Lists all container image registries published under ghcr.io/kubewarden/policies.
Flavio Castelli flavio
flavio
/ 0001-fix-ci-allow-to-specify-program-versions.patch
Created
April 1, 2026 07:08
Patch for https://github.com/kubewarden/github-actions/pull/285
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From 7033461ce10d6928873787832b559454f41c6492 Mon Sep 17 00:00:00 2001 | |
| From: Flavio Castelli <fcastelli@suse.com> | |
| Date: Wed, 1 Apr 2026 09:04:52 +0200 | |
| Subject: [PATCH] fix(ci): allow to specify program versions | |
| Sometimes it's still useful to be able to change the default program | |
| version to install without having to tag a new version of this | |
| repository. | |
| That's especially true when dealing with kwctl bumps. |
flavio
/ org-backup.rb
Last active
July 23, 2025 16:36
Some quick helper scripts to save and restore the labels associated to PRs and issues of GitHub repositories
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'octokit' | |
| # Usage: | |
| # ruby org-backup.rb save org_name | |
| # ruby org-backup.rb restore org_name | |
| # (expects token in .github_token file in current directory or HOME) | |
| def read_token | |
| paths = [ | |
| File.join(Dir.pwd, ".github_token"), |
Simplest Kubewarden policy written using Go.
To be compiled with TinyGo:
tinygo build -o policy.wasm -target=wasi -no-debug .For more details: https://github.com/kubewarden/go-policy-template
flavio
/ wasmtime-one-module-smap.txt
Created
September 20, 2023 14:52
Output produced by `smap` when looking at a process running wasmtime. Only one module loaded
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 28789: target/release/wasmtime-provider-memory | |
| Address Perm Offset Device Inode Size Rss Pss Referenced Anonymous LazyFree ShmemPmdMapped FilePmdMapped Shared_Hugetlb Private_Hugetlb Swap SwapPss Locked THPeligible Mapping | |
| 5654b4238000 r-xp 00000000 fe:02 584900893 9532 6048 6048 6048 0 0 0 0 0 0 0 0 0 0 /home/flavio/hacking/wasm/wapc/wasmtime-provider-memory/target/release/wasmtime-provider-memory | |
| 5654b4b87000 r--p 0094f000 fe:02 584900893 280 280 280 280 280 0 0 0 0 0 0 0 0 0 /home/flavio/hacking/wasm/wapc/wasmtime-provider-memory/target/release/wasmtime-provider-memory | |
| 5654b4bcd000 rw-p 00995000 fe:02 584900893 8 8 8 8 8 0 0 0 0 0 0 0 0 0 /home/flavio/ha |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *.wasm |
This is a set of files that can be used to reproduce an issue I'm facing with rustls.
This is the current setup:
- A self signed root CA
- A wildcard certificate issued by this CA. One of the SAN is
*.suse(yeah this is bad from a security POV)
I've a simple program that uses reqwest to perform a GET request against a HTTPS server that uses this certificate.
The server FQDN is registry01.suse.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module github.com/flavio/container-image-name | |
| go 1.16 | |
| require ( | |
| github.com/docker/distribution v2.7.1+incompatible | |
| github.com/opencontainers/go-digest v1.0.0 // indirect | |
| ) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| use oci_distribution::{ParseError, Reference}; | |
| use std::str::FromStr; | |
| use url::Url; | |
| fn build_oci_reference(url: Url) -> Result<Reference, ParseError> { | |
| Reference::from_str( | |
| url.as_ref() | |
| .strip_prefix("registry://") | |
| .unwrap_or_else(|| url.as_ref()), | |
| ) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Running `target/release/kwctl -v run --settings-json '{"allowed_capabilities": ["CHOWN"]}' -r ../psp-capabilities/test_data/req_pod_with_container_with_capabilities_added.json ../psp-capabilities/target/wasm32-unknown-unknown/release/psp_capabilities.wasm` | |
| Jun 27 15:06:21.457 INFO validate{self=PolicyEvaluator { settings: Some({"allowed_capabilities": Array([String("CHOWN")])}) } request="{\"uid\":\"1299d386-525b-4032-98ae-1949f69f9cfc\",\"kind\":{\"group\":\"\",\"version\":\"v1\",\"kind\":\"Pod\"},\"resource\":{\"group\":\"\",\"version\":\"v1\",\"resource\":\"pods\"},\"requestKind\":{\"group\":\"\",\"version\":\"v1\",\"kind\":\"Pod\"},\"requestResource\":{\"group\":\"\",\"version\":\"v1\",\"resource\":\"pods\"},\"name\":\"nginx\",\"namespace\":\"default\",\"operation\":\"CREATE\",\"userInfo\":{\"username\":\"kubernetes-admin\",\"groups\":[\"system:masters\",\"system:authenticated\"]},\"object\":{\"kind\":\"Pod\",\"apiVersion\":\"v1\",\"metadata\":{\"name\":\"nginx\",\"namespace\":\"default\",\"uid\":\"04dc7 |
NewerOlder