Skip to content

Fix/bump docker and container storage#764

Merged
rchincha merged 11 commits into
project-stacker:mainfrom
raharper:fix/bump-docker-and-container-storage
May 20, 2026
Merged

Fix/bump docker and container storage#764
rchincha merged 11 commits into
project-stacker:mainfrom
raharper:fix/bump-docker-and-container-storage

Conversation

@raharper
Copy link
Copy Markdown
Contributor

@raharper raharper commented May 14, 2026
edited
Loading

What type of PR is this?

cleanup

Which issue does this PR fix:

CVEs

#742
#734
#732
#708
#704

What does this PR do / Why do we need it:

Address upstream go CVEs

If an issue # is not available please add repro steps and logs showing the issue:

security scan on stacker binary

Testing done on this change:

make test && make lint

Automation added to e2e:

none

Will this break upgrades or downgrades?

no

Does this PR introduce any user-facing change?:

no

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@codecov
Copy link
Copy Markdown

codecov Bot commented May 14, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 54.83%. Comparing base (259ff7b) to head (b78d970).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #764      +/-   ##
==========================================
+ Coverage   54.22%   54.83%   +0.60%     
==========================================
  Files          55       55              
  Lines        5909     5909              
==========================================
+ Hits         3204     3240      +36     
+ Misses       2126     2096      -30     
+ Partials      579      573       -6

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@raharper
Copy link
Copy Markdown
Contributor Author

raharper commented May 14, 2026

btw, make test passes locally on an Ubuntu 24.04 Cloud VM... so looks like we're rolling dice with Azure vms...

raharper and others added 10 commits May 19, 2026 11:17
@raharper
chore: add make lint earlier to github build workflow
1aa3811 
Signed-off-by: Ryan Harper <ryaharpe@cisco.com>
Signed-off-by: Ryan Harper <rharper@woxford.com>
@raharper
fix: makefile ensure lint target creates the output directory path fo…
d4284aa 
…r the binary

Signed-off-by: Ryan Harper <ryaharpe@cisco.com>
Signed-off-by: Ryan Harper <rharper@woxford.com>
@raharper
fix: add git to common debs for debian/ubuntu images which don't incl…
5b312e0 
…ude by default

Signed-off-by: Ryan Harper <ryaharpe@cisco.com>
Signed-off-by: Ryan Harper <rharper@woxford.com>
@raharper
fix: bump container images and storage to move up docker version to f…
cd1ddbd 
…ix cves

Signed-off-by: Ryan Harper <ryaharpe@cisco.com>
Signed-off-by: Ryan Harper <rharper@woxford.com>
@raharper
chore: updated go.sum for recent go.mod updates
0cd0268 
Signed-off-by: Ryan Harper <ryaharpe@cisco.com>
Signed-off-by: Ryan Harper <rharper@woxford.com>
@raharper
fix: update stacker convert to work with updated buildkit
4762f59 
Signed-off-by: Ryan Harper <ryaharpe@cisco.com>
Signed-off-by: Ryan Harper <rharper@woxford.com>
@raharper
fix: go.mod updated to remove unneeded replace, bump for fixing CVEs
a7d85cb 
Signed-off-by: Ryan Harper <ryaharpe@cisco.com>
Signed-off-by: Ryan Harper <rharper@woxford.com>
@raharper
fix: update go.sum after go.mod updates
fd2f5dc 
Signed-off-by: Ryan Harper <ryaharpe@cisco.com>
Signed-off-by: Ryan Harper <rharper@woxford.com>
@raharper
fix: update go version in github workflow files
a5eb8d6 
Signed-off-by: Ryan Harper <ryaharpe@cisco.com>
Signed-off-by: Ryan Harper <rharper@woxford.com>
@raharper
fix: Remove using git inside test suite
89122d5 
Not quite sure why git commands on github workflow for test doesn't
think the current working directory is a git repo but it fails with
git fatal -128 return code.

Avoid this by passing in the two values that matter:

VERSION_FULL (which is the git describe with optional -dirty suffix)
TOP_LEVEL (which is the top of the git tree repo)

In helpers.bash, drop run_git and use these values as needed

Signed-off-by: Ryan Harper <rharper@woxford.com>
@raharper raharper force-pushed the fix/bump-docker-and-container-storage branch from 10bac13 to 89122d5 Compare May 19, 2026 16:18
@raharper
test: Add test coverage for stacker convert where we return errors
b78d970 
Add test coverage for paths where we log and return errors.

Signed-off-by: Ryan Harper <ryaharpe@cisco.com>
@raharper raharper marked this pull request as ready for review May 19, 2026 18:20
@raharper
Copy link
Copy Markdown
Contributor Author

raharper commented May 19, 2026

btw, make test passes locally on an Ubuntu 24.04 Cloud VM... so looks like we're rolling dice with Azure vms...

Not clear what's going on in the VM here, but something was up with how it was using git. I've changed test to not use run_git anymore and pass in the VERSION_FULL which ran the same commands that test ran; used to confirm that stacker inserts it's git build VERSION value into the OCI annotations.

@raharper raharper mentioned this pull request May 19, 2026
Closed
@rchincha rchincha merged commit 52efa05 into project-stacker:main May 20, 2026
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rchincha rchincha rchincha approved these changes

@smoser smoser Awaiting requested review from smoser smoser is a code owner

@hallyn hallyn Awaiting requested review from hallyn hallyn is a code owner

@tych0 tych0 Awaiting requested review from tych0 tych0 is a code owner

@mikemccracken mikemccracken Awaiting requested review from mikemccracken mikemccracken is a code owner

@rchamarthy rchamarthy Awaiting requested review from rchamarthy rchamarthy is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@raharper @rchincha