Merge branch 'prometheus:master' into master

clrkrompets · web-flow · commit c21b4103ccfe · 2026-04-24T12:12:49.000+03:00
diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml
@@ -0,0 +1,21 @@
+---
+name: govulncheck
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+      - master
+  schedule:
+    - cron: '33 2 * * *'
+
+permissions:
+  contents: read
+
+jobs:
+  govulncheck:
+    runs-on: ubuntu-latest
+    name: Run govulncheck
+    steps:
+      - id: govulncheck
+        uses: golang/govulncheck-action@31f7c5463448f83528bd771c2d978d940080c9fd # v1.0.4-unreleased
diff --git a/Makefile.common b/Makefile.common
@@ -91,8 +91,6 @@ $(error DOCKERFILE_PATH is deprecated. Use DOCKERFILE_VARIANTS ?= $(DOCKERFILE_P
 endif
 
 DOCKER_ARCHS ?= amd64 arm64 armv7 ppc64le riscv64 s390x
-DOCKERFILE_ARCH_EXCLUSIONS ?=
-DOCKER_REGISTRY_ARCH_EXCLUSIONS ?= quay.io:riscv64
 DOCKERFILE_VARIANTS     ?= $(wildcard Dockerfile Dockerfile.*)
 
 # Function to extract variant from Dockerfile label.
@@ -111,24 +109,6 @@ endif
 # Build variant:dockerfile pairs for shell iteration.
 DOCKERFILE_VARIANTS_WITH_NAMES := $(foreach df,$(DOCKERFILE_VARIANTS),$(call dockerfile_variant,$(df)):$(df))
 
-# Shell helper to check whether a dockerfile/arch pair is excluded.
-define dockerfile_arch_is_excluded
-case " $(DOCKERFILE_ARCH_EXCLUSIONS) " in \
-	*" $$dockerfile:$(1) "*) true ;; \
-	*) false ;; \
-esac
-endef
-
-# Shell helper to check whether a registry/arch pair is excluded.
-# Extracts registry from DOCKER_REPO (e.g., quay.io/prometheus -> quay.io)
-define registry_arch_is_excluded
-registry=$$(echo "$(DOCKER_REPO)" | cut -d'/' -f1); \
-case " $(DOCKER_REGISTRY_ARCH_EXCLUSIONS) " in \
-	*" $$registry:$(1) "*) true ;; \
-	*) false ;; \
-esac
-endef
-
 BUILD_DOCKER_ARCHS = $(addprefix common-docker-,$(DOCKER_ARCHS))
 PUBLISH_DOCKER_ARCHS = $(addprefix common-docker-publish-,$(DOCKER_ARCHS))
 TAG_DOCKER_ARCHS = $(addprefix common-docker-tag-latest-,$(DOCKER_ARCHS))
@@ -270,10 +250,6 @@ $(BUILD_DOCKER_ARCHS): common-docker-%:
 	@for variant in $(DOCKERFILE_VARIANTS_WITH_NAMES); do \
 		dockerfile=$${variant#*:}; \
 		variant_name=$${variant%%:*}; \
-		if $(call dockerfile_arch_is_excluded,$*); then \
-			echo "Skipping $$variant_name variant for linux-$* (excluded by DOCKERFILE_ARCH_EXCLUSIONS)"; \
-			continue; \
-		fi; \
 		distroless_arch="$*"; \
 		if [ "$*" = "armv7" ]; then \
 			distroless_arch="arm"; \
@@ -308,14 +284,6 @@ $(PUBLISH_DOCKER_ARCHS): common-docker-publish-%:
 	@for variant in $(DOCKERFILE_VARIANTS_WITH_NAMES); do \
 		dockerfile=$${variant#*:}; \
 		variant_name=$${variant%%:*}; \
-		if $(call dockerfile_arch_is_excluded,$*); then \
-			echo "Skipping push for $$variant_name variant on linux-$* (excluded by DOCKERFILE_ARCH_EXCLUSIONS)"; \
-			continue; \
-		fi; \
-		if $(call registry_arch_is_excluded,$*); then \
-			echo "Skipping push for $$variant_name variant on linux-$* to $(DOCKER_REPO) (excluded by DOCKER_REGISTRY_ARCH_EXCLUSIONS)"; \
-			continue; \
-		fi; \
 		if [ "$$dockerfile" != "Dockerfile" ] || [ "$$variant_name" != "default" ]; then \
 			echo "Pushing $$variant_name variant for linux-$*"; \
 			docker push "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:$(SANITIZED_DOCKER_IMAGE_TAG)-$$variant_name"; \
@@ -343,14 +311,6 @@ $(TAG_DOCKER_ARCHS): common-docker-tag-latest-%:
 	@for variant in $(DOCKERFILE_VARIANTS_WITH_NAMES); do \
 		dockerfile=$${variant#*:}; \
 		variant_name=$${variant%%:*}; \
-		if $(call dockerfile_arch_is_excluded,$*); then \
-			echo "Skipping tag for $$variant_name variant on linux-$* (excluded by DOCKERFILE_ARCH_EXCLUSIONS)"; \
-			continue; \
-		fi; \
-		if $(call registry_arch_is_excluded,$*); then \
-			echo "Skipping tag for $$variant_name variant on linux-$* for $(DOCKER_REPO) (excluded by DOCKER_REGISTRY_ARCH_EXCLUSIONS)"; \
-			continue; \
-		fi; \
 		if [ "$$dockerfile" != "Dockerfile" ] || [ "$$variant_name" != "default" ]; then \
 			echo "Tagging $$variant_name variant for linux-$* as latest"; \
 			docker tag "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:$(SANITIZED_DOCKER_IMAGE_TAG)-$$variant_name" "$(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$*:latest-$$variant_name"; \
@@ -372,14 +332,6 @@ common-docker-manifest:
 			echo "Creating manifest for $$variant_name variant"; \
 			refs=""; \
 			for arch in $(DOCKER_ARCHS); do \
-				if $(call dockerfile_arch_is_excluded,$$arch); then \
-					echo "  Skipping $$arch for $$variant_name (excluded by DOCKERFILE_ARCH_EXCLUSIONS)"; \
-					continue; \
-				fi; \
-				if $(call registry_arch_is_excluded,$$arch); then \
-					echo "  Skipping $$arch for $$variant_name on $(DOCKER_REPO) (excluded by DOCKER_REGISTRY_ARCH_EXCLUSIONS)"; \
-					continue; \
-				fi; \
 				refs="$$refs $(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$$arch:$(SANITIZED_DOCKER_IMAGE_TAG)-$$variant_name"; \
 			done; \
 			if [ -z "$$refs" ]; then \
@@ -393,14 +345,6 @@ common-docker-manifest:
 			echo "Creating default variant ($$variant_name) manifest"; \
 			refs=""; \
 			for arch in $(DOCKER_ARCHS); do \
-				if $(call dockerfile_arch_is_excluded,$$arch); then \
-					echo "  Skipping $$arch for default variant (excluded by DOCKERFILE_ARCH_EXCLUSIONS)"; \
-					continue; \
-				fi; \
-				if $(call registry_arch_is_excluded,$$arch); then \
-					echo "  Skipping $$arch for default variant on $(DOCKER_REPO) (excluded by DOCKER_REGISTRY_ARCH_EXCLUSIONS)"; \
-					continue; \
-				fi; \
 				refs="$$refs $(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$$arch:$(SANITIZED_DOCKER_IMAGE_TAG)"; \
 			done; \
 			if [ -z "$$refs" ]; then \
@@ -415,14 +359,6 @@ common-docker-manifest:
 				echo "Creating manifest for $$variant_name variant version tag"; \
 				refs=""; \
 				for arch in $(DOCKER_ARCHS); do \
-					if $(call dockerfile_arch_is_excluded,$$arch); then \
-						echo "  Skipping $$arch for $$variant_name version tag (excluded by DOCKERFILE_ARCH_EXCLUSIONS)"; \
-						continue; \
-					fi; \
-					if $(call registry_arch_is_excluded,$$arch); then \
-						echo "  Skipping $$arch for $$variant_name version tag on $(DOCKER_REPO) (excluded by DOCKER_REGISTRY_ARCH_EXCLUSIONS)"; \
-						continue; \
-					fi; \
 					refs="$$refs $(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$$arch:v$(DOCKER_MAJOR_VERSION_TAG)-$$variant_name"; \
 				done; \
 				if [ -z "$$refs" ]; then \
@@ -436,14 +372,6 @@ common-docker-manifest:
 				echo "Creating default variant version tag manifest"; \
 				refs=""; \
 				for arch in $(DOCKER_ARCHS); do \
-					if $(call dockerfile_arch_is_excluded,$$arch); then \
-						echo "  Skipping $$arch for default variant version tag (excluded by DOCKERFILE_ARCH_EXCLUSIONS)"; \
-						continue; \
-					fi; \
-					if $(call registry_arch_is_excluded,$$arch); then \
-						echo "  Skipping $$arch for default variant version tag on $(DOCKER_REPO) (excluded by DOCKER_REGISTRY_ARCH_EXCLUSIONS)"; \
-						continue; \
-					fi; \
 					refs="$$refs $(DOCKER_REPO)/$(DOCKER_IMAGE_NAME)-linux-$$arch:v$(DOCKER_MAJOR_VERSION_TAG)"; \
 				done; \
 				if [ -z "$$refs" ]; then \
@@ -497,9 +425,3 @@ $(1)_precheck:
 		exit 1; \
 	fi
 endef
-
-govulncheck: install-govulncheck
-	govulncheck ./...
-
-install-govulncheck:
-	command -v govulncheck > /dev/null || go install golang.org/x/vuln/cmd/govulncheck@latest
