Skip to content

Adding VersionStream for istio-1.29 #78635

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
octo-sts wants to merge 2 commits into
base: main
Choose a base branch
from
+325 −0
Open

Adding VersionStream for istio-1.29 #78635

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
55b41ba
istio-1.29: updated
octo-sts[bot] Feb 18, 2026
835a099
istio-1.29: updated patch directory
octo-sts[bot] Feb 18, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
290 changes: 290 additions & 0 deletions istio-1.29.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,290 @@
package:
name: istio-1.29
version: "1.29.0"
epoch: 0 # GHSA-jv3w-x3r3-g6rm
description: Istio is an open source service mesh that layers transparently onto existing distributed applications.
copyright:
- license: Apache-2.0

var-transforms:
- from: ${{package.version}}
match: ^(\d+\.\d+)\.\d+$
replace: "$1"
to: major-minor-version

environment:
contents:
packages:
- busybox
- ca-certificates-bundle
- go
environment:
CGO_ENABLED: "0"

pipeline:
- uses: git-checkout
with:
repository: https://github.com/istio/istio
tag: ${{package.version}}
expected-commit: b155e9e7642e5c0a40ef199da8b20596e2a3d443

subpackages:
- name: istio-cni-${{vars.major-minor-version}}
pipeline:
- uses: go/build
with:
packages: ./cni/cmd/istio-cni
output: istio-cni
ldflags: |
-X istio.io/istio/pkg/version.buildVersion=${{package.version}}
-X istio.io/istio/pkg/version.buildGitRevision=$(git rev-parse HEAD)
-X istio.io/istio/pkg/version.buildTag=$(git describe --tags --always)
-X istio.io/istio/pkg/version.buildStatus="Clean"
extra-args: "-buildvcs=false"
- uses: strip
dependencies:
provides:
- istio-cni=${{package.full-version}}
test:
pipeline:
- uses: test/virtualpackage
with:
virtual-pkg-name: istio-cni
real-pkg-name: ${{subpkg.name}}

- name: istioctl-${{vars.major-minor-version}}
pipeline:
- uses: go/build
with:
packages: ./istioctl/cmd/istioctl
output: istioctl
ldflags: |
-X istio.io/istio/pkg/version.buildVersion=${{package.version}}
-X istio.io/istio/pkg/version.buildGitRevision=$(git rev-parse HEAD)
-X istio.io/istio/pkg/version.buildTag=$(git describe --tags --always)
-X istio.io/istio/pkg/version.buildStatus="Clean"
extra-args: "-buildvcs=false"
dependencies:
provides:
- istioctl=${{package.full-version}}
test:
pipeline:
- runs: |
istioctl version --remote=false
istioctl --help

- name: istioctl-bash-completion-${{vars.major-minor-version}}
dependencies:
provides:
- istioctl-bash-completion=${{package.full-version}}
runtime:
- istioctl-${{vars.major-minor-version}}
- bash-completion
pipeline:
- runs: |
mkdir -p "${{targets.contextdir}}"/usr/share/bash-completion/completions
${{targets.outdir}}/istioctl-${{vars.major-minor-version}}/usr/bin/istioctl completion bash > "${{targets.contextdir}}"/usr/share/bash-completion/completions/istioctl-${{vars.major-minor-version}}
test:
pipeline:
- runs: stat /usr/share/bash-completion/completions/istioctl-${{vars.major-minor-version}}

- name: istioctl-zsh-completion-${{vars.major-minor-version}}
dependencies:
provides:
- istioctl-zsh-completion=${{package.full-version}}
runtime:
- istioctl-${{vars.major-minor-version}}
pipeline:
- runs: |
mkdir -p "${{targets.contextdir}}"/usr/share/zsh/site-functions
${{targets.outdir}}/istioctl-${{vars.major-minor-version}}/usr/bin/istioctl completion zsh > "${{targets.contextdir}}"/usr/share/zsh/site-functions/istioctl-${{vars.major-minor-version}}
test:
pipeline:
- runs: stat /usr/share/zsh/site-functions/istioctl-${{vars.major-minor-version}}

- name: istio-cni-${{vars.major-minor-version}}-compat
pipeline:
- runs: |
# See https://github.com/istio/istio/blob/1.20.2/cni/deployments/kubernetes/Dockerfile.install-cni
mkdir -p ${{targets.subpkgdir}}/opt/cni/bin
ln -sf /usr/bin/istio-cni ${{targets.subpkgdir}}/opt/cni/bin/istio-cni
dependencies:
provides:
- istio-cni-compat=${{package.full-version}}
test:
pipeline:
- uses: test/virtualpackage
with:
virtual-pkg-name: istio-cni-compat
real-pkg-name: ${{subpkg.name}}

- name: istio-install-cni-${{vars.major-minor-version}}
pipeline:
- uses: go/build
with:
packages: ./cni/cmd/install-cni
output: install-cni
ldflags: |
-X istio.io/istio/pkg/version.buildVersion=${{package.version}}
-X istio.io/istio/pkg/version.buildGitRevision=$(git rev-parse HEAD)
-X istio.io/istio/pkg/version.buildTag=$(git describe --tags --always)
-X istio.io/istio/pkg/version.buildStatus="Clean"
extra-args: "-buildvcs=false"
- uses: strip
dependencies:
provides:
- istio-install-cni=${{package.full-version}}
test:
pipeline:
- uses: test/virtualpackage
with:
virtual-pkg-name: istio-install-cni
real-pkg-name: ${{subpkg.name}}

- name: istio-install-cni-${{vars.major-minor-version}}-compat
pipeline:
- runs: |
# See https://github.com/istio/istio/blob/1.20.0/cni/deployments/kubernetes/Dockerfile.install-cni
mkdir -p ${{targets.subpkgdir}}/usr/local/bin
ln -sf /usr/bin/install-cni ${{targets.subpkgdir}}/usr/local/bin/install-cni
dependencies:
provides:
- istio-install-cni-compat=${{package.full-version}}
test:
pipeline:
- uses: test/virtualpackage
with:
virtual-pkg-name: istio-install-cni-compat
real-pkg-name: ${{subpkg.name}}

- name: istio-pilot-agent-${{vars.major-minor-version}}
pipeline:
- uses: go/build
with:
packages: ./pilot/cmd/pilot-agent
output: pilot-agent
# Extracted from https://github.com/istio/istio/blob/4358b84b911a80ba09ef36ac00ad85535a77e7ca/common/scripts/report_build_info.sh#L41-L48
# Use this instead for buildStatus once our pipeline stops dirtying the git tree: "$(if git diff-index --quiet HEAD --; then echo "Clean"; else echo "Modified"; fi)"
ldflags: |
-X istio.io/istio/pkg/version.buildVersion=${{package.version}}
-X istio.io/istio/pkg/version.buildGitRevision=$(git rev-parse HEAD)
-X istio.io/istio/pkg/version.buildTag=$(git describe --tags --always)
-X istio.io/istio/pkg/version.buildStatus="Clean"
extra-args: "-buildvcs=false"
- runs: |
mkdir -p ${{targets.subpkgdir}}/var/lib/istio/envoy
cp ./tools/packaging/common/envoy_bootstrap.json \
${{targets.subpkgdir}}/var/lib/istio/envoy/envoy_bootstrap_tmpl.json

- name: istio-pilot-agent-${{vars.major-minor-version}}-compat
pipeline:
- runs: |
# link /usr/local/bin/pilot-agent -> /usr/bin/pilot-agent to match
# what the Istio Helm charts may expect.
mkdir -p ${{targets.subpkgdir}}/usr/local/bin
ln -sf /usr/bin/pilot-agent ${{targets.subpkgdir}}/usr/local/bin/pilot-agent
dependencies:
provides:
- istio-pilot-agent-compat=${{package.full-version}}
test:
pipeline:
- uses: test/virtualpackage
with:
virtual-pkg-name: istio-pilot-agent-compat
real-pkg-name: ${{subpkg.name}}

- name: istio-pilot-discovery-${{vars.major-minor-version}}
pipeline:
- uses: go/build
with:
packages: ./pilot/cmd/pilot-discovery
output: pilot-discovery
# Extracted from https://github.com/istio/istio/blob/4358b84b911a80ba09ef36ac00ad85535a77e7ca/common/scripts/report_build_info.sh#L41-L48
# Use this instead for buildStatus once our pipeline stops dirtying the git tree: "$(if git diff-index --quiet HEAD --; then echo "Clean"; else echo "Modified"; fi)"
ldflags: |
-X istio.io/istio/pkg/version.buildVersion=${{package.version}}
-X istio.io/istio/pkg/version.buildGitRevision=$(git rev-parse HEAD)
-X istio.io/istio/pkg/version.buildTag=$(git describe --tags --always)
-X istio.io/istio/pkg/version.buildStatus="Clean"
extra-args: "-buildvcs=false"
- runs: |
mkdir -p ${{targets.subpkgdir}}/var/lib/istio/envoy
cp ./tools/packaging/common/envoy_bootstrap.json \
${{targets.subpkgdir}}/var/lib/istio/envoy/envoy_bootstrap_tmpl.json

- name: istio-pilot-discovery-${{vars.major-minor-version}}-compat
pipeline:
- runs: |
# link /usr/local/bin/pilot-discovery -> /usr/bin/pilot-discovery to match
# what the Istio Helm charts may expect.
mkdir -p ${{targets.subpkgdir}}/usr/local/bin
ln -sf /usr/bin/pilot-discovery ${{targets.subpkgdir}}/usr/local/bin/pilot-discovery
dependencies:
provides:
- istio-discovery-compat=${{package.full-version}}
test:
pipeline:
- uses: test/virtualpackage
with:
virtual-pkg-name: istio-discovery-compat
real-pkg-name: ${{subpkg.name}}

- name: ${{package.name}}-base
description: Package for Istio base image with common utilities
dependencies:
provides:
- istio-base=${{package.full-version}}
runtime:
- bash
- bind-tools
- ca-certificates
- conntrack-tools
- curl
- iproute2
- iptables
- iputils
- lsof
- net-tools
- netcat-openbsd
- nftables
- sudo
- tcpdump
pipeline:
- runs: |
if ! diff -q docker/Dockerfile.base Dockerfile.base; then
echo "Dockerfile has changed since last build, please update istio-1.28/Dockerfile.base and runtime dependencies"
exit 1
fi
test:
pipeline:
- uses: test/emptypackage

update:
enabled: true
ignore-regex-patterns:
- '-rc'
- '-beta'
github:
identifier: istio/istio
tag-filter-prefix: 1.29.
use-tag: true

test:
environment:
contents:
packages:
- jq
- grep
- istio-pilot-agent-${{vars.major-minor-version}}
- istio-pilot-discovery-${{vars.major-minor-version}}
pipeline:
- runs: |
# check version/tag/commit are not "unknown" for pilot-discovery
pilot-discovery version -o json | jq .clientVersion.version | grep -q ${{package.version}}
pilot-discovery version -o json | jq .clientVersion.revision | grep -qv unknown
pilot-discovery version -o json | jq .clientVersion.tag | grep -qv unknown

# check version/tag/commit are not "unknown" for pilot-agent
pilot-agent version -o json | jq .clientVersion.version | grep -q ${{package.version}}
pilot-agent version -o json | jq .clientVersion.revision | grep -qv unknown
pilot-agent version -o json | jq .clientVersion.tag | grep -qv unknown
35 changes: 35 additions & 0 deletions istio-1.29/Dockerfile.base
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
FROM ubuntu:noble

ENV DEBIAN_FRONTEND=noninteractive

# Do not add more stuff to this list that isn't small or critically useful.
# If you occasionally need something on the container do
# sudo apt-get update && apt-get whichever

# hadolint ignore=DL3005,DL3008
RUN apt-get update && \
apt-get install --no-install-recommends -y \
ca-certificates \
curl \
iptables \
nftables \
iproute2 \
iputils-ping \
knot-dnsutils \
netcat-openbsd \
tcpdump \
conntrack \
bsdmainutils \
net-tools \
lsof \
sudo \
&& update-ca-certificates \
&& apt-get upgrade -y \
&& apt-get clean \
&& rm -rf /var/log/*log /var/lib/apt/lists/* /var/log/apt/* /var/lib/dpkg/*-old /var/cache/debconf/*-old \
&& update-alternatives --set iptables /usr/sbin/iptables-legacy \
&& update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy

# Sudoers used to allow tcpdump and other debug utilities.
RUN useradd -m --uid 1337 istio-proxy && \
echo "istio-proxy ALL=NOPASSWD: ALL" >> /etc/sudoers
Loading