Sync to v0.10.0 #107
Open
Sync to v0.10.0 #107
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Change-Id: Ib755361811381bc12769a17926a8ece42564d4ab Signed-off-by: Cosmin Cojocar <[email protected]>
Change-Id: I7ecc5fbc6ff911912981ba9a4e9fb1889ee4270a Signed-off-by: Cosmin Cojocar <[email protected]>
Change-Id: I75c736be4c103543c963152a6be143c3f0418c4e Signed-off-by: Cosmin Cojocar <[email protected]>
Change-Id: Ic46ac8f56d0e28f1f1d477f1230cead7229d6d5c Signed-off-by: Cosmin Cojocar <[email protected]>
Change-Id: If72ac060fbe381c2e2a1f889fff1d5908286ec48 Signed-off-by: Cosmin Cojocar <[email protected]>
Change-Id: I4ee9ea50a4c4e65fbfb82db4532274d5e65bcc87 Signed-off-by: Cosmin Cojocar <[email protected]>
Change-Id: I45e2ae0529f54adab7b15899c8b5276776266964 Signed-off-by: Cosmin Cojocar <[email protected]>
Change-Id: Ie1b81affb79d9530da9b56afbdec523a78fe5695 Signed-off-by: Cosmin Cojocar <[email protected]>
Change-Id: I34c8a88d0af12a567b03c968fa1cdfe68ae68fc4 Signed-off-by: Cosmin Cojocar <[email protected]>
Signed-off-by: Sascha Grunert <[email protected]>
Use the new CRI-O package location as outlined in: https://github.com/cri-o/packaging?tab=readme-ov-file#project-layout We also have to update runc to the latest release. Signed-off-by: Sascha Grunert <[email protected]>
Signed-off-by: Sascha Grunert <[email protected]>
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.3 to 3.0.4. - [Release notes](https://github.com/go-jose/go-jose/releases) - [Changelog](https://github.com/go-jose/go-jose/blob/main/CHANGELOG.md) - [Commits](go-jose/go-jose@v3.0.3...v3.0.4) --- updated-dependencies: - dependency-name: github.com/go-jose/go-jose/v3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
…dded fixes for seccomp and SELinux profiles, and verified functionality with logenricher. Signed-off-by: Pranita Turrey <[email protected]>
Bumps [github.com/opencontainers/runtime-spec](https://github.com/opencontainers/runtime-spec) from 1.2.0 to 1.2.1. - [Release notes](https://github.com/opencontainers/runtime-spec/releases) - [Changelog](https://github.com/opencontainers/runtime-spec/blob/main/ChangeLog) - [Commits](opencontainers/runtime-spec@v1.2.0...v1.2.1) --- updated-dependencies: - dependency-name: github.com/opencontainers/runtime-spec dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
When loaded through OperatorHub as a dependency of another operator, security-profiles-operator is loaded in the namespace of the other operator. When this happens, any created SelinuxProfile stays in the Pending State. It appears that the function getDS() is searching for the DaemonSet with a label of "spod". However, the r.client.List() call is returning all DaemonSets in the Namespace and bailing because it found more than one. This commit changes the logic to call Get() instead of GetList(). See: 2699 Signed-off-by: Billy McFall <[email protected]>
Recently SelinuxProfile was moved from Namespace scoped to Cluster scoped. Some of the code was still using the Namespace as part of the generation of the "Usage" string. The Namespace was blank, so the usage string just ended in an "_", something like "policyName_.process". However, workloadannotator was using the application pods namespace and the code strip the "_namspace.process" off the usage string to get the actual profile name was failing. So just removed all the logic was append "_namespace" to the profile name in the usage. See: 2745 Signed-off-by: Billy McFall <[email protected]>
Bumps [github.com/opencontainers/image-spec](https://github.com/opencontainers/image-spec) from 1.1.0 to 1.1.1. - [Release notes](https://github.com/opencontainers/image-spec/releases) - [Changelog](https://github.com/opencontainers/image-spec/blob/main/RELEASES.md) - [Commits](opencontainers/image-spec@v1.1.0...v1.1.1) --- updated-dependencies: - dependency-name: github.com/opencontainers/image-spec dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps ubi8/go-toolset from `8a9106c` to `3cc2c32`. --- updated-dependencies: - dependency-name: ubi8/go-toolset dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [github.com/containers/common](https://github.com/containers/common) from 0.62.0 to 0.62.1. - [Release notes](https://github.com/containers/common/releases) - [Commits](containers/common@v0.62.0...v0.62.1) --- updated-dependencies: - dependency-name: github.com/containers/common dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.35.0 to 0.36.0. - [Commits](golang/net@v0.35.0...v0.36.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.21.0 to 1.21.1. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](prometheus/client_golang@v1.21.0...v1.21.1) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.23.0 to 0.24.0. - [Commits](golang/mod@v0.23.0...v0.24.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.70.0 to 1.71.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.70.0...v1.71.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.36.0 to 0.37.0. - [Commits](golang/net@v0.36.0...v0.37.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [github.com/urfave/cli/v2](https://github.com/urfave/cli) from 2.27.5 to 2.27.6. - [Release notes](https://github.com/urfave/cli/releases) - [Changelog](https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md) - [Commits](urfave/cli@v2.27.5...v2.27.6) --- updated-dependencies: - dependency-name: github.com/urfave/cli/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Sascha Grunert <[email protected]>
Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.4.1 to 2.4.3. - [Release notes](https://github.com/sigstore/cosign/releases) - [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md) - [Commits](sigstore/cosign@v2.4.1...v2.4.3) --- updated-dependencies: - dependency-name: github.com/sigstore/cosign/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps ubi8/go-toolset from `3cc2c32` to `25f2884`. --- updated-dependencies: - dependency-name: ubi8/go-toolset dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps the kubernetes group with 1 update: [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime). Updates `sigs.k8s.io/controller-runtime` from 0.20.2 to 0.20.3 - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.20.2...v0.20.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch dependency-group: kubernetes ... Signed-off-by: dependabot[bot] <[email protected]>
Update SecurityContext for Apparmor
Signed-off-by: Sascha Grunert <[email protected]>
--- updated-dependencies: - dependency-name: github.com/sigstore/cosign/v2 dependency-version: 2.5.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Sascha Grunert <[email protected]>
openshift-merge-robot
added
the
needs-rebase
openshift-ci
bot
added
the
approved
openshift-merge-robot
removed
the
needs-rebase
Vincent056
force-pushed
the
openshift-v0.10.0
branch
2 times, most recently
from
56fbef2 to
1298c07
Compare
Vincent056
force-pushed
the
openshift-v0.10.0
branch
from
1298c07 to
8380790
Compare
Member
|
/retest |
Author
|
updated go1.24 dockerfile |
Author
|
/retest |
saschagrunert
approved these changes
Nov 4, 2025
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: saschagrunert, Vincent056 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
…or build-source-image task
|
New changes are detected. LGTM label has been removed. |
|
@Vincent056: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
14 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Sync Release to V0.10.0 with upstream