From 87da5b2b9e0ab99aaf13180215050749f13f8b64 Mon Sep 17 00:00:00 2001
From: Arch Linux Docker release bot <project10185_bot2@example.com>
Date: Sat, 16 Sep 2023 14:14:00 +0000
Subject: [PATCH] Release 20230916.0.179099

---
 .gitlab-ci.yml        | 59 +++++++++++++++++++++++--------------------
 Dockerfile.base       | 14 +++++-----
 Dockerfile.base-devel | 14 +++++-----
 3 files changed, 46 insertions(+), 41 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 7ce53da..06df724 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -17,7 +17,7 @@ cleanup:
     - docker
   only:
     refs:
-      - schedules
+      - schedules@archlinux/archlinux-docker
     variables:
       - $CLEANUP_PACKAGE_REGISTRY == "TRUE"
   before_script:
@@ -37,6 +37,8 @@ lint:
     - releases
     - tags
 
+# This is an implicit gitlab stage, with the build.env variables used by either
+# other stages or auxiliarry scripts.
 get_version:
   stage: .pre
   script:
@@ -56,8 +58,12 @@ get_version:
 
 .rootfs:
   stage: rootfs
+  parallel:
+    matrix:
+      - GROUP: [base, base-devel]
   before_script:
-    - pacman -Syu --noconfirm make devtools fakechroot fakeroot
+    - pacman -Syu --noconfirm make fakechroot fakeroot
+    - pacman -Sdd --noconfirm devtools
   script:
     - make $PWD/output/Dockerfile.$GROUP
   artifacts:
@@ -68,10 +74,10 @@ get_version:
 rootfs:
   extends: .rootfs
   except:
-    - master
-    - releases
-    - schedules
-    - tags
+    - master@archlinux/archlinux-docker
+    - releases@archlinux/archlinux-docker
+    - schedules@archlinux/archlinux-docker
+    - tags@archlinux/archlinux-docker
   parallel:
     matrix:
       - GROUP: [base, base-devel]
@@ -82,41 +88,42 @@ rootfs:secure:
     - secure
     - docker
   only:
-    - master
-    - schedules
+    - master@archlinux/archlinux-docker
+    - schedules@archlinux/archlinux-docker
   except:
     - tags
     - releases
-  parallel:
-    matrix:
-      - GROUP: [base, base-devel]
 
 .image:
   stage: image
+  parallel:
+    matrix:
+      - GROUP: [base, base-devel]
   tags:
     - vm
   before_script:
     - pacman -Syu --noconfirm podman
+  id_tokens:
+    SIGSTORE_ID_TOKEN:
+      aud: sigstore
   script:
     - podman build
         -f "$CI_PROJECT_DIR/output/Dockerfile.$GROUP"
         -t "$CI_REGISTRY_IMAGE:$GROUP-$CI_COMMIT_REF_SLUG"
         "$CI_PROJECT_DIR/output"
-    - podman push "$CI_REGISTRY_IMAGE:$GROUP-$CI_COMMIT_REF_SLUG"
+    - podman push --sign-by-sigstore=<(sed "s/TEMPLATE_OIDC_ID_TOKEN/${SIGSTORE_ID_TOKEN}/" sigstore-param-file.yaml) "$CI_REGISTRY_IMAGE:$GROUP-$CI_COMMIT_REF_SLUG"
 
 image:build:
   extends: .image
   except:
-    - master
+    - master@archlinux/archlinux-docker
     - releases
-    - schedules
+    - schedules@archlinux/archlinux-docker
     - tags
-  parallel:
-    matrix:
-      - GROUP: [base, base-devel]
   before_script:
     - pacman -Syu --noconfirm podman
     - podman login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
+    - 'echo -e "default-docker:\n  use-sigstore-attachments: true" > /etc/containers/registries.d/sigstore.yaml'
 
 image:build:secure:
   extends: .image
@@ -124,16 +131,14 @@ image:build:secure:
     - secure
     - vm
   only:
-    - master
-    - schedules
+    - master@archlinux/archlinux-docker
+    - schedules@archlinux/archlinux-docker
   except:
     - tags
-  parallel:
-    matrix:
-      - GROUP: [base, base-devel]
   before_script:
     - pacman -Syu --noconfirm podman
     - podman login -u "$GITLAB_PROJECT_USER" -p "$GITLAB_PROJECT_TOKEN" "$CI_REGISTRY"
+    - 'echo -e "default-docker:\n  use-sigstore-attachments: true" > /etc/containers/registries.d/sigstore.yaml'
 
 # Build and publish to the Arch Linux group namespaces:
 # https://hub.docker.com/r/archlinux/archlinux
@@ -145,7 +150,7 @@ image:publish:secure:
     - secure
     - vm
   only:
-    - tags
+    - tags@archlinux/archlinux-docker
   parallel:
     matrix:
       - GROUP: [base, base-devel]
@@ -166,11 +171,11 @@ image:publish:secure:
     - podman tag "archlinux:$GROUP-$BUILD_VERSION" "ghcr.io/archlinux/archlinux:$GROUP"
     - podman tag "archlinux:$GROUP-$BUILD_VERSION" "ghcr.io/archlinux/archlinux:$GROUP-$BUILD_VERSION"
     - podman push "docker.io/archlinux/archlinux:$GROUP"
-    - podman push "docker.io/archlinux/archlinux:$GROUP-$BUILD_VERSION"
+    - podman push --sign-by-sigstore=<(sed "s/TEMPLATE_OIDC_ID_TOKEN/${SIGSTORE_ID_TOKEN}/" sigstore-param-file.yaml) "docker.io/archlinux/archlinux:$GROUP-$BUILD_VERSION"
     - podman push "quay.io/archlinux/archlinux:$GROUP"
-    - podman push "quay.io/archlinux/archlinux:$GROUP-$BUILD_VERSION"
+    - podman push --sign-by-sigstore=<(sed "s/TEMPLATE_OIDC_ID_TOKEN/${SIGSTORE_ID_TOKEN}/" sigstore-param-file.yaml) "quay.io/archlinux/archlinux:$GROUP-$BUILD_VERSION"
     - podman push "ghcr.io/archlinux/archlinux:$GROUP"
-    - podman push "ghcr.io/archlinux/archlinux:$GROUP-$BUILD_VERSION"
+    - podman push --sign-by-sigstore=<(sed "s/TEMPLATE_OIDC_ID_TOKEN/${SIGSTORE_ID_TOKEN}/" sigstore-param-file.yaml) "ghcr.io/archlinux/archlinux:$GROUP-$BUILD_VERSION"
     - if [[ "$GROUP" == "base" ]]; then
         podman tag "archlinux:$GROUP-$BUILD_VERSION" "docker.io/archlinux/archlinux:latest";
         podman tag "archlinux:$GROUP-$BUILD_VERSION" "quay.io/archlinux/archlinux:latest";
@@ -229,7 +234,7 @@ release:
     - docker
   only:
     refs:
-      - schedules
+      - schedules@archlinux/archlinux-docker
     variables:
       - $PUBLISH_ARCHLINUX_REPOSITORY == "TRUE"
       - $PUBLISH_OFFICIAL_LIBRARY == "TRUE"
diff --git a/Dockerfile.base b/Dockerfile.base
index abb8d91..a158d0b 100644
--- a/Dockerfile.base
+++ b/Dockerfile.base
@@ -14,9 +14,9 @@ FROM alpine:3.18 AS verify
 
 RUN apk add --no-cache curl tar zstd
 
-# https://gitlab.archlinux.org/archlinux/archlinux-docker/-/releases/v20230916.0.178977
-RUN ROOTFS="$(curl -sOJL -w "%{filename_effective}" "https://gitlab.archlinux.org/archlinux/archlinux-docker/-/package_files/5002/download")" && \
-    echo "467c0c15c813170e72555f9d1a0916fa75e3bd91f9c1dcc216e86e5a72da938c  base-20230916.0.178977.tar.zst" > /tmp/rootfs.tar.sha256 && \
+# https://gitlab.archlinux.org/archlinux/archlinux-docker/-/releases/v20230916.0.179099
+RUN ROOTFS="$(curl -sOJL -w "%{filename_effective}" "https://gitlab.archlinux.org/archlinux/archlinux-docker/-/package_files/5006/download")" && \
+    echo "2efb6a791be9bf1c326309d3aa592451e42b67e6b95796ea74a3cfd25a76a3b6  base-20230916.0.179099.tar.zst" > /tmp/rootfs.tar.sha256 && \
     cat /tmp/rootfs.tar.sha256 && \
     sha256sum -c /tmp/rootfs.tar.sha256 && \
     mkdir /rootfs && \
@@ -31,14 +31,14 @@ LABEL org.opencontainers.image.url="https://gitlab.archlinux.org/archlinux/archl
 LABEL org.opencontainers.image.documentation="https://wiki.archlinux.org/title/Docker#Arch_Linux"
 LABEL org.opencontainers.image.source="https://gitlab.archlinux.org/archlinux/archlinux-docker"
 LABEL org.opencontainers.image.licenses="GPL-3.0-or-later"
-LABEL org.opencontainers.image.version="20230916.0.178977"
-LABEL org.opencontainers.image.revision="301942f9e5995770cb5e4dedb4fe9166afa4806d"
-LABEL org.opencontainers.image.created="2023-09-16T09:07:29+00:00"
+LABEL org.opencontainers.image.version="20230916.0.179099"
+LABEL org.opencontainers.image.revision="9bbf04eac906d9c890604d7e23336ee472ecf51d"
+LABEL org.opencontainers.image.created="2023-09-16T14:13:57+00:00"
 
 COPY --from=verify /rootfs/ /
 
 RUN ldconfig && \
-    sed -i '/BUILD_ID/a VERSION_ID=20230916.0.178977' /etc/os-release
+    sed -i '/BUILD_ID/a VERSION_ID=20230916.0.179099' /etc/os-release
 
 ENV LANG=C.UTF-8
 CMD ["/usr/bin/bash"]
diff --git a/Dockerfile.base-devel b/Dockerfile.base-devel
index 4e36a0e..4e753db 100644
--- a/Dockerfile.base-devel
+++ b/Dockerfile.base-devel
@@ -14,9 +14,9 @@ FROM alpine:3.18 AS verify
 
 RUN apk add --no-cache curl tar zstd
 
-# https://gitlab.archlinux.org/archlinux/archlinux-docker/-/releases/v20230916.0.178977
-RUN ROOTFS="$(curl -sOJL -w "%{filename_effective}" "https://gitlab.archlinux.org/archlinux/archlinux-docker/-/package_files/5004/download")" && \
-    echo "d28ae32da0e895f154beba182eaee0c151c4f5a5e2dc19d5574c756fcc99ccde  base-devel-20230916.0.178977.tar.zst" > /tmp/rootfs.tar.sha256 && \
+# https://gitlab.archlinux.org/archlinux/archlinux-docker/-/releases/v20230916.0.179099
+RUN ROOTFS="$(curl -sOJL -w "%{filename_effective}" "https://gitlab.archlinux.org/archlinux/archlinux-docker/-/package_files/5008/download")" && \
+    echo "128663a6f5c530ab3374c4ce069bbfae6654586163b0fa6bd9eb6cf7f18a25ab  base-devel-20230916.0.179099.tar.zst" > /tmp/rootfs.tar.sha256 && \
     cat /tmp/rootfs.tar.sha256 && \
     sha256sum -c /tmp/rootfs.tar.sha256 && \
     mkdir /rootfs && \
@@ -31,14 +31,14 @@ LABEL org.opencontainers.image.url="https://gitlab.archlinux.org/archlinux/archl
 LABEL org.opencontainers.image.documentation="https://wiki.archlinux.org/title/Docker#Arch_Linux"
 LABEL org.opencontainers.image.source="https://gitlab.archlinux.org/archlinux/archlinux-docker"
 LABEL org.opencontainers.image.licenses="GPL-3.0-or-later"
-LABEL org.opencontainers.image.version="20230916.0.178977"
-LABEL org.opencontainers.image.revision="301942f9e5995770cb5e4dedb4fe9166afa4806d"
-LABEL org.opencontainers.image.created="2023-09-16T09:07:32+00:00"
+LABEL org.opencontainers.image.version="20230916.0.179099"
+LABEL org.opencontainers.image.revision="9bbf04eac906d9c890604d7e23336ee472ecf51d"
+LABEL org.opencontainers.image.created="2023-09-16T14:14:00+00:00"
 
 COPY --from=verify /rootfs/ /
 
 RUN ldconfig && \
-    sed -i '/BUILD_ID/a VERSION_ID=20230916.0.178977' /etc/os-release
+    sed -i '/BUILD_ID/a VERSION_ID=20230916.0.179099' /etc/os-release
 
 ENV LANG=C.UTF-8
 CMD ["/usr/bin/bash"]