marko/cnpg-postgres-containers
1
0
Fork 0
forked from repo-mirrors/cnpg-postgres-containers
Code Pull Requests Actions Activity
1,143 Commits 8 Branches 0 Tags
c597e6de063b7265487a14711fa93146de19197f
Commit Graph

93 Commits

Author SHA1 Message Date
Marco Nenciarini
c597e6de06 fix: increase cosign timeout to 5 minutes (#298) 
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
 2025-09-08 16:22:14 +02:00
Jonathan Gonzalez V.
fdc8010750 chore: add system images to docker-bake.hcl (#282) 
This change extends the bake build process by introducing the system image flavour.
The system image is derived from the existing standard image and includes Barman Cloud support.

Closes #283
Closes #286

Signed-off-by: Jonathan Gonzalez V <jonathan.gonzalez@enterprisedb.com>
Signed-off-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
Signed-off-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Co-authored-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
Co-authored-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>
Co-authored-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
 2025-09-08 12:07:22 +02:00
renovate[bot]
b3b4b7bae7 chore(deps): update actions/setup-python action to v6 (#289) 2025-09-04 13:28:23 +02:00
renovate[bot]
7125c19f98 chore(deps): update github/codeql-action digest to 2d92b76 (#281) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-09-02 09:50:21 +02:00
renovate[bot]
ec93eb65ec chore(deps): update github/codeql-action digest to 3c3833e (#273) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-09-01 15:14:09 +02:00
renovate[bot]
a574c0b64f chore(deps): update docker/bake-action digest to 3acf805 (#272) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-09-01 08:27:28 +02:00
Jonathan Gonzalez V.
424e519da9 chore: automatically update available PostgreSQL versions (#269) 
Automatically update PostgreSQL versions in the Bake file; this will retrieve
the information from the official PostgreSQL website.

Closes #153

Signed-off-by: Jonathan Gonzalez V <jonathan.gonzalez@enterprisedb.com>
Signed-off-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
Co-authored-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
 2025-08-22 13:32:31 +02:00
renovate[bot]
d9c834a88b chore(deps): update github/codeql-action digest to 96f518a (#270) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-08-19 11:03:40 +02:00
renovate[bot]
28f659d12d chore(deps): update actions/checkout action to v5 (#265) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-08-18 09:52:05 +02:00
renovate[bot]
89a0080c16 chore(deps): update github/codeql-action digest to df55935 (#266) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-08-18 09:50:36 +02:00
renovate[bot]
822419220c chore(deps): update github/codeql-action digest to 76621b6 (#262) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-08-11 10:16:38 +02:00
renovate[bot]
10990abce7 chore(deps): update actions/download-artifact action to v5 (#260) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-08-06 13:56:51 +02:00
renovate[bot]
f2c3daa6e8 chore(deps): update docker/login-action digest to 184bdaa (#259) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-08-06 13:52:47 +02:00
renovate[bot]
2cffad0334 chore(deps): update github/codeql-action digest to 51f7732 (#258) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-08-04 15:14:13 +02:00
renovate[bot]
fa7bed4348 chore(deps): update github/codeql-action digest to 4e828ff (#256) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-07-29 18:57:30 +02:00
renovate[bot]
a3bec0e68d chore(deps): update github/codeql-action digest to d6bbdef (#253) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-07-22 13:59:38 +02:00
renovate[bot]
9e33f54c73 chore(deps): update github/codeql-action digest to 181d5ee (#232) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-07-01 13:45:31 +02:00
Jonathan Gonzalez V.
ada71721ff chore: disable dependabot (#235) 
Signed-off-by: Jonathan Gonzalez V <jonathan.gonzalez@enterprisedb.com>
 2025-07-01 12:15:22 +02:00
renovate[bot]
200ddfcd49 chore(deps): update docker/setup-buildx-action digest to e468171 (#227) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-07-01 10:47:45 +02:00
renovate[bot]
f28b229607 chore(deps): update sigstore/cosign-installer digest to 398d4b0 (#229) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-06-27 10:31:09 +02:00
dependabot[bot]
aa0b85d71c Bump sigstore/cosign-installer from 3.8.2 to 3.9.0 (#225) 2025-06-17 17:54:19 +02:00
renovate[bot]
fcf3477cbe chore(deps): update docker/setup-buildx-action digest to 18ce135 (#223) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-06-16 16:03:55 +02:00
dependabot[bot]
369331af00 Bump github/codeql-action from 3.28.19 to 3.29.0 (#221) 2025-06-13 21:29:38 +02:00
renovate[bot]
a9d4ce92e5 chore(deps): update github/codeql-action digest to fca7ace (#216) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-06-05 14:18:48 +02:00
dependabot[bot]
160dee3646 Bump docker/bake-action from 6.7.0 to 6.8.0 (#212) 
Bumps [docker/bake-action](https://github.com/docker/bake-action) from 6.7.0 to 6.8.0.
- [Release notes](https://github.com/docker/bake-action/releases)
- [Commits](212c367396...37816e7475)

---
updated-dependencies:
- dependency-name: docker/bake-action
  dependency-version: 6.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-29 15:41:50 +02:00
dependabot[bot]
dcb26cb5a3 Bump docker/build-push-action from 6.17.0 to 6.18.0 (#213) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.17.0 to 6.18.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](1dc7386353...263435318d)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-version: 6.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-29 15:41:19 +02:00
Jonathan Gonzalez V.
5c35abd07e ci(security): reduce workflow permissions (#207) 
By default, set all the workflow permissions to read-all, then 
provide permissions one by one to each job requiring more
permissions.

Closes #206

Signed-off-by: Jonathan Gonzalez V <jonathan.gonzalez@enterprisedb.com>
Signed-off-by: Francesco Canovai <francesco.canovai@enterprisedb.com>
 2025-05-29 15:38:50 +02:00
renovate[bot]
8c598b2996 chore(deps): update github/codeql-action digest to ff0a06e (#199) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-05-16 15:12:53 +02:00
renovate[bot]
45bdcfd4ad chore(deps): update sigstore/cosign-installer digest to 3454372 (#194) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-05-16 15:12:38 +02:00
renovate[bot]
0c29118218 chore(deps): update docker/build-push-action digest to 1dc7386 (#193) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-05-16 15:12:30 +02:00
renovate[bot]
3eab60524c chore(deps): update docker/bake-action digest to 212c367 (#192) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-05-16 15:12:17 +02:00
renovate[bot]
44cb72b1e6 chore(deps): update sigstore/cosign-installer digest to d7d6bc7 (#183) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-05-15 14:49:56 +02:00
dependabot[bot]
1a8f19fd76 Bump sigstore/cosign-installer from 3.8.1 to 3.8.2 (#182) 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.8.1 to 3.8.2.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](d7d6bc7722...3454372f43)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-version: 3.8.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-05-07 09:44:05 +02:00
renovate[bot]
0fae613f7a chore(deps): update sigstore/cosign-installer digest to d7d6bc7 (#181) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-05-05 14:56:46 +02:00
renovate[bot]
acc0426450 chore(deps): update github/codeql-action digest to 60168ef (#179) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-05-05 14:54:21 +02:00
dependabot[bot]
8aae5cc080 Bump sigstore/cosign-installer from 3.8.1 to 3.8.2 (#178) 2025-05-05 14:50:28 +02:00
renovate[bot]
48b6e1b541 chore(deps): pin dependencies (#176) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-04-30 17:22:58 +02:00
Francesco Canovai
2ebeecec48 ci: pin pip version (#171) 
Pip 25.1 breaks the creation of the requirements.txt. 
Pin to a lower version.

Closes #169

Signed-off-by: Francesco Canovai <francesco.canovai@enterprisedb.com>
 2025-04-28 13:50:15 +02:00
Niccolò Fei
012f3b6677 chore: fix LZ4 builds on arm64 (#162) 
build-essential and python3-dev are required to build LZ4 on arm64 since there aren't pre-compiled wheel available for this architecture. 
Also, switch back to using the latest qemu image.

Signed-off-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
 2025-03-11 16:42:03 +01:00
Niccolò Fei
4f2f2958be ci: workaround for segfault in the latest binfmt image (#156) 
Signed-off-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
 2025-02-24 19:26:38 +01:00
Francesco Canovai
fbff03889c ci: copy and sign prod images (#143) 
Use skopeo to copy testing images to the production registry when they
pass the security tests, instead of rebuilding them. 
After that, we sign the production images too.

Signed-off-by: Francesco Canovai <francesco.canovai@enterprisedb.com>
Signed-off-by: Jonathan Gonzalez V <jonathan.gonzalez@enterprisedb.com>
Signed-off-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
Co-authored-by: Jonathan Gonzalez V <jonathan.gonzalez@enterprisedb.com>
Co-authored-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
 2025-01-27 14:37:52 +01:00
renovate[bot]
058205b63e chore(deps): update dependency ubuntu to v24 (#146) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-01-23 10:47:17 +01:00
Jonathan Gonzalez V.
980c2fabc8 feat: add cosign to sign the images (#137) 
Using the output from the bake action, we sign every 
container image tag plus each specific digest using cosign.

Closes #136

Signed-off-by: Francesco Canovai <francesco.canovai@enterprisedb.com>
Signed-off-by: Jonathan Gonzalez V <jonathan.gonzalez@enterprisedb.com>
Signed-off-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>
Co-authored-by: Francesco Canovai <francesco.canovai@enterprisedb.com>
Co-authored-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>
 2025-01-22 15:02:22 +01:00
Francesco Canovai
c330729d7f ci: build minimal and standard images (#135) 
Build images without barman-cloud, to be used with backup plugins.

Other changes:

- Implement timestamp-based versioning for images
- Simplify build workflows for enhanced local testing and contribution
- Adopt OCI annotations and generate SBOMs for improved transparency

Closes #132

Signed-off-by: Francesco Canovai <francesco.canovai@enterprisedb.com>
Signed-off-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Signed-off-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
Co-authored-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>
Co-authored-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Co-authored-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
 2025-01-16 14:03:20 +01:00
Jonathan Gonzalez V.
47d165dfe8 ci: run the update workflow every Mon (#127) 
Signed-off-by: Jonathan Gonzalez V <jonathan.gonzalez@enterprisedb.com>
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Signed-off-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>
Co-authored-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Co-authored-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>
 2024-12-27 11:37:33 +01:00
Niccolò Fei
57be4d409f feat: immutable digest for the most specific tags (#113) 
Detect updates of the Dockerfile template and Barman python
dependencies, and increase the imageReleaseVersion accordingly.
Avoid pushing an image if its most specific tag (fullTag)
already exists, thus preventing the override of the
existing digest.

Signed-off-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
 2024-09-05 16:48:18 +02:00
dependabot[bot]
f0469fce8d Bump docker/build-push-action from 5 to 6 (#114) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5 to 6.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v5...v6)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-23 12:22:23 +02:00
Jonathan Gonzalez V
6a2cd25a07 ci: defer creating major version tag until release (#108) 
Previously, we were always setting the `version` tag (e.g., 16, 17) when building
a container image. However, version 17 is still in beta and was tagged with `17`,
which could cause confusion. Users might mistake it for a stable release,
and tools like Renovate might attempt to update to this version.

This change ensures that the major `version` tag is not created until the version
is officially released.

Signed-off-by: Jonathan Gonzalez V <jonathan.gonzalez@enterprisedb.com>
Signed-off-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
Co-authored-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
 2024-07-01 12:10:00 +02:00
Niccolò Fei
8093cb966f ci: do not trigger the CD on imageCatalog updates (#99) 
Signed-off-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
 2024-05-13 09:29:28 +02:00
Niccolò Fei
baed8316c7 feat: generate Debian (12) Bookworm images (#62) 
Add Debian 12 images and the related ClusterImageCatalog
---------

Signed-off-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
Signed-off-by: Jonathan Gonzalez V <jonathan.gonzalez@enterprisedb.com>
Signed-off-by: Francesco Canovai <francesco.canovai@enterprisedb.com>
Co-authored-by: Jonathan Gonzalez V <jonathan.gonzalez@enterprisedb.com>
Co-authored-by: Francesco Canovai <francesco.canovai@enterprisedb.com>
 2024-05-09 18:41:06 +02:00