Merge pull request #21433 from wolfi-dev/update-digests

Update images digests

.github/actions/docker-run/action.yaml

@@ -6,7 +6,7 @@ inputs:
  required: true
  image:
  description: "The image to use"
- default: "ghcr.io/wolfi-dev/sdk:latest@sha256:66ad7d134e4af2610deaf3c072f7e974b81ee2e5050d54944feed82292ac8c99"
+ default: "ghcr.io/wolfi-dev/sdk:latest@sha256:2d5441c40b1f61ae7d8f21736a45f703d535eb28f6f11c0c10c5341c3c1c9b49"
  required: false
  workdir:
  description: "The images working directory"

.github/workflows/build-beta.yaml

@@ -152,7 +152,7 @@ jobs:
 
  container:
  # NOTE: This step only signs and uploads, so it doesn't need any privileges
- image: ghcr.io/wolfi-dev/sdk:latest@sha256:66ad7d134e4af2610deaf3c072f7e974b81ee2e5050d54944feed82292ac8c99
+ image: ghcr.io/wolfi-dev/sdk:latest@sha256:2d5441c40b1f61ae7d8f21736a45f703d535eb28f6f11c0c10c5341c3c1c9b49
 
  steps:
  - name: Harden Runner

.github/workflows/build-old.yaml

@@ -26,7 +26,7 @@ jobs:
  contents: read
 
  container:
- image: ghcr.io/wolfi-dev/sdk:latest@sha256:66ad7d134e4af2610deaf3c072f7e974b81ee2e5050d54944feed82292ac8c99
+ image: ghcr.io/wolfi-dev/sdk:latest@sha256:2d5441c40b1f61ae7d8f21736a45f703d535eb28f6f11c0c10c5341c3c1c9b49
  # TODO: Deprivilege
  options: |
  --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined
@@ -139,7 +139,7 @@ jobs:
 
  container:
  # NOTE: This step only signs and uploads, so it doesn't need any privileges
- image: ghcr.io/wolfi-dev/sdk:latest@sha256:66ad7d134e4af2610deaf3c072f7e974b81ee2e5050d54944feed82292ac8c99
+ image: ghcr.io/wolfi-dev/sdk:latest@sha256:2d5441c40b1f61ae7d8f21736a45f703d535eb28f6f11c0c10c5341c3c1c9b49
 
  steps:
  - name: Harden Runner
@@ -262,7 +262,7 @@ jobs:
 
  container:
  # NOTE: This step only signs and uploads, so it doesn't need any privileges
- image: ghcr.io/wolfi-dev/sdk:latest@sha256:66ad7d134e4af2610deaf3c072f7e974b81ee2e5050d54944feed82292ac8c99
+ image: ghcr.io/wolfi-dev/sdk:latest@sha256:2d5441c40b1f61ae7d8f21736a45f703d535eb28f6f11c0c10c5341c3c1c9b49
 
  steps:
  - name: Harden Runner

.github/workflows/build-world.yaml

@@ -27,7 +27,7 @@ jobs:
  # permissions:
 
  container:
- image: ghcr.io/wolfi-dev/sdk:latest@sha256:66ad7d134e4af2610deaf3c072f7e974b81ee2e5050d54944feed82292ac8c99
+ image: ghcr.io/wolfi-dev/sdk:latest@sha256:2d5441c40b1f61ae7d8f21736a45f703d535eb28f6f11c0c10c5341c3c1c9b49
  # TODO: Deprivilege
  options: |
  --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined

.github/workflows/build.yaml

@@ -29,7 +29,7 @@ jobs:
  contents: read
 
  container:
- image: ghcr.io/wolfi-dev/sdk:latest@sha256:66ad7d134e4af2610deaf3c072f7e974b81ee2e5050d54944feed82292ac8c99
+ image: ghcr.io/wolfi-dev/sdk:latest@sha256:2d5441c40b1f61ae7d8f21736a45f703d535eb28f6f11c0c10c5341c3c1c9b49
  # TODO: Deprivilege
  options: |
  --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined
@@ -170,7 +170,7 @@ jobs:
 
  container:
  # NOTE: This step only signs and uploads, so it doesn't need any privileges
- image: ghcr.io/wolfi-dev/sdk:latest@sha256:66ad7d134e4af2610deaf3c072f7e974b81ee2e5050d54944feed82292ac8c99
+ image: ghcr.io/wolfi-dev/sdk:latest@sha256:2d5441c40b1f61ae7d8f21736a45f703d535eb28f6f11c0c10c5341c3c1c9b49
 
  steps:
  - name: Harden Runner
@@ -293,7 +293,7 @@ jobs:
 
  container:
  # NOTE: This step only signs and uploads, so it doesn't need any privileges
- image: ghcr.io/wolfi-dev/sdk:latest@sha256:66ad7d134e4af2610deaf3c072f7e974b81ee2e5050d54944feed82292ac8c99
+ image: ghcr.io/wolfi-dev/sdk:latest@sha256:2d5441c40b1f61ae7d8f21736a45f703d535eb28f6f11c0c10c5341c3c1c9b49
 
  steps:
  - name: Harden Runner

.github/workflows/lint-world.yaml

@@ -32,7 +32,7 @@ jobs:
  group: wolfi-os-builder-${{ matrix.arch }}
 
  container:
- image: ghcr.io/wolfi-dev/sdk:latest@sha256:66ad7d134e4af2610deaf3c072f7e974b81ee2e5050d54944feed82292ac8c99
+ image: ghcr.io/wolfi-dev/sdk:latest@sha256:2d5441c40b1f61ae7d8f21736a45f703d535eb28f6f11c0c10c5341c3c1c9b49
 
  steps:
  - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6

.github/workflows/postsubmit-bundle-build.yaml

@@ -25,7 +25,7 @@ jobs:
 
  runs-on: ubuntu-latest
  container:
- image: ghcr.io/wolfi-dev/sdk:latest@sha256:66ad7d134e4af2610deaf3c072f7e974b81ee2e5050d54944feed82292ac8c99
+ image: ghcr.io/wolfi-dev/sdk:latest@sha256:2d5441c40b1f61ae7d8f21736a45f703d535eb28f6f11c0c10c5341c3c1c9b49
 
  permissions:
  id-token: write
@@ -108,7 +108,7 @@ jobs:
  )
 
  BUNDLE=$(wolfictl bundle \
- --bundle-base ghcr.io/wolfi-dev/sdk:latest@sha256:66ad7d134e4af2610deaf3c072f7e974b81ee2e5050d54944feed82292ac8c99 \
+ --bundle-base ghcr.io/wolfi-dev/sdk:latest@sha256:2d5441c40b1f61ae7d8f21736a45f703d535eb28f6f11c0c10c5341c3c1c9b49 \
  --bundle-repo "${BUNDLE_REPO}" \
  ${COMMON_FLAGS} \
  --runner bubblewrap \

Makefile

@@ -188,7 +188,7 @@ dev-container:
  -v "${PWD}:${PWD}" \
  -w "${PWD}" \
  -e SOURCE_DATE_EPOCH=0 \
- ghcr.io/wolfi-dev/sdk:latest@sha256:66ad7d134e4af2610deaf3c072f7e974b81ee2e5050d54944feed82292ac8c99
+ ghcr.io/wolfi-dev/sdk:latest@sha256:2d5441c40b1f61ae7d8f21736a45f703d535eb28f6f11c0c10c5341c3c1c9b49
 
 PACKAGES_CONTAINER_FOLDER ?= /work/packages
 TMP_REPOSITORIES_DIR := $(shell mktemp -d)
@@ -253,6 +253,6 @@ dev-container-wolfi:
  --mount type=bind,source="${PWD}/local-melange.rsa.pub",destination="/etc/apk/keys/local-melange.rsa.pub",readonly \
  --mount type=bind,source="$(TMP_REPOSITORIES_FILE)",destination="/etc/apk/repositories",readonly \
  -w "$(PACKAGES_CONTAINER_FOLDER)" \
- ghcr.io/wolfi-dev/sdk:latest@sha256:66ad7d134e4af2610deaf3c072f7e974b81ee2e5050d54944feed82292ac8c99
+ ghcr.io/wolfi-dev/sdk:latest@sha256:2d5441c40b1f61ae7d8f21736a45f703d535eb28f6f11c0c10c5341c3c1c9b49
  @rm "$(TMP_REPOSITORIES_FILE)"
  @rmdir "$(TMP_REPOSITORIES_DIR)"