build(deps): bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 in /pkg/pillar#238
Open
dependabot[bot] wants to merge 11 commits intomasterfrom
Open
Conversation
Signed-off-by: Renê de Souza Pinto <rene@renesp.com.br>
Signed-off-by: Renê de Souza Pinto <rene@renesp.com.br>
pointing to europaul Signed-off-by: Paul Gaiduk <paulg@zededa.com>
During the SBOM collect-sources step, curl downloads of upstream source tarballs have no timeout configured. This causes the entire pipeline to hang for extended periods when upstream mirrors are slow or unreachable (e.g. ftp.gnu.org regularly takes 2+ minutes just to fail a connection). Add --connect-timeout (10s), --max-time (2min) and --retry (3 attempts) to the curl call in get-alpine-pkg-source.sh. All values are configurable via environment variables CURL_CONNECT_TIMEOUT, CURL_MAX_TIME and CURL_RETRIES. Signed-off-by: Paul Gaiduk <paulg@zededa.com>
Some upstream source URLs in Alpine APKBUILDs point to notoriously slow or unreliable hosts (e.g. ftp.gnu.org over FTP). This causes the SBOM collect-sources step to spend a long time on downloads that will likely fail anyway. Add a URL rewriting function that transparently tries faster mirrors before falling back to the original URL: - ftp.gnu.org (FTP/HTTP/HTTPS) -> ftpmirror.gnu.org (geo-routed HTTPS) - download-mirror.savannah.gnu.org -> download.savannah.gnu.org (geo-routed) - www.kernel.org -> mirrors.edge.kernel.org (CDN-backed) - busybox.net -> sources.buildroot.net (buildroot mirror) Signed-off-by: Paul Gaiduk <paulg@zededa.com>
The SBOM collect-sources step downloads hundreds of source tarballs sequentially, which makes the entire process very slow especially when some upstream mirrors are unresponsive. Restructure the download logic into three phases: 1. Collect all download jobs while processing APKBUILDs (sequential, fast) 2. Download source files in parallel using background jobs (default: 8) 3. Verify SHA512 checksums after all downloads complete (sequential, fast) The parallelism is configurable via the PARALLEL_JOBS env var. Signed-off-by: Paul Gaiduk <paulg@zededa.com>
…sions Use a composite hash (content-hash + git-short-rev) when building eve-alpine-base so each workflow trigger produces a unique image tag. This avoids the race condition where another PR merges and rebuilds eve-alpine using the old cached alpine-base before all architectures are pushed. Also pass --force to ensure the image is always rebuilt regardless of what exists in the registry. Signed-off-by: Mikhail Malyshev <mike.malyshev@gmail.com>
Build-cross-compilers workflow and Dockerfile for rene/eve test fork. Uses mikemzed/eve-cross-compilers as the image repo. Signed-off-by: Mikhail Malyshev <mike.malyshev@gmail.com>
Add a GitHub Actions workflow lint check that runs on PRs touching .github/workflows/. Uses actionlint via reviewdog to post inline review comments on workflow syntax errors (like empty with: blocks, invalid expressions, unknown inputs, etc.). Only triggers when workflow files are modified. Signed-off-by: Mikhail Malyshev <mike.malyshev@gmail.com>
Adapted version of the hybrid build workflow for testing on rene/eve: - Uses 'jumbo' runner for amd64 builds - Uses docker/login-action with MIKEM_DOCKERHUB secrets - Adds timeout-minutes: 1440 to all jobs Signed-off-by: Mikhail Malyshev <mike.malyshev@gmail.com>
Bumps [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) from 1.40.0 to 1.43.0. - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.40.0...v1.43.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel/sdk dependency-version: 1.43.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
rucoder
force-pushed
the
master
branch
5 times, most recently
from
f53f5e3 to
b3e9563
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0.
Changelog
Sourced from go.opentelemetry.io/otel/sdk's changelog.
... (truncated)
Commits
9276201Release v1.43.0 / v0.65.0 / v0.19.0 (#8128)61b8c94chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (#8131)97a086echore(deps): update github.com/golangci/dupl digest to c99c5cf (#8122)5e363delimit response body size for OTLP HTTP exporters (#8108)35214b6Use an absolute path when calling bsd kenv (#8113)290024cfix(deps): update module google.golang.org/grpc to v1.80.0 (#8121)e70658efix: support getBody in otelploghttp (#8096)4afe468fix(deps): update googleapis to 9d38bb4 (#8117)b9ca729chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (#8115)69472ecchore(deps): update fossas/fossa-action action to v1.9.0 (#8118)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.