From ea2ef79ea21a2e2f8a7cc1a6191293e46b480a7c Mon Sep 17 00:00:00 2001 From: Enderson Maia Date: Tue, 2 Jun 2026 08:27:06 -0300 Subject: [PATCH 1/4] chore: bump ubuntu baseimage to noble-20260509.1 --- cpp-low-level/Dockerfile | 4 ++-- cpp/Dockerfile | 4 ++-- go/Dockerfile | 4 ++-- javascript/Dockerfile | 2 +- lua/Dockerfile | 4 ++-- python/Dockerfile | 2 +- ruby/Dockerfile | 4 ++-- rust/Dockerfile | 4 ++-- typescript/Dockerfile | 2 +- 9 files changed, 15 insertions(+), 15 deletions(-) diff --git a/cpp-low-level/Dockerfile b/cpp-low-level/Dockerfile index bdb8672..ace69a2 100644 --- a/cpp-low-level/Dockerfile +++ b/cpp-low-level/Dockerfile @@ -2,8 +2,8 @@ # This enforces that the packages downloaded from the repositories are the same # for the defined date, no matter when the image is built. -ARG UBUNTU_TAG=noble-20260410 -ARG APT_UPDATE_SNAPSHOT=20260415T030400Z +ARG UBUNTU_TAG=noble-20260509.1 +ARG APT_UPDATE_SNAPSHOT=20260601T030400Z ARG MACHINE_GUEST_TOOLS_VERSION=0.17.2 ARG MACHINE_GUEST_TOOLS_SHA256SUM=c077573dbcf0cdc146adf14b480bfe454ca63aa4d3e8408c5487f550a5b77a41 diff --git a/cpp/Dockerfile b/cpp/Dockerfile index 45d0386..24b6946 100644 --- a/cpp/Dockerfile +++ b/cpp/Dockerfile @@ -2,8 +2,8 @@ # This enforces that the packages downloaded from the repositories are the same # for the defined date, no matter when the image is built. -ARG UBUNTU_TAG=noble-20260410 -ARG APT_UPDATE_SNAPSHOT=20260415T030400Z +ARG UBUNTU_TAG=noble-20260509.1 +ARG APT_UPDATE_SNAPSHOT=20260601T030400Z ARG MACHINE_GUEST_TOOLS_VERSION=0.17.2 ARG MACHINE_GUEST_TOOLS_SHA256SUM=c077573dbcf0cdc146adf14b480bfe454ca63aa4d3e8408c5487f550a5b77a41 diff --git a/go/Dockerfile b/go/Dockerfile index 1911dc3..fd9c5e7 100644 --- a/go/Dockerfile +++ b/go/Dockerfile @@ -2,8 +2,8 @@ # This enforces that the packages downloaded from the repositories are the same # for the defined date, no matter when the image is built. -ARG UBUNTU_TAG=noble-20260410 -ARG APT_UPDATE_SNAPSHOT=20260415T030400Z +ARG UBUNTU_TAG=noble-20260509.1 +ARG APT_UPDATE_SNAPSHOT=20260601T030400Z ARG MACHINE_GUEST_TOOLS_VERSION=0.17.2 ARG MACHINE_GUEST_TOOLS_SHA256SUM=c077573dbcf0cdc146adf14b480bfe454ca63aa4d3e8408c5487f550a5b77a41 ARG GOVERSION=1.25.3 diff --git a/javascript/Dockerfile b/javascript/Dockerfile index cc83db0..eee5a88 100644 --- a/javascript/Dockerfile +++ b/javascript/Dockerfile @@ -2,7 +2,7 @@ # This enforces that the packages downloaded from the repositories are the same # for the defined date, no matter when the image is built. -ARG APT_UPDATE_SNAPSHOT=20260415T030400Z +ARG APT_UPDATE_SNAPSHOT=20260601T030400Z ARG MACHINE_GUEST_TOOLS_VERSION=0.17.2 ARG MACHINE_GUEST_TOOLS_SHA256SUM=c077573dbcf0cdc146adf14b480bfe454ca63aa4d3e8408c5487f550a5b77a41 diff --git a/lua/Dockerfile b/lua/Dockerfile index 5c3f88b..0663561 100644 --- a/lua/Dockerfile +++ b/lua/Dockerfile @@ -2,8 +2,8 @@ # This enforces that the packages downloaded from the repositories are the same # for the defined date, no matter when the image is built. -ARG UBUNTU_TAG=noble-20260410 -ARG APT_UPDATE_SNAPSHOT=20260415T030400Z +ARG UBUNTU_TAG=noble-20260509.1 +ARG APT_UPDATE_SNAPSHOT=20260601T030400Z ARG MACHINE_GUEST_TOOLS_VERSION=0.17.2 ARG MACHINE_GUEST_TOOLS_SHA256SUM=c077573dbcf0cdc146adf14b480bfe454ca63aa4d3e8408c5487f550a5b77a41 diff --git a/python/Dockerfile b/python/Dockerfile index f30c2b5..b66c349 100644 --- a/python/Dockerfile +++ b/python/Dockerfile @@ -2,7 +2,7 @@ # This enforces that the packages downloaded from the repositories are the same # for the defined date, no matter when the image is built. -ARG APT_UPDATE_SNAPSHOT=20260415T030400Z +ARG APT_UPDATE_SNAPSHOT=20260601T030400Z ARG MACHINE_GUEST_TOOLS_VERSION=0.17.2 ARG MACHINE_GUEST_TOOLS_SHA256SUM=c077573dbcf0cdc146adf14b480bfe454ca63aa4d3e8408c5487f550a5b77a41 diff --git a/ruby/Dockerfile b/ruby/Dockerfile index 64e03fd..7cce9e9 100644 --- a/ruby/Dockerfile +++ b/ruby/Dockerfile @@ -2,8 +2,8 @@ # This enforces that the packages downloaded from the repositories are the same # for the defined date, no matter when the image is built. -ARG UBUNTU_TAG=noble-20260410 -ARG APT_UPDATE_SNAPSHOT=20260415T030400Z +ARG UBUNTU_TAG=noble-20260509.1 +ARG APT_UPDATE_SNAPSHOT=20260601T030400Z ARG MACHINE_GUEST_TOOLS_VERSION=0.17.2 ARG MACHINE_GUEST_TOOLS_SHA256SUM=c077573dbcf0cdc146adf14b480bfe454ca63aa4d3e8408c5487f550a5b77a41 diff --git a/rust/Dockerfile b/rust/Dockerfile index b2933f0..a269f07 100644 --- a/rust/Dockerfile +++ b/rust/Dockerfile @@ -2,8 +2,8 @@ # This enforces that the packages downloaded from the repositories are the same # for the defined date, no matter when the image is built. -ARG UBUNTU_TAG=noble-20260410 -ARG APT_UPDATE_SNAPSHOT=20260415T030400Z +ARG UBUNTU_TAG=noble-20260509.1 +ARG APT_UPDATE_SNAPSHOT=20260601T030400Z ARG MACHINE_GUEST_TOOLS_VERSION=0.17.2 ARG MACHINE_GUEST_TOOLS_SHA256SUM=c077573dbcf0cdc146adf14b480bfe454ca63aa4d3e8408c5487f550a5b77a41 ARG RUST_VERSION=1.90.0 diff --git a/typescript/Dockerfile b/typescript/Dockerfile index 30ada8e..1e73a27 100644 --- a/typescript/Dockerfile +++ b/typescript/Dockerfile @@ -2,7 +2,7 @@ # This enforces that the packages downloaded from the repositories are the same # for the defined date, no matter when the image is built. -ARG APT_UPDATE_SNAPSHOT=20260415T030400Z +ARG APT_UPDATE_SNAPSHOT=20260601T030400Z ARG MACHINE_GUEST_TOOLS_VERSION=0.17.2 ARG MACHINE_GUEST_TOOLS_SHA256SUM=c077573dbcf0cdc146adf14b480bfe454ca63aa4d3e8408c5487f550a5b77a41 From 865776774f3bfef7aa377cdcd710292aa4fb2233 Mon Sep 17 00:00:00 2001 From: Enderson Maia Date: Wed, 3 Jun 2026 17:10:47 -0300 Subject: [PATCH 2/4] fix(java): update container image tag and use --- java/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/java/Dockerfile b/java/Dockerfile index c6454be..91181c6 100644 --- a/java/Dockerfile +++ b/java/Dockerfile @@ -4,7 +4,7 @@ ARG MACHINE_GUEST_TOOLS_SHA256SUM=c077573dbcf0cdc146adf14b480bfe454ca63aa4d3e840 # ################################################################################ # Java build stage (host arch) -FROM eclipse-temurin:21-jdk AS build +FROM --platform=$BUILDPLATFORM eclipse-temurin:21-jdk-noble AS build WORKDIR /app @@ -20,7 +20,7 @@ RUN ./gradlew --no-daemon shadowJar # ################################################################################ # # Runtime stage (Cartesi-compatible: linux/riscv64) -FROM --platform=linux/riscv64 eclipse-temurin:21-jre +FROM --platform=linux/riscv64 eclipse-temurin:21-jre-noble ARG MACHINE_GUEST_TOOLS_VERSION ARG MACHINE_GUEST_TOOLS_SHA256SUM From 9b3c26be3c2846f4742a20b6b174a3ec0070533d Mon Sep 17 00:00:00 2001 From: Enderson Maia Date: Wed, 3 Jun 2026 17:47:05 -0300 Subject: [PATCH 3/4] chore(ci): bump and lock GH Actions --- .github/workflows/build.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index e02bb8f..e6da757 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -26,10 +26,10 @@ jobs: - typescript steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.5 - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: current @@ -37,7 +37,7 @@ jobs: run: npm install -g @cartesi/cli@2.0.0-alpha.34 - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4.1.0 - name: Check system requirements run: cartesi doctor @@ -51,7 +51,7 @@ jobs: working-directory: ${{ matrix.template }} - name: Upload root.ext2 artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: ${{ matrix.template }}-rootfs path: | From fc60ef1ce9c958eff9646cb673b36053bfbde092 Mon Sep 17 00:00:00 2001 From: Enderson Maia Date: Wed, 3 Jun 2026 17:47:35 -0300 Subject: [PATCH 4/4] feat(ci): add dependabot for GH Actions --- .github/dependabot.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index 45097db..2bee5bc 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -13,3 +13,12 @@ updates: - "/typescript" schedule: interval: "daily" + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + commit-message: + prefix: "dependabot" + pull-request-branch-name: + separator: "/"