Skip to content

merge queue: embarking 9.1 (8384ec4) and #19464 together #19467

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

merge queue: embarking 9.1 (8384ec4) and #19464 together #19467

wants to merge 2 commits into from

Conversation

@mergify
Copy link
Contributor

@mergify mergify bot commented Nov 4, 2025
edited
Loading

🎉 This pull request has been checked successfully and will be merged soon. 🎉

Branch 9.1 (8384ec4) and #19464 are embarked together for merge.

This pull request has been created by Mergify to speculatively check the mergeability of #19464.
You don't need to do anything. Mergify will close this pull request automatically when it is complete.

Required conditions of queue default for merge:

Required conditions to stay in the queue:

---
checking_base_sha: 8384ec4f5067e9559baa6669317c12bae46ab5a2
previous_failed_batches: []
pull_requests:
  - number: 19464
...

kruskall and others added 2 commits November 4, 2025 17:26
@kruskall @mergify
fix: ensure clean state when packaging artifacts (#19252)
d76203d 
* fix: copy full repository in Docker build to guarantee clean VCS state

Go’s build process now automatically embeds VCS information into the
binary. When the repository contains untracked files or the working
tree is dirty, the binary receives a “dirty” flag, which can make it
look tampered, confuse security scanners, and break reproducible
builds.

This PR updates the Dockerfiles to copy the entire repository into the
build image and adds all tracked files to the Docker build context.
By ensuring the same source tree is used both inside and outside the
container, the resulting binary matches the locally‑built version and
the Git state remains clean.

* fix: add gvm to .gitignore

The CI packaging pipeline installs gvm directly in the workspace,
producing a gvm binary that isn’t tracked by Git. Because the file
is untracked, the repository appears dirty, causing Go to embed a
dirty flag in the VCS metadata of the built binary.

This change adds the generated gvm binary to .gitignore,
ensuring the Git tree stays clean and the resulting binary’s VCS
metadata reflects a pristine state.

* Update Dockerfile

* Update Dockerfile.fips

* Update Dockerfile.wolfi

(cherry picked from commit b74e01a)
@mergify
Merge of #19464
a8ab490
@github-actions
Copy link
Contributor

github-actions bot commented Nov 4, 2025

🤖 GitHub comments

Just comment with:

  • run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)

@mergify mergify bot closed this Nov 4, 2025
@mergify mergify bot deleted the mergify/merge-queue/e85377bb13 branch November 4, 2025 17:39
@elasticmachine
Copy link
Contributor

elasticmachine commented Nov 4, 2025

💚 Build Succeeded

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@elasticmachine @kruskall