Upgrade nvidia-container-toolkit to fix CVE-2024-0132 CVE-2024-0133 #18680

	# Copyright (c) Microsoft Corporation.
	# Licensed under the MIT License.

	name: Spec %clean stage check

	# NOTE - allow custom %clean section for 3.0 and later (remove this entire check after 2.0 is EOL)
	on:
	push:
	branches: [main, dev, 1.0, 2.0, fasttrack/*]
	pull_request:
	branches: [main, dev, 1.0, 2.0, fasttrack/*]

	jobs:
	spec-clean-stage-check:
	name: Spec %clean stage check
	runs-on: ubuntu-latest

	steps:
	# Checkout the branch of our repo that triggered this action
	- name: Workflow trigger checkout
	uses: actions/checkout@v4

	- name: Get base commit for PRs
	if: ${{ github.event_name == 'pull_request' }}
	run: \|
	git fetch origin ${{ github.base_ref }}
	echo "base_sha=$(git rev-parse origin/${{ github.base_ref }})" >> $GITHUB_ENV

	- name: Get base commit for Pushes
	if: ${{ github.event_name == 'push' }}
	run: \|
	git fetch origin ${{ github.event.before }}
	echo "base_sha=${{ github.event.before }}" >> $GITHUB_ENV

	- name: Check the modified spec files
	run: \|
	changed_specs=$(git diff-tree --diff-filter=d --no-commit-id --name-only -r ${{ env.base_sha }} ${{ github.sha }} \| { grep "SPECS./.\.spec$" \|\| test $? = 1; })

	for spec in $changed_specs
	do
	echo "Checking '$spec'."
	if grep -q "^\s*%clean" "$spec"
	then
	1>&2 echo "** ERROR **"
	1>&2 echo "Spec '$spec' contains a %clean stage, which should be unnecessary for Azure Linux. Please remove it or add an exception for this spec file."
	1>&2 echo "** ERROR **"
	error_found=1
	fi
	done

	if [[ -n $error_found ]]
	then
	exit 1
	fi

Provide feedback