fix: verify shasum for finch dependencies #969
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
austinvazquez
changed the title
austinvazquez
force-pushed
the
verify-shasum-for-finch-dependencies
branch
3 times, most recently
from
6fd0211
to
6ac74d6
Compare
1 task
austinvazquez
added a commit
that referenced
this pull request
Jun 21, 2024
Issue #, if available: Split from #969 *Description of changes:* This change fixes SOCI installation to verify pull artifacts matches hardcoded hashchecks. *Testing done:* Updated unit tests to check for new hashcheck. - [x] I've reviewed the guidance in CONTRIBUTING.md #### License Acceptance By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. Signed-off-by: Austin Vazquez <macedonv@amazon.com>
austinvazquez
force-pushed
the
verify-shasum-for-finch-dependencies
branch
from
6ac74d6
to
533cb36
Compare
austinvazquez
commented
Jun 24, 2024
austinvazquez
force-pushed
the
verify-shasum-for-finch-dependencies
branch
6 times, most recently
from
364a557
to
90d648c
Compare
pendo324
reviewed
Jun 26, 2024
This change refactors the build system to use finch-core's dependency mechanism for installing and verifying the base OS image, rootfs archive, and Lima bundle needed for macOS and Windows platforms. Signed-off-by: Austin Vazquez <macedonv@amazon.com>
austinvazquez
force-pushed
the
verify-shasum-for-finch-dependencies
branch
from
90d648c
to
96f6cf5
Compare
pendo324
approved these changes
Jun 27, 2024
1 task
austinvazquez
pushed a commit
that referenced
this pull request
Jul 1, 2024
Issue #, if available: *Description of changes:* Recently in #969, the Makefile was refactored significantly, and the mechanism that was used to override the installation directory was removed ([used here](https://github.com/runfinch/finch/blob/main/.github/workflows/build-pkg.yaml#L57)). This just adds that mechanism back. There could be a better way to do this, but for now just reverting back to how it was done before the recent change. *Testing done:* Tested locally. The `_output/os/finch.yaml` file correctly used `/Applications/Finch/`, which was the path I overwrote, as a prefix - [x] I've reviewed the guidance in CONTRIBUTING.md #### License Acceptance By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. Signed-off-by: Justin Alvarez <alvajus@amazon.com>
austinvazquez
pushed a commit
that referenced
this pull request
Jul 2, 2024
🤖 I have created a release *beep* *boop* --- ## [1.2.1](v1.2.0...v1.2.1) (2024-07-02) ### Build System or External Dependencies * **deps:** Bump github.com/aws/aws-sdk-go-v2 from 1.27.0 to 1.27.1 ([#963](#963)) ([4c2dc12](4c2dc12)) * **deps:** Bump github.com/aws/aws-sdk-go-v2 from 1.27.1 to 1.27.2 ([#974](#974)) ([54aa67c](54aa67c)) * **deps:** bump github.com/aws/aws-sdk-go-v2 from 1.27.2 to 1.30.0 ([#991](#991)) ([bbcb8e7](bbcb8e7)) * **deps:** Bump github.com/docker/cli from 26.1.3+incompatible to 26.1.4+incompatible ([#973](#973)) ([f774e2d](f774e2d)) * **deps:** bump github.com/docker/cli from 26.1.4+incompatible to 27.0.2+incompatible ([#999](#999)) ([0244698](0244698)) * **deps:** bump github.com/docker/cli from 27.0.2+incompatible to 27.0.3+incompatible ([#1005](#1005)) ([c801e69](c801e69)) * **deps:** Bump github.com/docker/docker from 26.1.3+incompatible to 26.1.4+incompatible ([#972](#972)) ([05b9c05](05b9c05)) * **deps:** bump github.com/docker/docker from 26.1.4+incompatible to 27.0.1+incompatible ([#996](#996)) ([1f68260](1f68260)) * **deps:** bump github.com/docker/docker from 27.0.1+incompatible to 27.0.2+incompatible ([#1001](#1001)) ([50a639b](50a639b)) * **deps:** bump github.com/docker/docker from 27.0.2+incompatible to 27.0.3+incompatible ([#1006](#1006)) ([537abad](537abad)) * **deps:** bump github.com/spf13/cobra from 1.8.0 to 1.8.1 ([#983](#983)) ([7b2bed6](7b2bed6)) * **deps:** bump golang.org/x/image from 0.12.0 to 0.18.0 ([#998](#998)) ([398658e](398658e)) * **deps:** Bump golang.org/x/text from 0.15.0 to 0.16.0 ([#964](#964)) ([8a3973a](8a3973a)) * **deps:** Bump golang.org/x/tools from 0.21.0 to 0.22.0 ([#967](#967)) ([3921b00](3921b00)) * **deps:** bump k8s.io/apimachinery from 0.30.1 to 0.30.2 ([#981](#981)) ([c8ebf20](c8ebf20)) * **deps:** Bump submodules and dependencies ([#1008](#1008)) ([6134a5a](6134a5a)) * **deps:** Bump submodules and dependencies ([#949](#949)) ([b5ee424](b5ee424)) ### Bug Fixes * add SOCI snapshotter hash check ([#985](#985)) ([563f346](563f346)) * Allow to use the COMPOSE_FILE variable in finch compose ([#994](#994)) ([17d4bc8](17d4bc8)) * Enable `finch support-bundle generate` to execute on Windows whe… ([#976](#976)) ([9c1caf0](9c1caf0)) * update snapshotters reference ([#986](#986)) ([06b9027](06b9027)) * verify shasum for finch dependencies ([#969](#969)) ([9d85f25](9d85f25)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue #, if available:
Finch dependencies must be verified against known good shasum at pull time.
Description of changes:
This change refactors Finch to use the dependency mechanism in
finch-corefor pulling and verifying core dependencies such as the OS image and Lima bundle for macOS and the rootfs archive for Windows platforms.As a side effect of this change, dependency updates are now 1-to-1 with finch-core updates. This is a simplification on the current mechanism which duplicated the effort for updates.
Testing done:
Ran
makeon macOS.License Acceptance
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.