renovate[bot]
f28b229607
chore(deps): update sigstore/cosign-installer digest to 398d4b0 ( #229 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-06-27 10:31:09 +02:00
dependabot[bot]
aa0b85d71c
Bump sigstore/cosign-installer from 3.8.2 to 3.9.0 ( #225 )
2025-06-17 17:54:19 +02:00
renovate[bot]
fcf3477cbe
chore(deps): update docker/setup-buildx-action digest to 18ce135 ( #223 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-06-16 16:03:55 +02:00
dependabot[bot]
369331af00
Bump github/codeql-action from 3.28.19 to 3.29.0 ( #221 )
2025-06-13 21:29:38 +02:00
renovate[bot]
a9d4ce92e5
chore(deps): update github/codeql-action digest to fca7ace ( #216 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-06-05 14:18:48 +02:00
dependabot[bot]
160dee3646
Bump docker/bake-action from 6.7.0 to 6.8.0 ( #212 )
...
Bumps [docker/bake-action](https://github.com/docker/bake-action ) from 6.7.0 to 6.8.0.
- [Release notes](https://github.com/docker/bake-action/releases )
- [Commits](212c367396...37816e7475support@github.com >
2025-05-29 15:41:50 +02:00
Jonathan Gonzalez V.
5c35abd07e
ci(security): reduce workflow permissions ( #207 )
...
By default, set all the workflow permissions to read-all, then
provide permissions one by one to each job requiring more
permissions.
Closes #206
Signed-off-by: Jonathan Gonzalez V <jonathan.gonzalez@enterprisedb.com >
Signed-off-by: Francesco Canovai <francesco.canovai@enterprisedb.com >
2025-05-29 15:38:50 +02:00
renovate[bot]
8c598b2996
chore(deps): update github/codeql-action digest to ff0a06e ( #199 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-05-16 15:12:53 +02:00
renovate[bot]
45bdcfd4ad
chore(deps): update sigstore/cosign-installer digest to 3454372 ( #194 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-05-16 15:12:38 +02:00
renovate[bot]
3eab60524c
chore(deps): update docker/bake-action digest to 212c367 ( #192 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-05-16 15:12:17 +02:00
renovate[bot]
44cb72b1e6
chore(deps): update sigstore/cosign-installer digest to d7d6bc7 ( #183 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-05-15 14:49:56 +02:00
dependabot[bot]
1a8f19fd76
Bump sigstore/cosign-installer from 3.8.1 to 3.8.2 ( #182 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.8.1 to 3.8.2.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](d7d6bc7722...3454372f43support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-07 09:44:05 +02:00
renovate[bot]
0fae613f7a
chore(deps): update sigstore/cosign-installer digest to d7d6bc7 ( #181 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-05-05 14:56:46 +02:00
renovate[bot]
acc0426450
chore(deps): update github/codeql-action digest to 60168ef ( #179 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-05-05 14:54:21 +02:00
dependabot[bot]
8aae5cc080
Bump sigstore/cosign-installer from 3.8.1 to 3.8.2 ( #178 )
2025-05-05 14:50:28 +02:00
renovate[bot]
48b6e1b541
chore(deps): pin dependencies ( #176 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-04-30 17:22:58 +02:00
Niccolò Fei
012f3b6677
chore: fix LZ4 builds on arm64 ( #162 )
...
build-essential and python3-dev are required to build LZ4 on arm64 since there aren't pre-compiled wheel available for this architecture.
Also, switch back to using the latest qemu image.
Signed-off-by: Niccolò Fei <niccolo.fei@enterprisedb.com >
2025-03-11 16:42:03 +01:00
Niccolò Fei
4f2f2958be
ci: workaround for segfault in the latest binfmt image ( #156 )
...
Signed-off-by: Niccolò Fei <niccolo.fei@enterprisedb.com >
2025-02-24 19:26:38 +01:00
Francesco Canovai
fbff03889c
ci: copy and sign prod images ( #143 )
...
Use skopeo to copy testing images to the production registry when they
pass the security tests, instead of rebuilding them.
After that, we sign the production images too.
Signed-off-by: Francesco Canovai <francesco.canovai@enterprisedb.com >
Signed-off-by: Jonathan Gonzalez V <jonathan.gonzalez@enterprisedb.com >
Signed-off-by: Niccolò Fei <niccolo.fei@enterprisedb.com >
Co-authored-by: Jonathan Gonzalez V <jonathan.gonzalez@enterprisedb.com >
Co-authored-by: Niccolò Fei <niccolo.fei@enterprisedb.com >
2025-01-27 14:37:52 +01:00
Jonathan Gonzalez V.
980c2fabc8
feat: add cosign to sign the images ( #137 )
...
Using the output from the bake action, we sign every
container image tag plus each specific digest using cosign.
Closes #136
Signed-off-by: Francesco Canovai <francesco.canovai@enterprisedb.com >
Signed-off-by: Jonathan Gonzalez V <jonathan.gonzalez@enterprisedb.com >
Signed-off-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com >
Co-authored-by: Francesco Canovai <francesco.canovai@enterprisedb.com >
Co-authored-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com >
2025-01-22 15:02:22 +01:00
Francesco Canovai
c330729d7f
ci: build minimal and standard images ( #135 )
...
Build images without barman-cloud, to be used with backup plugins.
Other changes:
- Implement timestamp-based versioning for images
- Simplify build workflows for enhanced local testing and contribution
- Adopt OCI annotations and generate SBOMs for improved transparency
Closes #132
Signed-off-by: Francesco Canovai <francesco.canovai@enterprisedb.com >
Signed-off-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com >
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com >
Signed-off-by: Niccolò Fei <niccolo.fei@enterprisedb.com >
Co-authored-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com >
Co-authored-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com >
Co-authored-by: Niccolò Fei <niccolo.fei@enterprisedb.com >
2025-01-16 14:03:20 +01:00
