From 2d9f9407edeef8a9a8a0cdbee81009401ddf7601 Mon Sep 17 00:00:00 2001 From: James Fuller Date: Wed, 6 Dec 2023 08:49:12 +0100 Subject: [PATCH 01/28] prep v8.5.0 --- CHANGELOG.md | 5 +++++ Makefile | 2 +- VERSION | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f27c37a..bc4025f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased +## [8.5.0] - 2023-12-06 +### Changed +- bump to curl 8.5.0 +- bump to alpine 3.18.5 + ## [8.4.0] - 2023-10-11 ### Changed - bump to curl 8.4.0 diff --git a/Makefile b/Makefile index 3663ca3..eb0435a 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ container_ids=`buildah ls --format "{{.ContainerID}}"` # default setttings for official curl images debian_base=docker.io/debian fedora_base=docker.io/fedora -base=docker.io/alpine:3.18.4 +base=docker.io/alpine:3.18.5 arch="" compiler="gcc" build_opts=" --enable-static --disable-ldap --enable-ipv6 --enable-unix-sockets -with-ssl --with-libssh2 --with-nghttp2=/usr --with-gssapi" diff --git a/VERSION b/VERSION index 9da0a09..5eaed3b 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -8.4.0 \ No newline at end of file +8.5.0 \ No newline at end of file From a84321ca774fec9e77e6fbcbde79d79b72956205 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 15 Jan 2024 18:26:46 +0100 Subject: [PATCH 02/28] Makefile: add libpsl to the build Fixes #47 --- Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index eb0435a..cee0f52 100644 --- a/Makefile +++ b/Makefile @@ -9,8 +9,8 @@ base=docker.io/alpine:3.18.5 arch="" compiler="gcc" build_opts=" --enable-static --disable-ldap --enable-ipv6 --enable-unix-sockets -with-ssl --with-libssh2 --with-nghttp2=/usr --with-gssapi" -dev_deps="git zsh libssh2 libssh2-dev libssh2-static autoconf automake build-base groff openssl curl-dev python3 python3-dev libtool curl stunnel perl nghttp2 brotli brotli-dev krb5-dev" -base_deps="brotli brotli-dev libssh2 nghttp2-dev libidn2 krb5" +dev_deps="git zsh libssh2 libssh2-dev libssh2-static autoconf automake build-base groff openssl curl-dev python3 python3-dev libtool curl stunnel perl nghttp2 brotli brotli-dev krb5-dev libpsl-dev" +base_deps="brotli brotli-dev libssh2 nghttp2-dev libidn2 krb5 libpsl" ############################################## # debian dev image @@ -19,7 +19,7 @@ base_deps="brotli brotli-dev libssh2 nghttp2-dev libidn2 krb5" # > make branch_or_ref=master release_tag=master build_debian # build_debian: - ./create_dev_image.sh ${arch} ${debian_base} ${compiler} "git zsh libssh2-1 libssh2-1-dev autoconf automake build-essential groff libcurl4-openssl-dev python3 python3-dev libtool curl stunnel perl nghttp2 brotli libssl-dev" " --enable-ipv6 --enable-unix-sockets -with-ssl --with-libssh2 --with-nghttp2=/usr" ${branch_or_ref} curl-dev-debian:${release_tag} + ./create_dev_image.sh ${arch} ${debian_base} ${compiler} "git zsh libssh2-1 libssh2-1-dev autoconf automake build-essential groff libcurl4-openssl-dev python3 python3-dev libtool curl stunnel perl nghttp2 brotli libssl-dev libpsl-dev" " --enable-ipv6 --enable-unix-sockets -with-ssl --with-libssh2 --with-nghttp2=/usr" ${branch_or_ref} curl-dev-debian:${release_tag} ############################################## # fedora dev image @@ -115,4 +115,4 @@ multibuild: clean: buildah rm $(container_ids) dev: - podman-compose -f dev-compose.yml up \ No newline at end of file + podman-compose -f dev-compose.yml up From ade26482bb760b387d1ae20903293ecb9970fd5d Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 15 Jan 2024 22:58:18 +0100 Subject: [PATCH 03/28] fixup add libpsl-devel to fedora a Dan Fandrich suggestion --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index cee0f52..0387865 100644 --- a/Makefile +++ b/Makefile @@ -28,7 +28,7 @@ build_debian: # > make branch_or_ref=master release_tag=master build_fedora # build_fedora: - ./create_dev_image.sh ${arch} ${fedora_base} ${compiler} "gcc cargo zsh git openssl-devel python3 python3-devel python3-pip libtool curl stunnel perl nghttp2 brotli" " --enable-ipv6 --enable-unix-sockets -with-ssl --with-libssh2 --with-nghttp2=/usr" ${branch_or_ref} curl-dev-fedora:${release_tag} + ./create_dev_image.sh ${arch} ${fedora_base} ${compiler} "gcc cargo zsh git openssl-devel python3 python3-devel python3-pip libtool curl stunnel perl nghttp2 brotli libpsl-devel" " --enable-ipv6 --enable-unix-sockets -with-ssl --with-libssh2 --with-nghttp2=/usr" ${branch_or_ref} curl-dev-fedora:${release_tag} ############################################## # build_alpine dev, base and appliance image From 1112116b90dd13179d57eba01010a06a09cf2ca0 Mon Sep 17 00:00:00 2001 From: James Fuller Date: Fri, 19 Jan 2024 09:46:46 +0100 Subject: [PATCH 04/28] prep v8.5.0-1 --- CHANGELOG.md | 6 ++++++ Makefile | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bc4025f..6541a4f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased + +## [8.5.0-1] - 2023-01-19 +### Changed +- add libpsl +- bump to alpine 3.19.0 + ## [8.5.0] - 2023-12-06 ### Changed - bump to curl 8.5.0 diff --git a/Makefile b/Makefile index 0387865..625e176 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ container_ids=`buildah ls --format "{{.ContainerID}}"` # default setttings for official curl images debian_base=docker.io/debian fedora_base=docker.io/fedora -base=docker.io/alpine:3.18.5 +base=docker.io/alpine:3.19.0 arch="" compiler="gcc" build_opts=" --enable-static --disable-ldap --enable-ipv6 --enable-unix-sockets -with-ssl --with-libssh2 --with-nghttp2=/usr --with-gssapi" From 1f4fdacbdf3c223a02b44cb40466b4d362861fa1 Mon Sep 17 00:00:00 2001 From: David Cook Date: Thu, 25 Jan 2024 17:14:05 -0600 Subject: [PATCH 05/28] Change Docker Hub link in README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 57d0519..b6e5d9b 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ This repository contains infrastructure/code that generates, tests and distributes the Official curl docker images available from the following registries: * [quay.io](https://quay.io/curl/curl): curl images distributed by Quay.io -* [docker.io](https://hub.docker.com/repository/docker/curlimages/curl): curl images distributed by docker.io +* [docker.io](https://hub.docker.com/r/curlimages/curl): curl images distributed by docker.io * [github packages](https://github.com/orgs/curl/packages): development curl images To pull an image: From 301d212a6a549e0f96eb0767a77649e2c7907c59 Mon Sep 17 00:00:00 2001 From: James Fuller Date: Wed, 31 Jan 2024 08:25:58 +0100 Subject: [PATCH 06/28] prep v8.6.0 --- CHANGELOG.md | 5 +++++ Makefile | 2 +- VERSION | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6541a4f..df59558 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased +## [8.6.0] - 2024-01-31 +### Changed +- bump to curl 8.6.0 +- bump to alpine 3.19.1 + ## [8.5.0-1] - 2023-01-19 ### Changed diff --git a/Makefile b/Makefile index 625e176..756fe28 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ container_ids=`buildah ls --format "{{.ContainerID}}"` # default setttings for official curl images debian_base=docker.io/debian fedora_base=docker.io/fedora -base=docker.io/alpine:3.19.0 +base=docker.io/alpine:3.19.1 arch="" compiler="gcc" build_opts=" --enable-static --disable-ldap --enable-ipv6 --enable-unix-sockets -with-ssl --with-libssh2 --with-nghttp2=/usr --with-gssapi" diff --git a/VERSION b/VERSION index 5eaed3b..1acea15 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -8.5.0 \ No newline at end of file +8.6.0 \ No newline at end of file From 974b30be776b1bc9001ddc30c636c2e3800da147 Mon Sep 17 00:00:00 2001 From: James Fuller Date: Wed, 27 Mar 2024 09:08:00 +0100 Subject: [PATCH 07/28] prep v8.7.1 --- CHANGELOG.md | 4 ++++ VERSION | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index df59558..7dc1f5a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased +## [8.7.1] - 2024-03-27 +### Changed +- bump to curl 8.7.1 + ## [8.6.0] - 2024-01-31 ### Changed - bump to curl 8.6.0 diff --git a/VERSION b/VERSION index 1acea15..efeecbe 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -8.6.0 \ No newline at end of file +8.7.1 \ No newline at end of file From 1a999723852fa04e2290043c6f62c9cbbfded157 Mon Sep 17 00:00:00 2001 From: James Fuller Date: Wed, 22 May 2024 08:08:07 +0200 Subject: [PATCH 08/28] prep v8.8.0 --- CHANGELOG.md | 4 ++++ VERSION | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7dc1f5a..3ec09ad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased +## [8.8.0] - 2024-05-22 +### Changed +- bump to curl 8.8.0 + ## [8.7.1] - 2024-03-27 ### Changed - bump to curl 8.7.1 diff --git a/VERSION b/VERSION index efeecbe..cfc27b4 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -8.7.1 \ No newline at end of file +8.8.0 \ No newline at end of file From 068ec09f58bf5b9b8f112d567ddffebbadd82fa5 Mon Sep 17 00:00:00 2001 From: James Fuller Date: Wed, 24 Jul 2024 09:44:35 +0200 Subject: [PATCH 09/28] prep v8.9.0 --- CHANGELOG.md | 5 +++++ Makefile | 6 +++--- VERSION | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3ec09ad..fefae49 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased +## [8.8.0] - 2024-07-24 +### Changed +- bump to curl 8.9.0 +- bump to alpine 3.20.2 + ## [8.8.0] - 2024-05-22 ### Changed - bump to curl 8.8.0 diff --git a/Makefile b/Makefile index 756fe28..0c86440 100644 --- a/Makefile +++ b/Makefile @@ -5,12 +5,12 @@ container_ids=`buildah ls --format "{{.ContainerID}}"` # default setttings for official curl images debian_base=docker.io/debian fedora_base=docker.io/fedora -base=docker.io/alpine:3.19.1 +base=docker.io/alpine:3.20.2 arch="" compiler="gcc" build_opts=" --enable-static --disable-ldap --enable-ipv6 --enable-unix-sockets -with-ssl --with-libssh2 --with-nghttp2=/usr --with-gssapi" -dev_deps="git zsh libssh2 libssh2-dev libssh2-static autoconf automake build-base groff openssl curl-dev python3 python3-dev libtool curl stunnel perl nghttp2 brotli brotli-dev krb5-dev libpsl-dev" -base_deps="brotli brotli-dev libssh2 nghttp2-dev libidn2 krb5 libpsl" +dev_deps="git zsh libssh2 libssh2-dev libssh2-static autoconf automake build-base groff openssl curl-dev python3 python3-dev libtool curl stunnel perl nghttp2 brotli brotli-dev krb5-dev libpsl-dev zstd" +base_deps="brotli brotli-dev libssh2 nghttp2-dev libidn2 krb5 libpsl zstd" ############################################## # debian dev image diff --git a/VERSION b/VERSION index cfc27b4..3ecb398 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -8.8.0 \ No newline at end of file +8.9.0 \ No newline at end of file From 4d999084034ee6495a960b98e3c2f2b9e7036d0d Mon Sep 17 00:00:00 2001 From: James Fuller Date: Wed, 31 Jul 2024 10:23:28 +0200 Subject: [PATCH 10/28] prep v8.9.1 --- CHANGELOG.md | 6 +++++- VERSION | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fefae49..f3867e4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased -## [8.8.0] - 2024-07-24 +## [8.9.1] - 2024-07-30 +### Changed +- bump to curl 8.9.1 + +## [8.9.0] - 2024-07-24 ### Changed - bump to curl 8.9.0 - bump to alpine 3.20.2 diff --git a/VERSION b/VERSION index 3ecb398..910f631 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -8.9.0 \ No newline at end of file +8.9.1 \ No newline at end of file From 0394a5e3e469aa35e45fb3ea4c846a5fd22c38c2 Mon Sep 17 00:00:00 2001 From: "Tobias L. Maier" Date: Tue, 27 Aug 2024 09:26:14 +0200 Subject: [PATCH 11/28] Clarify IPv6 Closes #62 --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b6e5d9b..113f65d 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,11 @@ from quay.io/curl/curl-base:latest RUN apk add jq ``` +## Known limitations + +- **IPv6 is supported**, however Docker/Podman do not support out by default. + IPv6 must be enabled on network-level within Docker/Podman. + ## How to verify images To view curl image signature use [sigstore](https://sigstore.dev) `cosign tree`: @@ -47,7 +52,6 @@ Verify image using [cosign.pub](cosign.pub) public key using [sigstore](https:// If you have problems, questions, ideas or suggestions, please [raise an issue](https://github.com/curl/curl-container/issues) or contact [curl-container team](curl-container@curl.se) or [Jim Fuller](jim.fuller@webcomposite.com) directly. - ## Development curl images The following images are available via [github packages](https://github.com/orgs/curl/packages). From b6704550b257aa27fc09e736fba7de3c7d5f9c99 Mon Sep 17 00:00:00 2001 From: James Fuller Date: Wed, 11 Sep 2024 09:45:35 +0200 Subject: [PATCH 12/28] prep v8.10.0 --- CHANGELOG.md | 5 +++++ Makefile | 2 +- VERSION | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f3867e4..92365e3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased +## [8.10.0] - 2024-09-11 +### Changed +- bump to curl 8.10.0 +- bump to alpine:3.20.3 + ## [8.9.1] - 2024-07-30 ### Changed - bump to curl 8.9.1 diff --git a/Makefile b/Makefile index 0c86440..c0b8610 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ container_ids=`buildah ls --format "{{.ContainerID}}"` # default setttings for official curl images debian_base=docker.io/debian fedora_base=docker.io/fedora -base=docker.io/alpine:3.20.2 +base=docker.io/alpine:3.20.3 arch="" compiler="gcc" build_opts=" --enable-static --disable-ldap --enable-ipv6 --enable-unix-sockets -with-ssl --with-libssh2 --with-nghttp2=/usr --with-gssapi" diff --git a/VERSION b/VERSION index 910f631..e1f080d 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -8.9.1 \ No newline at end of file +8.10.0 \ No newline at end of file From c035be90bcaecb7ff08fff43c5b86c566c0c0a2d Mon Sep 17 00:00:00 2001 From: James Fuller Date: Wed, 18 Sep 2024 08:13:31 +0200 Subject: [PATCH 13/28] prep v8.10.1 --- CHANGELOG.md | 4 ++++ VERSION | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 92365e3..968d16b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased +## [8.10.1] - 2024-09-18 +### Changed +- bump to curl 8.10.1 + ## [8.10.0] - 2024-09-11 ### Changed - bump to curl 8.10.0 diff --git a/VERSION b/VERSION index e1f080d..2eb8a97 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -8.10.0 \ No newline at end of file +8.10.1 \ No newline at end of file From 5796ccb35e6809cc3db2a00254a36100a0b9448d Mon Sep 17 00:00:00 2001 From: James Fuller Date: Wed, 6 Nov 2024 08:53:57 +0100 Subject: [PATCH 14/28] prep v8.11.0 --- CHANGELOG.md | 4 ++++ VERSION | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 968d16b..cc02bde 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased +## [8.11.0] - 2024-11-06 +### Changed +- bump to curl 8.11.0 + ## [8.10.1] - 2024-09-18 ### Changed - bump to curl 8.10.1 diff --git a/VERSION b/VERSION index 2eb8a97..62f6898 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -8.10.1 \ No newline at end of file +8.11.0 \ No newline at end of file From 508c8c69929776cf5790bd3b6aac3150c50e11d8 Mon Sep 17 00:00:00 2001 From: James Fuller Date: Wed, 11 Dec 2024 08:23:39 +0100 Subject: [PATCH 15/28] prep v8.11.1 --- CHANGELOG.md | 5 +++++ Makefile | 2 +- VERSION | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cc02bde..e4eac8a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased +## [8.11.1] - 2024-12-11 +### Changed +- bump to curl 8.11.1 +- bump to alpine:3.21.0 + ## [8.11.0] - 2024-11-06 ### Changed - bump to curl 8.11.0 diff --git a/Makefile b/Makefile index c0b8610..63e0728 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ container_ids=`buildah ls --format "{{.ContainerID}}"` # default setttings for official curl images debian_base=docker.io/debian fedora_base=docker.io/fedora -base=docker.io/alpine:3.20.3 +base=docker.io/alpine:3.21.0 arch="" compiler="gcc" build_opts=" --enable-static --disable-ldap --enable-ipv6 --enable-unix-sockets -with-ssl --with-libssh2 --with-nghttp2=/usr --with-gssapi" diff --git a/VERSION b/VERSION index 62f6898..876e313 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -8.11.0 \ No newline at end of file +8.11.1 \ No newline at end of file From 3dff16caaf8bfe6e3f3852e21fa0bf4e57068837 Mon Sep 17 00:00:00 2001 From: James Fuller Date: Wed, 5 Feb 2025 10:00:35 +0100 Subject: [PATCH 16/28] prep v8.12.0 --- .github/workflows/build_ci_multi.yml | 2 +- .github/workflows/build_latest_release_multi.yml | 2 +- .github/workflows/build_master.yml | 2 +- .github/workflows/build_master_dev.yml | 2 +- .github/workflows/build_master_multi.yml | 2 +- CHANGELOG.md | 5 +++++ Makefile | 4 ++-- VERSION | 2 +- 8 files changed, 13 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build_ci_multi.yml b/.github/workflows/build_ci_multi.yml index 734081c..c681d24 100644 --- a/.github/workflows/build_ci_multi.yml +++ b/.github/workflows/build_ci_multi.yml @@ -33,7 +33,7 @@ jobs: uses: actions/checkout@v3 - run: | sudo apt-get update - sudo apt-get -y install buildah less git make podman qemu qemu-user-static clamav clamav-freshclam + sudo apt-get -y install qemu-user-static buildah less git make podman clamav clamav-freshclam name: 'install dev deps' - run: buildah unshare make branch_or_ref=master release_tag=master multibuild name: 'build multi image' diff --git a/.github/workflows/build_latest_release_multi.yml b/.github/workflows/build_latest_release_multi.yml index aa45610..967a452 100644 --- a/.github/workflows/build_latest_release_multi.yml +++ b/.github/workflows/build_latest_release_multi.yml @@ -40,7 +40,7 @@ jobs: docker login -u ${{secrets.QUAY_USER}} -p ${{secrets.QUAY_TOKEN}} quay.io - run: | sudo apt-get update - sudo apt-get -y install buildah less git make podman qemu qemu-user-static clamav clamav-freshclam + sudo apt-get -y install qemu-user-static buildah less git make podman clamav clamav-freshclam name: 'install dev deps' - name: Sets env vars run: | diff --git a/.github/workflows/build_master.yml b/.github/workflows/build_master.yml index 2e4adac..85ba74c 100644 --- a/.github/workflows/build_master.yml +++ b/.github/workflows/build_master.yml @@ -43,7 +43,7 @@ jobs: docker login -u ${{secrets.QUAY_USER}} -p ${{secrets.QUAY_TOKEN}} quay.io - run: | sudo apt-get update - sudo apt-get -y install buildah less git make podman qemu clamav clamav-freshclam + sudo apt-get -y install qemu-user-static buildah less git make podman clamav clamav-freshclam name: 'install dev deps' - run: buildah unshare make branch_or_ref=master release_tag=master build_ref_images name: 'build master images' diff --git a/.github/workflows/build_master_dev.yml b/.github/workflows/build_master_dev.yml index 4c4e70a..8f16aa0 100644 --- a/.github/workflows/build_master_dev.yml +++ b/.github/workflows/build_master_dev.yml @@ -43,7 +43,7 @@ jobs: docker login -u ${{secrets.QUAY_USER}} -p ${{secrets.QUAY_TOKEN}} quay.io - run: | sudo apt-get update - sudo apt-get -y install buildah less git make podman qemu clamav clamav-freshclam + sudo apt-get -y install qemu-user-static buildah less git make podman clamav clamav-freshclam name: 'install dev deps' - run: buildah unshare make branch_or_ref=master release_tag=master build_debian name: 'build debian dev image' diff --git a/.github/workflows/build_master_multi.yml b/.github/workflows/build_master_multi.yml index 62c3dd0..a8415b0 100644 --- a/.github/workflows/build_master_multi.yml +++ b/.github/workflows/build_master_multi.yml @@ -43,7 +43,7 @@ jobs: docker login -u ${{secrets.QUAY_USER}} -p ${{secrets.QUAY_TOKEN}} quay.io - run: | sudo apt-get update - sudo apt-get -y install buildah less git make podman qemu qemu-user-static clamav clamav-freshclam + sudo apt-get -y install qemu-user-static buildah less git make podman clamav clamav-freshclam name: 'install dev deps' - run: buildah unshare make branch_or_ref=master release_tag=master multibuild name: 'build multi image' diff --git a/CHANGELOG.md b/CHANGELOG.md index e4eac8a..c43d6ed 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased +## [8.12.0] - 2025-05-02 +### Changed +- bump to curl 8.12.0 +- bump to alpine:3.21.2 + ## [8.11.1] - 2024-12-11 ### Changed - bump to curl 8.11.1 diff --git a/Makefile b/Makefile index 63e0728..56258f4 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ container_ids=`buildah ls --format "{{.ContainerID}}"` # default setttings for official curl images debian_base=docker.io/debian fedora_base=docker.io/fedora -base=docker.io/alpine:3.21.0 +base=docker.io/alpine:3.21.2 arch="" compiler="gcc" build_opts=" --enable-static --disable-ldap --enable-ipv6 --enable-unix-sockets -with-ssl --with-libssh2 --with-nghttp2=/usr --with-gssapi" @@ -37,7 +37,7 @@ build_fedora: # > make branch_or_ref=master release_tag=master run_tests=1 build_arm64 # build_arm64: - ./create_dev_image.sh "linux/arm" ${base} ${compiler} ${dev_deps} ${build_opts} ${branch_or_ref} curl-dev-linux-arm64:${release_tag} ${run_tests} + ./create_dev_image.sh "arm64" ${base} ${compiler} ${dev_deps} ${build_opts} ${branch_or_ref} curl-dev-linux-arm64:${release_tag} ${run_tests} # ./create_base_image.sh "linux/arm64" ${base} localhost/curl-dev-linux-arm64:${release_tag} ${base_deps} curl-base-linux-arm64:${release_tag} ${release_tag} # ./create_appliance_image.sh "linux/arm64" localhost/curl-base-linux-arm64:${release_tag} curl-linux-arm64:${release_tag} ${release_tag} diff --git a/VERSION b/VERSION index 876e313..a6b1604 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -8.11.1 \ No newline at end of file +8.12.0 \ No newline at end of file From a2ccb8f022e8fd8c90846cc2f964d3d3b986b8bb Mon Sep 17 00:00:00 2001 From: James Fuller Date: Thu, 13 Feb 2025 08:38:06 +0100 Subject: [PATCH 17/28] prep v8.12.1 --- CHANGELOG.md | 4 ++++ VERSION | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c43d6ed..d74d464 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased +## [8.12.1] - 2025-13-02 +### Changed +- bump to curl 8.12.1 + ## [8.12.0] - 2025-05-02 ### Changed - bump to curl 8.12.0 diff --git a/VERSION b/VERSION index a6b1604..4e28b08 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -8.12.0 \ No newline at end of file +8.12.1 \ No newline at end of file From ced8583581d7e98776b9a9bbb0574e612bb6f5e5 Mon Sep 17 00:00:00 2001 From: James Fuller Date: Sat, 5 Apr 2025 22:01:45 +0200 Subject: [PATCH 18/28] prep v8.13.0 --- CHANGELOG.md | 6 ++++++ Makefile | 2 +- VERSION | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d74d464..9dac0bd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased + +## [8.13.0] - 2025-05-04 +### Changed +- bump to curl 8.13.0 +- bump to alpine:3.21.3 + ## [8.12.1] - 2025-13-02 ### Changed - bump to curl 8.12.1 diff --git a/Makefile b/Makefile index 56258f4..d1cb184 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ container_ids=`buildah ls --format "{{.ContainerID}}"` # default setttings for official curl images debian_base=docker.io/debian fedora_base=docker.io/fedora -base=docker.io/alpine:3.21.2 +base=docker.io/alpine:3.21.3 arch="" compiler="gcc" build_opts=" --enable-static --disable-ldap --enable-ipv6 --enable-unix-sockets -with-ssl --with-libssh2 --with-nghttp2=/usr --with-gssapi" diff --git a/VERSION b/VERSION index 4e28b08..8594354 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -8.12.1 \ No newline at end of file +8.13.0 \ No newline at end of file From 4197097b76e10677cba87863830a0e1289943227 Mon Sep 17 00:00:00 2001 From: James Fuller Date: Sun, 15 Jun 2025 12:14:10 +0200 Subject: [PATCH 19/28] prep v8.14.1 --- CHANGELOG.md | 5 +++++ Makefile | 2 +- VERSION | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9dac0bd..62ef249 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased +## [8.14.1] - 2025-15-06 +### Changed +- bump to curl 8.14.1 +- bump to alpine 3.22.0 +- ## [8.13.0] - 2025-05-04 ### Changed - bump to curl 8.13.0 diff --git a/Makefile b/Makefile index d1cb184..a181a8f 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ container_ids=`buildah ls --format "{{.ContainerID}}"` # default setttings for official curl images debian_base=docker.io/debian fedora_base=docker.io/fedora -base=docker.io/alpine:3.21.3 +base=docker.io/alpine:3.22.0 arch="" compiler="gcc" build_opts=" --enable-static --disable-ldap --enable-ipv6 --enable-unix-sockets -with-ssl --with-libssh2 --with-nghttp2=/usr --with-gssapi" diff --git a/VERSION b/VERSION index 8594354..3e2c3fb 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -8.13.0 \ No newline at end of file +8.14.1 \ No newline at end of file From 088876e2df13ad0f94e3e635a4dc04bb4b983e9c Mon Sep 17 00:00:00 2001 From: James Fuller Date: Wed, 16 Jul 2025 22:09:48 +0200 Subject: [PATCH 20/28] prep v8.15.0 --- CHANGELOG.md | 5 +++++ Makefile | 2 +- VERSION | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 62ef249..905e3bd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased +## [8.15.0] - 2025-16-07 +### Changed +- bump to curl 8.15.0 +- bump to alpine 3.22.1 + ## [8.14.1] - 2025-15-06 ### Changed - bump to curl 8.14.1 diff --git a/Makefile b/Makefile index a181a8f..807629c 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ container_ids=`buildah ls --format "{{.ContainerID}}"` # default setttings for official curl images debian_base=docker.io/debian fedora_base=docker.io/fedora -base=docker.io/alpine:3.22.0 +base=docker.io/alpine:3.22.1 arch="" compiler="gcc" build_opts=" --enable-static --disable-ldap --enable-ipv6 --enable-unix-sockets -with-ssl --with-libssh2 --with-nghttp2=/usr --with-gssapi" diff --git a/VERSION b/VERSION index 3e2c3fb..f808958 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -8.14.1 \ No newline at end of file +8.15.0 \ No newline at end of file From 5e7e4debfc1397d7cd2f530000c94f284e7f5953 Mon Sep 17 00:00:00 2001 From: James Fuller Date: Fri, 12 Sep 2025 06:43:29 +0200 Subject: [PATCH 21/28] prep v8.16.0 --- CHANGELOG.md | 3 +++ VERSION | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 905e3bd..9070dd0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased +## [8.16.0] - 2025-12-09 +### Changed +- bump to curl 8.16.0 ## [8.15.0] - 2025-16-07 ### Changed diff --git a/VERSION b/VERSION index f808958..a8759e7 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -8.15.0 \ No newline at end of file +8.16.0 \ No newline at end of file From c890d482ecc9fd47a953adf0f44f83ac72112b40 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Wed, 24 Sep 2025 15:18:29 +0200 Subject: [PATCH 22/28] ci: set permissions, pin actions, do not persists creds, add `SECURITY.md` (#86) --- .github/workflows/build_ci_multi.yml | 7 ++++++- .github/workflows/build_latest_release_multi.yml | 10 +++++++--- .github/workflows/build_master.yml | 9 ++++++--- .github/workflows/build_master_dev.yml | 12 ++++++++---- .github/workflows/build_master_multi.yml | 9 ++++++--- SECURITY.md | 16 ++++++++++++++++ 6 files changed, 49 insertions(+), 14 deletions(-) create mode 100644 SECURITY.md diff --git a/.github/workflows/build_ci_multi.yml b/.github/workflows/build_ci_multi.yml index c681d24..ffb3164 100644 --- a/.github/workflows/build_ci_multi.yml +++ b/.github/workflows/build_ci_multi.yml @@ -4,6 +4,9 @@ on: types: [ opened, synchronize, reopened, labeled, unlabeled ] branches: - main + +permissions: {} + env: REGISTRY_USER: ${{ github.actor }} REGISTRY_PASSWORD: ${{ github.token }} @@ -30,7 +33,9 @@ jobs: podman login -u ${{secrets.QUAY_USER}} -p ${{secrets.QUAY_TOKEN}} quay.io docker login -u ${{secrets.QUAY_USER}} -p ${{secrets.QUAY_TOKEN}} quay.io - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + with: + persist-credentials: false - run: | sudo apt-get update sudo apt-get -y install qemu-user-static buildah less git make podman clamav clamav-freshclam diff --git a/.github/workflows/build_latest_release_multi.yml b/.github/workflows/build_latest_release_multi.yml index 967a452..d7bcce3 100644 --- a/.github/workflows/build_latest_release_multi.yml +++ b/.github/workflows/build_latest_release_multi.yml @@ -3,6 +3,9 @@ on: push: tags: - '*' + +permissions: {} + env: REGISTRY_USER: ${{ github.actor }} REGISTRY_PASSWORD: ${{ github.token }} @@ -21,11 +24,12 @@ jobs: install_latest: [ true ] steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 with: + persist-credentials: false tag_name: ${{ github.ref }} - name: Log in to ghcr.io - uses: redhat-actions/podman-login@v1 + uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1 with: username: ${{ env.REGISTRY_USER }} password: ${{ env.REGISTRY_PASSWORD }} @@ -61,7 +65,7 @@ jobs: buildah manifest push --format v2s2 --all curl-base-multi:$REL "docker://ghcr.io/curl/curl-container/curl-base-multi:${REL}" name: 'push images to github registry' - name: Install Cosign - uses: sigstore/cosign-installer@main + uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3 - name: Write signing key to disk (only needed for `cosign sign --key`) run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key - name: Sign images with sigstore key diff --git a/.github/workflows/build_master.yml b/.github/workflows/build_master.yml index 85ba74c..25b68de 100644 --- a/.github/workflows/build_master.yml +++ b/.github/workflows/build_master.yml @@ -6,6 +6,8 @@ on: branches: - main +permissions: {} + env: REGISTRY_USER: ${{ github.actor }} REGISTRY_PASSWORD: ${{ github.token }} @@ -24,11 +26,12 @@ jobs: install_latest: [ true ] steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 with: + persist-credentials: false ref: "main" - name: Log in to ghcr.io - uses: redhat-actions/podman-login@v1 + uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1 with: username: ${{ env.REGISTRY_USER }} password: ${{ env.REGISTRY_PASSWORD }} @@ -57,7 +60,7 @@ jobs: buildah push curl:master "docker://ghcr.io/curl/curl-container/curl:master" name: 'push images to github registry' - name: Install Cosign - uses: sigstore/cosign-installer@main + uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3 - name: Write signing key to disk (only needed for `cosign sign --key`) run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key - name: Sign image with a key diff --git a/.github/workflows/build_master_dev.yml b/.github/workflows/build_master_dev.yml index 8f16aa0..c4b51c9 100644 --- a/.github/workflows/build_master_dev.yml +++ b/.github/workflows/build_master_dev.yml @@ -6,6 +6,9 @@ on: push: branches: - main + +permissions: {} + env: REGISTRY_USER: ${{ github.actor }} REGISTRY_PASSWORD: ${{ github.token }} @@ -24,11 +27,12 @@ jobs: install_latest: [ true ] steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 with: + persist-credentials: false ref: "main" - name: Log in to ghcr.io - uses: redhat-actions/podman-login@v1 + uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1 with: username: ${{ env.REGISTRY_USER }} password: ${{ env.REGISTRY_PASSWORD }} @@ -53,7 +57,7 @@ jobs: buildah push curl-dev-debian:master "docker://ghcr.io/curl/curl-container/curl-dev-debian:master" name: 'push images to github registry' - name: Install Cosign - uses: sigstore/cosign-installer@main + uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3 - name: Write signing key to disk (only needed for `cosign sign --key`) run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key - name: Sign image with a key @@ -74,7 +78,7 @@ jobs: buildah push curl-dev-fedora:master "docker://ghcr.io/curl/curl-container/curl-dev-fedora:master" name: 'push images to github registry' - name: Install Cosign - uses: sigstore/cosign-installer@main + uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3 - name: Write signing key to disk (only needed for `cosign sign --key`) run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key - name: Sign image with a key diff --git a/.github/workflows/build_master_multi.yml b/.github/workflows/build_master_multi.yml index a8415b0..73fe470 100644 --- a/.github/workflows/build_master_multi.yml +++ b/.github/workflows/build_master_multi.yml @@ -6,6 +6,8 @@ on: branches: - main +permissions: {} + env: REGISTRY_USER: ${{ github.actor }} REGISTRY_PASSWORD: ${{ github.token }} @@ -24,11 +26,12 @@ jobs: install_latest: [ true ] steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 with: + persist-credentials: false ref: "main" - name: Log in to ghcr.io - uses: redhat-actions/podman-login@v1 + uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1 with: username: ${{ env.REGISTRY_USER }} password: ${{ env.REGISTRY_PASSWORD }} @@ -56,7 +59,7 @@ jobs: buildah manifest push --all --format v2s2 localhost/curl-multi:master "docker://ghcr.io/curl/curl-container/curl-multi:master" name: 'push multi images to github registry' - name: Install Cosign - uses: sigstore/cosign-installer@main + uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3 - name: Write signing key to disk (only needed for `cosign sign --key`) run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key - name: Sign image with a key diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..227dfa2 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,16 @@ + +# Security Policy + +See curl's +[SECURITY-PROCESS.md](https://github.com/curl/curl/blob/master/docs/SECURITY-PROCESS.md) +for full details. + +## Reporting a Vulnerability + +If you have found or just suspect a security problem somewhere in curl, +report it on [https://hackerone.com/curl](https://hackerone.com/curl). + +We treat security issues with confidentiality until controlled and disclosed responsibly. From 122097937833f74b4f9331e74beae63d56941be4 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Wed, 24 Sep 2025 15:19:26 +0200 Subject: [PATCH 23/28] ci: enable dependabot (#87) On a monthly schedule. Ref: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#schedule- --- .github/dependabot.yml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..f9b368c --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,9 @@ +# Copyright (C) Viktor Szakats. See LICENSE.md +# SPDX-License-Identifier: MIT + +version: 2 +updates: + - package-ecosystem: 'github-actions' + directory: '/' + schedule: + interval: 'monthly' From 082ca7567aed4e507be9c4e45f798edaf27c686e Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Wed, 24 Sep 2025 15:27:24 +0200 Subject: [PATCH 24/28] ci: add CodeQL for GHA and Python (#88) --- .github/workflows/codeql.yml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..ad5f802 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,36 @@ +name: 'CodeQL' + +'on': + push: + branches: + - main + pull_request: + branches: + - main + schedule: + - cron: '0 0 * * 4' + +concurrency: + group: ${{ github.workflow }} + +permissions: {} + +jobs: + gha_python: + name: 'GHA and Python' + runs-on: ubuntu-latest + permissions: + security-events: write # To create/update security events + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + with: + persist-credentials: false + + - name: 'initialize' + uses: github/codeql-action/init@192325c86100d080feab897ff886c34abd4c83a3 # v3 + with: + languages: actions, python + queries: security-extended + + - name: 'perform analysis' + uses: github/codeql-action/analyze@192325c86100d080feab897ff886c34abd4c83a3 # v3 From 7d4a91d0b149b809301eedda33a77794760108c7 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Tue, 30 Sep 2025 23:40:41 +0200 Subject: [PATCH 25/28] CHANGELOG.md: use YYYY-MM-DD date format (#90) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also update release notes at: https://github.com/curl/curl-container/releases Reported-by: Mikkel Hesselager Blanné Fixes #84 --- CHANGELOG.md | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9070dd0..594c303 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,38 +6,38 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased -## [8.16.0] - 2025-12-09 +## [8.16.0] - 2025-09-12 ### Changed - bump to curl 8.16.0 -## [8.15.0] - 2025-16-07 +## [8.15.0] - 2025-07-16 ### Changed - bump to curl 8.15.0 - bump to alpine 3.22.1 -## [8.14.1] - 2025-15-06 +## [8.14.1] - 2025-06-15 ### Changed -- bump to curl 8.14.1 +- bump to curl 8.14.1 - bump to alpine 3.22.0 -- -## [8.13.0] - 2025-05-04 + +## [8.13.0] - 2025-04-05 ### Changed -- bump to curl 8.13.0 -- bump to alpine:3.21.3 +- bump to curl 8.13.0 +- bump to alpine 3.21.3 -## [8.12.1] - 2025-13-02 +## [8.12.1] - 2025-02-13 ### Changed - bump to curl 8.12.1 -## [8.12.0] - 2025-05-02 +## [8.12.0] - 2025-02-05 ### Changed - bump to curl 8.12.0 -- bump to alpine:3.21.2 +- bump to alpine 3.21.2 ## [8.11.1] - 2024-12-11 ### Changed - bump to curl 8.11.1 -- bump to alpine:3.21.0 +- bump to alpine 3.21.0 ## [8.11.0] - 2024-11-06 ### Changed @@ -50,7 +50,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [8.10.0] - 2024-09-11 ### Changed - bump to curl 8.10.0 -- bump to alpine:3.20.3 +- bump to alpine 3.20.3 ## [8.9.1] - 2024-07-30 ### Changed @@ -74,7 +74,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - bump to curl 8.6.0 - bump to alpine 3.19.1 - ## [8.5.0-1] - 2023-01-19 ### Changed - add libpsl @@ -96,7 +95,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - bump to curl 8.3.0 - bump to alpine 3.18.3 - ## [8.2.1] - 2023-07-26 ### Changed - bump to curl 8.2.1 From 39b8b5da38bcd29fa09cb1bbe8e4f46b261899f9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 5 Oct 2025 13:28:50 +0200 Subject: [PATCH 26/28] GHA: bump github/codeql-action from 3.30.3 to 3.30.5 (#91) --- .github/workflows/codeql.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ad5f802..4198281 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -27,10 +27,10 @@ jobs: persist-credentials: false - name: 'initialize' - uses: github/codeql-action/init@192325c86100d080feab897ff886c34abd4c83a3 # v3 + uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3 with: languages: actions, python queries: security-extended - name: 'perform analysis' - uses: github/codeql-action/analyze@192325c86100d080feab897ff886c34abd4c83a3 # v3 + uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3 From baa245a7ce2e68898fd0161f29bb5fd3dd1cf220 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 5 Oct 2025 13:33:12 +0200 Subject: [PATCH 27/28] GHA: show full versions in pinned hash comments --- .github/workflows/build_ci_multi.yml | 2 +- .github/workflows/build_latest_release_multi.yml | 6 +++--- .github/workflows/build_master.yml | 6 +++--- .github/workflows/build_master_dev.yml | 8 ++++---- .github/workflows/build_master_multi.yml | 6 +++--- .github/workflows/codeql.yml | 6 +++--- 6 files changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/build_ci_multi.yml b/.github/workflows/build_ci_multi.yml index ffb3164..5dade27 100644 --- a/.github/workflows/build_ci_multi.yml +++ b/.github/workflows/build_ci_multi.yml @@ -33,7 +33,7 @@ jobs: podman login -u ${{secrets.QUAY_USER}} -p ${{secrets.QUAY_TOKEN}} quay.io docker login -u ${{secrets.QUAY_USER}} -p ${{secrets.QUAY_TOKEN}} quay.io - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - run: | diff --git a/.github/workflows/build_latest_release_multi.yml b/.github/workflows/build_latest_release_multi.yml index d7bcce3..edf904c 100644 --- a/.github/workflows/build_latest_release_multi.yml +++ b/.github/workflows/build_latest_release_multi.yml @@ -24,12 +24,12 @@ jobs: install_latest: [ true ] steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false tag_name: ${{ github.ref }} - name: Log in to ghcr.io - uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1 + uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1.7 with: username: ${{ env.REGISTRY_USER }} password: ${{ env.REGISTRY_PASSWORD }} @@ -65,7 +65,7 @@ jobs: buildah manifest push --format v2s2 --all curl-base-multi:$REL "docker://ghcr.io/curl/curl-container/curl-base-multi:${REL}" name: 'push images to github registry' - name: Install Cosign - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3 + uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 - name: Write signing key to disk (only needed for `cosign sign --key`) run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key - name: Sign images with sigstore key diff --git a/.github/workflows/build_master.yml b/.github/workflows/build_master.yml index 25b68de..712e267 100644 --- a/.github/workflows/build_master.yml +++ b/.github/workflows/build_master.yml @@ -26,12 +26,12 @@ jobs: install_latest: [ true ] steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false ref: "main" - name: Log in to ghcr.io - uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1 + uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1.7 with: username: ${{ env.REGISTRY_USER }} password: ${{ env.REGISTRY_PASSWORD }} @@ -60,7 +60,7 @@ jobs: buildah push curl:master "docker://ghcr.io/curl/curl-container/curl:master" name: 'push images to github registry' - name: Install Cosign - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3 + uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 - name: Write signing key to disk (only needed for `cosign sign --key`) run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key - name: Sign image with a key diff --git a/.github/workflows/build_master_dev.yml b/.github/workflows/build_master_dev.yml index c4b51c9..ed0b88b 100644 --- a/.github/workflows/build_master_dev.yml +++ b/.github/workflows/build_master_dev.yml @@ -27,12 +27,12 @@ jobs: install_latest: [ true ] steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false ref: "main" - name: Log in to ghcr.io - uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1 + uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1.7 with: username: ${{ env.REGISTRY_USER }} password: ${{ env.REGISTRY_PASSWORD }} @@ -57,7 +57,7 @@ jobs: buildah push curl-dev-debian:master "docker://ghcr.io/curl/curl-container/curl-dev-debian:master" name: 'push images to github registry' - name: Install Cosign - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3 + uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 - name: Write signing key to disk (only needed for `cosign sign --key`) run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key - name: Sign image with a key @@ -78,7 +78,7 @@ jobs: buildah push curl-dev-fedora:master "docker://ghcr.io/curl/curl-container/curl-dev-fedora:master" name: 'push images to github registry' - name: Install Cosign - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3 + uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 - name: Write signing key to disk (only needed for `cosign sign --key`) run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key - name: Sign image with a key diff --git a/.github/workflows/build_master_multi.yml b/.github/workflows/build_master_multi.yml index 73fe470..23dafb9 100644 --- a/.github/workflows/build_master_multi.yml +++ b/.github/workflows/build_master_multi.yml @@ -26,12 +26,12 @@ jobs: install_latest: [ true ] steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false ref: "main" - name: Log in to ghcr.io - uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1 + uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1.7 with: username: ${{ env.REGISTRY_USER }} password: ${{ env.REGISTRY_PASSWORD }} @@ -59,7 +59,7 @@ jobs: buildah manifest push --all --format v2s2 localhost/curl-multi:master "docker://ghcr.io/curl/curl-container/curl-multi:master" name: 'push multi images to github registry' - name: Install Cosign - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3 + uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 - name: Write signing key to disk (only needed for `cosign sign --key`) run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key - name: Sign image with a key diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 4198281..2438221 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -22,15 +22,15 @@ jobs: permissions: security-events: write # To create/update security events steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: 'initialize' - uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3 + uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5 with: languages: actions, python queries: security-extended - name: 'perform analysis' - uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3 + uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5 From 1e8e7910dc87419c5170d88419a8c83d8b81606c Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Mon, 20 Oct 2025 16:46:53 +0200 Subject: [PATCH 28/28] drop pip packages from the image (#89) They don't seem to install: ``` error: externally-managed-environment Error: while running runtime: exit status 1 ``` Ref: https://github.com/curl/curl-container/actions/runs/18084279232/job/51452471235#step:7:6234 --- Containerfile | 4 ---- create_dev_image.sh | 4 ---- requirements.txt | 6 ------ 3 files changed, 14 deletions(-) delete mode 100644 requirements.txt diff --git a/Containerfile b/Containerfile index 30494a0..0e13d62 100644 --- a/Containerfile +++ b/Containerfile @@ -13,8 +13,4 @@ from quay.io/buildah/stable:latest RUN dnf --nodocs --setopt install_weak_deps=false -y install less git make podman qemu qemu-user-static buildah clamav clamav-freshclam -COPY requirements.txt requirements.txt -RUN python3 -m ensurepip -RUN pip3 install --no-input -r requirements.txt - WORKDIR /opt/app-root/src/ diff --git a/create_dev_image.sh b/create_dev_image.sh index ce4f871..3762284 100755 --- a/create_dev_image.sh +++ b/create_dev_image.sh @@ -88,10 +88,6 @@ fi # install curl in /build buildah run $bdr make DESTDIR="/build/" install -j$(nproc) -# install useful dev deps¡ -buildah run $bdr python3 -m ensurepip -#buildah run $bdr pip3 --no-input install -r ./requirements.txt - # label image buildah config --label org.opencontainers.image.source="https://github.com/curl/curl-container" $bdr buildah config --label org.opencontainers.image.description="minimal dev image for curl" $bdr diff --git a/requirements.txt b/requirements.txt deleted file mode 100644 index 047213b..0000000 --- a/requirements.txt +++ /dev/null @@ -1,6 +0,0 @@ -pytest -pytest-cov -pytest-sugar -factory-boy -lxml -behave \ No newline at end of file