k0sproject · ncopa · Apr 25, 2025 · Apr 25, 2025 · Apr 25, 2025 · Apr 25, 2025
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -37,20 +37,20 @@ jobs:
           } >>"$GITHUB_OUTPUT"
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3.0.0
+        uses: docker/setup-qemu-action@v3.6.0
         with:
-          platforms: amd64,arm64,arm
+          platforms: amd64,arm64,arm,riscv64
 
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v3.0.0
+        uses: docker/setup-buildx-action@v3.10.0
 
       - name: Build OCI image archive
         id: build
-        uses: docker/build-push-action@v5.0.0
+        uses: docker/build-push-action@v6.16.0
         with:
           builder: ${{ steps.buildx.outputs.name }}
-          platforms: linux/amd64,linux/arm64,linux/arm
+          platforms: linux/amd64,linux/arm64,linux/arm,linux/riscv64
           tags: ${{ format('{0}/{1}:{2}', steps.prep.outputs.registry, steps.prep.outputs.name, steps.prep.outputs.tag) }}
           outputs: type=oci,dest=oci-image.tar
 
@@ -75,7 +75,7 @@ jobs:
         run: mkdir image && tar xf oci-image.tar.zst -C image/
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.12.0
+        uses: aquasecurity/trivy-action@0.30.0
         with:
           input: image/
           format: table
@@ -106,5 +106,5 @@ jobs:
 
           set -x
           podman run "${podmanArgs[@]}" \
-            docker://quay.io/skopeo/stable:v1.13.3 copy "${skopeoArgs[@]}" \
+            docker://quay.io/skopeo/stable:v1.18.0 copy "${skopeoArgs[@]}" \
             oci-archive:/image.tar "docker://$REGISTRY/$NAME:$TAG"
diff --git a/Dockerfile b/Dockerfile
@@ -1,10 +1,10 @@
 ARG \
   ALPINE_IMAGE=docker.io/library/alpine:3.21.3 \
   GOLANG_IMAGE=docker.io/library/golang:1.24.2-alpine \
-  VERSION=1.3.0 \
-  HASH=f9871b9f6ccb51d2b264532e96521e44f926928f91434b56ce135c95becf2901
+  VERSION=1.6.2 \
+  HASH=aa9a9401d27c1ad440627bbe7093d7e9ff47d325aac27b89a2cbdd56e25f3625
 
-FROM --platform=$BUILDPLATFORM $GOLANG_IMAGE as bins
+FROM --platform=$BUILDPLATFORM $GOLANG_IMAGE AS bins
 ARG VERSION HASH
 
 RUN wget https://github.com/containernetworking/plugins/archive/refs/tags/v${VERSION}.tar.gz \
@@ -13,6 +13,13 @@ RUN wget https://github.com/containernetworking/plugins/archive/refs/tags/v${VER
   && rm -- "v${VERSION}.tar.gz"
 
 WORKDIR /go/plugins-$VERSION
+
+# https://github.com/containernetworking/plugins/issues/1172
+RUN set -x \
+  && go get golang.org/x/net@v0.38.0 \
+  && go mod tidy \
+  && go mod vendor
+
 ARG TARGETPLATFORM
 RUN set -x \
   && apk add bash \
@@ -29,11 +36,11 @@ RUN set -x \
     -ldflags "-s -w -extldflags -static -X github.com/containernetworking/plugins/pkg/utils/buildversion.BuildVersion=v$VERSION"
 
 
-FROM $ALPINE_IMAGE as busybox
+FROM $ALPINE_IMAGE AS busybox
 RUN apk add busybox-static
 
 
-FROM $ALPINE_IMAGE as baselayout
+FROM $ALPINE_IMAGE AS baselayout
 COPY --from=busybox /bin/busybox.static /bin/busybox
 RUN /bin/busybox --install
 COPY src/cni-node /bin/cni-node