This allows to use bigger images. The new documentation (upcoming) optimize the flashing layout so more space can be used from the eMMC
Signed-off-by: Ettore Di Giacinto <mudler@users.noreply.github.com>
From this:
quay.io/kairos/ubuntu:24.04-standard-amd64-generic-v3.3.1-rc2-2-g53b68481-k3sv1.32.1-rc2-k3sk3s1
to this:
quay.io/kairos/ubuntu:24.04-standard-amd64-generic-v3.3.1-rc2-2-g53b68481-k3sv1.32.1-rc2-k3s1
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
* Scan a container image with grype not the directory
to avoid scanning earthly injected binaries (like earth_debugger)
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
* Do the same for trivy
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
---------
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
Bump the image sizes for nvidia boards
because after upgrading the base image to ubuntu 22.04 it no longer fits
in the old partitions.
Running a build locally revealed that the new rootfs is 4.7Gb:
```
[root@buildkitsandbox build]# du -h image/ --max-depth 0
4.7G image/
```
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
* Push generic images on release
also renames the jobs so they are easily identificable from the CI web
Signed-off-by: Itxaka <itxaka@kairos.io>
* Push arm64 master images as well
Signed-off-by: Itxaka <itxaka@kairos.io>
---------
Signed-off-by: Itxaka <itxaka@kairos.io>
* Bump framework to address CVE-2024-45337
Bumps version packages that have crypto bumped to:
https://go.googlesource.com/crypto/+/refs/tags/v0.31.0
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
* Bump versions to fix osc scanner warnings
except github.com/quic-go/quic-go which needs more work in edgevpn
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
* Bump framework (bumps k3s) and k3s in pipeline
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
* Rollback version bumps that break the test suite
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
* Fix expected entry after bumping to boot attestation enabled kairos-agent
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
---------
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
* Bump auroraboot image
to get this bump: https://github.com/kairos-io/packages/pull/1152/files
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
* Fix OSV-scanner by bumping go
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
* Build the image in earthly because we don't push it automatically
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
* go mod tidy
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
---------
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
https://github.com/kairos-io/AuroraBoot/pull/129
without this, the isos we generate will not allow any non-root user to
login after installation
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
* Remove enki references from the Earthfile and pipelines
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
* Use auroraboot everywhere and position flags correctly
because they are ignored if the come after positional arguments
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
---------
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
* 🤖 Fix upgrade k8s test
Bring a more updated kairos version and set the version from the test,
instead of hardcoded
Signed-off-by: Itxaka <itxaka@kairos.io>
* Bump framework
Signed-off-by: Itxaka <itxaka@kairos.io>
---------
Signed-off-by: Itxaka <itxaka@kairos.io>
* 🐛 Move kairos vars to their own file
Otherwise when creating derivatives, the upgrades can overwrite the
existing kairos release info adn break the whole thing.
This patch adds the variables into a new /]etc/kairos-release file
---------
Signed-off-by: Itxaka <itxaka@kairos.io>
* Cache trivy
Fixes https://github.com/kairos-io/kairos/issues/2904
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
* Cache trivy in more pipelines
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
* Populate trivy cache
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
* Create the trivy cache dir if it wasn't created
because if there is no cache to restore, the directory doesn't get
created
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
* Try to gate all jobs with trivy cache job
to avoid failing later. Also, since jobs run in parallel, they may start
populating the cache at the same time which will result in multiple
requests for the trivy database, making the caching mechanism useless.
Doing it once before everything should solve this.
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
---------
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
While locally it works as it caches the image witht he DB already on it,
on CI it doesnt work and pulls the DB twice, so its the same as it was
before.
Signed-off-by: Itxaka <itxaka@kairos.io>
