.5.0+incompatible to 28.5.1+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v28.5.0...v28.5.1) Updates `golang.org/x/crypto` from 0.42.0 to 0.43.0 - [Commits](golang/crypto@v0.42.0...v0.43.0) Updates `golang.org/x/mod` from 0.28.0 to 0.29.0 - [Commits](golang/mod@v0.28.0...v0.29.0) Updates `golang.org/x/oauth2` from 0.31.0 to 0.32.0 - [Commits](golang/oauth2@v0.31.0...v0.32.0) Updates `golang.org/x/sys` from 0.36.0 to 0.37.0 - [Commits](golang/sys@v0.36.0...v0.37.0) Updates `golang.org/x/term` from 0.35.0 to 0.36.0 - [Commits](golang/term@v0.35.0...v0.36.0) Updates `golang.org/x/text` from 0.29.0 to 0.30.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.29.0...v0.30.0) --- updated-dependencies: - dependency-name: github.com/docker/cli dependency-version: 28.5.1+incompatible dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/docker/docker dependency-version: 28.5.1+incompatible dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: golang.org/x/crypto dependency-version: 0.43.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/mod dependency-version: 0.29.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/oauth2 dependency-version: 0.32.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/sys dependency-version: 0.37.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/term dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/text dependency-version: 0.30.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Use Docker API version negotiation instead of hardcoded version Fixes #2464 This change replaces all hardcoded Docker API version 1.38 references with WithAPIVersionNegotiation(), allowing pack to automatically adapt to the Docker daemon's supported API version. Changes: - Updated main client initialization to use API version negotiation - Updated SSH Docker client to use API version negotiation - Updated all test files to use API version negotiation - Upgraded fake-lifecycle test dependencies from Docker client v1.4.2 (2019) to v28.5.1 - Fixed fake-lifecycle imports and API calls for compatibility with modern Docker client Benefits: - Works with modern Docker daemons requiring API 1.44+ (Docker 27+) - Backward compatible with older Docker versions - Future-proof - no need to update hardcoded versions - Solves Windows runner issue without requiring Docker 27 upgrade 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Update Example_build test to use newer builder with modern lifecycle The cnbs/sample-builder:noble builder includes a recent lifecycle version that supports Docker API 1.44+, fixing the test failure on systems with modern Docker daemons (Docker 27+). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Downgrade fake-lifecycle dependencies for Go 1.23 compatibility Updated fake-lifecycle test module to support Go 1.23.4 (Windows runner): - Downgraded lifecycle from v0.20.11 to v0.19.3 - Downgraded go-containerregistry from v0.20.6 to v0.19.2 - Set Go requirement to 1.23 (compatible with Go 1.23.4) - Updated Dockerfile to use golang:1.23 base image The older versions still support Docker API 1.44+ and work correctly with modern Docker daemons requiring minimum API version 1.44. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> --------- Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: Claude <noreply@anthropic.com>
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.43.0 to 0.45.0. - [Commits](golang/crypto@v0.43.0...v0.45.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.45.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Juan Bustamante <bustamantejj@gmail.com>
…o v1.13.0 (#2476) * build(deps): bump @octokit/plugin-paginate-rest, @actions/github and @octokit/rest (#2338) Bumps [@octokit/plugin-paginate-rest](https://github.com/octokit/plugin-paginate-rest.js) to 9.2.2 and updates ancestor dependencies [@octokit/plugin-paginate-rest](https://github.com/octokit/plugin-paginate-rest.js), [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) and [@octokit/rest](https://github.com/octokit/rest.js). These dependencies need to be updated together. Updates `@octokit/plugin-paginate-rest` from 2.2.3 to 9.2.2 - [Release notes](https://github.com/octokit/plugin-paginate-rest.js/releases) - [Commits](octokit/plugin-paginate-rest.js@v2.2.3...v9.2.2) Updates `@actions/github` from 4.0.0 to 6.0.0 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github) Updates `@octokit/rest` from 18.0.0 to 21.1.1 - [Release notes](https://github.com/octokit/rest.js/releases) - [Commits](octokit/rest.js@v18.0.0...v21.1.1) --- updated-dependencies: - dependency-name: "@octokit/plugin-paginate-rest" dependency-type: indirect - dependency-name: "@actions/github" dependency-type: direct:production - dependency-name: "@octokit/rest" dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * build(deps): bump @octokit/request, @actions/github and @octokit/rest (#2370) Bumps [@octokit/request](https://github.com/octokit/request.js) to 8.4.1 and updates ancestor dependencies [@octokit/request](https://github.com/octokit/request.js), [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) and [@octokit/rest](https://github.com/octokit/rest.js). These dependencies need to be updated together. Updates `@octokit/request` from 5.6.3 to 8.4.1 - [Release notes](https://github.com/octokit/request.js/releases) - [Commits](octokit/request.js@v5.6.3...v8.4.1) Updates `@actions/github` from 4.0.0 to 6.0.0 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github) Updates `@octokit/rest` from 18.0.0 to 21.1.1 - [Release notes](https://github.com/octokit/rest.js/releases) - [Commits](octokit/rest.js@v18.0.0...v21.1.1) --- updated-dependencies: - dependency-name: "@octokit/request" dependency-version: 8.4.1 dependency-type: indirect - dependency-name: "@actions/github" dependency-version: 6.0.0 dependency-type: direct:production - dependency-name: "@octokit/rest" dependency-version: 21.1.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * build(deps): bump the go-dependencies group with 8 updates (#2453) Bumps the go-dependencies group with 8 updates: | Package | From | To | | --- | --- | --- | | [github.com/docker/cli](https://github.com/docker/cli) | `28.5.0+incompatible` | `28.5.1+incompatible` | | [github.com/docker/docker](https://github.com/docker/docker) | `28.5.0+incompatible` | `28.5.1+incompatible` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.42.0` | `0.43.0` | | [golang.org/x/mod](https://github.com/golang/mod) | `0.28.0` | `0.29.0` | | [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.31.0` | `0.32.0` | | [golang.org/x/sys](https://github.com/golang/sys) | `0.36.0` | `0.37.0` | | [golang.org/x/term](https://github.com/golang/term) | `0.35.0` | `0.36.0` | | [golang.org/x/text](https://github.com/golang/text) | `0.29.0` | `0.30.0` | Updates `github.com/docker/cli` from 28.5.0+incompatible to 28.5.1+incompatible - [Commits](docker/cli@v28.5.0...v28.5.1) Updates `github.com/docker/docker` from 28.5.0+incompatible to 28.5.1+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v28.5.0...v28.5.1) Updates `golang.org/x/crypto` from 0.42.0 to 0.43.0 - [Commits](golang/crypto@v0.42.0...v0.43.0) Updates `golang.org/x/mod` from 0.28.0 to 0.29.0 - [Commits](golang/mod@v0.28.0...v0.29.0) Updates `golang.org/x/oauth2` from 0.31.0 to 0.32.0 - [Commits](golang/oauth2@v0.31.0...v0.32.0) Updates `golang.org/x/sys` from 0.36.0 to 0.37.0 - [Commits](golang/sys@v0.36.0...v0.37.0) Updates `golang.org/x/term` from 0.35.0 to 0.36.0 - [Commits](golang/term@v0.35.0...v0.36.0) Updates `golang.org/x/text` from 0.29.0 to 0.30.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.29.0...v0.30.0) --- updated-dependencies: - dependency-name: github.com/docker/cli dependency-version: 28.5.1+incompatible dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/docker/docker dependency-version: 28.5.1+incompatible dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: golang.org/x/crypto dependency-version: 0.43.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/mod dependency-version: 0.29.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/oauth2 dependency-version: 0.32.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/sys dependency-version: 0.37.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/term dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/text dependency-version: 0.30.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * fix(security): resolve CVE-GHSA-cgrx-mc8f-2prm by upgrading selinux to v1.13.0 Migrated from unmaintained GoogleContainerTools/kaniko to the actively maintained Chainguard fork (v1.25.4), updated lifecycle to v0.20.19, and upgraded opencontainers/selinux from v1.12.0 to v1.13.0 to fix GHSA-cgrx-mc8f-2prm. This also upgraded golang.org/x/crypto from v0.43.0 to v0.45.0, resolving additional CVEs. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Use Docker API version negotiation instead of hardcoded version Fixes #2464 This change replaces all hardcoded Docker API version 1.38 references with WithAPIVersionNegotiation(), allowing pack to automatically adapt to the Docker daemon's supported API version. Changes: - Updated main client initialization to use API version negotiation - Updated SSH Docker client to use API version negotiation - Updated all test files to use API version negotiation - Upgraded fake-lifecycle test dependencies from Docker client v1.4.2 (2019) to v28.5.1 - Fixed fake-lifecycle imports and API calls for compatibility with modern Docker client Benefits: - Works with modern Docker daemons requiring API 1.44+ (Docker 27+) - Backward compatible with older Docker versions - Future-proof - no need to update hardcoded versions - Solves Windows runner issue without requiring Docker 27 upgrade 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Update Example_build test to use newer builder with modern lifecycle The cnbs/sample-builder:noble builder includes a recent lifecycle version that supports Docker API 1.44+, fixing the test failure on systems with modern Docker daemons (Docker 27+). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Downgrade fake-lifecycle dependencies for Go 1.23 compatibility Updated fake-lifecycle test module to support Go 1.23.4 (Windows runner): - Downgraded lifecycle from v0.20.11 to v0.19.3 - Downgraded go-containerregistry from v0.20.6 to v0.19.2 - Set Go requirement to 1.23 (compatible with Go 1.23.4) - Updated Dockerfile to use golang:1.23 base image The older versions still support Docker API 1.44+ and work correctly with modern Docker daemons requiring minimum API version 1.44. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * updating fake-lifecycle go version Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Use Docker API version negotiation instead of hardcoded version (#2474) * Use Docker API version negotiation instead of hardcoded version Fixes #2464 This change replaces all hardcoded Docker API version 1.38 references with WithAPIVersionNegotiation(), allowing pack to automatically adapt to the Docker daemon's supported API version. Changes: - Updated main client initialization to use API version negotiation - Updated SSH Docker client to use API version negotiation - Updated all test files to use API version negotiation - Upgraded fake-lifecycle test dependencies from Docker client v1.4.2 (2019) to v28.5.1 - Fixed fake-lifecycle imports and API calls for compatibility with modern Docker client Benefits: - Works with modern Docker daemons requiring API 1.44+ (Docker 27+) - Backward compatible with older Docker versions - Future-proof - no need to update hardcoded versions - Solves Windows runner issue without requiring Docker 27 upgrade 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Update Example_build test to use newer builder with modern lifecycle The cnbs/sample-builder:noble builder includes a recent lifecycle version that supports Docker API 1.44+, fixing the test failure on systems with modern Docker daemons (Docker 27+). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Downgrade fake-lifecycle dependencies for Go 1.23 compatibility Updated fake-lifecycle test module to support Go 1.23.4 (Windows runner): - Downgraded lifecycle from v0.20.11 to v0.19.3 - Downgraded go-containerregistry from v0.20.6 to v0.19.2 - Set Go requirement to 1.23 (compatible with Go 1.23.4) - Updated Dockerfile to use golang:1.23 base image The older versions still support Docker API 1.44+ and work correctly with modern Docker daemons requiring minimum API version 1.44. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> --------- Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: Claude <noreply@anthropic.com> * fix code format Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Claude <noreply@anthropic.com>
… updates (#2479) Bumps the go-dependencies group with 3 updates in the / directory: [github.com/chainguard-dev/kaniko](https://github.com/chainguard-dev/kaniko), [github.com/gdamore/tcell/v2](https://github.com/gdamore/tcell) and [golang.org/x/mod](https://github.com/golang/mod). Updates `github.com/chainguard-dev/kaniko` from 1.25.4 to 1.25.5 - [Release notes](https://github.com/chainguard-dev/kaniko/releases) - [Changelog](https://github.com/chainguard-dev/kaniko/blob/main/CHANGELOG.md) - [Commits](chainguard-forks/kaniko@v1.25.4...v1.25.5) Updates `github.com/gdamore/tcell/v2` from 2.9.0 to 2.11.0 - [Release notes](https://github.com/gdamore/tcell/releases) - [Changelog](https://github.com/gdamore/tcell/blob/main/CHANGESv2.md) - [Commits](gdamore/tcell@v2.9.0...v2.11.0) Updates `golang.org/x/mod` from 0.29.0 to 0.30.0 - [Commits](golang/mod@v0.29.0...v0.30.0) --- updated-dependencies: - dependency-name: github.com/chainguard-dev/kaniko dependency-version: 1.25.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/gdamore/tcell/v2 dependency-version: 2.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/mod dependency-version: 0.30.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* When fetching lifecycle image, use a platform-specific digest to avoid containerd storage issues Signed-off-by: Natalie Arellano <natalie.p.arellano@gmail.com> * Log platform-specific digest resolution Add debug message showing original tag and resolved digest when FetchForPlatform resolves manifest lists, improving visibility and maintaining test compatibility. Signed-off-by: Natalie Arellano <natalie.p.arellano@gmail.com> * Make lifecycle image cleanup optional Ignore errors when lifecycle image doesn't exist by tag during cleanup, as it may have been pulled by digest instead. Signed-off-by: Natalie Arellano <natalie.p.arellano@gmail.com> * Add comprehensive test coverage for FetchForPlatform method This commit adds test coverage for the FetchForPlatform implementation, specifically testing the platform-specific digest resolution logic including the manifest list code path. Changes: - Add 10 test cases covering various scenarios: * Nil target delegation to regular Fetch * Multi-platform image resolution for different architectures * True manifest list handling with multiple platforms * Platform matching and mismatch error cases * Single-platform image validation * Insecure registry support * Platform variant handling * Non-existent image error handling - Add SetUpRandomRemoteIndexWithPlatforms helper in testhelpers * Uses imgutil for image creation and index management * Follows the pattern from manifest_create.go * Creates multi-platform indexes using CNBIndex * Properly sets platform metadata (OS, Architecture) All 41 tests in the image package pass successfully. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Fix platform mismatch in insecure registries test The test was creating an image without specifying a platform (defaulting to linux/amd64) but then trying to fetch it with runtime.GOOS/GOARCH, which fails on Windows runners where the OS is "windows". Now the test creates the image with the same platform it will fetch, ensuring consistency across all platforms. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> --------- Signed-off-by: Natalie Arellano <natalie.p.arellano@gmail.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: Claude <noreply@anthropic.com>
Build and lint using go 1.25 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: Claude <noreply@anthropic.com>
Update remaining references to lifecycle version to match go.mod which already has v0.20.19 Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
…#2414 (#2432) * fix: allow image extensions based on buildpack API Signed-off-by: vky5 <vky05@proton.me> * Move extension validation to client layer and check Platform API version - Move validation from command layer (builder_create.go, create_builder.go) to client layer (pkg/client/create_builder.go) - Check Platform API version instead of lifecycle version to determine if extensions are stable (>= 0.13) or experimental (< 0.13) - Use lifecycle's LessThan() method for version comparison - Add comprehensive tests for Platform API validation scenarios: * Platform API >= 0.13 allows extensions without experimental flag * Platform API < 0.13 requires experimental flag for extensions * Builders without extensions work regardless of Platform API version - Create platform-0.13 test lifecycle data with Platform API 0.3-0.13 - Add prepareExtensions() test helper that configures both extensions and appropriate lifecycle for testing This fixes the issue where users get experimental extension errors even when using lifecycle with Platform API 0.13 where extensions are stable. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Run make format to remove extra blank lines 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * Fix linting errors by removing deprecated API usage - Remove fallback to deprecated descriptor.API.PlatformVersion - Use only descriptor.APIs.Platform.Supported (new API) - Skip validation if Platform API information is unavailable - Remove unused github.com/buildpacks/lifecycle/api import This fixes staticcheck SA1019 warnings about using deprecated API fields. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> --------- Signed-off-by: vky5 <vky05@proton.me> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: Claude <noreply@anthropic.com>
Upgrades imgutil from v0.0.0-20250814164739-4b1c8875ba7e to v0.0.0-20250909162057-9db16db815e3 to fix an issue where builder images created with Docker's containerd snapshotter storage driver had malformed manifests. The bug caused the first several base image layers to be replaced with empty blob references in the manifest, while the config retained correct diff_ids. This created invalid images that failed OCI spec validation with tools like skopeo. The fix was already merged in buildpacks/imgutil#297, which reverted the problematic "fast path" optimization commits. Resolves #2490 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: Claude <noreply@anthropic.com>
… updates (#2494) Bumps the go-dependencies group with 3 updates in the / directory: [github.com/gdamore/tcell/v2](https://github.com/gdamore/tcell), [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) and [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry). Updates `github.com/gdamore/tcell/v2` from 2.11.0 to 2.12.2 - [Release notes](https://github.com/gdamore/tcell/releases) - [Changelog](https://github.com/gdamore/tcell/blob/main/CHANGESv2.md) - [Commits](gdamore/tcell@v2.11.0...v2.12.2) Updates `github.com/go-git/go-git/v5` from 5.16.3 to 5.16.4 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.16.3...v5.16.4) Updates `github.com/google/go-containerregistry` from 0.20.6 to 0.20.7 - [Release notes](https://github.com/google/go-containerregistry/releases) - [Commits](google/go-containerregistry@v0.20.6...v0.20.7) --- updated-dependencies: - dependency-name: github.com/gdamore/tcell/v2 dependency-version: 2.12.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.16.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/google/go-containerregistry dependency-version: 0.20.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
#2498) * fix: Skip platform-specific digest resolution with --pull-policy never When using --pull-policy never, pack now skips the platform-specific digest resolution that requires network access to fetch the manifest list. Instead, it uses the image name directly from the daemon. This fix addresses issue #2496 where builds fail when using --pull-policy never because pack cannot resolve the platform-specific digest of the lifecycle image without network access. The trade-off is that users may encounter containerd storage issues if Docker is configured to use containerd storage. In such cases, users should manually pull the platform-specific digest or use a different pull policy. Related to PR #2467 which introduced platform-specific digest resolution to fix containerd storage issues. Fixes #2496 Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * test: Use daemon OS instead of runtime OS in PullNever test This fixes test failures on Windows runners running Linux containers. The test was using runtime.GOOS which returns 'windows' on Windows hosts, but the Docker daemon may be running Linux containers. Now we use the daemon's actual OS type queried via docker.Info(). Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> --------- Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
#2501) This commit updates the Go version from 1.25.3 to 1.25.5 to fix two security vulnerabilities in the Go standard library. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
…nners (#2506) This commit addresses issue #2505 by removing the dependency on the Equinix Metal self-hosted Windows LCOW runner, which is being sunset. Changes: - Replaced windows-lcow config with windows config using windows-latest runner - Set NO_DOCKER=true for Windows testing (GitHub runners don't support LCOW) - Added step to install Make via Chocolatey for Windows runner - Windows tests will run unit tests without Docker-dependent tests - Maintains pack.exe artifact generation for Chocolatey distribution The new configuration: - Runs basic pack CLI tests on Windows to validate it works - Does not run Docker/LCOW tests (requires nested virtualization) - Ensures Windows binaries continue to be built for releases - Uses GitHub-hosted infrastructure instead of self-hosted Equinix Metal Resolves #2505 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
…2507) Ubuntu 24.10 "Oracular Oriole" has reached End of Life (July 11, 2025) and the Ubuntu repositories have been removed from the main archive, causing delivery workflow failures. Fixes #2504 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Signed-off-by: Robert Gogolok <gogolok@gmail.com>
The previous link https://podman.io/getting-started/ points to a 404 page. Signed-off-by: Robert Gogolok <gogolok@gmail.com>
* chore: migrate from docker/docker to moby/moby client Migrates all Docker client usage from github.com/docker/docker to github.com/moby/moby/client following imgutil's PR #299 migration. Key changes: - Updated all DockerClient interfaces to use moby Result types (ImageHistoryResult, ContainerInspectResult, etc.) - Migrated to Options pattern for API calls (ImagePullOptions, ContainerInspectOptions, etc.) - Updated Result field access patterns (result.Items, result.Info, etc.) - Fixed platform validation by passing dist.Target directly to ImagePull instead of string conversion - Regenerated mocks for moby's APIClient interface - Updated test assertions for moby's type system changes - Fixed go.mod dependencies (moby packages now direct) All tests passing (304 tests across pkg/client, pkg/image, internal/build). Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * chore: migrate acceptance test manager to moby client Updated acceptance/managers/image_manager.go to use the new moby client API. Key changes: - Updated imports from github.com/docker/docker to github.com/moby/moby - Changed dockerCli type from client.APIClient to *client.Client - Updated method signatures to use Options pattern: - Info() now requires client.InfoOptions{} and accesses .Info.OSType - ImageTag() uses client.ImageTagOptions with Source/Target fields - ImageInspect() returns Result type, access .InspectResponse field - ContainerCreate() uses client.ContainerCreateOptions struct - ContainerStart() uses client.ContainerStartOptions{} - ContainerKill() uses client.ContainerKillOptions{Signal: "SIGKILL"} - ContainerRemove() uses client.ContainerRemoveOptions{Force: true} - ContainerInspect() requires client.ContainerInspectOptions{} and returns Result - Updated network port types: - Use network.MustParsePort() to create network.Port values - Changed from nat.PortSet/PortMap to network.PortSet/PortMap - Updated PortBinding from nat.PortBinding to network.PortBinding - Fixed Result type accesses: - ContainerInspect: access result.Container instead of result directly - ImageInspect: access result.InspectResponse - Info: access result.Info.OSType This completes the migration from docker/docker to moby/moby client across all test code. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * fix: use concrete Client type in acceptance tests Changed all dockerCli parameter and variable types from client.APIClient interface to *client.Client concrete type to match the updated helper functions and managers that now require the concrete type. Changes: - Updated global dockerCli variable type - Updated createStack() and createStackImage() parameter types - Changed dockertypes.ImageBuildOptions to client.ImageBuildOptions - Removed unused github.com/docker/docker/api/types import This fixes compilation errors where the interface type couldn't be used as the concrete type without type assertion. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * fixing format issues Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * fix: migrate to client.New() and remove deprecated APIs Updated all docker client initialization to use the new client.New() function instead of the deprecated NewClientWithOpts(). The new API enables API version negotiation by default, so WithAPIVersionNegotiation() is no longer needed. Changes: - Replaced all NewClientWithOpts() calls with New() - Removed WithAPIVersionNegotiation() option (now default behavior) - Updated cmd/docker_init.go, pkg/client/client.go, and all test files - Ran go mod tidy to clean up dependencies Note: internal/build/testdata/fake-lifecycle/phase.go still uses the old API since it references the legacy github.com/docker/docker/client package and is built in a separate container context during tests. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * test: skip report tests for pack versions < v0.40.0 The report tests expect the fixture to show Platform API 0.14 and 0.15, which are only supported in lifecycle 0.21.0+. Pack versions before v0.40.0 use lifecycle 0.20.x which only supports Platform APIs up to 0.13. Added PlatformAPI_0_14 feature flag that checks if pack >= v0.40.0. The report tests now skip when testing with older pack versions that don't support Platform APIs 0.14, 0.15. This fixes the acceptance-combo (current, current, previous) test failure where current pack (with lifecycle 0.21.0) outputs Platform APIs 0.3-0.15, but the test was incorrectly expecting 0.3-0.13 due to the fixture override file that was being picked up. Removed the pack_previous_fixtures_overrides/report_output.txt file as the override directory approach didn't work correctly for this test case. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> * fix: add Platform API 0.14 and 0.15 support When we updated to lifecycle 0.21.0, we updated the fixture file to expect Platform APIs 0.14 and 0.15, but forgot to update the SupportedPlatformAPIVersions in the code. The pack report command reads from build.SupportedPlatformAPIVersions to display which Platform APIs are supported, so this was causing a mismatch between the fixture expectation and the actual output. Changes: - Added api.MustParse("0.14") and api.MustParse("0.15") to SupportedPlatformAPIVersions in internal/build/lifecycle_executor.go - Removed the PlatformAPI_0_14 feature flag and skip logic from acceptance tests (no longer needed) This fixes the acceptance test failures where the fixture expected Platform APIs up to 0.15 but pack was only reporting up to 0.13. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> --------- Signed-off-by: Juan Bustamante <bustamantejj@gmail.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
* WIP - adding flag to set the CNB_EXEC_ENV
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* adding . and - to the regular expression to validate and cnn exec env
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* WIP - adding exec-env on project.toml schema verion 0.3, it is still in progress
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* fixing some lint errors
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* WIP - refacting test case
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* adding more test cases
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* adding exec-env to builder.toml
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* adding exec-env to builder.toml
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* Adding unit test for exec-env in buildpack.toml
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* Removing for now the platform API version validation
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* Fixing unit tests
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* fixing some unit tests
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* Fixing formatting issue
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* Test Coverage Improvements Summary
Changes Made:
1. internal/build/lifecycle_executor.go (2 lines added)
- Added Platform API versions 0.14 and 0.15 to SupportedPlatformAPIVersions
- This allows pack to support the new execution environment feature which requires Platform API 0.15
2. internal/build/phase_config_provider.go (1 line changed)
- Updated the Platform API version check from 0.13 to 0.15 for the CNB_EXEC_ENV environment variable
3. internal/build/fakes/fake_builder.go (7 lines added)
- Added WithExecutionEnvironment() helper function for tests
- Allows tests to easily set the execution environment in lifecycle options
4. internal/build/phase_config_provider_test.go (41 lines added)
- Added comprehensive tests for the execution environment feature:
- ✅ Test that CNB_EXEC_ENV is set when Platform API >= 0.15
- ✅ Test that CNB_EXEC_ENV is NOT set when Platform API < 0.15
- Added import for "github.com/buildpacks/lifecycle/api" package
Existing Test Coverage (Already in PR):
1. internal/commands/build_test.go
- ✅ Tests that default exec-env is 'production'
- ✅ Tests with valid characters (letters, numbers, dots, hyphens)
- ✅ Tests with invalid characters (shows proper error)
- ✅ Comprehensive validation tests for exec-env flag
2. builder/config_reader_test.go
- ✅ Tests reading exec-env from builder configuration
3. pkg/project/project_test.go
- ✅ Tests reading exec-env from project.toml (schema v0.3)
- ✅ Tests for buildpack groups, pre-groups, and post-groups
Test Results:
- All phase config provider tests: PASSING ✅
- All build command tests: PASSING ✅
- Coverage for exec-env flag validation: COMPLETE ✅
- Coverage for CNB_EXEC_ENV environment variable: COMPLETE ✅
- Coverage for Platform API version gating: COMPLETE ✅
The test coverage for your ExecutionEnvironment feature is now comprehensive and covers:
- Command-line flag validation
- Environment variable setting based on Platform API version
- Builder and project configuration reading
- Edge cases and error conditions
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* Fixing Acceptance Tests API Platform expected versions
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* fix: add missing api import in phase_config_provider_test
Add missing import for github.com/buildpacks/lifecycle/api package
required by execution environment tests that use api.MustParse().
The tests added in this branch for CNB_EXEC_ENV functionality
reference api.Version and api.MustParse() but the import was missing,
causing compilation errors after merging latest changes from main.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
---------
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Output
Before
After
Documentation
Related
Resolves #___