fix: add cache busting where missing

cloudnull · cloudnull · commit a2bc8bb04dcc · 2025-08-03T08:45:41.000-05:00
Signed-off-by: Kevin Carter &lt;kevin.carter@rackspace.com&gt;
diff --git a/.github/workflows/container-build-kube-ovn.yaml b/.github/workflows/container-build-kube-ovn.yaml
@@ -95,6 +95,7 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           build-args: |
             KUBE_OVN_VERSION=${{ matrix.kube-ovn-version }}
+            KUBE_OVN_VERSION_ENV=${{ matrix.kube-ovn-version }}
             CACHEBUST=${{ github.sha }}
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@0.28.0
@@ -152,4 +153,5 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           build-args: |
             KUBE_OVN_VERSION=${{ matrix.kube-ovn-version }}
+            KUBE_OVN_VERSION_ENV=${{ matrix.kube-ovn-version }}
             CACHEBUST=${{ github.sha }}
diff --git a/.github/workflows/container-build-kubernetes-entrypoint.yaml b/.github/workflows/container-build-kubernetes-entrypoint.yaml
@@ -62,6 +62,8 @@ jobs:
           tags: |
             ${{ env.IMAGE_NAME }}:local
           labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            CACHEBUST=${{ github.sha }}
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@0.28.0
         if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }}
@@ -115,3 +117,5 @@ jobs:
             ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
             ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.MY_DATE }}
           labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            CACHEBUST=${{ github.sha }}
diff --git a/.github/workflows/container-build-libguestfs.yaml b/.github/workflows/container-build-libguestfs.yaml
@@ -110,6 +110,7 @@ jobs:
           build-args: |
             GUESTFS_VERSION=${{ matrix.libguestfs-version }}
             GUESTFS_HIVEX_VERSION=${{ matrix.libguestfs-hivex-version }}
+            CACHEBUST=${{ github.sha }}
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@0.28.0
         if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }}
@@ -166,3 +167,4 @@ jobs:
           build-args: |
             GUESTFS_VERSION=${{ matrix.libguestfs-version }}
             GUESTFS_HIVEX_VERSION=${{ matrix.libguestfs-hivex-version }}
+            CACHEBUST=${{ github.sha }}
diff --git a/.github/workflows/container-build-ovs.yaml b/.github/workflows/container-build-ovs.yaml
@@ -95,6 +95,7 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           build-args: |
             OVS_VERSION=${{ matrix.ovs-version }}
+            CACHEBUST=${{ github.sha }}
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@0.28.0
         if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }}
@@ -150,3 +151,4 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           build-args: |
             OVS_VERSION=${{ matrix.ovs-version }}
+            CACHEBUST=${{ github.sha }}
diff --git a/.github/workflows/container-build-shibd.yaml b/.github/workflows/container-build-shibd.yaml
@@ -61,6 +61,8 @@ jobs:
           tags: |
             ${{ env.IMAGE_NAME }}:local
           labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            CACHEBUST=${{ github.sha }}
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@0.28.0
         if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }}
@@ -114,3 +116,5 @@ jobs:
             ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
             ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.MY_DATE }}
           labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            CACHEBUST=${{ github.sha }}
diff --git a/ContainerFiles/kube-ovn b/ContainerFiles/kube-ovn
@@ -4,7 +4,7 @@
 
 ARG KUBE_OVN_VERSION=v1.14.4
 FROM golang:1.24-bookworm AS dependency_build
-ARG KUBE_OVN_VERSION=v1.14.4
+ARG KUBE_OVN_VERSION_ENV=v1.14.4
 ARG CACHEBUST=0
 RUN export DEBIAN_FRONTEND=noninteractive \
   && apt-get update && apt-get upgrade -y \
@@ -13,7 +13,7 @@ RUN export DEBIAN_FRONTEND=noninteractive \
                                              build-essential
 RUN git clone --recursive https://github.com/kubeovn/kube-ovn /opt/kube-ovn
 WORKDIR /opt/kube-ovn
-RUN git checkout ${KUBE_OVN_VERSION} && \
+RUN git checkout ${KUBE_OVN_VERSION_ENV} && \
     git submodule update --init --recursive && \
     git submodule foreach --recursive git reset --hard && \
     git submodule foreach --recursive git clean -fdx
diff --git a/scripts/kube-ovn.sh b/scripts/kube-ovn.sh
@@ -1,12 +1,13 @@
 #!/usr/bin/env bash
 
-if [ ${KUBE_OVN_VERSION:-master} = "v1.14.4" ]; then
+if [ ${KUBE_OVN_VERSION_ENV:-master} = "v1.14.4" ]; then
     # CVE fixes CVE-2025-54388,CVE-2025-22870,CVE-2025-22872,CVE-2025-22868
     go get -u github.com/docker/docker
     go get -u golang.org/x/net
     go get -u golang.org/x/oauth2
-elif [ ${KUBE_OVN_VERSION:-master} = "v1.13.14" ]; then
-    # CVE fixes CVE-2025-22870,CVE-2025-22872,CVE-2025-22868
+elif [ ${KUBE_OVN_VERSION_ENV:-master} = "v1.13.14" ]; then
+    # CVE fixes CVE-2025-22870,CVE-2025-22872,CVE-2025-22868,GHSA-fv92-fjc5-jj9h
+    go get -u github.com/go-viper/mapstructure/v2
     go get -u golang.org/x/net
     go get -u golang.org/x/oauth2
 fi
