ci: build and push Docker image based on Chainguard base image #3623
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Victor Martinez <VictorMartinezRubio@gmail.com>
v1v
commented
May 9, 2024
| then | ||
| # We have build files to use | ||
| echo "INFO: Found local build artifact. Using locally built for Docker build" | ||
| find -E ${PROJECT_ROOT}elastic-apm-agent/target -regex '.*/elastic-apm-agent-[0-9]+.[0-9]+.[0-9]+(-SNAPSHOT)?.jar' -exec cp {} ${PROJECT_ROOT}apm-agent-java.jar \; || echo "INFO: No locally built image found" |
There was a problem hiding this comment.
I'm afraid -E is MacOS based, using ls with grep instead
If users cannot use this new image, what is the purpose of adding it? |
IIUC, users can use the docker image we generate based on Wolfi, but they cannot use the base docker image |
reakaleek
approved these changes
May 14, 2024
I see. I suppose the purpose of this PR is to enhance security so that we don't ship any outdated libs in our docker image, correct? I'd argue then why not simply not use any base-image at all ( Our image is not intended to be used as a base image, the docs state that it should be used in a I feel like this would be a much simpler and easier to maintain approach (if I'm not misunderstanding the goal here). |
For completeness in this thread, I just added you to the loop on an internal GitHub issue. |
JonasKunz
approved these changes
May 16, 2024
| @@ -0,0 +1,7 @@ | |||
| FROM docker.elastic.co/wolfi/chainguard-base@sha256:9f940409f96296ef56140bcc4665c204dd499af4c32c96cc00e792558097c3f1 | |||
There was a problem hiding this comment.
We'll eventually switch to just publishing the wolfi images, right?
When that happens I'd suggest to use an ARG for the base image:
ARG BASE_IMAGE=alpine@sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b
FROM $BASE_IMAGE
This way we can have a single Dockerfile which locally builts on top of Alpine, but from CI we can pass in the wolfi image as base image.
Nothing to do for now, just something to maybe keep in mind for when we drop publishing the alpine based image.
There was a problem hiding this comment.
We'll eventually switch to just publishing the wolfi images, right?
I think so, that's something we are still discussing internally
For reference: We found out that the K8s-attacher requires executing |
SylvainJuge
added a commit
that referenced
this pull request
May 28, 2024
* [maven-release-plugin] prepare for next development iteration * Update cloudfoundry for 1.48.1 release * ci: use .java-version and prepare to use VM with installed tools in BK (#3554) * ci(bk): use specialised VMs (#3555) * Added a note on centralized agent config support for AWS Lambda (#3498) * Bump com.networknt:json-schema-validator from 1.1.0 to 1.3.3 (#3547) * Bump com.networknt:json-schema-validator from 1.1.0 to 1.3.3 Bumps [com.networknt:json-schema-validator](https://github.com/networknt/json-schema-validator) from 1.1.0 to 1.3.3. - [Release notes](https://github.com/networknt/json-schema-validator/releases) - [Changelog](https://github.com/networknt/json-schema-validator/blob/master/CHANGELOG.md) - [Commits](networknt/json-schema-validator@1.1.0...1.3.3) --- updated-dependencies: - dependency-name: com.networknt:json-schema-validator dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Fix compilation * Fix schema version --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jonas Kunz <jonas.kunz@elastic.co> * Fix inheritance for API annotations (#3551) * powershell no-logo (#3556) * security: add permissions block to workflows (#3531) * Bump io.micrometer:micrometer-core from 1.12.2 to 1.12.4 (#3559) Bumps [io.micrometer:micrometer-core](https://github.com/micrometer-metrics/micrometer) from 1.12.2 to 1.12.4. - [Release notes](https://github.com/micrometer-metrics/micrometer/releases) - [Commits](micrometer-metrics/micrometer@v1.12.2...v1.12.4) --- updated-dependencies: - dependency-name: io.micrometer:micrometer-core dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump version.log4j from 2.12.4 to 2.23.1 (#3557) * Bump version.log4j from 2.12.4 to 2.23.1 Bumps `version.log4j` from 2.12.4 to 2.23.1. Updates `org.apache.logging.log4j:log4j-core` from 2.12.4 to 2.23.1 Updates `org.apache.logging.log4j:log4j-slf4j-impl` from 2.12.4 to 2.23.1 --- updated-dependencies: - dependency-name: org.apache.logging.log4j:log4j-core dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: org.apache.logging.log4j:log4j-slf4j-impl dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * restore previous log4j version --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sylvain Juge <763082+SylvainJuge@users.noreply.github.com> * Add API for instrumenting FAAS and adjust the AWS plugin (#3516) --------- Co-authored-by: Sylvain Juge <763082+SylvainJuge@users.noreply.github.com> * Introduce API for metrics collection that does not depend on agent-core (#3522) * Remove logging API. * Clean up core dependencies from POMs that do not need it. * Add API for handling lambda instrumentation and apply to the AWS plugin. * Move metrics API to tracer. * Factor out JSON DSL for metrics. * Fix import issue. * Fix imports. * Fix imports. * fix formatting --------- Co-authored-by: Sylvain Juge <763082+SylvainJuge@users.noreply.github.com> * differentiate Lambda url from api gateway (#3417) --------- Co-authored-by: Sylvain Juge <763082+SylvainJuge@users.noreply.github.com> * added support to Elastic Load Balancer triggers (#3411) --------- Co-authored-by: Sylvain Juge <763082+SylvainJuge@users.noreply.github.com> * feat: new release process with PRs (#3567) * feat: new release process with PRs Signed-off-by: Adrien Mannocci <adrien.mannocci@elastic.co> * chore: redirect to stderr for both message Signed-off-by: Adrien Mannocci <adrien.mannocci@elastic.co> * chore: apply suggest Signed-off-by: Adrien Mannocci <adrien.mannocci@elastic.co> * ci(chore): use env var instead of prefix v Signed-off-by: Adrien Mannocci <adrien.mannocci@elastic.co> * ci: use maven wrapper instead of direct maven Signed-off-by: Adrien Mannocci <adrien.mannocci@elastic.co> * feat: validate snapshot for snapshot workflow Signed-off-by: Adrien Mannocci <adrien.mannocci@elastic.co> * docs: add new release process Signed-off-by: Adrien Mannocci <adrien.mannocci@elastic.co> --------- Signed-off-by: Adrien Mannocci <adrien.mannocci@elastic.co> * Bump version.aws.sdk from 2.25.0 to 2.25.21 in /apm-agent-plugins (#3574) Bumps `version.aws.sdk` from 2.25.0 to 2.25.21. Updates `software.amazon.awssdk:s3` from 2.25.0 to 2.25.21 Updates `software.amazon.awssdk:sqs` from 2.25.0 to 2.25.21 Updates `software.amazon.awssdk:dynamodb` from 2.25.0 to 2.25.21 --- updated-dependencies: - dependency-name: software.amazon.awssdk:s3 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: software.amazon.awssdk:sqs dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: software.amazon.awssdk:dynamodb dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump org.awaitility:awaitility from 4.2.0 to 4.2.1 (#3573) Bumps [org.awaitility:awaitility](https://github.com/awaitility/awaitility) from 4.2.0 to 4.2.1. - [Changelog](https://github.com/awaitility/awaitility/blob/master/changelog.txt) - [Commits](awaitility/awaitility@awaitility-4.2.0...awaitility-4.2.1) --- updated-dependencies: - dependency-name: org.awaitility:awaitility dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add exclusion list option for calling DatabaseMetaData.getUserName (#3568) * use a dummy user for testing * exclusion list option for calling getUserName * changelog and test break fixed * pre release: elastic-apm-agent v1.49.0 (#3576) Co-authored-by: apmmachine <apmmachine@users.noreply.github.com> * ci(fix): use input value instead of env value for post release trigger (#3577) Signed-off-by: Adrien Mannocci <adrien.mannocci@elastic.co> * ci(fix): correct buildkite pipeline trigger (#3578) Signed-off-by: Adrien Mannocci <adrien.mannocci@elastic.co> * post release: elastic-apm-agent v1.49.0 (#3579) Co-authored-by: apmmachine <apmmachine@users.noreply.github.com> * ci(fix): correct release order (#3581) Signed-off-by: Adrien Mannocci <adrien.mannocci@elastic.co> * Bump org.springframework.boot:spring-boot-dependencies from 2.7.16 to 3.2.4 (#3572) * Bump org.springframework.boot:spring-boot-dependencies Bumps [org.springframework.boot:spring-boot-dependencies](https://github.com/spring-projects/spring-boot) from 2.7.16 to 3.2.4. - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v2.7.16...v3.2.4) --- updated-dependencies: - dependency-name: org.springframework.boot:spring-boot-dependencies dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Update pom.xml * Update pom.xml * Update pom.xml --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jonas Kunz <jonas.kunz@elastic.co> * buildkite: fallback if home is not available (#3591) * Prevent cycles in inferred spans (#3588) * [ci] add list of published artifacts (#3595) * Bump version.mockito from 5.1.1 to 5.11.0 (#3587) Bumps `version.mockito` from 5.1.1 to 5.11.0. Updates `org.mockito:mockito-core` from 5.1.1 to 5.11.0 - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v5.1.1...v5.11.0) Updates `org.mockito:mockito-subclass` from 5.1.1 to 5.11.0 - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v5.1.1...v5.11.0) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:development update-type: version-update:semver-minor - dependency-name: org.mockito:mockito-subclass dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * github-actions: enable provenance for the jar files (#3594) * chore: APM agent json server schema a76e999543efb3ba803c9a57dd13a4f6b... (#3584) ... 3ffa7e1 Made with ❤️️ by updatecli Co-authored-by: apmmachine <apmmachine@users.noreply.github.com> * [ci] fix GH release version tag (#3596) * [ci] fix artifact list path (#3597) * Upgrade JDK compatibility tests (#3599) * Upgrade JDK compatibility tests * Added JDK 23 ea * Attempt to set net.bytebuddy.experimental for EA versions * Remove java 23-ea tests * Bump version.ecs.logging from 1.5.0 to 1.6.0 (#3585) Bumps `version.ecs.logging` from 1.5.0 to 1.6.0. Updates `co.elastic.logging:log4j2-ecs-layout` from 1.5.0 to 1.6.0 - [Release notes](https://github.com/elastic/ecs-logging-java/releases) - [Commits](elastic/ecs-logging-java@v1.5.0...v1.6.0) Updates `co.elastic.logging:logback-ecs-encoder` from 1.5.0 to 1.6.0 - [Release notes](https://github.com/elastic/ecs-logging-java/releases) - [Commits](elastic/ecs-logging-java@v1.5.0...v1.6.0) Updates `co.elastic.logging:log4j-ecs-layout` from 1.5.0 to 1.6.0 - [Release notes](https://github.com/elastic/ecs-logging-java/releases) - [Commits](elastic/ecs-logging-java@v1.5.0...v1.6.0) Updates `co.elastic.logging:jul-ecs-formatter` from 1.5.0 to 1.6.0 - [Release notes](https://github.com/elastic/ecs-logging-java/releases) - [Commits](elastic/ecs-logging-java@v1.5.0...v1.6.0) Updates `co.elastic.logging:jboss-logmanager-ecs-formatter` from 1.5.0 to 1.6.0 - [Release notes](https://github.com/elastic/ecs-logging-java/releases) - [Commits](elastic/ecs-logging-java@v1.5.0...v1.6.0) --- updated-dependencies: - dependency-name: co.elastic.logging:log4j2-ecs-layout dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: co.elastic.logging:logback-ecs-encoder dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: co.elastic.logging:log4j-ecs-layout dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: co.elastic.logging:jul-ecs-formatter dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: co.elastic.logging:jboss-logmanager-ecs-formatter dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump org.apache.logging.log4j:log4j-bom from 2.22.1 to 2.23.1 (#3565) Bumps [org.apache.logging.log4j:log4j-bom](https://github.com/apache/logging-log4j2) from 2.22.1 to 2.23.1. - [Release notes](https://github.com/apache/logging-log4j2/releases) - [Changelog](https://github.com/apache/logging-log4j2/blob/2.x/RELEASE-NOTES.adoc) - [Commits](apache/logging-log4j2@rel/2.22.1...rel/2.23.1) --- updated-dependencies: - dependency-name: org.apache.logging.log4j:log4j-bom dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * github-action: add attestations scope (#3601) * Universal profiling integration: write shared memory (#3598) --------- Co-authored-by: SylvainJuge <763082+SylvainJuge@users.noreply.github.com> * ci(release): tag AWS with the ver prefix (#3606) * release: use tag version for docker build/push (#3600) * Bump version.byte-buddy from 1.14.12 to 1.14.14 (#3608) * Bump version.byte-buddy from 1.14.12 to 1.14.14 Bumps `version.byte-buddy` from 1.14.12 to 1.14.14. Updates `net.bytebuddy:byte-buddy` from 1.14.12 to 1.14.14 - [Release notes](https://github.com/raphw/byte-buddy/releases) - [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md) - [Commits](raphw/byte-buddy@byte-buddy-1.14.12...byte-buddy-1.14.14) Updates `net.bytebuddy:byte-buddy-agent` from 1.9.16 to 1.14.14 - [Release notes](https://github.com/raphw/byte-buddy/releases) - [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md) - [Commits](raphw/byte-buddy@byte-buddy-1.9.16...byte-buddy-1.14.14) Updates `net.bytebuddy:byte-buddy-dep` from 1.14.12 to 1.14.14 - [Release notes](https://github.com/raphw/byte-buddy/releases) - [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md) - [Commits](raphw/byte-buddy@byte-buddy-1.14.12...byte-buddy-1.14.14) --- updated-dependencies: - dependency-name: net.bytebuddy:byte-buddy dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: net.bytebuddy:byte-buddy-agent dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: net.bytebuddy:byte-buddy-dep dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * keep old version --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sylvain Juge <763082+SylvainJuge@users.noreply.github.com> * Universal Profiling integration: open socket for communication (#3602) * Fix NPE in dropped spans stats (#3590) * fix npe * update changelog * Universal profiling integration: Added serialization of stacktrace IDs as profiler_stack_trace_ids otel attributes (#3607) * release: use explicit container arch (#3611) * Bump version.aws.sdk from 2.25.21 to 2.25.43 in /apm-agent-plugins (#3614) Bumps `version.aws.sdk` from 2.25.21 to 2.25.43. Updates `software.amazon.awssdk:s3` from 2.25.21 to 2.25.43 Updates `software.amazon.awssdk:sqs` from 2.25.21 to 2.25.43 Updates `software.amazon.awssdk:dynamodb` from 2.25.21 to 2.25.43 --- updated-dependencies: - dependency-name: software.amazon.awssdk:s3 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: software.amazon.awssdk:sqs dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: software.amazon.awssdk:dynamodb dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add thread dump debug option (#3589) * add thread dump option * Universal profiling integration: Add stacktrace-IDs to transactions (#3615) * add c3p0 to DatabaseMetaDataExclusionList (#3619) * ci(fix): Files or Directories Accessible to External Parties (#3624) * Bump org.springframework.boot:spring-boot-dependencies from 2.7.16 to 3.2.5 (#3610) * Bump org.springframework.boot:spring-boot-dependencies Bumps [org.springframework.boot:spring-boot-dependencies](https://github.com/spring-projects/spring-boot) from 2.7.16 to 3.2.5. - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v2.7.16...v3.2.5) --- updated-dependencies: - dependency-name: org.springframework.boot:spring-boot-dependencies dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * keep v2 dependency * keep v2 dependency * keep v2 dependency --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jackshirazi <jack.shirazi@elastic.co> * Bump org.jctools:jctools-core from 4.0.1 to 4.0.3 (#3618) * Bump org.jctools:jctools-core from 4.0.1 to 4.0.3 Bumps [org.jctools:jctools-core](https://github.com/JCTools/JCTools) from 4.0.1 to 4.0.3. - [Release notes](https://github.com/JCTools/JCTools/releases) - [Changelog](https://github.com/JCTools/JCTools/blob/master/RELEASE-NOTES.md) - [Commits](JCTools/JCTools@v4.0.1...v4.0.3) --- updated-dependencies: - dependency-name: org.jctools:jctools-core dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * remove comment --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sylvain Juge <763082+SylvainJuge@users.noreply.github.com> * Bump version.mockito from 5.11.0 to 5.12.0 (#3629) Bumps `version.mockito` from 5.11.0 to 5.12.0. Updates `org.mockito:mockito-core` from 5.11.0 to 5.12.0 - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v5.11.0...v5.12.0) Updates `org.mockito:mockito-subclass` from 5.11.0 to 5.12.0 - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v5.11.0...v5.12.0) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:development update-type: version-update:semver-minor - dependency-name: org.mockito:mockito-subclass dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump com.networknt:json-schema-validator from 1.3.3 to 1.4.0 (#3628) Bumps [com.networknt:json-schema-validator](https://github.com/networknt/json-schema-validator) from 1.3.3 to 1.4.0. - [Release notes](https://github.com/networknt/json-schema-validator/releases) - [Changelog](https://github.com/networknt/json-schema-validator/blob/master/CHANGELOG.md) - [Commits](networknt/json-schema-validator@1.3.3...1.4.0) --- updated-dependencies: - dependency-name: com.networknt:json-schema-validator dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * github-action: delete opentelemetry workflow (#3630) * buildkite: avoid failing in tear-down failed (#3622) * github-action: use actions/attest-build-provenance (#3631) * Clarify rabbitmq naming mode support (#3633) * ci: build and push Docker image based on Chainguard base image (#3623) * bouncy castle upgrade (#3634) * add symlink in dockerfile for /javaagent.jar for otel operator to find (#3635) * add symlink in dockerfile for /javaagent.jar for otel operator to find * and wolfi too * buildkite: support version 21 for opentelemetry (#3621) * Bump version.testcontainers from 1.19.1 to 1.19.8 (#3641) Bumps `version.testcontainers` from 1.19.1 to 1.19.8. Updates `org.testcontainers:testcontainers-bom` from 1.19.1 to 1.19.8 - [Release notes](https://github.com/testcontainers/testcontainers-java/releases) - [Changelog](https://github.com/testcontainers/testcontainers-java/blob/main/CHANGELOG.md) - [Commits](testcontainers/testcontainers-java@1.19.1...1.19.8) Updates `org.testcontainers:testcontainers` from 1.19.1 to 1.19.8 - [Release notes](https://github.com/testcontainers/testcontainers-java/releases) - [Changelog](https://github.com/testcontainers/testcontainers-java/blob/main/CHANGELOG.md) - [Commits](testcontainers/testcontainers-java@1.19.1...1.19.8) --- updated-dependencies: - dependency-name: org.testcontainers:testcontainers-bom dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.testcontainers:testcontainers dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci: add some job timeouts (#3638) * Fix too small activation stack for low transaction_max_spans values (#3643) * Exclude new Cisco AppD packages (#3632) * Bump version.okhttp from 3.14.7 to 4.12.0 (#3640) Bumps `version.okhttp` from 3.14.7 to 4.12.0. Updates `com.squareup.okhttp3:okhttp` from 3.14.7 to 4.12.0 - [Changelog](https://github.com/square/okhttp/blob/master/CHANGELOG.md) - [Commits](square/okhttp@parent-3.14.7...parent-4.12.0) Updates `com.squareup.okhttp3:logging-interceptor` from 4.9.1 to 4.12.0 - [Changelog](https://github.com/square/okhttp/blob/master/CHANGELOG.md) - [Commits](square/okhttp@parent-4.9.1...parent-4.12.0) --- updated-dependencies: - dependency-name: com.squareup.okhttp3:okhttp dependency-type: direct:production update-type: version-update:semver-major - dependency-name: com.squareup.okhttp3:logging-interceptor dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump redis.clients:jedis from 1.4.0 to 5.1.2 (#3639) * Bump redis.clients:jedis from 1.4.0 to 5.1.2 Bumps [redis.clients:jedis](https://github.com/redis/jedis) from 1.4.0 to 5.1.2. - [Release notes](https://github.com/redis/jedis/releases) - [Commits](redis/jedis@jedis-1.4.0...v5.1.2) --- updated-dependencies: - dependency-name: redis.clients:jedis dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Update pom.xml * Update pom.xml * Update pom.xml * Update pom.xml * Fix tests * Fix invalid extracted method --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jonas Kunz <jonas.kunz@elastic.co> * build: bump actions/attest-build-provenance in the github-actions group (#3637) Bumps the github-actions group with 1 update: [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance). Updates `actions/attest-build-provenance` from 1.1.1 to 1.1.2 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](actions/attest-build-provenance@951c0c5...173725a) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * more stack frames for thread dump (#3644) * pre release: elastic-apm-agent v1.50.0 (#3648) Co-authored-by: apmmachine <apmmachine@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Adrien Mannocci <adrien.mannocci@elastic.co> Co-authored-by: apmmachine <apmmachine@users.noreply.github.com> Co-authored-by: Victor Martinez <victormartinezrubio@gmail.com> Co-authored-by: Som <111349830+someshwaranM@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jonas Kunz <jonas.kunz@elastic.co> Co-authored-by: SylvainJuge <763082+SylvainJuge@users.noreply.github.com> Co-authored-by: Jan Calanog <jan.calanog@elastic.co> Co-authored-by: Rafael Winterhalter <rafael.wth@gmail.com> Co-authored-by: Nugusbayev Kanagat <48118512+videnkz@users.noreply.github.com> Co-authored-by: Adrien Mannocci <adrien.mannocci@elastic.co> Co-authored-by: jackshirazi <jack.shirazi@elastic.co> Co-authored-by: Thomas ANDRI Wijayanto <hostbugbounty1337@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this pull request do?
Release two flavours of Docker images:
Please note that we are going to preserve the current
Dockerfile, so that users will still be able to build their custom images based onAlpine: this is needed becausedocker.elastic.co/wolfi/chainguard-baseis not a public base image, so docker build would fail for unauthenticated users.Tests
I created a feature branch
test/docker-images-wolfiand ran the snapshot workflow:Checklist