Updates github-config

.github/dependabot.yml

@@ -16,3 +16,8 @@ updates:
       update-types:
       - "minor"
       - "patch"
+      exclude-patterns:
+      - "github.com/anchore/stereoscope"
+      - "github.com/testcontainers/testcontainers-go"
+      - "github.com/docker/docker"
+      - "github.com/containerd/containerd"

.github/workflows/approve-bot-pr.yml

@@ -16,13 +16,13 @@ jobs:
       pr-number: ${{ steps.pr-data.outputs.number }}
     steps:
     - name: 'Download artifact'
-      uses: paketo-buildpacks/github-config/actions/pull-request/download-artifact@main
+      uses: initializ-buildpacks/github-config/actions/pull-request/download-artifact@main
       with:
         name: "event-payload"
         repo: ${{ github.repository }}
         run_id: ${{ github.event.workflow_run.id }}
         workspace: "/github/workspace"
-        token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
+        token: ${{ secrets.PAT }}
     - id: pr-data
       run: |
         echo "author=$(cat event.json | jq -r '.pull_request.user.login')" >> "$GITHUB_OUTPUT"
@@ -31,22 +31,22 @@ jobs:
   approve:
     name: Approve Bot PRs
     needs: download
-    if: ${{ needs.download.outputs.pr-author == 'paketo-bot' || needs.download.outputs.pr-author == 'dependabot[bot]' }}
+    if: ${{ needs.download.outputs.pr-author == 'initializ-bot' || needs.download.outputs.pr-author == 'dependabot[bot]' }}
     runs-on: ubuntu-22.04
     steps:
     - name: Check Commit Verification
       id: unverified-commits
-      uses: paketo-buildpacks/github-config/actions/pull-request/check-unverified-commits@main
+      uses: initializ-buildpacks/github-config/actions/pull-request/check-unverified-commits@main
       with:
-        token: ${{ secrets.PAKETO_BOT_REVIEWER_GITHUB_TOKEN }}
+        token: ${{ secrets.PAT }}
         repo: ${{ github.repository }}
         number: ${{ needs.download.outputs.pr-number }}
 
     - name: Check for Human Commits
       id: human-commits
-      uses: paketo-buildpacks/github-config/actions/pull-request/check-human-commits@main
+      uses: initializ-buildpacks/github-config/actions/pull-request/check-human-commits@main
       with:
-        token: ${{ secrets.PAKETO_BOT_REVIEWER_GITHUB_TOKEN }}
+        token: ${{ secrets.PAT }}
         repo: ${{ github.repository }}
         number: ${{ needs.download.outputs.pr-number }}
 
@@ -56,14 +56,14 @@ jobs:
 
     - name: Approve
       if: steps.human-commits.outputs.human_commits == 'false' && steps.unverified-commits.outputs.unverified_commits == 'false'
-      uses: paketo-buildpacks/github-config/actions/pull-request/approve@main
+      uses: initializ-buildpacks/github-config/actions/pull-request/approve@main
       with:
-        token: ${{ secrets.PAKETO_BOT_REVIEWER_GITHUB_TOKEN }}
+        token: ${{ secrets.PAT }}
         number: ${{ needs.download.outputs.pr-number }}
 
     - name: Enable Auto-Merge
       if: steps.human-commits.outputs.human_commits == 'false' && steps.unverified-commits.outputs.unverified_commits == 'false'
       run: |
         gh pr merge ${{ needs.download.outputs.pr-number }} --auto --rebase
       env:
-        GITHUB_TOKEN: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
+        GITHUB_TOKEN: ${{ secrets.PAT }}

.github/workflows/create-draft-release.yml

@@ -53,9 +53,8 @@ jobs:
     - name: Checkout
       uses: actions/checkout@v3
     - name: Run Integration Tests
-      run: ./scripts/integration.sh --use-token --builder ${{ matrix.builder }}
+      run: ./scripts/integration.sh --builder ${{ matrix.builder }} --token ${{ github.token }}
       env:
-        GIT_TOKEN: ${{ github.token }}
         TMPDIR: "${{ runner.temp }}"
 
   release:
@@ -73,14 +72,14 @@ jobs:
         fetch-tags: true
     - name: Reset Draft Release
       id: reset
-      uses: paketo-buildpacks/github-config/actions/release/reset-draft@main
+      uses: initializ-buildpacks/github-config/actions/release/reset-draft@main
       with:
         repo: ${{ github.repository }}
         token: ${{ github.token }}
     - name: Calculate Semver Tag
       if: github.event.inputs.version == ''
       id: semver
-      uses: paketo-buildpacks/github-config/actions/tag/calculate-semver@main
+      uses: initializ-buildpacks/github-config/actions/tag/calculate-semver@main
       with:
         repo: ${{ github.repository }}
         token: ${{ github.token }}
@@ -97,15 +96,15 @@ jobs:
       run: ./scripts/package.sh --version "${{ steps.tag.outputs.tag }}"
     - name: Create Release Notes
       id: create-release-notes
-      uses: paketo-buildpacks/github-config/actions/release/notes@main
+      uses: initializ-buildpacks/github-config/actions/release/notes@main
       with:
         repo: ${{ github.repository }}
-        token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
+        token: ${{ secrets.PAT }}
     - name: Create Release
-      uses: paketo-buildpacks/github-config/actions/release/create@main
+      uses: initializ-buildpacks/github-config/actions/release/create@main
       with:
         repo: ${{ github.repository }}
-        token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
+        token: ${{ secrets.PAT }}
         tag_name: v${{ steps.tag.outputs.tag }}
         target_commitish: ${{ github.sha }}
         name: v${{ steps.tag.outputs.tag }}
@@ -132,7 +131,7 @@ jobs:
     if: ${{ always() && needs.unit.result == 'failure' || needs.integration.result == 'failure' || needs.release.result == 'failure' }}
     steps:
     - name: File Failure Alert Issue
-      uses: paketo-buildpacks/github-config/actions/issue/file@main
+      uses: initializ-buildpacks/github-config/actions/issue/file@main
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
         repo: ${{ github.repository }}

.github/workflows/label-pr.yml

@@ -28,6 +28,6 @@ jobs:
 
     - name: Auto-label Semver
       if: ${{ failure() }}
-      uses: paketo-buildpacks/github-config/actions/pull-request/auto-semver-label@main
+      uses: initializ-buildpacks/github-config/actions/pull-request/auto-semver-label@main
       env:
-        GITHUB_TOKEN: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
+        GITHUB_TOKEN: ${{ secrets.PAT }}

.github/workflows/lint-yaml.yml

@@ -15,7 +15,7 @@ jobs:
     - name: Checkout github-config
       uses: actions/checkout@v3
       with:
-        repository: paketo-buildpacks/github-config
+        repository: initializ-buildpacks/github-config
         path: github-config
 
     - name: Set up Python

.github/workflows/publish-releases.yml

@@ -0,0 +1,41 @@
+name: Publish Draft Releases
+
+on:
+  workflow_dispatch: {}
+  schedule:
+    - cron: '0 5 * * WED'  # Weekly on Wednesday at 5:00 AM UTC
+
+concurrency:
+  group: publish-release
+
+jobs:
+  publish:
+    name: Publish
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Publish Draft Release With Highest Semantic Version
+        id: drafts
+        env:
+          GITHUB_TOKEN: ${{ secrets.PAT }}
+        uses: initializ-buildpacks/github-config/actions/release/publish-drafts@main
+        with:
+          repo: ${{ github.repository }}
+
+  failure:
+    name: Alert on Failure
+    runs-on: ubuntu-22.04
+    needs: [ publish ]
+    if: ${{ always() && needs.publish.result == 'failure' }}
+    steps:
+      - name: File Failure Alert Issue
+        uses: initializ-buildpacks/github-config/actions/issue/file@main
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          repo: ${{ github.repository }}
+          label: "failure:release"
+          comment_if_exists: true
+          issue_title: "Failure: Publish draft releases"
+          issue_body: |
+            Publish All Draft Releases workflow [failed](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}).
+          comment_body: |
+             Another failure occurred: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}

.github/workflows/push-buildpackage.yml

@@ -5,6 +5,10 @@
     types:
     - published
 
+permissions:
+  id-token: write 
+  contents: read
+
 jobs:
   push:
     name: Push
@@ -24,11 +28,11 @@
 
     - name: Download
       id: download
-      uses: paketo-buildpacks/github-config/actions/release/download-asset@main
+      uses: initializ-buildpacks/github-config/actions/release/download-asset@main
       with:
         url: ${{ steps.event.outputs.download_url }}
         output: "/github/workspace/buildpackage.cnb"
-        token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
+        token: ${{ secrets.PAT }}
 
     - name: Validate version
       run: |
@@ -39,24 +43,15 @@
           exit 1
         fi
 
-    - name: Push to GCR
-      env:
-        GCR_PUSH_BOT_JSON_KEY: ${{ secrets.GCR_PUSH_BOT_JSON_KEY }}
-      run: |
-        echo "${GCR_PUSH_BOT_JSON_KEY}" | sudo skopeo login --username _json_key --password-stdin gcr.io
-        sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://gcr.io/${{ github.repository }}:${{ steps.event.outputs.tag_full }}"
-        sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://gcr.io/${{ github.repository }}:${{ steps.event.outputs.tag_minor }}"
-        sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://gcr.io/${{ github.repository }}:${{ steps.event.outputs.tag_major }}"
-        sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://gcr.io/${{ github.repository }}:latest"
 
     - name: Push to DockerHub
       id: push
       env:
-        DOCKERHUB_USERNAME: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_USERNAME }}
-        DOCKERHUB_PASSWORD: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_PASSWORD }}
+        DOCKERHUB_USERNAME: ${{ secrets.INITIALIZ_BUILDPACKS_DOCKERHUB_USERNAME }}
+        DOCKERHUB_PASSWORD: ${{ secrets.INITIALIZ_BUILDPACKS_DOCKERHUB_PASSWORD }}
         GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }}
       run: |
-        REPOSITORY="${GITHUB_REPOSITORY_OWNER/-/}/${GITHUB_REPOSITORY#${GITHUB_REPOSITORY_OWNER}/}" # translates 'paketo-buildpacks/bundle-install' to 'paketobuildpacks/bundle-install'
+        REPOSITORY="${GITHUB_REPOSITORY_OWNER/-/}/${GITHUB_REPOSITORY#${GITHUB_REPOSITORY_OWNER}/}" # translates 'initializ-buildpacks/bundle-install' to 'initializbuildpacks/bundle-install'
         IMAGE="index.docker.io/${REPOSITORY}"
         echo "${DOCKERHUB_PASSWORD}" | sudo skopeo login --username "${DOCKERHUB_USERNAME}" --password-stdin index.docker.io
         sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://${IMAGE}:${{ steps.event.outputs.tag_full }}"
@@ -72,7 +67,7 @@
         id: ${{ github.repository }}
         version: ${{ steps.event.outputs.tag_full }}
         address: ${{ steps.push.outputs.image }}@${{ steps.push.outputs.digest }}
-        token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
+        token: ${{ secrets.PAT }}
 
   failure:
     name: Alert on Failure
@@ -81,7 +76,7 @@
     if: ${{ always() && needs.push.result == 'failure' }}
     steps:
     - name: File Failure Alert Issue
-      uses: paketo-buildpacks/github-config/actions/issue/file@main
+      uses: initializ-buildpacks/github-config/actions/issue/file@main
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
         repo: ${{ github.repository }}

.github/workflows/test-pull-request.yml

@@ -55,9 +55,8 @@ jobs:
       uses: actions/checkout@v3
 
     - name: Run Integration Tests
-      run: ./scripts/integration.sh --use-token --builder ${{ matrix.builder }}
+      run: ./scripts/integration.sh --builder ${{ matrix.builder }} --token ${{ github.token }}
       env:
-        GIT_TOKEN: ${{ github.token }}
         TMPDIR: "${{ runner.temp }}"
 
   roundup:

.github/workflows/update-github-config.yml

@@ -2,7 +2,7 @@
 
 on:
   schedule:
   - cron: '27 13 * * *' # daily at 13:27 UTC
   workflow_dispatch: {}
 
 concurrency: github_config_update
@@ -27,7 +27,7 @@
     - name: Checkout Branch
       uses: initializ-buildpacks/github-config/actions/pull-request/checkout-branch@main
       with:
-        branch: automation/github-config/update
+        branch: automations/github-config/update
 
     - name: Run the sync action
       uses: initializ-buildpacks/github-config/actions/sync@main
@@ -51,15 +51,15 @@
       if: ${{ steps.commit.outputs.commit_sha != '' }}
       uses: initializ-buildpacks/github-config/actions/pull-request/push-branch@main
       with:
-        branch: automation/github-config/update
+        branch: automations/github-config/update
 
     - name: Open Pull Request
       if: ${{ steps.commit.outputs.commit_sha != '' }}
       uses: initializ-buildpacks/github-config/actions/pull-request/open@main
       with:
         token: ${{ secrets.PAT }}
         title: "Updates github-config"
-        branch: automation/github-config/update
+        branch: automations/github-config/update
 
   failure:
     name: Alert on Failure

.github/workflows/update-go-mod-version.yml

@@ -0,0 +1,93 @@
+name: Update Go version
+
+on:
+  schedule:
+    - cron: '48 4 * * MON'  # every monday at 4:48 UTC
+  workflow_dispatch:
+
+concurrency: update-go
+
+jobs:
+  update-go:
+    name: Update go toolchain in go.mod
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: Checkout PR Branch
+        uses: initializ-buildpacks/github-config/actions/pull-request/checkout-branch@main
+        with:
+          branch: automations/go-mod-update/update-main
+      - name: Setup Go
+        id: setup-go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 'stable'
+      - name: Get current go toolchain version
+        id: current-go-version
+        uses: initializ-buildpacks/github-config/actions/update-go-mod-version@main
+        with:
+          go-version: ${{ steps.setup-go.outputs.go-version }}
+      - name: Go mod tidy
+        run: |
+          #!/usr/bin/env bash
+          set -euo pipefail
+          shopt -s inherit_errexit
+
+          echo "Before running go mod tidy"
+          echo "head -n10 go.mod "
+          head -n10 go.mod
+
+          echo "git diff"
+          git diff
+
+          echo "Running go mod tidy"
+          go mod tidy
+
+          echo "After running go mod tidy"
+          echo "head -n10 go.mod "
+          head -n10 go.mod
+
+          echo "git diff"
+          git diff
+      - name: Commit
+        id: commit
+        uses: initializ-buildpacks/github-config/actions/pull-request/create-commit@main
+        with:
+          message: "Updates go mod version to ${{ steps.setup-go.outputs.go-version }}"
+          pathspec: "."
+          keyid: ${{ secrets.INITIALIZ_BOT_GPG_SIGNING_KEY_ID }}
+          key: ${{ secrets.INITIALIZ_BOT_GPG_SIGNING_KEY }}
+
+      - name: Push Branch
+        if: ${{ steps.commit.outputs.commit_sha != '' }}
+        uses: initializ-buildpacks/github-config/actions/pull-request/push-branch@main
+        with:
+          branch: automations/go-mod-update/update-main
+
+      - name: Open Pull Request
+        if: ${{ steps.commit.outputs.commit_sha != '' }}
+        uses: initializ-buildpacks/github-config/actions/pull-request/open@main
+        with:
+          token: ${{ secrets.PAT }}
+          title: "Updates go mod version to ${{ steps.setup-go.outputs.go-version }}"
+          branch: automations/go-mod-update/update-main
+
+  failure:
+    name: Alert on Failure
+    runs-on: ubuntu-22.04
+    needs: [update-go]
+    if: ${{ always() && needs.update-go.result == 'failure' }}
+    steps:
+      - name: File Failure Alert Issue
+        uses: initializ-buildpacks/github-config/actions/issue/file@main
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          repo: ${{ github.repository }}
+          label: "failure:update-go-version"
+          comment_if_exists: true
+          issue_title: "Failure: Update Go Mod Version workflow"
+          issue_body: |
+            Update Go Mod Version workflow [failed](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}).
+          comment_body: |
+            Another failure occurred: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}