diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 1068bc1c..8a99f59e 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-08-26T11:08:45Z by kres 6262116. +# Generated on 2025-11-18T08:42:08Z by kres e1d6dac. concurrency: group: ${{ github.head_ref || github.run_id }} @@ -26,15 +26,14 @@ jobs: packages: write pull-requests: read runs-on: - - self-hosted - - pkgs + group: pkgs if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/')) outputs: labels: ${{ steps.retrieve-pr-labels.outputs.result }} steps: - name: gather-system-info id: system-info - uses: kenchan0130/actions-system-info@v1.3.1 + uses: kenchan0130/actions-system-info@v1.4.0 continue-on-error: true - name: print-system-info run: | @@ -121,21 +120,20 @@ jobs: make release-notes - name: Release if: startsWith(github.ref, 'refs/tags/') - uses: crazy-max/ghaction-github-release@v2 + uses: softprops/action-gh-release@v2 with: body_path: _out/RELEASE_NOTES.md draft: "true" reproducibility: runs-on: - - self-hosted - - pkgs + group: pkgs if: contains(fromJSON(needs.default.outputs.labels), 'integration/reproducibility') needs: - default steps: - name: gather-system-info id: system-info - uses: kenchan0130/actions-system-info@v1.3.1 + uses: kenchan0130/actions-system-info@v1.4.0 continue-on-error: true - name: print-system-info run: | diff --git a/.github/workflows/slack-notify-ci-failure.yaml b/.github/workflows/slack-notify-ci-failure.yaml index d3015cc0..8f866532 100644 --- a/.github/workflows/slack-notify-ci-failure.yaml +++ b/.github/workflows/slack-notify-ci-failure.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-08-26T11:08:45Z by kres 6262116. +# Generated on 2025-11-18T08:42:08Z by kres e1d6dac. "on": workflow_run: @@ -14,8 +14,7 @@ name: slack-notify-failure jobs: slack-notify: runs-on: - - self-hosted - - generic + group: generic if: github.event.workflow_run.conclusion == 'failure' && github.event.workflow_run.event != 'pull_request' steps: - name: Slack Notify diff --git a/.github/workflows/slack-notify.yaml b/.github/workflows/slack-notify.yaml index 276a59ad..fc54f179 100644 --- a/.github/workflows/slack-notify.yaml +++ b/.github/workflows/slack-notify.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-08-26T11:08:45Z by kres 6262116. +# Generated on 2025-11-18T08:42:08Z by kres e1d6dac. "on": workflow_run: @@ -13,8 +13,7 @@ name: slack-notify jobs: slack-notify: runs-on: - - self-hosted - - generic + group: generic if: github.event.workflow_run.conclusion != 'skipped' steps: - name: Get PR number diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index ac56901d..d5d9c54d 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-07-30T10:56:52Z by kres 5fb5b90. +# Generated on 2025-11-18T08:42:08Z by kres e1d6dac. "on": schedule: @@ -15,7 +15,7 @@ jobs: - ubuntu-latest steps: - name: Close stale issues and PRs - uses: actions/stale@v9.1.0 + uses: actions/stale@v10.1.0 with: close-issue-message: This issue was closed because it has been stalled for 7 days with no activity. days-before-issue-close: "5" diff --git a/.github/workflows/weekly.yaml b/.github/workflows/weekly.yaml index 2e0b5005..e0443609 100644 --- a/.github/workflows/weekly.yaml +++ b/.github/workflows/weekly.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-08-26T11:08:45Z by kres 6262116. +# Generated on 2025-11-18T08:42:08Z by kres e1d6dac. concurrency: group: ${{ github.head_ref || github.run_id }} @@ -12,12 +12,11 @@ name: weekly jobs: reproducibility: runs-on: - - self-hosted - - pkgs + group: pkgs steps: - name: gather-system-info id: system-info - uses: kenchan0130/actions-system-info@v1.3.1 + uses: kenchan0130/actions-system-info@v1.4.0 continue-on-error: true - name: print-system-info run: | diff --git a/.kres.yaml b/.kres.yaml index 7da23a6f..2d9f107b 100644 --- a/.kres.yaml +++ b/.kres.yaml @@ -78,11 +78,11 @@ spec: - name: EXTENSIONS_IMAGE_REF defaultValue: $(REGISTRY_AND_USERNAME)/extensions:$(TAG) - name: PKGS - defaultValue: v1.10.0-34-g88700c7 + defaultValue: v1.10.0-37-g71b336d - name: PKGS_PREFIX defaultValue: ghcr.io/siderolabs - name: TOOLS - defaultValue: v1.10.0-6-g306d9d9 + defaultValue: v1.10.0-7-g39357c8 - name: TOOLS_PREFIX defaultValue: ghcr.io/siderolabs useBldrPkgTagResolver: true @@ -209,7 +209,3 @@ spec: - matchPackageNames: - git://linux-nfs.org/~steved/libtirpc versioning: 'regex:^(?\d+)-(?\d+)-?(?\d+)?$' ---- -kind: common.Repository -spec: - conformMaximumOfOneCommit: false diff --git a/Makefile b/Makefile index 850d6f8b..d1f1cb45 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-08-26T11:08:45Z by kres 6262116. +# Generated on 2025-11-18T08:42:08Z by kres e1d6dac. # common variables @@ -25,7 +25,7 @@ SOURCE_DATE_EPOCH := $(shell git log $(INITIAL_COMMIT_SHA) --pretty=%ct) # sync bldr image with pkgfile -BLDR_RELEASE := v0.5.1 +BLDR_RELEASE := v0.5.5 BLDR_IMAGE := ghcr.io/siderolabs/bldr:$(BLDR_RELEASE) BLDR := docker run --rm --user $(shell id -u):$(shell id -g) --volume $(PWD):/src --entrypoint=/bldr $(BLDR_IMAGE) --root=/src @@ -36,23 +36,24 @@ PLATFORM ?= linux/amd64,linux/arm64 PROGRESS ?= auto PUSH ?= false CI_ARGS ?= +BUILD_ARGS = --build-arg=SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) +BUILD_ARGS += --build-arg=TAG="$(TAG)" +BUILD_ARGS += --build-arg=PKGS="$(PKGS)" +BUILD_ARGS += --build-arg=PKGS_PREFIX="$(PKGS_PREFIX)" +BUILD_ARGS += --build-arg=TOOLS="$(TOOLS)" +BUILD_ARGS += --build-arg=TOOLS_PREFIX="$(TOOLS_PREFIX)" COMMON_ARGS = --file=Pkgfile COMMON_ARGS += --provenance=false COMMON_ARGS += --progress=$(PROGRESS) COMMON_ARGS += --platform=$(PLATFORM) -COMMON_ARGS += --build-arg=SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) -COMMON_ARGS += --build-arg=TAG="$(TAG)" -COMMON_ARGS += --build-arg=PKGS="$(PKGS)" -COMMON_ARGS += --build-arg=PKGS_PREFIX="$(PKGS_PREFIX)" -COMMON_ARGS += --build-arg=TOOLS="$(TOOLS)" -COMMON_ARGS += --build-arg=TOOLS_PREFIX="$(TOOLS_PREFIX)" +COMMON_ARGS += $(BUILD_ARGS) # extra variables EXTENSIONS_IMAGE_REF ?= $(REGISTRY_AND_USERNAME)/extensions:$(TAG) -PKGS ?= v1.10.0-34-g88700c7 +PKGS ?= v1.10.0-37-g71b336d PKGS_PREFIX ?= ghcr.io/siderolabs -TOOLS ?= v1.10.0-6-g306d9d9 +TOOLS ?= v1.10.0-7-g39357c8 TOOLS_PREFIX ?= ghcr.io/siderolabs # targets defines all the available targets @@ -199,19 +200,24 @@ reproducibility-test-local-%: ## Builds the specified target defined in the Pkg @diffoscope $(ARTIFACTS)/build-a $(ARTIFACTS)/build-b @rm -rf $(ARTIFACTS)/build-a $(ARTIFACTS)/build-b +$(ARTIFACTS)/bldr: $(ARTIFACTS) ## Downloads bldr binary. + @curl -sSL https://github.com/siderolabs/bldr/releases/download/$(BLDR_RELEASE)/bldr-$(OPERATING_SYSTEM)-$(GOARCH) -o $(ARTIFACTS)/bldr + @chmod +x $(ARTIFACTS)/bldr + +.PHONY: update-checksums +update-checksums: $(ARTIFACTS)/bldr ## Updates the checksums in the Pkgfile/vars.yaml based on the changed version variables. + @git diff -U0 | $(ARTIFACTS)/bldr update + nonfree: $(NONFREE_TARGETS) ## Builds all nonfree targets defined. .PHONY: $(TARGETS) $(NONFREE_TARGETS) $(TARGETS) $(NONFREE_TARGETS): $(ARTIFACTS)/bldr @$(MAKE) docker-$@ TARGET_ARGS="--tag=$(REGISTRY)/$(USERNAME)/$@:$(shell $(ARTIFACTS)/bldr eval --target $@ --build-arg TAG=$(TAG) '{{.VERSION}}' 2>/dev/null) --push=$(PUSH)" -$(ARTIFACTS)/bldr: $(ARTIFACTS) ## Downloads bldr binary. - @curl -sSL https://github.com/siderolabs/bldr/releases/download/$(BLDR_RELEASE)/bldr-$(OPERATING_SYSTEM)-$(GOARCH) -o $(ARTIFACTS)/bldr - @chmod +x $(ARTIFACTS)/bldr - -.PHONY: deps.png -deps.png: ## Generates a dependency graph of the Pkgfile. - @$(BLDR) graph | dot -Tpng -o deps.png +.PHONY: deps.svg +deps.svg: ## Generates a dependency graph of the Pkgfile. + @rm -f deps.png + @$(BLDR) graph $(BUILD_ARGS) | dot -Tsvg -o deps.svg .PHONY: extensions extensions: internal/extensions/descriptions.yaml diff --git a/Pkgfile b/Pkgfile index 13c0309e..eedb6270 100644 --- a/Pkgfile +++ b/Pkgfile @@ -1,10 +1,10 @@ -# syntax = ghcr.io/siderolabs/bldr:v0.4.1 +# syntax = ghcr.io/siderolabs/bldr:v0.5.5 format: v1alpha2 vars: - CONTAINERD_VERSION: v2.0.5 # update this when updating PKGS_VERSION in Makefile - LINUX_FIRMWARE_VERSION: "20250808" # update this when updating PKGS_VERSION in Makefile + CONTAINERD_VERSION: v2.0.7 # update this when updating PKGS_VERSION in Makefile + LINUX_FIRMWARE_VERSION: "20251111" # update this when updating PKGS_VERSION in Makefile DRBD_DRIVER_VERSION: 9.2.14 # update this when updating PKGS_VERSION in Makefile ZFS_DRIVER_VERSION: 2.3.3 # update this when updating PKGS_VERSION in Makefile ZFS_TOOLS_SHA256: 844122118f0ea81205a01753bbcb1315330f8967c1f866dcd10155273131f071 diff --git a/firmware/vars.yaml b/firmware/vars.yaml index 86624f1d..2c1c8b11 100644 --- a/firmware/vars.yaml +++ b/firmware/vars.yaml @@ -1,4 +1,4 @@ # renovate: datasource=github-releases extractVersion=^microcode-(?.*)$ depName=intel/Intel-Linux-Processor-Microcode-Data-Files -INTEL_UCODE_VERSION: 20250812 -INTEL_UCODE_SHA256: a8358422c68cc4d15c26db1ef682fbce332c3f46c4e087a79c132c437ec5f407 -INTEL_UCODE_SHA512: 5c21676d1c1783c937c78ca00b9f8d9a870bc7dfdde564bdf2ba277931223fa8d6a2f21d6a0e6249b4ba8ccc2e47d5b3cbf41cc5edc08360c909b3f1c7f2dec1 +INTEL_UCODE_VERSION: 20251111 +INTEL_UCODE_SHA256: 5a9a0d17240f486461bc101ef74f2b8c10675cdd02d0ba0bd6168b061c62e970 +INTEL_UCODE_SHA512: a11ded3158d761ae68258ca61a15014258d68ea28e9e9c94c125a49490a1df0f4b5c6cc37e97b42d84594760e455a1444feb2106e920ea6dd09934e545d92188 diff --git a/hack/release.toml b/hack/release.toml index 25f32db2..20840ccf 100644 --- a/hack/release.toml +++ b/hack/release.toml @@ -6,7 +6,7 @@ github_repo = "siderolabs/extensions" match_deps = "^github.com/((talos-systems|siderolabs)/[a-zA-Z0-9-]+)$" # previous release -previous = "v1.10.6" +previous = "v1.10.7" pre_release = false @@ -19,8 +19,9 @@ See [Talos Linux documentation](https://www.talos.dev/v1.10/talos-guides/configu [notes.updates] title = "Component Updates" description = """\ -Linux firmware: 20250708 -Intel microcode: 20250812 +Linux firmware: 20251111 +Intel microcode: 20251111 +ctr: v2.0.7 """ [make_deps] diff --git a/misc/glibc/vars.yaml b/misc/glibc/vars.yaml index 3808d3d6..3423c92e 100644 --- a/misc/glibc/vars.yaml +++ b/misc/glibc/vars.yaml @@ -1,4 +1,4 @@ # renovate: datasource=docker versioning=docker depName=cgr.dev/chainguard/wolfi-base -WOLFI_BASE_REF: sha256:57428116d2d7c27d1d4de4103e19b40bb8d2942ff6dff31b900e55efedeb7e30 +WOLFI_BASE_REF: sha256:42012fa027adc864efbb7cf68d9fc575ea45fe1b9fb0d16602e00438ce3901b1 VERSION: {{ .GLIBC_VERSION }} diff --git a/nvidia-gpu/vars.yaml b/nvidia-gpu/vars.yaml index ed7c2ae7..95b057c8 100644 --- a/nvidia-gpu/vars.yaml +++ b/nvidia-gpu/vars.yaml @@ -30,7 +30,7 @@ LIBNVIDIA_CONTAINER_REF: 6eda4d76c8c5f8fc174e4abca83e513fb4dd63b0 LIBNVIDIA_CONTAINER_SHA256: 4a85cb927954a4751b0695de03d6a49a3c79bb2fcaf687bbf1b7d081a956319f LIBNVIDIA_CONTAINER_SHA512: 727f66bcb7396110c056e483abc5d2ba38381feaf0d47b4b40159933ccc65e76d4b33d7bb32b1ec87851c802d1823165f50f289d92f748f7f50f6896fe2bd10e # renovate: datasource=docker versioning=docker depName=cgr.dev/chainguard/wolfi-base -WOLFI_BASE_REF: sha256:57428116d2d7c27d1d4de4103e19b40bb8d2942ff6dff31b900e55efedeb7e30 +WOLFI_BASE_REF: sha256:42012fa027adc864efbb7cf68d9fc575ea45fe1b9fb0d16602e00438ce3901b1 # renovate: datasource=github-tags extractVersion=^v(?.*)$ depName=seccomp/libseccomp LIBSECCOMP_VERSION: 2.6.0 LIBSECCOMP_SHA256: 83b6085232d1588c379dc9b9cae47bb37407cf262e6e74993c61ba72d2a784dc