Merge branch 'main' of github.com:canonical/oci-factory into ROCKS-54…

…3_charmed-oci-factory-we

.github/base_digests/22.04

@@ -1 +1 @@
-public.ecr.aws/ubuntu/ubuntu:jammy@sha256:c11f102f68609c47fd14ba7bfa6299871637f1622f5610fbbb057ac5dee6e064
+public.ecr.aws/ubuntu/ubuntu:jammy@sha256:096be23259ead9cdfc45dc77cfe61ae9974666a09ed9e753e627b6e799fb7ae0

IMAGE_MAINTAINER_AGREEMENT.md

@@ -159,7 +159,7 @@ and stating:
       deb-security-manifest:
         plugin: nil
         after:
-          - # make this runs after all other parts that install overlay packages
+          - # make this run after all other parts that install overlay packages
         override-prime: |
           set -x
           mkdir -p $CRAFT_PRIME/usr/share/rocks/

README.md

@@ -84,6 +84,10 @@ multiple images;
    - that means one PR can only propose changes to
 [Maintainer files](#maintainer-files) within a single `oci` folder.
 
+Refer to the diagram below to understand the oci-factory workflow:
+![OCI Factory Workflow](assets/img/oci-factory-workflow.png)
+
+
 ## 🗃 **Maintainer files**
 
 As a Maintainer, you'll be associated with one or more `oci` folders within

oci/alertmanager/_releases.json

@@ -1,72 +1,72 @@
 {
     "0.25.0-22.04": {
         "stable": {
-            "target": "15"
+            "target": "19"
         },
         "candidate": {
-            "target": "15"
+            "target": "19"
         },
         "beta": {
-            "target": "15"
+            "target": "19"
         },
         "edge": {
-            "target": "15"
+            "target": "19"
         }
     },
     "0.25-22.04": {
         "stable": {
-            "target": "15"
+            "target": "19"
         },
         "candidate": {
-            "target": "15"
+            "target": "19"
         },
         "beta": {
-            "target": "15"
+            "target": "19"
         },
         "edge": {
-            "target": "15"
+            "target": "19"
         }
     },
     "0-22.04": {
         "stable": {
-            "target": "16"
+            "target": "20"
         },
         "candidate": {
-            "target": "16"
+            "target": "20"
         },
         "beta": {
-            "target": "16"
+            "target": "20"
         },
         "edge": {
-            "target": "16"
+            "target": "20"
         }
     },
     "0.26.0-22.04": {
         "stable": {
-            "target": "16"
+            "target": "20"
         },
         "candidate": {
-            "target": "16"
+            "target": "20"
         },
         "beta": {
-            "target": "16"
+            "target": "20"
         },
         "edge": {
-            "target": "16"
+            "target": "20"
         }
     },
     "0.26-22.04": {
         "stable": {
-            "target": "16"
+            "target": "20"
         },
         "candidate": {
-            "target": "16"
+            "target": "20"
         },
         "beta": {
-            "target": "16"
+            "target": "20"
         },
         "edge": {
-            "target": "16"
+            "target": "20"
         }
     }
 }

oci/grafana-agent/.trivyignore

@@ -12,3 +12,5 @@ GHSA-m425-mq94-257g
 CVE-2023-49569
 # github.com/go-git/go-git/v5 - Maliciously crafted Git server replies can cause DoS on go-git clients
 CVE-2023-49568
+# github.com/cloudflare/circl - CIRCL's Kyber: timing side-channel (kyberslash2)
+GHSA-9763-4f94-gfch

oci/grafana-agent/_releases.json

@@ -29,58 +29,58 @@
     },
     "0-22.04": {
         "stable": {
-            "target": "9"
+            "target": "39"
         },
         "candidate": {
-            "target": "9"
+            "target": "0-22.04_stable"
         },
         "beta": {
-            "target": "9"
+            "target": "0-22.04_candidate"
         },
         "edge": {
-            "target": "9"
+            "target": "0-22.04_beta"
         }
     },
     "0.38.0-22.04": {
         "stable": {
-            "target": "10"
+            "target": "36"
         },
         "candidate": {
-            "target": "10"
+            "target": "36"
         },
         "beta": {
-            "target": "10"
+            "target": "36"
         },
         "edge": {
-            "target": "10"
+            "target": "36"
         }
     },
     "0.38-22.04": {
         "stable": {
-            "target": "11"
+            "target": "37"
         },
         "candidate": {
-            "target": "11"
+            "target": "37"
         },
         "beta": {
-            "target": "11"
+            "target": "37"
         },
         "edge": {
-            "target": "11"
+            "target": "37"
         }
     },
     "0.38.1-22.04": {
         "stable": {
-            "target": "11"
+            "target": "37"
         },
         "candidate": {
-            "target": "11"
+            "target": "37"
         },
         "beta": {
-            "target": "11"
+            "target": "37"
         },
         "edge": {
-            "target": "11"
+            "target": "37"
         }
     },
     "0.35.4-22.04": {
@@ -99,30 +99,72 @@
     },
     "0.37.4-22.04": {
         "stable": {
-            "target": "9"
+            "target": "35"
         },
         "candidate": {
-            "target": "9"
+            "target": "35"
         },
         "beta": {
-            "target": "9"
+            "target": "35"
         },
         "edge": {
-            "target": "9"
+            "target": "35"
         }
     },
     "0.37-22.04": {
         "stable": {
-            "target": "9"
+            "target": "35"
         },
         "candidate": {
-            "target": "9"
+            "target": "35"
         },
         "beta": {
-            "target": "9"
+            "target": "35"
         },
         "edge": {
-            "target": "9"
+            "target": "35"
+        }
+    },
+    "0.39.0-22.04": {
+        "stable": {
+            "target": "38"
+        },
+        "candidate": {
+            "target": "38"
+        },
+        "beta": {
+            "target": "38"
+        },
+        "edge": {
+            "target": "38"
+        }
+    },
+    "0.39-22.04": {
+        "stable": {
+            "target": "39"
+        },
+        "candidate": {
+            "target": "0.39-22.04_stable"
+        },
+        "beta": {
+            "target": "0.39-22.04_candidate"
+        },
+        "edge": {
+            "target": "0.39-22.04_beta"
+        }
+    },
+    "0.39.1-22.04": {
+        "stable": {
+            "target": "39"
+        },
+        "candidate": {
+            "target": "0.39.1-22.04_stable"
+        },
+        "beta": {
+            "target": "0.39.1-22.04_candidate"
+        },
+        "edge": {
+            "target": "0.39.1-22.04_beta"
         }
     }
 }

oci/grafana-agent/image.yaml

@@ -1,22 +1,18 @@
 version: 1
 upload:
   - source: canonical/grafana-agent-rock
-    commit: ee0c456ec9dd41412892912c8accb21e1e90f6fe
-    directory: 0.35.2
+    commit: 9367d23258dae0e4bc1198aadcb8ebf4d1a5f300
+    directory: 0.39.1
     release:
-      0.35.2-22.04:
-        end-of-life: "2025-01-12T00:00:00Z"
+      0.39.1-22.04:
+        end-of-life: "2025-01-26T00:00:00Z"
         risks:
           - stable
-  - source: canonical/grafana-agent-rock
-    commit: ee0c456ec9dd41412892912c8accb21e1e90f6fe
-    directory: 0.35.4
-    release:
-      0.35.4-22.04:
-        end-of-life: "2025-01-12T00:00:00Z"
+      0.39-22.04:
+        end-of-life: "2025-01-26T00:00:00Z"
         risks:
           - stable
-      0.35-22.04:
-        end-of-life: "2025-01-12T00:00:00Z"
+      0-22.04:
+        end-of-life: "2025-01-26T00:00:00Z"
         risks:
           - stable

oci/grafana/.trivyignore

@@ -12,3 +12,7 @@ CVE-2023-39325
 GHSA-m425-mq94-257g
 # github.com/go-git/go-git/v5 - Maliciously crafted Git server replies can cause DoS on go-git clients
 CVE-2023-49568
+# github.com/go-git/go-git/v5 - Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
+CVE-2023-49569
+# github.com/cloudflare/circl - CIRCL's Kyber: timing side-channel (kyberslash2)
+GHSA-9763-4f94-gfch