Update Github Action (#224)

* update this branch with recent merge in 8.16 branch

* Contexts for 8.17.0 (#226)

This commit was created by the elastic-dockerfiles-publisher.

Co-authored-by: Elastic Machine <[email protected]>

---------

Co-authored-by: elastic-vault-github-plugin-prod[bot] <150874479+elastic-vault-github-plugin-prod[bot]@users.noreply.github.com>
Co-authored-by: Elastic Machine <[email protected]>

.github/workflows/pr_auto_approval.yml

@@ -10,7 +10,8 @@ jobs:
       name: Auto-approve docker push pr
       runs-on: ubuntu-latest
       if: |
-        startsWith(github.event.pull_request.head.ref, 'docker_files_push_')
+        startsWith(github.event.pull_request.head.ref, 'docker_files_push_') &&
+        github.event.pull_request.user.login == 'elastic-vault-github-plugin-prod[bot]'
       permissions:
         pull-requests: write
         contents: write
@@ -19,4 +20,6 @@ jobs:
       - name: Debug PR info
         run: |
           echo "PR Head Ref: ${{ github.event.pull_request.head.ref }}"
-      - uses: hmarr/auto-approve-action@v3
+          echo "PR User Login: ${{ github.event.pull_request.user.login }}"
+      - name: Auto Approve
+        uses: hmarr/auto-approve-action@v3

README.md

@@ -78,4 +78,4 @@ and includes the full set of [free
 features](https://www.elastic.co/subscriptions).
 
 View the detailed release notes
-[here](https://www.elastic.co/guide/en/elasticsearch/reference/8.13/es-release-notes.html).
+[here](https://www.elastic.co/guide/en/elasticsearch/reference/8.17/es-release-notes.html).

elasticsearch/Dockerfile

@@ -20,30 +20,31 @@ RUN for iter in 1 2 3 4 5 6 7 8 9 10; do \
     done; \
     exit $exit_code
 
-# `tini` is a tiny but valid init for containers. This is used to cleanly
-# control how ES and any child processes are shut down.
-#
-# The tini GitHub page gives instructions for verifying the binary using
-# gpg, but the keyservers are slow to return the key and this can fail the
-# build. Instead, we check the binary against the published checksum.
-RUN set -eux ; \
-    tini_bin="" ; \
-    case "$(arch)" in \
-        aarch64) tini_bin='tini-arm64' ;; \
-        x86_64)  tini_bin='tini-amd64' ;; \
-        *) echo >&2 ; echo >&2 "Unsupported architecture $(arch)" ; echo >&2 ; exit 1 ;; \
-    esac ; \
-    curl --retry 10 -S -L -O https://github.com/krallin/tini/releases/download/v0.19.0/${tini_bin} ; \
-    curl --retry 10 -S -L -O https://github.com/krallin/tini/releases/download/v0.19.0/${tini_bin}.sha256sum ; \
-    sha256sum -c ${tini_bin}.sha256sum ; \
-    rm ${tini_bin}.sha256sum ; \
-    mv ${tini_bin} /bin/tini ; \
-    chmod 0555 /bin/tini
+    # `tini` is a tiny but valid init for containers. This is used to cleanly
+    # control how ES and any child processes are shut down.
+    # For wolfi we pick it from the blessed wolfi package registry.
+    #
+    # The tini GitHub page gives instructions for verifying the binary using
+    # gpg, but the keyservers are slow to return the key and this can fail the
+    # build. Instead, we check the binary against the published checksum.
+    RUN set -eux ; \
+        tini_bin="" ; \
+        case "$(arch)" in \
+            aarch64) tini_bin='tini-arm64' ;; \
+            x86_64)  tini_bin='tini-amd64' ;; \
+            *) echo >&2 ; echo >&2 "Unsupported architecture $(arch)" ; echo >&2 ; exit 1 ;; \
+        esac ; \
+        curl --retry 10 -S -L -O https://github.com/krallin/tini/releases/download/v0.19.0/${tini_bin} ; \
+        curl --retry 10 -S -L -O https://github.com/krallin/tini/releases/download/v0.19.0/${tini_bin}.sha256sum ; \
+        sha256sum -c ${tini_bin}.sha256sum ; \
+        rm ${tini_bin}.sha256sum ; \
+        mv ${tini_bin} /bin/tini ; \
+        chmod 0555 /bin/tini
 
 RUN mkdir /usr/share/elasticsearch
 WORKDIR /usr/share/elasticsearch
 
-RUN curl --retry 10 -S -L --output /tmp/elasticsearch.tar.gz https://artifacts-no-kpi.elastic.co/downloads/elasticsearch/elasticsearch-8.13.4-linux-$(arch).tar.gz
+RUN curl --retry 10 -S -L --output /tmp/elasticsearch.tar.gz https://artifacts-no-kpi.elastic.co/downloads/elasticsearch/elasticsearch-8.17.0-linux-$(arch).tar.gz
 
 RUN tar -zxf /tmp/elasticsearch.tar.gz --strip-components=1
 
@@ -105,10 +106,11 @@ ENV ELASTIC_CONTAINER true
 WORKDIR /usr/share/elasticsearch
 
 COPY --from=builder --chown=0:0 /usr/share/elasticsearch /usr/share/elasticsearch
+
 COPY --from=builder --chown=0:0 /bin/tini /bin/tini
 
 ENV PATH /usr/share/elasticsearch/bin:$PATH
-
+ENV SHELL /bin/bash
 COPY bin/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
 
 # 1. Sync the user and group permissions of /etc/passwd
@@ -135,25 +137,25 @@ RUN /etc/ca-certificates/update.d/docker-openjdk
 
 EXPOSE 9200 9300
 
-LABEL org.label-schema.build-date="2024-05-06T22:04:45.107454559Z" \
+LABEL org.label-schema.build-date="2024-12-11T12:08:05.663969764Z" \
   org.label-schema.license="Elastic-License-2.0" \
   org.label-schema.name="Elasticsearch" \
   org.label-schema.schema-version="1.0" \
   org.label-schema.url="https://www.elastic.co/products/elasticsearch" \
   org.label-schema.usage="https://www.elastic.co/guide/en/elasticsearch/reference/index.html" \
-  org.label-schema.vcs-ref="da95df118650b55a500dcc181889ac35c6d8da7c" \
+  org.label-schema.vcs-ref="2b6a7fed44faa321997703718f07ee0420804b41" \
   org.label-schema.vcs-url="https://github.com/elastic/elasticsearch" \
   org.label-schema.vendor="Elastic" \
-  org.label-schema.version="8.13.4" \
-  org.opencontainers.image.created="2024-05-06T22:04:45.107454559Z" \
+  org.label-schema.version="8.17.0" \
+  org.opencontainers.image.created="2024-12-11T12:08:05.663969764Z" \
   org.opencontainers.image.documentation="https://www.elastic.co/guide/en/elasticsearch/reference/index.html" \
   org.opencontainers.image.licenses="Elastic-License-2.0" \
-  org.opencontainers.image.revision="da95df118650b55a500dcc181889ac35c6d8da7c" \
+  org.opencontainers.image.revision="2b6a7fed44faa321997703718f07ee0420804b41" \
   org.opencontainers.image.source="https://github.com/elastic/elasticsearch" \
   org.opencontainers.image.title="Elasticsearch" \
   org.opencontainers.image.url="https://www.elastic.co/products/elasticsearch" \
   org.opencontainers.image.vendor="Elastic" \
-  org.opencontainers.image.version="8.13.4"
+  org.opencontainers.image.version="8.17.0"
 
 # Our actual entrypoint is `tini`, a minimal but functional init program. It
 # calls the entrypoint we provide, while correctly forwarding signals.

kibana/Dockerfile

@@ -16,41 +16,21 @@ RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y curl
 RUN cd /tmp && \
   curl --retry 8 -s -L \
     --output kibana.tar.gz \
-     https://artifacts.elastic.co/downloads/kibana/kibana-8.13.4-linux-$(arch).tar.gz && \
+     https://artifacts.elastic.co/downloads/kibana/kibana-8.17.0-linux-$(arch).tar.gz && \
   cd -
 
-
 RUN mkdir /usr/share/kibana
 WORKDIR /usr/share/kibana
-RUN tar --strip-components=1 -zxf /tmp/kibana.tar.gz
+RUN tar \
+  --strip-components=1 \
+  -zxf /tmp/kibana.tar.gz
+
 # Ensure that group permissions are the same as user permissions.
 # This will help when relying on GID-0 to run Kibana, rather than UID-1000.
 # OpenShift does this, for example.
 # REF: https://docs.openshift.org/latest/creating_images/guidelines.html
 RUN chmod -R g=u /usr/share/kibana
 
-
-################################################################################
-# Build stage 1 (the actual Kibana image):
-#
-# Copy kibana from stage 0
-# Add entrypoint
-################################################################################
-FROM ubuntu:20.04
-EXPOSE 5601
-
-RUN for iter in {1..10}; do \
-      export DEBIAN_FRONTEND=noninteractive && \
-      apt-get update  && \
-      apt-get upgrade -y  && \
-      apt-get install -y --no-install-recommends \
-       fontconfig fonts-liberation libnss3 libfontconfig1 ca-certificates curl && \
-      apt-get clean && \
-      rm -rf /var/lib/apt/lists/* && exit_code=0 && break || exit_code=$? && echo "apt-get error: retry $iter in 10s" && \
-      sleep 10; \
-    done; \
-    (exit $exit_code)
-
 # Add an init process, check the checksum to make sure it's a match
 RUN set -e ; \
     TINI_BIN="" ; \
@@ -70,14 +50,38 @@ RUN set -e ; \
   rm "${TINI_BIN}.sha256sum" ; \
   mv "${TINI_BIN}" /bin/tini ; \
   chmod +x /bin/tini
+RUN mkdir -p /usr/share/fonts/local && \
+  curl --retry 8 -S -L -o /usr/share/fonts/local/NotoSansCJK-Regular.ttc https://github.com/googlefonts/noto-cjk/raw/NotoSansV2.001/NotoSansCJK-Regular.ttc && \
+  echo "5dcd1c336cc9344cb77c03a0cd8982ca8a7dc97d620fd6c9c434e02dcb1ceeb3  /usr/share/fonts/local/NotoSansCJK-Regular.ttc" | sha256sum -c -
 
-RUN mkdir /usr/share/fonts/local
-RUN curl --retry 8 -S -L -o /usr/share/fonts/local/NotoSansCJK-Regular.ttc https://github.com/googlefonts/noto-cjk/raw/NotoSansV2.001/NotoSansCJK-Regular.ttc
-RUN echo "5dcd1c336cc9344cb77c03a0cd8982ca8a7dc97d620fd6c9c434e02dcb1ceeb3  /usr/share/fonts/local/NotoSansCJK-Regular.ttc" | sha256sum -c -
-RUN fc-cache -v
+
+################################################################################
+# Build stage 1 (the actual Kibana image):
+#
+# Copy kibana from stage 0
+# Add entrypoint
+################################################################################
+FROM ubuntu:20.04
+EXPOSE 5601
+
+RUN for iter in {1..10}; do \
+      export DEBIAN_FRONTEND=noninteractive && \
+      apt-get update  && \
+      apt-get upgrade -y  && \
+      apt-get install -y --no-install-recommends \
+       fontconfig libnss3 curl ca-certificates && \
+      apt-get clean && \
+      rm -rf /var/lib/apt/lists/* && exit_code=0 && break || exit_code=$? && echo "apt-get error: retry $iter in 10s" && \
+      sleep 10; \
+    done; \
+    (exit $exit_code)
 
 # Bring in Kibana from the initial stage.
 COPY --from=builder --chown=1000:0 /usr/share/kibana /usr/share/kibana
+COPY --from=builder --chown=0:0 /bin/tini /bin/tini
+# Load reporting fonts
+COPY --from=builder --chown=0:0 /usr/share/fonts/local/NotoSansCJK-Regular.ttc /usr/share/fonts/local/NotoSansCJK-Regular.ttc
+RUN fc-cache -v
 WORKDIR /usr/share/kibana
 RUN ln -s /usr/share/kibana /opt/kibana
 
@@ -104,25 +108,25 @@ RUN groupadd --gid 1000 kibana && \
       --home-dir /usr/share/kibana --no-create-home \
       kibana
 
-LABEL org.label-schema.build-date="2024-05-07T06:06:37.059Z" \
+LABEL org.label-schema.build-date="2024-12-11T11:12:31.173Z" \
   org.label-schema.license="Elastic License" \
   org.label-schema.name="Kibana" \
   org.label-schema.schema-version="1.0" \
   org.label-schema.url="https://www.elastic.co/products/kibana" \
   org.label-schema.usage="https://www.elastic.co/guide/en/kibana/reference/index.html" \
-  org.label-schema.vcs-ref="f5dc24d1969f80e4aa3ced7cc375dd00554f8c0c" \
+  org.label-schema.vcs-ref="86cbc85e621f4f3f701ed230f4e859ac5a80145b" \
   org.label-schema.vcs-url="https://github.com/elastic/kibana" \
   org.label-schema.vendor="Elastic" \
-  org.label-schema.version="8.13.4" \
-  org.opencontainers.image.created="2024-05-07T06:06:37.059Z" \
+  org.label-schema.version="8.17.0" \
+  org.opencontainers.image.created="2024-12-11T11:12:31.173Z" \
   org.opencontainers.image.documentation="https://www.elastic.co/guide/en/kibana/reference/index.html" \
   org.opencontainers.image.licenses="Elastic License" \
-  org.opencontainers.image.revision="f5dc24d1969f80e4aa3ced7cc375dd00554f8c0c" \
+  org.opencontainers.image.revision="86cbc85e621f4f3f701ed230f4e859ac5a80145b" \
   org.opencontainers.image.source="https://github.com/elastic/kibana" \
   org.opencontainers.image.title="Kibana" \
   org.opencontainers.image.url="https://www.elastic.co/products/kibana" \
   org.opencontainers.image.vendor="Elastic" \
-  org.opencontainers.image.version="8.13.4"
+  org.opencontainers.image.version="8.17.0"
 
 
 ENTRYPOINT ["/bin/tini", "--"]

kibana/bin/kibana-docker

@@ -39,6 +39,8 @@ kibana_vars=(
     csp.frame_ancestors
     csp.report_uri
     csp.report_to
+    csp.report_only.form_action
+    permissionsPolicy.report_to
     data.autocomplete.valueSuggestions.terminateAfter
     data.autocomplete.valueSuggestions.timeout
     data.search.asyncSearch.waitForCompletion
@@ -62,6 +64,7 @@ kibana_vars=(
     elasticsearch.logQueries
     elasticsearch.password
     elasticsearch.pingTimeout
+    elasticsearch.publicBaseUrl
     elasticsearch.requestHeadersWhitelist
     elasticsearch.requestTimeout
     elasticsearch.serviceAccountToken
@@ -116,6 +119,7 @@ kibana_vars=(
     monitoring.cluster_alerts.email_notifications.email_address
     monitoring.kibana.collection.enabled
     monitoring.kibana.collection.interval
+    monitoring.ui.ccs.enabled
     monitoring.ui.container.elasticsearch.enabled
     monitoring.ui.container.logstash.enabled
     monitoring.ui.elasticsearch.hosts
@@ -136,6 +140,7 @@ kibana_vars=(
     ops.interval
     path.data
     pid.file
+    profiler.signal
     regionmap
     savedObjects.maxImportExportSize
     savedObjects.maxImportPayloadBytes
@@ -153,11 +158,13 @@ kibana_vars=(
     server.customResponseHeaders
     server.defaultRoute
     server.host
+    server.http2.allowUnsecure
     server.keepAliveTimeout
     server.maxPayload
     server.maxPayloadBytes
     server.name
     server.port
+    server.protocol
     server.publicBaseUrl
     server.requestId.allowFromAnyIp
     server.requestId.ipAllowlist
@@ -232,6 +239,7 @@ kibana_vars=(
     xpack.alerting.rules.run.actions.max
     xpack.alerting.rules.run.alerts.max
     xpack.alerting.rules.run.actions.connectorTypeOverrides
+    xpack.alerting.maxScheduledPerMinute
     xpack.alerts.healthCheck.interval
     xpack.alerts.invalidateApiKeysTask.interval
     xpack.alerts.invalidateApiKeysTask.removalDelay
@@ -311,6 +319,7 @@ kibana_vars=(
     xpack.observability.unsafe.alertDetails.uptime.enabled
     xpack.observability.unsafe.alertDetails.observability.enabled
     xpack.observability.unsafe.thresholdRule.enabled
+    xpack.productDocBase.artifactRepositoryUrl
     xpack.reporting.capture.browser.autoDownload
     xpack.reporting.capture.browser.chromium.disableSandbox
     xpack.reporting.capture.browser.chromium.inspect
@@ -358,6 +367,7 @@ kibana_vars=(
     xpack.reporting.roles.allow
     xpack.reporting.roles.enabled
     xpack.ruleRegistry.write.enabled
+    xpack.screenshotting.browser.chromium.disableSandbox
     xpack.security.accessAgreement.message
     xpack.security.audit.appender.fileName
     xpack.security.audit.appender.layout.highlight
@@ -384,6 +394,7 @@ kibana_vars=(
     xpack.security.authc.selector.enabled
     xpack.security.cookieName
     xpack.security.encryptionKey
+    xpack.security.fipsMode.enabled
     xpack.security.loginAssistanceMessage
     xpack.security.loginHelp
     xpack.security.sameSiteCookies
@@ -404,7 +415,12 @@ kibana_vars=(
     xpack.securitySolution.packagerTaskInterval
     xpack.securitySolution.prebuiltRulesPackageVersion
     xpack.spaces.maxSpaces
+    xpack.task_manager.capacity
     xpack.task_manager.claim_strategy
+    xpack.task_manager.auto_calculate_default_ech_capacity
+    xpack.task_manager.discovery.active_nodes_lookback
+    xpack.task_manager.discovery.interval
+    xpack.task_manager.kibanas_per_partition
     xpack.task_manager.max_attempts
     xpack.task_manager.max_workers
     xpack.task_manager.monitored_aggregated_stats_refresh_rate