refactor: start using rules_distroless #1534
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
What changed? |
Oh nothing yet. Github assigned the reviewer automatically. |
thesayyn
force-pushed
the
revert-1533-revert-1465-rules_distroless
branch
6 times, most recently
from
40e0532 to
4990efe
Compare
thesayyn
force-pushed
the
revert-1533-revert-1465-rules_distroless
branch
4 times, most recently
from
474a93a to
dcd1350
Compare
|
you can just use hte extra large runner for this: https://github.com/GoogleContainerTools/distroless/blob/main/.github/workflows/ci.yaml#L16C1-L17C1 |
thesayyn
force-pushed
the
revert-1533-revert-1465-rules_distroless
branch
10 times, most recently
from
13a8bc9 to
24e7518
Compare
thesayyn
force-pushed
the
revert-1533-revert-1465-rules_distroless
branch
2 times, most recently
from
869a596 to
634d1fb
Compare
|
🌳 🔄 Image Check This pull request has modified the following images: //java:java_base_root_amd64_debian11
//java:java_base_nonroot_amd64_debian11
//java:java_base_root_s390x_debian11
//java:java_base_debug_root_s390x_debian11
//java:java_base_root_arm64_debian11
//java:java_base_nonroot_ppc64le_debian11
//java:java_base_debug_root_arm64_debian11
//java:java_base_debug_root_amd64_debian11
//java:java_base_nonroot_arm64_debian11
//java:java_base_debug_nonroot_ppc64le_debian11
//java:java_base_debug_root_amd64_debian12
//java:java_base_debug_nonroot_s390x_debian11
//java:java_base_nonroot_amd64_debian12
//java:java_base_debug_nonroot_amd64_debian11
//java:java_base_debug_root_s390x_debian12
//java:java_base_debug_nonroot_amd64_debian12
//java:java_base_debug_nonroot_s390x_debian12
//java:java_base_nonroot_s390x_debian12
//java:java_base_debug_root_arm64_debian12
//java:java_base_debug_nonroot_arm64_debian12
//java:java_base_root_amd64_debian12
//java:java_base_root_arm64_debian12
//java:java11_nonroot_amd64_debian11
//java:java_base_debug_root_ppc64le_debian11
//java:java_base_root_s390x_debian12
//java:java11_root_arm64_debian11
//java:java_base_nonroot_arm64_debian12
//java:java11_nonroot_arm64_debian11
//java:java11_root_ppc64le_debian11
//java:java11_debug_root_arm64_debian11
//java:java_base_debug_root_ppc64le_debian12
//java:java11_debug_root_amd64_debian11
//java:java11_nonroot_ppc64le_debian11
//java:java_base_nonroot_ppc64le_debian12
//java:java_base_debug_nonroot_arm64_debian11
//java:java11_debug_nonroot_amd64_debian11
//java:java11_root_amd64_debian11
//java:java17_debug_root_amd64_debian11
//java:java_base_root_ppc64le_debian12
//java:java17_nonroot_amd64_debian11
//java:java11_root_s390x_debian11
//java:java17_root_ppc64le_debian11
//java:java11_debug_nonroot_arm64_debian11
//java:java11_debug_root_ppc64le_debian11
//java:java17_nonroot_arm64_debian11
//java:java17_debug_root_s390x_debian11
//java:java17_debug_root_arm64_debian11
//java:java17_root_amd64_debian11
//java:java_base_nonroot_s390x_debian11
//java:java17_debug_nonroot_amd64_debian11
//java:java11_debug_nonroot_ppc64le_debian11
//java:java_base_root_ppc64le_debian11
//java:java17_root_arm64_debian11
//java:java17_debug_nonroot_arm64_debian11
//java:java17_debug_nonroot_s390x_debian11
//java:java11_debug_root_s390x_debian11
//java:java17_debug_nonroot_ppc64le_debian11
//java:java17_debug_root_ppc64le_debian11
//java:java11_debug_nonroot_s390x_debian11
//java:java17_debug_root_amd64_debian12
//java:java17_nonroot_amd64_debian12
//java:java_base_debug_nonroot_ppc64le_debian12
//java:java17_nonroot_ppc64le_debian11
//java:java17_debug_root_ppc64le_debian12
//java:java17_debug_nonroot_s390x_debian12
//java:java11_nonroot_s390x_debian11
//java:java17_debug_root_arm64_debian12
//java:java17_nonroot_s390x_debian12
//java:java17_debug_nonroot_ppc64le_debian12
//java:java17_debug_nonroot_arm64_debian12
//java:java17_nonroot_s390x_debian11
//java:java17_root_ppc64le_debian12
//java:java17_root_s390x_debian11
//java/jetty:jetty_java11_debian11
//java:java17_debug_root_s390x_debian12
//java:java17_root_amd64_debian12
//java:java17_debug_nonroot_amd64_debian12
//java:java17_root_arm64_debian12
//java:java17_nonroot_ppc64le_debian12
//java:java17_root_s390x_debian12
//java/jetty:jetty_java11_debug_debian11
//java:java17_nonroot_arm64_debian12You can check the details in the report here |
thesayyn
force-pushed
the
revert-1533-revert-1465-rules_distroless
branch
3 times, most recently
from
9ddada9 to
d9c4884
Compare
|
@loosebazooka this should be okay now, no diff except for java images which should be okay as those are just alias changes. Or do you want to me to make them identical as well? |
|
The diff generated by jksutil (the old keystore generator) not conforming to the Details
diff --git a/that.subject b/this.subject
index 415aa80..ddafc7c 100644
--- a/that.subject
+++ b/this.subject
@@ -1,4 +1,4 @@
-CN=ACCVRAIZ1,OU=PKIACCV,O=ACCV,C=ES
+C=ES,O=ACCV,OU=PKIACCV,CN=ACCVRAIZ1
OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES
CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT
CN=AffirmTrust Commercial,O=AffirmTrust,C=US
@@ -9,7 +9,7 @@ CN=Amazon Root CA 1,O=Amazon,C=US
CN=Amazon Root CA 2,O=Amazon,C=US
CN=Amazon Root CA 3,O=Amazon,C=US
CN=Amazon Root CA 4,O=Amazon,C=US
-CN=Atos TrustedRoot 2011,O=Atos,C=DE
+C=DE,O=Atos,CN=Atos TrustedRoot 2011
CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES
CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE
CN=Buypass Class 2 Root CA,O=Buypass AS-983163327,C=NO
@@ -23,7 +23,7 @@ CN=Certigna,O=Dhimyotis,C=FR
CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR
CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL
CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL
-SERIALNUMBER=A82743287,CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,L=Madrid (see current address at www.camerfirma.com/address),C=EU
+CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,2.5.4.5=#1309413832373433323837,L=Madrid (see current address at www.camerfirma.com/address),C=EU
CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
CN=Cybertrust Global Root,O=Cybertrust\, Inc
CN=D-TRUST Root Class 3 CA 2 2009,O=D-Trust GmbH,C=DE
@@ -38,25 +38,25 @@ CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US
CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US
CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş.,L=Ankara,C=TR
-CN=EC-ACC,OU=Serveis Publics de Certificacio+OU=Vegeu https://www.catcert.net/verarrel (c)03+OU=Jerarquia Entitats de Certificacio Catalanes,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES
-CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net
-CN=Entrust Root Certification Authority,OU=www.entrust.net/CPS is incorporated by reference+OU=(c) 2006 Entrust\, Inc.,O=Entrust\, Inc.,C=US
-CN=Entrust Root Certification Authority - EC1,OU=See www.entrust.net/legal-terms+OU=(c) 2012 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US
-CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US
-CN=Entrust Root Certification Authority - G4,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US
+CN=EC-ACC,OU=Jerarquia Entitats de Certificacio Catalanes,OU=Vegeu https://www.catcert.net/verarrel (c)03,OU=Serveis Publics de Certificacio,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES
+CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
+CN=Entrust Root Certification Authority,OU=(c) 2006 Entrust\, Inc.,OU=www.entrust.net/CPS is incorporated by reference,O=Entrust\, Inc.,C=US
+CN=Entrust Root Certification Authority - EC1,OU=(c) 2012 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US
+CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US
+CN=Entrust Root Certification Authority - G4,OU=(c) 2015 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US
CN=GDCA TrustAUTH R5 ROOT,O=GUANG DONG CERTIFICATE AUTHORITY CO.\,LTD.,C=CN
CN=GTS Root R1,O=Google Trust Services LLC,C=US
CN=GTS Root R2,O=Google Trust Services LLC,C=US
CN=GTS Root R3,O=Google Trust Services LLC,C=US
CN=GTS Root R4,O=Google Trust Services LLC,C=US
CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US
-CN=GlobalSign,OU=GlobalSign ECC Root CA - R4,O=GlobalSign
-CN=GlobalSign,OU=GlobalSign ECC Root CA - R5,O=GlobalSign
+CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R4
+CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R5
CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE
-CN=GlobalSign,OU=GlobalSign Root CA - R2,O=GlobalSign
-CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign
-CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign
-SERIALNUMBER=A82743287,CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,L=Madrid (see current address at www.camerfirma.com/address),C=EU
+CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2
+CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3
+CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R6
+CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,2.5.4.5=#1309413832373433323837,L=Madrid (see current address at www.camerfirma.com/address),C=EU
OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US
CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US
CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR
@@ -68,7 +68,7 @@ CN=ISRG Root X1,O=Internet Security Research Group,C=US
CN=IdenTrust Commercial Root CA 1,O=IdenTrust,C=US
CN=IdenTrust Public Sector Root CA 1,O=IdenTrust,C=US
CN=Izenpe.com,O=IZENPE S.A.,C=ES
-CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU,1.2.840.113549.1.9.1=#0c10696e666f40652d737a69676e6f2e6875
+1.2.840.113549.1.9.1=#1610696e666f40652d737a69676e6f2e6875,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU
CN=Microsoft ECC Root Certificate Authority 2017,O=Microsoft Corporation,C=US
CN=Microsoft RSA Root Certificate Authority 2017,O=Microsoft Corporation,C=US
CN=NAVER Global Root Certification Authority,O=NAVER BUSINESS PLATFORM Corp.,C=KR
@@ -117,13 +117,13 @@ CN=UCA Extended Validation Root,O=UniTrust,C=CN
CN=UCA Global G2 Root,O=UniTrust,C=CN
CN=USERTrust ECC Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
-CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US
-CN=XRamp Global Certification Authority,OU=www.xrampsecurity.com,O=XRamp Security Services Inc,C=US
+CN=VeriSign Universal Root Certification Authority,OU=(c) 2008 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US
+CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US
OU=certSIGN ROOT CA,O=certSIGN,C=RO
OU=certSIGN ROOT CA G2,O=CERTSIGN SA,C=RO
-CN=e-Szigno Root CA 2017,O=Microsec Ltd.,L=Budapest,C=HU,2.5.4.97=#130e56415448552d3233353834343937
+CN=e-Szigno Root CA 2017,2.5.4.97=#0c0e56415448552d3233353834343937,O=Microsec Ltd.,L=Budapest,C=HU
OU=ePKI Root Certification Authority,O=Chunghwa Telecom Co.\, Ltd.,C=TW
-CN=emSign ECC Root CA - C3,OU=emSign PKI,O=eMudhra Inc,C=US
-CN=emSign ECC Root CA - G3,OU=emSign PKI,O=eMudhra Technologies Limited,C=IN
-CN=emSign Root CA - C1,OU=emSign PKI,O=eMudhra Inc,C=US
-CN=emSign Root CA - G1,OU=emSign PKI,O=eMudhra Technologies Limited,C=IN
\ No newline at end of file
+CN=emSign ECC Root CA - C3,O=eMudhra Inc,OU=emSign PKI,C=US
+CN=emSign ECC Root CA - G3,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN
+CN=emSign Root CA - C1,O=eMudhra Inc,OU=emSign PKI,C=US
+CN=emSign Root CA - G1,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN
\ No newline at end of file |
thesayyn
force-pushed
the
revert-1533-revert-1465-rules_distroless
branch
from
d9c4884 to
d0dd298
Compare
thesayyn
force-pushed
the
revert-1533-revert-1465-rules_distroless
branch
from
d0dd298 to
b0c84b3
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.