Init

2025-11-24 15:52:52 +11:00
2 changed files with 7 additions and 7 deletions
--- a/6
+++ b/6
@ -12,7 +12,7 @@
 # renovate: datasource=github-releases depName=siderolabs/talos versioning=semver
 ARG TALOSCTL_VERSION=1.9.2
 # renovate: datasource=github-releases depName=budimanjojo/talhelper versioning=semver
-ARG TALHELPER_VERSION=3.0.39
+ARG TALHELPER_VERSION=3.0.7
 # renovate: datasource=github-releases depName=getsops/sops versioning=semver
 ARG SOPS_VERSION=3.9.1

@ -30,7 +30,7 @@ RUN set -eux; \
 ARG TARGETARCH
 RUN set -eux; \
    case "${TARGETARCH}" in \
-      amd64)  TALOS_ARCH=amd64;  TALHELPER_ARCH=amd64;  SOPS_ARCH=amd64 ;; \
+      amd64)  TALOS_ARCH=amd64;  TALHELPER_ARCH=x86_64; SOPS_ARCH=amd64 ;; \
      arm64)  TALOS_ARCH=arm64;  TALHELPER_ARCH=arm64;  SOPS_ARCH=arm64 ;; \
      *) echo "Unsupported TARGETARCH=${TARGETARCH}"; exit 1 ;; \
    esac; \
@ -59,7 +59,7 @@ RUN . /tmp/arches.env; \
 # Download talhelper (tar.gz containing the binary) and verify checksum
 RUN . /tmp/arches.env; \
    set -eux; \
-    TALHELPER_TGZ_URL="https://github.com/budimanjojo/talhelper/releases/download/v${TALHELPER_VERSION}/talhelper_linux_${TALHELPER_ARCH}.tar.gz"; \
+    TALHELPER_TGZ_URL="https://github.com/budimanjojo/talhelper/releases/download/v${TALHELPER_VERSION}/talhelper_Linux_${TALHELPER_ARCH}.tar.gz"; \
    curl -fsSL -o /tmp/talhelper.tgz "${TALHELPER_TGZ_URL}"; \
    if curl -fsSL -o /tmp/talhelper.tgz.sha256 "${TALHELPER_TGZ_URL}.sha256"; then \
      TALHELPER_TGZ_SHA=$(tr -d ' \n\r' < /tmp/talhelper.tgz.sha256); \
--- a/README.md
+++ b/README.md
@ -6,7 +6,7 @@ An OCI image (Wolfi-based) containing:
 - sops

 The image is built on Wolfi to keep size and surface area minimal, then built via Forgejo Actions. On pushes to `main` (or `master`), the image is pushed to your Forgejo container registry. On other branches, the workflow builds the image but does not push it (to validate PRs). The published tag encodes the versions of all three tools:
- Tag format: `v<TALOSCTL>-<TALHELPER>-<SOPS>` (for example: `v1.9.2-3.0.39-3.9.1`), plus `latest`.
+- Tag format: `v<TALOSCTL>-<TALHELPER>-<SOPS>` (for example: `v1.9.2-3.0.7-3.9.1`), plus `latest`.

 Contents are defined in `Dockerfile`. Versions are pinned via build `ARG`s so they can be updated automatically by Renovate.
 Additionally, the build verifies SHA256 checksums for all downloaded binaries and includes their source URLs and checksums inside the image at `/usr/local/share/checksums/`.
@ -38,19 +38,19 @@ To build locally (example versions):
 ```
 docker build \
  --build-arg TALOSCTL_VERSION=1.9.2 \
-  --build-arg TALHELPER_VERSION=3.0.39 \
+  --build-arg TALHELPER_VERSION=3.0.7 \
  --build-arg SOPS_VERSION=3.9.1 \
  -t talos-tools:dev .
 ```

 Image usage
 ```
-docker run --rm -it your.registry/owner/talos-tools:v1.9.2-3.0.39-3.9.1 talosctl version --client
+docker run --rm -it your.registry/owner/talos-tools:v1.9.2-3.0.7-3.9.1 talosctl version --client
 ```

 Notes
 - The workflow uses Docker Buildx and QEMU to produce multi-arch images.
- The Dockerfile maps architectures to the upstream asset names as required (e.g., talhelper uses `amd64` and `arm64` asset names).
+- The Dockerfile maps architectures to the upstream asset names as required (e.g., talhelper uses `x86_64`).
 - Base image: `cgr.dev/chainguard/wolfi-base:latest` for a smaller footprint than Alpine. Renovate is enabled to track and pin the base image digest automatically.
 - Runtime shell: `bash` is included because this image is intended to be used in Forgejo Actions jobs that require a shell.
 - Integrity: SHA256 checksum verification is performed during the image build for `talosctl`, `talhelper` (tarball), and `sops`.