From 8331f82188a3b760de423290e0047943f88eb97f Mon Sep 17 00:00:00 2001
From: Andy Suderman <andy@suderman.dev>
Date: Mon, 8 Dec 2025 14:42:12 -0700
Subject: [PATCH 1/5] feat: add an image for trixie and update some bin
 versions

BREAKING CHANGE: v15 will default to Trixie
---
 bin/install-rok8s-requirements |  8 ++++----
 ci-images/trixie/Dockerfile    | 12 ++++++++++++
 2 files changed, 16 insertions(+), 4 deletions(-)
 create mode 100644 ci-images/trixie/Dockerfile

diff --git a/bin/install-rok8s-requirements b/bin/install-rok8s-requirements
index e1b5d259..8297e72a 100755
--- a/bin/install-rok8s-requirements
+++ b/bin/install-rok8s-requirements
@@ -32,10 +32,10 @@ else
   PKG_INSTALL="${PKG_MANAGER} install -y"
 fi
 
-AWS_CLI_VERSION="${AWS_CLI_VERSION:-2.17.5}"
-KUBECTL_VERSION="${KUBECTL_VERSION:-v1.30.2}"
-HELM_VERSION="${HELM_VERSION:-v3.15.2}"
-SOPS_VERSION="${SOPS_VERSION:-v3.9.0}"
+AWS_CLI_VERSION="${AWS_CLI_VERSION:-2.28.1}"
+KUBECTL_VERSION="${KUBECTL_VERSION:-v1.34.2}"
+HELM_VERSION="${HELM_VERSION:-v3.19.2}"
+SOPS_VERSION="${SOPS_VERSION:-v3.11.0}"
 
 # make sure sudo is installed
 if ! hash sudo 2>/dev/null; then
diff --git a/ci-images/trixie/Dockerfile b/ci-images/trixie/Dockerfile
new file mode 100644
index 00000000..47f9e6ca
--- /dev/null
+++ b/ci-images/trixie/Dockerfile
@@ -0,0 +1,12 @@
+FROM circleci/buildpack-deps:trixie
+
+USER root
+
+RUN apt-get update && \
+    apt-get upgrade -y && \
+    apt-get install -y -qq jq wget python3-pip python3-dev && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+COPY bin /usr/local/bin
+RUN install-rok8s-requirements

From 5a8ad3a75c4f3a0d05048b36865cd9f48670db2f Mon Sep 17 00:00:00 2001
From: Andy Suderman <andy@suderman.dev>
Date: Mon, 8 Dec 2025 14:51:41 -0700
Subject: [PATCH 2/5] feat: use cimg/base instead

---
 ci-images/trixie/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ci-images/trixie/Dockerfile b/ci-images/trixie/Dockerfile
index 47f9e6ca..34e5f58f 100644
--- a/ci-images/trixie/Dockerfile
+++ b/ci-images/trixie/Dockerfile
@@ -1,4 +1,4 @@
-FROM circleci/buildpack-deps:trixie
+FROM cimg/base:current-24.04
 
 USER root
 

From 520195d518c452384d76e321bb3976479466b21b Mon Sep 17 00:00:00 2001
From: Andy Suderman <andy@suderman.dev>
Date: Mon, 8 Dec 2025 14:52:40 -0700
Subject: [PATCH 3/5] feat: move to cimg 24.04

---
 ci-images/{trixie => cimg-24.04}/Dockerfile | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename ci-images/{trixie => cimg-24.04}/Dockerfile (100%)

diff --git a/ci-images/trixie/Dockerfile b/ci-images/cimg-24.04/Dockerfile
similarity index 100%
rename from ci-images/trixie/Dockerfile
rename to ci-images/cimg-24.04/Dockerfile

From a00d137343c9f4a908544f155cfc33684c749287 Mon Sep 17 00:00:00 2001
From: Andy Suderman <andy@suderman.dev>
Date: Mon, 8 Dec 2025 14:58:30 -0700
Subject: [PATCH 4/5] fix: update kubectl download path

---
 bin/install-rok8s-requirements | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bin/install-rok8s-requirements b/bin/install-rok8s-requirements
index 8297e72a..3ee879e4 100755
--- a/bin/install-rok8s-requirements
+++ b/bin/install-rok8s-requirements
@@ -101,7 +101,7 @@ hash aws
 # make sure kubectl is installed
 if ! hash kubectl 2>/dev/null; then
   echo Installing kubectl...
-  wget -q "https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" -O "${ROK8S_INSTALL_PATH}/kubectl"
+  wget -q "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" -O "${ROK8S_INSTALL_PATH}/kubectl"
   chmod +x "${ROK8S_INSTALL_PATH}/kubectl"
 fi
 

From 324487efb6028a8983c393e05dc029e8133cd87b Mon Sep 17 00:00:00 2001
From: Andy Suderman <andy@suderman.dev>
Date: Tue, 9 Dec 2025 09:38:41 -0700
Subject: [PATCH 5/5] feat: prep v15 release

---
 docs/ci-images.md                       | 2 +-
 examples/ci/bitbucket-pipelines.yml     | 2 +-
 examples/minimal-sops-secrets/README.md | 2 +-
 examples/minimal/README.md              | 2 +-
 orb/executors/ci-images.yml             | 2 +-
 orb/executors/default.yml               | 2 +-
 orb/jobs/kubernetes_e2e_tests.yml       | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/docs/ci-images.md b/docs/ci-images.md
index 3c12cf15..16a4289d 100644
--- a/docs/ci-images.md
+++ b/docs/ci-images.md
@@ -7,7 +7,7 @@ meta:
 
 Each new release of rok8s-scripts generates CI images for common workflows. These images include a set of common CI/CD dependencies, including Docker, Kubernetes, Helm, AWS, and Google Cloud client libraries. Starting with these images as a base for deployment workflows ensures that you don't need to spend any build time installing extra dependencies.
 
-We currently include CI Images based on Alpine and Debian Buster as our recommended starting points. The latest Debian Buster release can be pulled from `quay.io/reactiveops/ci-images:v14.1-bullseye`. A full list of image tags is available on our [Quay repository](https://quay.io/repository/reactiveops/ci-images).
+We currently include CI Images based on Alpine and Debian Buster as our recommended starting points. The latest Debian Buster release can be pulled from `quay.io/reactiveops/ci-images:v15.0-bullseye`. A full list of image tags is available on our [Quay repository](https://quay.io/repository/reactiveops/ci-images).
 
 **Deprecation Notice** As of v10 and onward, alpine and stretch will be the only available images.
 
diff --git a/examples/ci/bitbucket-pipelines.yml b/examples/ci/bitbucket-pipelines.yml
index 0ec195e2..fc3f5e33 100644
--- a/examples/ci/bitbucket-pipelines.yml
+++ b/examples/ci/bitbucket-pipelines.yml
@@ -1,4 +1,4 @@
-image: quay.io/reactiveops/ci-images:v14.1-bullseye
+image: quay.io/reactiveops/ci-images:v15.0-bullseye
 
 aliases:
   - &initialize-env |
diff --git a/examples/minimal-sops-secrets/README.md b/examples/minimal-sops-secrets/README.md
index 3d4ce433..30c4b92d 100644
--- a/examples/minimal-sops-secrets/README.md
+++ b/examples/minimal-sops-secrets/README.md
@@ -19,7 +19,7 @@ we run some of the scripts provided by rok8s-scripts. In particular, we use:
 * `k8s-deploy-and-verify` to deploy our image to Kubernetes and make sure the deployment succeeded
 	* This also calls the `k8s-deploy-secrets` script to decrypt and deploy secrets
 
-We also use the rok8s-scripts CI image, `quay.io/reactiveops/ci-images:v14.1-bullseye`,
+We also use the rok8s-scripts CI image, `quay.io/reactiveops/ci-images:v15.0-bullseye`,
 to ensure rok8s-scripts and its dependencies are available during the build and deploy jobs.
 
 ## Try it out
diff --git a/examples/minimal/README.md b/examples/minimal/README.md
index ae8ddc7a..13b1106b 100644
--- a/examples/minimal/README.md
+++ b/examples/minimal/README.md
@@ -18,7 +18,7 @@ we run some of the scripts provided by rok8s-scripts. In particular, we use:
 * `prepare-kubectl` to configure the `kubectl` command to be able to deploy resources to our Kubernetes cluster
 * `k8s-deploy-and-verify` to deploy our image to Kubernetes and make sure the deployment succeeded
 
-We also use the rok8s-scripts CI image, `quay.io/reactiveops/ci-images:v14.1-bullseye`,
+We also use the rok8s-scripts CI image, `quay.io/reactiveops/ci-images:v15.0-bullseye`,
 to ensure rok8s-scripts and its dependencies are available during the build and deploy jobs.
 
 ## Try it out
diff --git a/orb/executors/ci-images.yml b/orb/executors/ci-images.yml
index d9056c18..1f7fe352 100644
--- a/orb/executors/ci-images.yml
+++ b/orb/executors/ci-images.yml
@@ -1,6 +1,6 @@
 parameters:
   version:
     type: string
-    default: "v14.1-bullseye"
+    default: "v15.0-bullseye"
 docker:
   - image: quay.io/reactiveops/ci-images:<<parameters.version>>
diff --git a/orb/executors/default.yml b/orb/executors/default.yml
index d9056c18..1f7fe352 100644
--- a/orb/executors/default.yml
+++ b/orb/executors/default.yml
@@ -1,6 +1,6 @@
 parameters:
   version:
     type: string
-    default: "v14.1-bullseye"
+    default: "v15.0-bullseye"
 docker:
   - image: quay.io/reactiveops/ci-images:<<parameters.version>>
diff --git a/orb/jobs/kubernetes_e2e_tests.yml b/orb/jobs/kubernetes_e2e_tests.yml
index 1dd64845..3b0c3a1d 100644
--- a/orb/jobs/kubernetes_e2e_tests.yml
+++ b/orb/jobs/kubernetes_e2e_tests.yml
@@ -50,7 +50,7 @@ parameters:
   command_runner_image:
     description: "The image to execute commands from against the kind cluster. Also where the script gets executed."
     type: string
-    default: "quay.io/reactiveops/ci-images:v14.1-alpine"
+    default: "quay.io/reactiveops/ci-images:v15.0-alpine"
   pre_script:
     description: "Script to run on the local machine before running script on command runner."
     type: string