- Go to v1.24.2
- ECR Helper to latest commit
- anchore/syft to v1.22.0
- library/registry to v3.0.0
- securego/gosec to v2.22.3
- google/osv-scanner to v2.0.1
Signed-off-by: Brandon Mitchell <git@bmitch.net>
This stops regsync from retrying with backoffs when a registry is failing.
Multiple errors are also joined using "errors.Join".
Errors from the canceled context are not propagated up.
Signed-off-by: Brandon Mitchell <git@bmitch.net>
Output makes it more apparent when the base image has changed.
Tests were added, which required some work to pass through "regclient.Opts".
The empty error message is also suppressed to avoid an extra linefeed to stderr.
Signed-off-by: Brandon Mitchell <git@bmitch.net>
This helps align the different commands with each other.
- Variable names have been improved to be less confusing.
- Flags have been sorted, and completion options added on some flags where missing.
- Each command creates its own options to avoid default flag value conflicts.
- Reusing a command under two paths is now done by calling that commands "new" function.
- Global-but-not-really-global options have been moved to be associated with the specific commands that use them.
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- Alpine base image to v3.21.3
- Go image to latest commit
- ECR credential helper to latest commit
- docker/build-push-action to v6.14.0
- sigstore/cosign to v2.4.3
- sigstore/cosign-installer to v3.8.1
- github.com/klauspost/compress to v1.18.0
- github.com/spf13/cobra to v1.9.1
Signed-off-by: Brandon Mitchell <git@bmitch.net>
The previous fix only validated registry names in the auths section of the docker config.
This also validates names listed in the credential helper or returned from the credential store.
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- Use "any" instead of an empty interface.
- Use range over an integer for for loops.
- Remove shadow variables in loops now that Go no longer reuses the variable.
- Use "slices.Contains", "slices.Delete", "slices.Equal", "slices.Index", "slices.SortFunc".
- Use "cmp.Or", "min", and "max".
- Use "fmt.Appendf" instead of "Sprintf" for generating a byte slice.
- Use "errors.Join" or "fmt.Errorf" with multiple "%w" for multiple errors.
Additionally, use modern regclient features:
- Use "ref.SetTag", "ref.SetDigest", and "ref.AddDigest".
- Call "regclient.ManifestGet" using "WithManifestDesc" instead of setting the digest on the reference.
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- Support for Go 1.21 is dropped, leaving 1.22 the minimum release
- Go base image to 1.24.0
- ECR helper to latest commit
- gosec to v2.22.1
- dominikh/go-tools for staticcheck to v0.6.0
- olareg/olareg to v0.1.2
- Fixing staticcheck linter warnings
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- Go to v1.23.6
- ECR helper to latest commit
- sigstore/cosign to v2.4.2
- docker/setup-buildx-action to v3.9.0
- sigstore/cosign-installer to v3.8.0
- golang.org/x/sys to v0.30.0
- golang.org/x/term to v0.29.0
Security: the Go update fixes CVE-2025-22866
Signed-off-by: Brandon Mitchell <git@bmitch.net>
This affects both regbot and regsync where setting a default schedule would override a sync/script specific interval.
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- ECR Helper to latest commit
- actions/setup-go to v5.3.0
- actions/stale to v9.1.0
- docker/build-push-action to v6.13.0
- anchore/syft to v1.19.0
- anchore/sbom-action to v0.18.0
Signed-off-by: Brandon Mitchell <git@bmitch.net>
