* chore: migrate from docker/docker to moby/moby client
Migrates all Docker client usage from github.com/docker/docker to
github.com/moby/moby/client following imgutil's PR #299 migration.
Key changes:
- Updated all DockerClient interfaces to use moby Result types
(ImageHistoryResult, ContainerInspectResult, etc.)
- Migrated to Options pattern for API calls (ImagePullOptions,
ContainerInspectOptions, etc.)
- Updated Result field access patterns (result.Items, result.Info, etc.)
- Fixed platform validation by passing dist.Target directly to
ImagePull instead of string conversion
- Regenerated mocks for moby's APIClient interface
- Updated test assertions for moby's type system changes
- Fixed go.mod dependencies (moby packages now direct)
All tests passing (304 tests across pkg/client, pkg/image, internal/build).
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* chore: migrate acceptance test manager to moby client
Updated acceptance/managers/image_manager.go to use the new moby client API.
Key changes:
- Updated imports from github.com/docker/docker to github.com/moby/moby
- Changed dockerCli type from client.APIClient to *client.Client
- Updated method signatures to use Options pattern:
- Info() now requires client.InfoOptions{} and accesses .Info.OSType
- ImageTag() uses client.ImageTagOptions with Source/Target fields
- ImageInspect() returns Result type, access .InspectResponse field
- ContainerCreate() uses client.ContainerCreateOptions struct
- ContainerStart() uses client.ContainerStartOptions{}
- ContainerKill() uses client.ContainerKillOptions{Signal: "SIGKILL"}
- ContainerRemove() uses client.ContainerRemoveOptions{Force: true}
- ContainerInspect() requires client.ContainerInspectOptions{} and returns Result
- Updated network port types:
- Use network.MustParsePort() to create network.Port values
- Changed from nat.PortSet/PortMap to network.PortSet/PortMap
- Updated PortBinding from nat.PortBinding to network.PortBinding
- Fixed Result type accesses:
- ContainerInspect: access result.Container instead of result directly
- ImageInspect: access result.InspectResponse
- Info: access result.Info.OSType
This completes the migration from docker/docker to moby/moby client across all test code.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* fix: use concrete Client type in acceptance tests
Changed all dockerCli parameter and variable types from client.APIClient
interface to *client.Client concrete type to match the updated helper
functions and managers that now require the concrete type.
Changes:
- Updated global dockerCli variable type
- Updated createStack() and createStackImage() parameter types
- Changed dockertypes.ImageBuildOptions to client.ImageBuildOptions
- Removed unused github.com/docker/docker/api/types import
This fixes compilation errors where the interface type couldn't be
used as the concrete type without type assertion.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* fixing format issues
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* fix: migrate to client.New() and remove deprecated APIs
Updated all docker client initialization to use the new client.New()
function instead of the deprecated NewClientWithOpts(). The new API
enables API version negotiation by default, so WithAPIVersionNegotiation()
is no longer needed.
Changes:
- Replaced all NewClientWithOpts() calls with New()
- Removed WithAPIVersionNegotiation() option (now default behavior)
- Updated cmd/docker_init.go, pkg/client/client.go, and all test files
- Ran go mod tidy to clean up dependencies
Note: internal/build/testdata/fake-lifecycle/phase.go still uses the old
API since it references the legacy github.com/docker/docker/client package
and is built in a separate container context during tests.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* test: skip report tests for pack versions < v0.40.0
The report tests expect the fixture to show Platform API 0.14 and 0.15,
which are only supported in lifecycle 0.21.0+. Pack versions before
v0.40.0 use lifecycle 0.20.x which only supports Platform APIs up to 0.13.
Added PlatformAPI_0_14 feature flag that checks if pack >= v0.40.0.
The report tests now skip when testing with older pack versions that
don't support Platform APIs 0.14, 0.15.
This fixes the acceptance-combo (current, current, previous) test failure
where current pack (with lifecycle 0.21.0) outputs Platform APIs 0.3-0.15,
but the test was incorrectly expecting 0.3-0.13 due to the fixture override
file that was being picked up.
Removed the pack_previous_fixtures_overrides/report_output.txt file as
the override directory approach didn't work correctly for this test case.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* fix: add Platform API 0.14 and 0.15 support
When we updated to lifecycle 0.21.0, we updated the fixture file to
expect Platform APIs 0.14 and 0.15, but forgot to update the
SupportedPlatformAPIVersions in the code.
The pack report command reads from build.SupportedPlatformAPIVersions
to display which Platform APIs are supported, so this was causing a
mismatch between the fixture expectation and the actual output.
Changes:
- Added api.MustParse("0.14") and api.MustParse("0.15") to
SupportedPlatformAPIVersions in internal/build/lifecycle_executor.go
- Removed the PlatformAPI_0_14 feature flag and skip logic from
acceptance tests (no longer needed)
This fixes the acceptance test failures where the fixture expected
Platform APIs up to 0.15 but pack was only reporting up to 0.13.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
---------
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
* build(deps): bump @octokit/plugin-paginate-rest, @actions/github and @octokit/rest (#2338)
Bumps [@octokit/plugin-paginate-rest](https://github.com/octokit/plugin-paginate-rest.js) to 9.2.2 and updates ancestor dependencies [@octokit/plugin-paginate-rest](https://github.com/octokit/plugin-paginate-rest.js), [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) and [@octokit/rest](https://github.com/octokit/rest.js). These dependencies need to be updated together.
Updates `@octokit/plugin-paginate-rest` from 2.2.3 to 9.2.2
- [Release notes](https://github.com/octokit/plugin-paginate-rest.js/releases)
- [Commits](https://github.com/octokit/plugin-paginate-rest.js/compare/v2.2.3...v9.2.2)
Updates `@actions/github` from 4.0.0 to 6.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)
Updates `@octokit/rest` from 18.0.0 to 21.1.1
- [Release notes](https://github.com/octokit/rest.js/releases)
- [Commits](https://github.com/octokit/rest.js/compare/v18.0.0...v21.1.1)
---
updated-dependencies:
- dependency-name: "@octokit/plugin-paginate-rest"
dependency-type: indirect
- dependency-name: "@actions/github"
dependency-type: direct:production
- dependency-name: "@octokit/rest"
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* build(deps): bump @octokit/request, @actions/github and @octokit/rest (#2370)
Bumps [@octokit/request](https://github.com/octokit/request.js) to 8.4.1 and updates ancestor dependencies [@octokit/request](https://github.com/octokit/request.js), [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) and [@octokit/rest](https://github.com/octokit/rest.js). These dependencies need to be updated together.
Updates `@octokit/request` from 5.6.3 to 8.4.1
- [Release notes](https://github.com/octokit/request.js/releases)
- [Commits](https://github.com/octokit/request.js/compare/v5.6.3...v8.4.1)
Updates `@actions/github` from 4.0.0 to 6.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)
Updates `@octokit/rest` from 18.0.0 to 21.1.1
- [Release notes](https://github.com/octokit/rest.js/releases)
- [Commits](https://github.com/octokit/rest.js/compare/v18.0.0...v21.1.1)
---
updated-dependencies:
- dependency-name: "@octokit/request"
dependency-version: 8.4.1
dependency-type: indirect
- dependency-name: "@actions/github"
dependency-version: 6.0.0
dependency-type: direct:production
- dependency-name: "@octokit/rest"
dependency-version: 21.1.1
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* build(deps): bump the go-dependencies group with 8 updates (#2453)
Bumps the go-dependencies group with 8 updates:
| Package | From | To |
| --- | --- | --- |
| [github.com/docker/cli](https://github.com/docker/cli) | `28.5.0+incompatible` | `28.5.1+incompatible` |
| [github.com/docker/docker](https://github.com/docker/docker) | `28.5.0+incompatible` | `28.5.1+incompatible` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.42.0` | `0.43.0` |
| [golang.org/x/mod](https://github.com/golang/mod) | `0.28.0` | `0.29.0` |
| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.31.0` | `0.32.0` |
| [golang.org/x/sys](https://github.com/golang/sys) | `0.36.0` | `0.37.0` |
| [golang.org/x/term](https://github.com/golang/term) | `0.35.0` | `0.36.0` |
| [golang.org/x/text](https://github.com/golang/text) | `0.29.0` | `0.30.0` |
Updates `github.com/docker/cli` from 28.5.0+incompatible to 28.5.1+incompatible
- [Commits](https://github.com/docker/cli/compare/v28.5.0...v28.5.1)
Updates `github.com/docker/docker` from 28.5.0+incompatible to 28.5.1+incompatible
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v28.5.0...v28.5.1)
Updates `golang.org/x/crypto` from 0.42.0 to 0.43.0
- [Commits](https://github.com/golang/crypto/compare/v0.42.0...v0.43.0)
Updates `golang.org/x/mod` from 0.28.0 to 0.29.0
- [Commits](https://github.com/golang/mod/compare/v0.28.0...v0.29.0)
Updates `golang.org/x/oauth2` from 0.31.0 to 0.32.0
- [Commits](https://github.com/golang/oauth2/compare/v0.31.0...v0.32.0)
Updates `golang.org/x/sys` from 0.36.0 to 0.37.0
- [Commits](https://github.com/golang/sys/compare/v0.36.0...v0.37.0)
Updates `golang.org/x/term` from 0.35.0 to 0.36.0
- [Commits](https://github.com/golang/term/compare/v0.35.0...v0.36.0)
Updates `golang.org/x/text` from 0.29.0 to 0.30.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.29.0...v0.30.0)
---
updated-dependencies:
- dependency-name: github.com/docker/cli
dependency-version: 28.5.1+incompatible
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go-dependencies
- dependency-name: github.com/docker/docker
dependency-version: 28.5.1+incompatible
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go-dependencies
- dependency-name: golang.org/x/crypto
dependency-version: 0.43.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-dependencies
- dependency-name: golang.org/x/mod
dependency-version: 0.29.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-dependencies
- dependency-name: golang.org/x/oauth2
dependency-version: 0.32.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-dependencies
- dependency-name: golang.org/x/sys
dependency-version: 0.37.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-dependencies
- dependency-name: golang.org/x/term
dependency-version: 0.36.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-dependencies
- dependency-name: golang.org/x/text
dependency-version: 0.30.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* fix(security): resolve CVE-GHSA-cgrx-mc8f-2prm by upgrading selinux to v1.13.0
Migrated from unmaintained GoogleContainerTools/kaniko to the actively maintained Chainguard fork (v1.25.4), updated lifecycle to v0.20.19, and upgraded opencontainers/selinux from v1.12.0 to v1.13.0 to fix GHSA-cgrx-mc8f-2prm. This also upgraded golang.org/x/crypto from v0.43.0 to v0.45.0, resolving additional CVEs.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* Use Docker API version negotiation instead of hardcoded version
Fixes#2464
This change replaces all hardcoded Docker API version 1.38 references
with WithAPIVersionNegotiation(), allowing pack to automatically adapt
to the Docker daemon's supported API version.
Changes:
- Updated main client initialization to use API version negotiation
- Updated SSH Docker client to use API version negotiation
- Updated all test files to use API version negotiation
- Upgraded fake-lifecycle test dependencies from Docker client v1.4.2 (2019) to v28.5.1
- Fixed fake-lifecycle imports and API calls for compatibility with modern Docker client
Benefits:
- Works with modern Docker daemons requiring API 1.44+ (Docker 27+)
- Backward compatible with older Docker versions
- Future-proof - no need to update hardcoded versions
- Solves Windows runner issue without requiring Docker 27 upgrade
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* Update Example_build test to use newer builder with modern lifecycle
The cnbs/sample-builder:noble builder includes a recent lifecycle version
that supports Docker API 1.44+, fixing the test failure on systems with
modern Docker daemons (Docker 27+).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* Downgrade fake-lifecycle dependencies for Go 1.23 compatibility
Updated fake-lifecycle test module to support Go 1.23.4 (Windows runner):
- Downgraded lifecycle from v0.20.11 to v0.19.3
- Downgraded go-containerregistry from v0.20.6 to v0.19.2
- Set Go requirement to 1.23 (compatible with Go 1.23.4)
- Updated Dockerfile to use golang:1.23 base image
The older versions still support Docker API 1.44+ and work correctly
with modern Docker daemons requiring minimum API version 1.44.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* updating fake-lifecycle go version
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* Use Docker API version negotiation instead of hardcoded version (#2474)
* Use Docker API version negotiation instead of hardcoded version
Fixes#2464
This change replaces all hardcoded Docker API version 1.38 references
with WithAPIVersionNegotiation(), allowing pack to automatically adapt
to the Docker daemon's supported API version.
Changes:
- Updated main client initialization to use API version negotiation
- Updated SSH Docker client to use API version negotiation
- Updated all test files to use API version negotiation
- Upgraded fake-lifecycle test dependencies from Docker client v1.4.2 (2019) to v28.5.1
- Fixed fake-lifecycle imports and API calls for compatibility with modern Docker client
Benefits:
- Works with modern Docker daemons requiring API 1.44+ (Docker 27+)
- Backward compatible with older Docker versions
- Future-proof - no need to update hardcoded versions
- Solves Windows runner issue without requiring Docker 27 upgrade
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* Update Example_build test to use newer builder with modern lifecycle
The cnbs/sample-builder:noble builder includes a recent lifecycle version
that supports Docker API 1.44+, fixing the test failure on systems with
modern Docker daemons (Docker 27+).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* Downgrade fake-lifecycle dependencies for Go 1.23 compatibility
Updated fake-lifecycle test module to support Go 1.23.4 (Windows runner):
- Downgraded lifecycle from v0.20.11 to v0.19.3
- Downgraded go-containerregistry from v0.20.6 to v0.19.2
- Set Go requirement to 1.23 (compatible with Go 1.23.4)
- Updated Dockerfile to use golang:1.23 base image
The older versions still support Docker API 1.44+ and work correctly
with modern Docker daemons requiring minimum API version 1.44.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
---------
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
Co-authored-by: Claude <noreply@anthropic.com>
* fix code format
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
* Use Docker API version negotiation instead of hardcoded version
Fixes#2464
This change replaces all hardcoded Docker API version 1.38 references
with WithAPIVersionNegotiation(), allowing pack to automatically adapt
to the Docker daemon's supported API version.
Changes:
- Updated main client initialization to use API version negotiation
- Updated SSH Docker client to use API version negotiation
- Updated all test files to use API version negotiation
- Upgraded fake-lifecycle test dependencies from Docker client v1.4.2 (2019) to v28.5.1
- Fixed fake-lifecycle imports and API calls for compatibility with modern Docker client
Benefits:
- Works with modern Docker daemons requiring API 1.44+ (Docker 27+)
- Backward compatible with older Docker versions
- Future-proof - no need to update hardcoded versions
- Solves Windows runner issue without requiring Docker 27 upgrade
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* Update Example_build test to use newer builder with modern lifecycle
The cnbs/sample-builder:noble builder includes a recent lifecycle version
that supports Docker API 1.44+, fixing the test failure on systems with
modern Docker daemons (Docker 27+).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
* Downgrade fake-lifecycle dependencies for Go 1.23 compatibility
Updated fake-lifecycle test module to support Go 1.23.4 (Windows runner):
- Downgraded lifecycle from v0.20.11 to v0.19.3
- Downgraded go-containerregistry from v0.20.6 to v0.19.2
- Set Go requirement to 1.23 (compatible with Go 1.23.4)
- Updated Dockerfile to use golang:1.23 base image
The older versions still support Docker API 1.44+ and work correctly
with modern Docker daemons requiring minimum API version 1.44.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
---------
Signed-off-by: Juan Bustamante <bustamantejj@gmail.com>
Co-authored-by: Claude <noreply@anthropic.com>
This removes the unnecessary restriction that the build cache must be a volume cache
in order to use extensions.
Signed-off-by: Natalie Arellano <narellano@vmware.com>
All of our calls to Seed were with current time, so they
were intended to produce different pseudo-random sequences on each run.
We were never calling Seed with a fixed value to create reproducible
sequences of pseudo-random numbers. Therefore it should be safe to just
delete the calls.
per the docs (https://pkg.go.dev/math/rand@master#Seed):
> If Seed is not called, the generator is seeded randomly at program startup.
> Prior to Go 1.20, the generator was seeded like Seed(1) at program startup. To force the old behavior, call Seed(1) at program startup. Alternately, set GODEBUG=randautoseed=0 in the environment before making any calls to functions in this package.
> Deprecated: As of Go 1.20 there is no reason to call Seed with a random value. Programs that call Seed with a known value to get a specific sequence of results should use New(NewSource(seed)) to obtain a local random generator.
Signed-off-by: Joe Kimmel <jkimmel@vmware.com>
Juan Bustamante