[pull] main from containerd:main#307
Open
pull[bot] wants to merge 1233 commits into
Open
Conversation
….com/moby/moby/v2-2.0.0-beta.14 build(deps): bump github.com/moby/moby/v2 from 2.0.0-beta.13 to 2.0.0-beta.14
Bumps [github.com/containerd/containerd/v2](https://github.com/containerd/containerd) from 2.3.0 to 2.3.1. - [Release notes](https://github.com/containerd/containerd/releases) - [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md) - [Commits](containerd/containerd@v2.3.0...v2.3.1) --- updated-dependencies: - dependency-name: github.com/containerd/containerd/v2 dependency-version: 2.3.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the docker group with 2 updates in the / directory: [github.com/docker/cli](https://github.com/docker/cli) and [github.com/moby/moby/v2](https://github.com/moby/moby). Updates `github.com/docker/cli` from 29.5.0+incompatible to 29.5.2+incompatible - [Commits](docker/cli@v29.5.0...v29.5.2) Updates `github.com/moby/moby/v2` from 2.0.0-beta.14 to 2.0.0-beta.15 - [Release notes](https://github.com/moby/moby/releases) - [Commits](moby/moby@v2.0.0-beta.14...v2.0.0-beta.15) --- updated-dependencies: - dependency-name: github.com/docker/cli dependency-version: 29.5.1+incompatible dependency-type: direct:production update-type: version-update:semver-patch dependency-group: docker - dependency-name: github.com/moby/moby/v2 dependency-version: 2.0.0-beta.14 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: docker ... Signed-off-by: dependabot[bot] <support@github.com>
ci: add zizmor workflow linting
Signed-off-by: ChengyuZhu6 <hudson@cyzhu.com>
….com/containerd/containerd/v2-2.3.1 build(deps): bump github.com/containerd/containerd/v2 from 2.3.0 to 2.3.1
update gomod jail to v0.3.2
…-890c0f8f14 build(deps): bump the docker group across 1 directory with 2 updates
….com/compose-spec/compose-go/v2-2.11.0 build(deps): bump github.com/compose-spec/compose-go/v2 from 2.10.2 to 2.11.0
Bumps [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) from 0.5.3 to 0.5.6. - [Release notes](https://github.com/zizmorcore/zizmor-action/releases) - [Commits](zizmorcore/zizmor-action@b1d7e1f...5f14fd0) --- updated-dependencies: - dependency-name: zizmorcore/zizmor-action dependency-version: 0.5.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 7.1.0 to 7.2.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@bcafcac...f9f3042) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-version: 7.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [docker/login-action](https://github.com/docker/login-action) from 4.1.0 to 4.2.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@4907a6d...650006c) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 6.0.0 to 6.1.0. - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@030e881...80c7e94) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the golang-x group with 2 updates in the / directory: [golang.org/x/crypto](https://github.com/golang/crypto) and [golang.org/x/net](https://github.com/golang/net). Updates `golang.org/x/crypto` from 0.51.0 to 0.52.0 - [Commits](golang/crypto@v0.51.0...v0.52.0) Updates `golang.org/x/net` from 0.54.0 to 0.55.0 - [Commits](golang/net@v0.54.0...v0.55.0) Updates `golang.org/x/sys` from 0.44.0 to 0.45.0 - [Commits](golang/sys@v0.44.0...v0.45.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.52.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x - dependency-name: golang.org/x/net dependency-version: 0.55.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x - dependency-name: golang.org/x/sys dependency-version: 0.45.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x ... Signed-off-by: dependabot[bot] <support@github.com>
Replace the generated mocks under pkg/infoutil/infoutilmock and the inline gomock-based MockParse in pkg/cmd/builder/build_test.go with hand-rolled fakes that use function fields. This drops the go.uber.org/mock require from go.mod / go.sum. Fixes #3325 Signed-off-by: Metbcy <amirbredy1@gmail.com>
…zmorcore/zizmor-action-0.5.6 build(deps): bump zizmorcore/zizmor-action from 0.5.3 to 0.5.6
Signed-off-by: immanuwell <pchpr.00@list.ru>
docs: fix typo and missing import in tools.md
…-x-105f79c659 build(deps): bump the golang-x group across 1 directory with 3 updates
Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.14.1 to 1.15.0. - [Release notes](https://github.com/opencontainers/selinux/releases) - [Commits](opencontainers/selinux@v1.14.1...v1.15.0) --- updated-dependencies: - dependency-name: github.com/opencontainers/selinux dependency-version: 1.15.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…cker/login-action-4.2.0 build(deps): bump docker/login-action from 4.1.0 to 4.2.0
…cker/metadata-action-6.1.0 build(deps): bump docker/metadata-action from 6.0.0 to 6.1.0
…cker/build-push-action-7.2.0 build(deps): bump docker/build-push-action from 7.1.0 to 7.2.0
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@4d04d5d...d7f5e7f) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…cker/setup-buildx-action-4.1.0 build(deps): bump docker/setup-buildx-action from 4.0.0 to 4.1.0
`docker ps` displays the health check results for healthchecked containers in the STATUS column: ```bash $ docker run -d --name health --health-cmd=true --health-interval=3s alpine sleep inf ace14dd125355ac04e8cbad9f1cf2eaaa7209d76cb648ccefb81e45b986c58f7 $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ace14dd12535 alpine "sleep inf" 23 seconds ago Up 22 seconds (healthy) health ``` However, `nerdctl ps` doesn't show the health status. Therefore, to ensure compatibility with Docker, this change makes `nerdctl ps` display the health check results in the STATUS column for containers that perform health checks. After this change, the output looks like: ```bash $ sudo nerdctl ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 02c64243528a docker.io/library/alpine:latest "sleep inf" 7 seconds ago Up (health: starting) hoge ``` ```bash $ sudo nerdctl ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 690aa502978c docker.io/library/alpine:latest "sleep inf" 1 second ago Up (healthy) hoge ``` ```bash $ sudo nerdctl ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 02c64243528a docker.io/library/alpine:latest "sleep inf" 2 hours ago Up (unhealthy) hoge ``` Signed-off-by: Hayato Kiwata <dev@haytok.jp>
Suppose a container with healthcheck enabled has exited. ```bash > sudo nerdctl ps -a --filter "name=hoge" CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES dd94022f7dd0 docker.io/library/alpine:latest "sleep 1" About a minute ago Exited (0) About a minute ago hoge ``` When we try to run `nerdctl start` on that container, the following error occurs, and the container cannot be started. ```bash > sudo nerdctl start hoge FATA[0000] 1 errors: failed to create healthcheck timer: systemd-run failed: exit status 1 output: Failed to start transient timer unit: Unit dd94022f7dd0f8b60cb49e803c52de3a7a49c2b39276883ed7c606e13ca1a918.timer was already loaded or has a fragment file. ``` The cause of the failure is the presence of the systemd transient timer unit used when executing health checks. When checking the output of `systemctl status`, the status of the transient timer unit is `active`, but an error has occurred in the transient service unit that executes the healthcheck command. In nerdctl, container health check is performed by running the `systemd-run` command to periodically execute the `exec` command on the target container via a transient service unit and a transient timer unit, and executing the command specified with the `--health-cmd` option. However, the current implementation does not account for the case where the container has exited. Therefore, this commit will ensure that transient units are deleted when a container with a health check enabled exits. It will also ensure that the system checks for the presence of transient units when restarting a stopped container with a health check enabled. The specific approach is as follows: - Use the `--collect` option of the `systemd-run` command so that the transient service unit can be garbage-collected even when it is in a failed state. - Delete the transient timer unit when the process exits and the container is in a stopped state. - Before creating a new transient timer unit in CreateTimer, check whether a transient timer unit with the same name already exists and remove it if so. Note that if the `--collect` option is specified when executing the `systemd-run` command, deleting the transient timer unit will cause it to be unloaded by systemd's garbage collection. References: - https://www.freedesktop.org/software/systemd/man/latest/systemd-run.html#-G - https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#CollectMode= Signed-off-by: Hayato Kiwata <dev@haytok.jp>
Signed-off-by: Hayato Kiwata <dev@haytok.jp>
chore: remove go.uber.org/mock dependency
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Daniel Benjamin <benjamindaniel706@gmail.com>
Bumps the golang-x group with 6 updates: | Package | From | To | | --- | --- | --- | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.53.0` | `0.54.0` | | [golang.org/x/net](https://github.com/golang/net) | `0.56.0` | `0.57.0` | | [golang.org/x/sync](https://github.com/golang/sync) | `0.21.0` | `0.22.0` | | [golang.org/x/sys](https://github.com/golang/sys) | `0.46.0` | `0.47.0` | | [golang.org/x/term](https://github.com/golang/term) | `0.44.0` | `0.45.0` | | [golang.org/x/text](https://github.com/golang/text) | `0.39.0` | `0.40.0` | Updates `golang.org/x/crypto` from 0.53.0 to 0.54.0 - [Commits](golang/crypto@v0.53.0...v0.54.0) Updates `golang.org/x/net` from 0.56.0 to 0.57.0 - [Commits](golang/net@v0.56.0...v0.57.0) Updates `golang.org/x/sync` from 0.21.0 to 0.22.0 - [Commits](golang/sync@v0.21.0...v0.22.0) Updates `golang.org/x/sys` from 0.46.0 to 0.47.0 - [Commits](golang/sys@v0.46.0...v0.47.0) Updates `golang.org/x/term` from 0.44.0 to 0.45.0 - [Commits](golang/term@v0.44.0...v0.45.0) Updates `golang.org/x/text` from 0.39.0 to 0.40.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.39.0...v0.40.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.54.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x - dependency-name: golang.org/x/net dependency-version: 0.57.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x - dependency-name: golang.org/x/sync dependency-version: 0.22.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x - dependency-name: golang.org/x/sys dependency-version: 0.47.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x - dependency-name: golang.org/x/term dependency-version: 0.45.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x - dependency-name: golang.org/x/text dependency-version: 0.40.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x ... Signed-off-by: dependabot[bot] <support@github.com>
….com/ipfs/go-cid-0.6.2 build(deps): bump github.com/ipfs/go-cid from 0.6.1 to 0.6.2
CI: update Ubuntu (26.04)
…-x-357f6793ed build(deps): bump the golang-x group with 6 updates
…ork-base-test-to-tigron test: refactor container_run_network_base_test.go to use Tigron
…t-linux-test-to-tigron test: refactor container_run_mount_linux_test.go to use Tigron
Read-only bind and volume mounts (`-v src:dst:ro`, `--mount ...,readonly`) are now made recursively read-only when the kernel (>= 5.12) and the OCI runtime (runc >= 1.1, crun >= 1.8.6) support the "rro" mount option, following Docker v25 (moby/moby#45278). The behavior is customizable with the `bind-recursive` option of `--mount` (docker/cli#4316): - `enabled` (default): recursive bind; recursively read-only when supported - `disabled`: non-recursive bind - `writable`: submounts of a read-only mount are kept writable (Docker v24 behavior) - `readonly`: force recursively read-only, or raise an error The boolean aliases of `bind-recursive` (unreleased) are removed, following docker/cli#4671. Whether the OCI runtime supports RRO mounts is detected by running `$RUNTIME features`, with the result cached in the XDG cache directory (e.g., ~/.cache/nerdctl/oci-runtime-features), invalidated when the runtime binary is modified. The old `rro` option of `-v` and `--mount`, introduced in nerdctl v0.14 ahead of Docker, is now deprecated in favor of the Docker v25 form: `--mount type=bind,src=...,dst=...,readonly,bind-propagation=rprivate,bind-recursive=readonly`. It now raises an error (instead of silently degrading to plain "ro") when RRO mounts are not supported. `nerdctl cp` now recognizes the "rro" mount option when refusing to copy into a read-only location. Fix issue 2651 Assisted-by: Claude Fable 5 <noreply@anthropic.com> Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
mount: support the Docker v25 form of recursive read-only (RRO) mounts
feat: label-based filtering added to `nerdctl events`
…range network create: match each --ip-range to its subnet for dual-stack
Docker's network create takes --ipv4 (default on) so that --ipv4=false together with --ipv6 yields an IPv6-only network. nerdctl had no equivalent: generateIPAM always appended a default IPv4 range when no v4 subnet was given, so every bridge network ended up with IPv4. Add the flag and carry it as a positive IPv4 option, matching the existing IPv6 field and docker's EnableIPv4. When IPv4 is off, skip the default v4 range, switch the host-local default route to ::/0, and reject an IPv4 subnet. Require at least one address family (docker's "IPv4 or IPv6 must be enabled"), and require an explicit IPv6 subnet since nerdctl does not auto-allocate one. Reject the combination on Windows where IPv6-only is unsupported. Part of #5012. Signed-off-by: Mayur Das <mayur.das@neevcloud.com>
Bumps [github.com/containerd/containerd/v2](https://github.com/containerd/containerd) from 2.3.2 to 2.3.3. - [Release notes](https://github.com/containerd/containerd/releases) - [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md) - [Commits](containerd/containerd@v2.3.2...v2.3.3) --- updated-dependencies: - dependency-name: github.com/containerd/containerd/v2 dependency-version: 2.3.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [github.com/rootless-containers/rootlesskit/v3](https://github.com/rootless-containers/rootlesskit) from 3.0.1 to 3.0.2. - [Release notes](https://github.com/rootless-containers/rootlesskit/releases) - [Commits](rootless-containers/rootlesskit@v3.0.1...v3.0.2) --- updated-dependencies: - dependency-name: github.com/rootless-containers/rootlesskit/v3 dependency-version: 3.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
….com/rootless-containers/rootlesskit/v3-3.0.2 build(deps): bump github.com/rootless-containers/rootlesskit/v3 from 3.0.1 to 3.0.2
….com/containerd/containerd/v2-2.3.3 build(deps): bump github.com/containerd/containerd/v2 from 2.3.2 to 2.3.3
Signed-off-by: Mujib Ahasan <ahasanmujib8@gmail.com> test case added Signed-off-by: Mujib Ahasan <ahasanmujib8@gmail.com>
update containerd (2.3.3)
update RootlessKit (3.0.2)
Signed-off-by: akshitguptaa <akshitguptaa29@gmail.com>
Signed-off-by: akshitguptaa <akshitguptaa29@gmail.com>
feat(network): add --ipv4 to allow IPv6-only networks
feat(run): add support for `--expose` and `--publish-all`
fix: hide internal alias flags from help output
rootless: enable IPv6 in RootlessKit network namespace
Signed-off-by: s3onghyun <s3onghyun@users.noreply.github.com>
save: add --quiet/-q to suppress progress output
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.1)
Can you help keep this open source service alive? 💖 Please sponsor : )