Perform some cleanups following the v1.17.3 release

.github/dependabot.yml

@@ -3,72 +3,117 @@
 
 version: 2
 updates:
+# main branch
   - package-ecosystem: "gomod"
     target-branch: main
-    directory: "/"
+    directories:
+    - "/"
+    - "deployments/devel"
     schedule:
-      interval: "weekly"
-      day: "sunday"
-    ignore:
-    - dependency-name: k8s.io/*
+      interval: "daily"
     labels:
     - dependencies
+    groups:
+      k8sio:
+        patterns:
+        - k8s.io/*
+        exclude-patterns:
+        - k8s.io/klog/*
 
   - package-ecosystem: "docker"
     target-branch: main
-    directory: "/deployments/container"
+    directories:
+    # CUDA image
+    - "/deployments/container"
+    # Golang version
+    - "/deployments/devel"
     schedule:
       interval: "daily"
+    labels:
+    - dependencies
 
-  - package-ecosystem: "gomod"
-    # This defines a specific dependabot rule for the latest release-* branch.
-    target-branch: release-1.16
+  - package-ecosystem: "github-actions"
+    target-branch: main
     directory: "/"
     schedule:
-      interval: "weekly"
-      day: "sunday"
-    ignore:
-    - dependency-name: k8s.io/*
+      interval: "daily"
     labels:
     - dependencies
-    - maintenance
 
-  - package-ecosystem: "docker"
-    target-branch: release-1.16
-    directory: "/deployments/container"
+  # Allow dependabot to update the libnvidia-container submodule.
+  - package-ecosystem: "gitsubmodule"
+    target-branch: main
+    directory: "/"
+    allow:
+    - dependency-name: "third_party/libnvidia-container"
     schedule:
       interval: "daily"
     labels:
     - dependencies
-    - maintenance
+    - libnvidia-container
 
+# The release branch(es):
   - package-ecosystem: "gomod"
-    target-branch: main
-    directory: "deployments/devel"
+    target-branch: release-1.17
+    directories:
+    - "/"
+    # We don't update development or test dependencies on release branches
+    # - "deployments/devel"
+    # - "tests"
     schedule:
       interval: "weekly"
       day: "sunday"
+    labels:
+    - dependencies
+    - maintenance
+    ignore:
+    # For release branches we only consider patch updates.
+    - dependency-name: "*"
+      update-types:
+      - version-update:semver-major
+      - version-update:semver-minor
+    groups:
+      k8sio:
+        patterns:
+        - k8s.io/*
+        exclude-patterns:
+        - k8s.io/klog/*
 
-  # A dependabot rule to bump the golang version.
   - package-ecosystem: "docker"
-    target-branch: main
-    directory: "/deployments/devel"
+    target-branch: release-1.17
+    directories:
+    # CUDA image
+    - "/deployments/container"
+    # Golang version
+    - "/deployments/devel"
     schedule:
-      interval: "daily"
+      interval: "weekly"
+      day: "sunday"
+    ignore:
+    # For release branches we only apply patch updates to the golang version.
+    - dependency-name: "*golang*"
+      update-types:
+      - version-update:semver-major
+      - version-update:semver-minor
+    labels:
+    - dependencies
+    - maintenance
 
   - package-ecosystem: "github-actions"
+    target-branch: release-1.17
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
+      day: "sunday"
+    labels:
+    - dependencies
+    - maintenance
 
-  # Allow dependabot to update the libnvidia-container submodule.
-  - package-ecosystem: "gitsubmodule"
-    target-branch: main
+  # Github actions need to be gh-pages branches.
+  - package-ecosystem: "github-actions"
+    target-branch: gh-pages
     directory: "/"
-    allow:
-    - dependency-name: "third_party/libnvidia-container"
     schedule:
       interval: "daily"
     labels:
     - dependencies
-    - libnvidia-container

CHANGELOG.md

@@ -1,5 +1,21 @@
 # NVIDIA Container Toolkit Changelog
 
+## v1.17.3
+- Only allow host-relative LDConfig paths by default.
+### Changes in libnvidia-container
+- Create virtual copy of host ldconfig binary before calling fexecve()
+
+## v1.17.2
+- Fixed a bug where legacy images would set imex channels as `all`.
+
+## v1.17.1
+- Fixed a bug where specific symlinks existing in a container image could cause a container to fail to start.
+- Fixed a bug on Tegra-based systems where a container would fail to start.
+- Fixed a bug where the default container runtime config path was not properly set.
+
+### Changes in the Toolkit Container
+- Fallback to using a config file if the current runtime config can not be determined from the command line.
+
 ## v1.17.0
 - Promote v1.17.0-rc.2 to v1.17.0
 - Fix bug when using just-in-time CDI spec generation

scripts/archive-packages.sh

@@ -39,12 +39,15 @@ ARTIFACTORY_REPO=$1
 
 if [[ $# -eq 2 ]]; then
     REFERENCE=$2
-    SHA=$(git rev-parse --short=8 ${REFERENCE})
 elif [[ -z ${PACKAGE_IMAGE_TAG} ]]; then
     echo "Either PACKAGE_IMAGE_TAG or REFERENCE must be specified"
     assert_usage "$@"
+else
+    REFERENCE="HEAD"
 fi
 
+SHA=$(git rev-parse --short=8 ${REFERENCE})
+
 : ${CURL:=curl}
 
 : ${PACKAGE_IMAGE_NAME="registry.gitlab.com/nvidia/container-toolkit/container-toolkit/staging/container-toolkit"}

versions.mk

@@ -13,7 +13,7 @@
 # limitations under the License.
 
 LIB_NAME := nvidia-container-toolkit
-LIB_VERSION := 1.17.0
+LIB_VERSION := 1.17.3
 LIB_TAG :=
 
 # The package version is the combination of the library version and tag.