Merge pull request #1059 from wolfi-dev/dependabot/github_actions/dot…

…-github/actions/actions/setup-go-5.0.2 build(deps): bump actions/setup-go from 5.0.1 to 5.0.2 in /.github/actions Signed-off-by: Dentrax <[email protected]>
wolfi-dev · Jul 13, 2024 · 594a172 · 594a172
2 parents 6d7c791 + 4891ed4
commit 594a172
Show file tree

Hide file tree

Showing 72 changed files with 871 additions and 76 deletions.
diff --git a/.github/actions/action.yaml b/.github/actions/action.yaml
@@ -8,7 +8,7 @@ runs:
         repository: wolfi-dev/wolfictl
         path: wolfictl-setup-gha
 
-    - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
+    - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
       with:
         go-version: '1.21'
         check-latest: true

diff --git a/docs/cmd/wolfictl.md b/docs/cmd/wolfictl.md
@@ -9,7 +9,9 @@ A CLI helper for developing Wolfi
 ### Options
 
 ```
-  -h, --help   help for wolfictl
+  -h, --help                 help for wolfictl
+      --log-level string     log level (e.g. debug, info, warn, error) (default "info")
+      --log-policy strings   log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr])
 ```
 
 ### SEE ALSO
@@ -18,13 +20,15 @@ A CLI helper for developing Wolfi
 * [wolfictl apk](wolfictl_apk.md)	 - 
 * [wolfictl build](wolfictl_build.md)	 - 
 * [wolfictl bump](wolfictl_bump.md)	 - Bumps the epoch field in melange configuration files
+* [wolfictl bundle](wolfictl_bundle.md)	 - 
 * [wolfictl check](wolfictl_check.md)	 - Subcommands used for CI checks in Wolfi
 * [wolfictl dot](wolfictl_dot.md)	 - Generate graphviz .dot output
 * [wolfictl gh](wolfictl_gh.md)	 - Commands used to interact with GitHub
 * [wolfictl image](wolfictl_image.md)	 - (Experimental) Commands for working with container images that use Wolfi
-* [wolfictl index](wolfictl_index.md)	 - 
 * [wolfictl lint](wolfictl_lint.md)	 - Lint the code
+* [wolfictl ruby](wolfictl_ruby.md)	 - Work with ruby packages
 * [wolfictl scan](wolfictl_scan.md)	 - Scan a package for vulnerabilities
+* [wolfictl test](wolfictl_test.md)	 - 
 * [wolfictl text](wolfictl_text.md)	 - Print a sorted list of downstream dependent packages
 * [wolfictl update](wolfictl_update.md)	 - Proposes melange package update(s) via a pull request
 * [wolfictl version](wolfictl_version.md)	 - Prints the version

diff --git a/docs/cmd/wolfictl_advisory.md b/docs/cmd/wolfictl_advisory.md
@@ -14,14 +14,24 @@ Commands for consuming and maintaining security advisory data
   -h, --help   help for advisory
 ```
 
+### Options inherited from parent commands
+
+```
+      --log-level string     log level (e.g. debug, info, warn, error) (default "info")
+      --log-policy strings   log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr])
+```
+
 ### SEE ALSO
 
 * [wolfictl](wolfictl.md)	 - A CLI helper for developing Wolfi
 * [wolfictl advisory alias](wolfictl_advisory_alias.md)	 - Commands for discovering vulnerability aliases
+* [wolfictl advisory copy](wolfictl_advisory_copy.md)	 - Copy a package's advisories into a new package.
 * [wolfictl advisory create](wolfictl_advisory_create.md)	 - Create a new advisory
 * [wolfictl advisory diff](wolfictl_advisory_diff.md)	 - See the advisory data differences introduced by your local changes
 * [wolfictl advisory discover](wolfictl_advisory_discover.md)	 - Automatically create advisories by matching distro packages to vulnerabilities in NVD
+* [wolfictl advisory guide](wolfictl_advisory_guide.md)	 - Launch an interactive guide to help you enter advisory data for a package
 * [wolfictl advisory list](wolfictl_advisory_list.md)	 - List advisories for specific packages, vulnerabilities, or the entire data set
+* [wolfictl advisory osv](wolfictl_advisory_osv.md)	 - Build an OSV dataset from Chainguard advisory data
 * [wolfictl advisory secdb](wolfictl_advisory_secdb.md)	 - Build an Alpine-style security database from advisory data
 * [wolfictl advisory update](wolfictl_advisory_update.md)	 - Update an existing advisory with a new event
 * [wolfictl advisory validate](wolfictl_advisory_validate.md)	 - Validate the state of advisory data

diff --git a/docs/cmd/wolfictl_advisory_alias.md b/docs/cmd/wolfictl_advisory_alias.md
@@ -12,6 +12,13 @@ Commands for discovering vulnerability aliases
   -h, --help   help for alias
 ```
 
+### Options inherited from parent commands
+
+```
+      --log-level string     log level (e.g. debug, info, warn, error) (default "info")
+      --log-policy strings   log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr])
+```
+
 ### SEE ALSO
 
 * [wolfictl advisory](wolfictl_advisory.md)	 - Commands for consuming and maintaining security advisory data

diff --git a/docs/cmd/wolfictl_advisory_alias_discover.md b/docs/cmd/wolfictl_advisory_alias_discover.md
@@ -48,6 +48,13 @@ than attempting any kind of merge of the separate advisories.
   -p, --package strings              packages to operate on
 ```
 
+### Options inherited from parent commands
+
+```
+      --log-level string     log level (e.g. debug, info, warn, error) (default "info")
+      --log-policy strings   log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr])
+```
+
 ### SEE ALSO
 
 * [wolfictl advisory alias](wolfictl_advisory_alias.md)	 - Commands for discovering vulnerability aliases

diff --git a/docs/cmd/wolfictl_advisory_alias_find.md b/docs/cmd/wolfictl_advisory_alias_find.md
@@ -44,6 +44,13 @@ hyperlinked to the relevant webpage from the upstream data source.
   -h, --help   help for find
 ```
 
+### Options inherited from parent commands
+
+```
+      --log-level string     log level (e.g. debug, info, warn, error) (default "info")
+      --log-policy strings   log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr])
+```
+
 ### SEE ALSO
 
 * [wolfictl advisory alias](wolfictl_advisory_alias.md)	 - Commands for discovering vulnerability aliases

diff --git a/docs/cmd/wolfictl_advisory_create.md b/docs/cmd/wolfictl_advisory_create.md
@@ -51,6 +51,13 @@ newly created advisory and any other advisories for the same package.
   -V, --vuln string                  vulnerability ID for advisory
 ```
 
+### Options inherited from parent commands
+
+```
+      --log-level string     log level (e.g. debug, info, warn, error) (default "info")
+      --log-policy strings   log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr])
+```
+
 ### SEE ALSO
 
 * [wolfictl advisory](wolfictl_advisory.md)	 - Commands for consuming and maintaining security advisory data

diff --git a/docs/cmd/wolfictl_advisory_diff.md b/docs/cmd/wolfictl_advisory_diff.md
@@ -18,6 +18,13 @@ See the advisory data differences introduced by your local changes
   -h, --help   help for diff
 ```
 
+### Options inherited from parent commands
+
+```
+      --log-level string     log level (e.g. debug, info, warn, error) (default "info")
+      --log-policy strings   log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr])
+```
+
 ### SEE ALSO
 
 * [wolfictl advisory](wolfictl_advisory.md)	 - Commands for consuming and maintaining security advisory data

diff --git a/docs/cmd/wolfictl_advisory_discover.md b/docs/cmd/wolfictl_advisory_discover.md
@@ -24,6 +24,13 @@ Automatically create advisories by matching distro packages to vulnerabilities i
   -r, --package-repo-url string      URL of the APK package repository
 ```
 
+### Options inherited from parent commands
+
+```
+      --log-level string     log level (e.g. debug, info, warn, error) (default "info")
+      --log-policy strings   log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr])
+```
+
 ### SEE ALSO
 
 * [wolfictl advisory](wolfictl_advisory.md)	 - Commands for consuming and maintaining security advisory data

diff --git a/docs/cmd/wolfictl_advisory_list.md b/docs/cmd/wolfictl_advisory_list.md
@@ -14,7 +14,7 @@ wolfictl advisory list
 
 List advisories for specific packages, vulnerabilities, or the entire data set.
 
-The 'list' (or 'ls') command prints a list of advisories based on the given 
+The 'list' (or 'ls') command prints a table of advisories based on the given 
 selection criteria. By default, all advisories in the current advisory data set 
 will be listed.
 
@@ -28,6 +28,21 @@ You can list all advisories for a given vulnerability ID across all packages:
 
 	wolfictl adv ls -V CVE-2023-38545
 
+You can filter advisories by the type of the latest event:
+
+	wolfictl adv ls -t detection
+
+You can filter advisories by the detected component type:
+
+	wolfictl adv ls -c python
+
+You can filter advisories by the date they were created or last updated:
+
+	wolfictl adv ls --created-since 2024-01-01
+	wolfictl adv ls --created-before 2023-12-31
+	wolfictl adv ls --updated-since 2024-06-01
+	wolfictl adv ls --updated-before 2024-06-01
+
 You can show only advisories that are considered not to be "resolved":
 
 	wolfictl adv ls --unresolved
@@ -40,19 +55,41 @@ Using the --history flag, you can list advisory events instead of just
 advisories' latest states. This is useful for viewing a summary of an 
 investigation over time for a given package/vulnerability match.'
 
+COUNT
+
+You get a count of the advisories that match the criteria by using the --count
+flag. This will report just the count, not the full list of advisories.
+
+    wolfictl adv ls <various filter flags> --count
+
+
 
 ### Options
 
 ```
   -a, --advisories-repo-dir string   directory containing the advisories repository
+      --aliases                      show other known vulnerability IDs for each advisory (default true)
+  -c, --component-type string        filter advisories by detected component type
+      --count                        show only the count of advisories that match the criteria
+      --created-before string        filter advisories created before a given date
+      --created-since string         filter advisories created since a given date
   -h, --help                         help for list
       --history                      show full history for advisories
-      --no-distro-detection          do not attempt to auto-detect the distro
   -p, --package string               package name
+  -t, --type string                  filter advisories by event type
       --unresolved                   only show advisories considered to be unresolved
+      --updated-before string        filter advisories updated before a given date
+      --updated-since string         filter advisories updated since a given date
   -V, --vuln string                  vulnerability ID for advisory
 ```
 
+### Options inherited from parent commands
+
+```
+      --log-level string     log level (e.g. debug, info, warn, error) (default "info")
+      --log-policy strings   log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr])
+```
+
 ### SEE ALSO
 
 * [wolfictl advisory](wolfictl_advisory.md)	 - Commands for consuming and maintaining security advisory data

diff --git a/docs/cmd/wolfictl_advisory_secdb.md b/docs/cmd/wolfictl_advisory_secdb.md
@@ -26,6 +26,13 @@ Build an Alpine-style security database from advisory data
       --url-prefix string             URL scheme and hostname for the package repository (default "https://packages.wolfi.dev")
 ```
 
+### Options inherited from parent commands
+
+```
+      --log-level string     log level (e.g. debug, info, warn, error) (default "info")
+      --log-policy strings   log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr])
+```
+
 ### SEE ALSO
 
 * [wolfictl advisory](wolfictl_advisory.md)	 - Commands for consuming and maintaining security advisory data

diff --git a/docs/cmd/wolfictl_advisory_update.md b/docs/cmd/wolfictl_advisory_update.md
@@ -48,6 +48,13 @@ required fields are missing.
   -V, --vuln string                  vulnerability ID for advisory
 ```
 
+### Options inherited from parent commands
+
+```
+      --log-level string     log level (e.g. debug, info, warn, error) (default "info")
+      --log-policy strings   log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr])
+```
+
 ### SEE ALSO
 
 * [wolfictl advisory](wolfictl_advisory.md)	 - Commands for consuming and maintaining security advisory data

diff --git a/docs/cmd/wolfictl_advisory_validate.md b/docs/cmd/wolfictl_advisory_validate.md
@@ -57,13 +57,21 @@ print an error message that specifies where and how the data is invalid.
       --no-distro-detection                do not attempt to auto-detect the distro
   -p, --package strings                    packages to validate
   -r, --package-repo-url string            URL of the APK package repository
-      --skip-alias                         skip alias completeness validation
+      --skip-alias                         skip alias completeness validation (default true)
       --skip-diff                          skip diff-based validations
       --skip-existence                     skip package configuration existence validation
   -v, --verbose count                      logging verbosity (v = info, vv = debug, default is none)
 ```
 
+### Options inherited from parent commands
+
+```
+      --log-level string     log level (e.g. debug, info, warn, error) (default "info")
+      --log-policy strings   log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr])
+```
+
 ### SEE ALSO
 
 * [wolfictl advisory](wolfictl_advisory.md)	 - Commands for consuming and maintaining security advisory data
+* [wolfictl advisory validate fixes](wolfictl_advisory_validate_fixes.md)	 - Validate fixes recorded in advisories
 
diff --git a/docs/cmd/wolfictl_apk.md b/docs/cmd/wolfictl_apk.md
@@ -2,25 +2,26 @@
 
 
 
-### Usage
-
-```
-wolfictl apk
-```
-
 ### Synopsis
 
 
 
 ### Options
 
 ```
-      --arch string   arch of package to get (default "x86_64")
-  -h, --help          help for apk
-      --repo string   repo to get packages from (default "wolfi")
+  -h, --help   help for apk
+```
+
+### Options inherited from parent commands
+
+```
+      --log-level string     log level (e.g. debug, info, warn, error) (default "info")
+      --log-policy strings   log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr])
 ```
 
 ### SEE ALSO
 
 * [wolfictl](wolfictl.md)	 - A CLI helper for developing Wolfi
+* [wolfictl apk cp](wolfictl_apk_cp.md)	 - 
+* [wolfictl apk ls](wolfictl_apk_ls.md)	 - 
 
diff --git a/docs/cmd/wolfictl_build.md b/docs/cmd/wolfictl_build.md
@@ -15,16 +15,38 @@ wolfictl build
 ### Options
 
 ```
-      --arch strings                arch of package to build (default [x86_64,aarch64])
-  -d, --dir string                  directory to search for melange configs (default ".")
-      --dry-run                     print commands instead of executing them
-  -h, --help                        help for build
-  -j, --jobs int                    number of jobs to run concurrently (default is GOMAXPROCS)
-  -k, --keyring-append strings      path to extra keys to include in the build environment keyring (default [https://packages.wolfi.dev/os/wolfi-signing.rsa.pub])
-      --log-dir string              subdirectory where buildlogs will be written when specified (packages/$arch/buildlogs/$apk.log) (default "buildlogs")
-      --pipeline-dir string         directory used to extend defined built-in pipelines
-  -r, --repository-append strings   path to extra repositories to include in the build environment (default [https://packages.wolfi.dev/os])
-      --runner string               which runner to use to enable running commands, default is based on your platform. (default "docker")
+  -a, --annotations strings             key=value pairs to add to the pod spec annotations. The keys will be prefixed with 'melange.chainguard.dev/' on the pod.
+      --arch strings                    arch of package to build (default [x86_64,aarch64])
+      --bucket string                   gcs bucket to upload results (experimental)
+      --bundle string                   bundle of work to do (experimental)
+      --cache-dir string                directory used for cached inputs (default "./melange-cache/")
+      --cache-source string             directory or bucket used for preloading the cache
+      --destination-bucket string       bucket where packages are uploaded (experimental)
+      --destination-repository string   repo where packages will eventually be uploaded, used to skip existing packages (currently only supports http)
+  -d, --dir string                      directory to search for melange configs (default ".")
+      --dry-run                         print commands instead of executing them
+      --generate-index                  whether to generate APKINDEX.tar.gz (default true)
+  -h, --help                            help for build
+  -j, --jobs int                        number of jobs to run concurrently (default is GOMAXPROCS)
+      --k8s-namespace string            namespace to deploy pods into for builds. (default "default")
+  -k, --keyring-append strings          path to extra keys to include in the build environment keyring (default [https://packages.wolfi.dev/os/wolfi-signing.rsa.pub])
+      --machine-family string           machine family for amd64 builds
+      --namespace string                namespace to use in package URLs in SBOM (eg wolfi, alpine) (default "wolfi")
+      --out-dir string                  directory where packages will be output
+      --pipeline-dir string             directory used to extend defined built-in pipelines
+  -r, --repository-append strings       path to extra repositories to include in the build environment (default [https://packages.wolfi.dev/os])
+      --runner string                   which runner to use to enable running commands, default is based on your platform. (default "docker")
+      --service-account string          service-account to run pods as. (default "default")
+      --signing-key string              key to use for signing
+      --summary string                  file to write build summary
+      --trace string                    where to write trace output
+```
+
+### Options inherited from parent commands
+
+```
+      --log-level string     log level (e.g. debug, info, warn, error) (default "info")
+      --log-policy strings   log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr])
 ```
 
 ### SEE ALSO

diff --git a/docs/cmd/wolfictl_bump.md b/docs/cmd/wolfictl_bump.md
@@ -5,7 +5,7 @@ Bumps the epoch field in melange configuration files
 ### Usage
 
 ```
-wolfictl bump [flags] config[.yaml] [config[.yaml]...]
+wolfictl bump config[.yaml] [config[.yaml]...]
 ```
 
 ### Synopsis
@@ -43,6 +43,13 @@ wolfictl bump openssh.yaml perl lib*.yaml
       --repo string   path to the wolfi/os repository (default ".")
 ```
 
+### Options inherited from parent commands
+
+```
+      --log-level string     log level (e.g. debug, info, warn, error) (default "info")
+      --log-policy strings   log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr])
+```
+
 ### SEE ALSO
 
 * [wolfictl](wolfictl.md)	 - A CLI helper for developing Wolfi

diff --git a/docs/cmd/wolfictl_check.md b/docs/cmd/wolfictl_check.md
@@ -14,6 +14,13 @@ Subcommands used for CI checks in Wolfi
   -h, --help   help for check
 ```
 
+### Options inherited from parent commands
+
+```
+      --log-level string     log level (e.g. debug, info, warn, error) (default "info")
+      --log-policy strings   log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr])
+```
+
 ### SEE ALSO
 
 * [wolfictl](wolfictl.md)	 - A CLI helper for developing Wolfi