diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index bca9737..09253a6 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -6,7 +6,7 @@ on: pull_request: branches: [ main ] schedule: - - cron: '34 5 * * *' # daily at 5:34am UTC + - cron: '34 5 * * *' # daily at 5:34am UTC jobs: analyze: @@ -17,19 +17,19 @@ jobs: fail-fast: false matrix: language: - - 'go' + - 'go' steps: - - name: Checkout repository - uses: actions/checkout@v3 + - name: Checkout repository + uses: actions/checkout@v3 - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: ${{ matrix.language }} + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} - - name: Autobuild - uses: github/codeql-action/autobuild@v2 + - name: Autobuild + uses: github/codeql-action/autobuild@v2 - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 \ No newline at end of file + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/push-buildpackage.yml b/.github/workflows/push-buildpackage.yml index 3bc6ee1..cc84878 100644 --- a/.github/workflows/push-buildpackage.yml +++ b/.github/workflows/push-buildpackage.yml @@ -1,12 +1,12 @@ -name: "Push Buildpackage" +name: Push Buildpackage on: release: types: - - published + - published permissions: - id-token: write + id-token: write contents: read jobs: @@ -15,57 +15,59 @@ jobs: runs-on: ubuntu-22.04 steps: - - name: Parse Event - id: event - run: | - FULL_VERSION="$(jq -r '.release.tag_name' "${GITHUB_EVENT_PATH}" | sed s/^v//)" - MINOR_VERSION="$(echo "${FULL_VERSION}" | awk -F '.' '{print $1 "." $2 }')" - MAJOR_VERSION="$(echo "${FULL_VERSION}" | awk -F '.' '{print $1 }')" - echo "tag_full=${FULL_VERSION}" >> "$GITHUB_OUTPUT" - echo "tag_minor=${MINOR_VERSION}" >> "$GITHUB_OUTPUT" - echo "tag_major=${MAJOR_VERSION}" >> "$GITHUB_OUTPUT" - echo "download_url=$(jq -r '.release.assets[] | select(.name | endswith(".cnb")) | .url' "${GITHUB_EVENT_PATH}")" >> "$GITHUB_OUTPUT" + - name: Parse Event + id: event + run: | + FULL_VERSION="$(jq -r '.release.tag_name' "${GITHUB_EVENT_PATH}" | sed s/^v//)" + MINOR_VERSION="$(echo "${FULL_VERSION}" | awk -F '.' '{print $1 "." $2 }')" + MAJOR_VERSION="$(echo "${FULL_VERSION}" | awk -F '.' '{print $1 }')" + echo "tag_full=${FULL_VERSION}" >> "$GITHUB_OUTPUT" + echo "tag_minor=${MINOR_VERSION}" >> "$GITHUB_OUTPUT" + echo "tag_major=${MAJOR_VERSION}" >> "$GITHUB_OUTPUT" + echo "download_url=$(jq -r '.release.assets[] | select(.name | endswith(".cnb")) | .url' "${GITHUB_EVENT_PATH}")" >> "$GITHUB_OUTPUT" - - name: Download - id: download - uses: initializ-buildpacks/github-config/actions/release/download-asset@main - with: - url: ${{ steps.event.outputs.download_url }} - output: "/github/workspace/buildpackage.cnb" - token: ${{ secrets.PAT }} + - name: Download + id: download + uses: initializ-buildpacks/github-config/actions/release/download-asset@main + with: + url: ${{ steps.event.outputs.download_url }} + output: "/github/workspace/buildpackage.cnb" + token: ${{ secrets.PAT }} - - name: Validate version - run: | - buildpackTomlVersion=$(sudo skopeo inspect "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" | jq -r '.Labels."io.buildpacks.buildpackage.metadata" | fromjson | .version') - githubReleaseVersion="${{ steps.event.outputs.tag_full }}" - if [[ "$buildpackTomlVersion" != "$githubReleaseVersion" ]]; then - echo "Version in buildpack.toml ($buildpackTomlVersion) and github release ($githubReleaseVersion) are not identical" - exit 1 - fi + - name: Validate version + run: | + buidpackTomlVersion=$(sudo skopeo inspect "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" | jq -r '.Labels."io.buildpacks.buildpackage.metadata" | fromjson | .version') + githubReleaseVersion="${{ steps.event.outputs.tag_full }}" + if [[ "$buidpackTomlVersion" != "$githubReleaseVersion" ]]; then + echo "Version in buildpack.toml ($buidpackTomlVersion) and github release ($githubReleaseVersion) are not identical" + exit 1 + fi - - name: Push to DockerHub - id: push - env: - DOCKERHUB_USERNAME: ${{ secrets.INITIALIZ_BUILDPACKS_DOCKERHUB_USERNAME }} - DOCKERHUB_PASSWORD: ${{ secrets.INITIALIZ_BUILDPACKS_DOCKERHUB_PASSWORD }} - GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }} - run: | - REPOSITORY="${GITHUB_REPOSITORY_OWNER/-/}/${GITHUB_REPOSITORY#${GITHUB_REPOSITORY_OWNER}/}" # translates 'initializ-buildpacks/bundle-install' to 'initializbuildpacks/bundle-install' - IMAGE="index.docker.io/${REPOSITORY}" - echo "${DOCKERHUB_PASSWORD}" | sudo skopeo login --username "${DOCKERHUB_USERNAME}" --password-stdin index.docker.io - sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://${IMAGE}:${{ steps.event.outputs.tag_full }}" - sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://${IMAGE}:${{ steps.event.outputs.tag_minor }}" - sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://${IMAGE}:${{ steps.event.outputs.tag_major }}" - sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://${IMAGE}:latest" - echo "image=${IMAGE}" >> "$GITHUB_OUTPUT" - echo "digest=$(sudo skopeo inspect "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" | jq -r .Digest)" >> "$GITHUB_OUTPUT" - - name: Register with CNB Registry - uses: docker://ghcr.io/buildpacks/actions/registry/request-add-entry:main - with: - id: ${{ github.repository }} - version: ${{ steps.event.outputs.tag_full }} - address: ${{ steps.push.outputs.image }}@${{ steps.push.outputs.digest }} + - name: Push to DockerHub + id: push + env: + DOCKERHUB_USERNAME: ${{ secrets.INITIALIZ_BUILDPACKS_DOCKERHUB_USERNAME }} + DOCKERHUB_PASSWORD: ${{ secrets.INITIALIZ_BUILDPACKS_DOCKERHUB_PASSWORD }} + GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }} + run: | + REPOSITORY="${GITHUB_REPOSITORY_OWNER/-/}/${GITHUB_REPOSITORY#${GITHUB_REPOSITORY_OWNER}/}" # translates 'initializ-buildpacks/bundle-install' to 'initializbuildpacks/bundle-install' + IMAGE="index.docker.io/${REPOSITORY}" + echo "${DOCKERHUB_PASSWORD}" | sudo skopeo login --username "${DOCKERHUB_USERNAME}" --password-stdin index.docker.io + sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://${IMAGE}:${{ steps.event.outputs.tag_full }}" + sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://${IMAGE}:${{ steps.event.outputs.tag_minor }}" + sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://${IMAGE}:${{ steps.event.outputs.tag_major }}" + sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://${IMAGE}:latest" + echo "image=${IMAGE}" >> "$GITHUB_OUTPUT" + echo "digest=$(sudo skopeo inspect "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" | jq -r .Digest)" >> "$GITHUB_OUTPUT" + + - name: Register with CNB Registry + uses: docker://ghcr.io/buildpacks/actions/registry/request-add-entry:main + with: + id: ${{ github.repository }} + version: ${{ steps.event.outputs.tag_full }} + address: ${{ steps.push.outputs.image }}@${{ steps.push.outputs.digest }} + token: ${{ secrets.PAT }} failure: name: Alert on Failure @@ -73,15 +75,15 @@ jobs: needs: [push] if: ${{ always() && needs.push.result == 'failure' }} steps: - - name: File Failure Alert Issue - uses: initializ-buildpacks/github-config/actions/issue/file@main - with: - token: ${{ secrets.GITHUB_TOKEN }} - repo: ${{ github.repository }} - label: "failure:push" - comment_if_exists: true - issue_title: "Failure: Push Buildpackage workflow" - issue_body: | - Push Buildpackage workflow [failed](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}). - comment_body: | - Another failure occurred: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}} \ No newline at end of file + - name: File Failure Alert Issue + uses: initializ-buildpacks/github-config/actions/issue/file@main + with: + token: ${{ secrets.GITHUB_TOKEN }} + repo: ${{ github.repository }} + label: "failure:push" + comment_if_exists: true + issue_title: "Failure: Push Buildpackage workflow" + issue_body: | + Push Buildpackage workflow [failed](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}). + comment_body: | + Another failure occurred: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}} diff --git a/.github/workflows/update-github-config.yml b/.github/workflows/update-github-config.yml index a9cc95e..9e36c0d 100644 --- a/.github/workflows/update-github-config.yml +++ b/.github/workflows/update-github-config.yml @@ -2,7 +2,7 @@ name: Update shared github-config on: schedule: - - cron: '27 13 * * *' # daily at 13:27 UTC + - cron: '27 13 * * *' # daily at 13:27 UTC workflow_dispatch: {} concurrency: github_config_update @@ -13,53 +13,53 @@ jobs: runs-on: ubuntu-22.04 steps: - - name: Checkout - uses: actions/checkout@v3 - with: - token: ${{ secrets.PAT }} + - name: Checkout + uses: actions/checkout@v3 + with: + token: ${{ secrets.PAT }} - - name: Checkout github-config - uses: actions/checkout@v3 - with: - repository: initializ-buildpacks/github-config - path: github-config + - name: Checkout github-config + uses: actions/checkout@v3 + with: + repository: initializ-buildpacks/github-config + path: github-config - - name: Checkout Branch - uses: initializ-buildpacks/github-config/actions/pull-request/checkout-branch@main - with: - branch: automations/github-config/update + - name: Checkout Branch + uses: initializ-buildpacks/github-config/actions/pull-request/checkout-branch@main + with: + branch: automations/github-config/update - - name: Run the sync action - uses: initializ-buildpacks/github-config/actions/sync@main - with: - workspace: /github/workspace - config: /github/workspace/github-config/implementation + - name: Run the sync action + uses: initializ-buildpacks/github-config/actions/sync@main + with: + workspace: /github/workspace + config: /github/workspace/github-config/implementation - - name: Cleanup - run: rm -rf github-config + - name: Cleanup + run: rm -rf github-config - - name: Commit - id: commit - uses: initializ-buildpacks/github-config/actions/pull-request/create-commit@main - with: - message: "Updating github-config" - pathspec: "." - keyid: ${{ secrets.INITIALIZ_BOT_GPG_SIGNING_KEY_ID }} - key: ${{ secrets.INITIALIZ_BOT_GPG_SIGNING_KEY }} + - name: Commit + id: commit + uses: initializ-buildpacks/github-config/actions/pull-request/create-commit@main + with: + message: "Updating github-config" + pathspec: "." + keyid: ${{ secrets.INITIALIZ_BOT_GPG_SIGNING_KEY_ID }} + key: ${{ secrets.INITIALIZ_BOT_GPG_SIGNING_KEY }} - - name: Push Branch - if: ${{ steps.commit.outputs.commit_sha != '' }} - uses: initializ-buildpacks/github-config/actions/pull-request/push-branch@main - with: - branch: automations/github-config/update + - name: Push Branch + if: ${{ steps.commit.outputs.commit_sha != '' }} + uses: initializ-buildpacks/github-config/actions/pull-request/push-branch@main + with: + branch: automations/github-config/update - - name: Open Pull Request - if: ${{ steps.commit.outputs.commit_sha != '' }} - uses: initializ-buildpacks/github-config/actions/pull-request/open@main - with: - token: ${{ secrets.PAT }} - title: "Updates github-config" - branch: automations/github-config/update + - name: Open Pull Request + if: ${{ steps.commit.outputs.commit_sha != '' }} + uses: initializ-buildpacks/github-config/actions/pull-request/open@main + with: + token: ${{ secrets.PAT }} + title: "Updates github-config" + branch: automations/github-config/update failure: name: Alert on Failure @@ -67,15 +67,15 @@ jobs: needs: [build] if: ${{ always() && needs.build.result == 'failure' }} steps: - - name: File Failure Alert Issue - uses: initializ-buildpacks/github-config/actions/issue/file@main - with: - token: ${{ secrets.GITHUB_TOKEN }} - repo: ${{ github.repository }} - label: "failure:update-github-config" - comment_if_exists: true - issue_title: "Failure: Update GitHub config workflow" - issue_body: | - Update GitHub config workflow [failed](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}). - comment_body: | - Another failure occurred: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}} \ No newline at end of file + - name: File Failure Alert Issue + uses: initializ-buildpacks/github-config/actions/issue/file@main + with: + token: ${{ secrets.GITHUB_TOKEN }} + repo: ${{ github.repository }} + label: "failure:update-github-config" + comment_if_exists: true + issue_title: "Failure: Update GitHub config workflow" + issue_body: | + Update GitHub config workflow [failed](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}). + comment_body: | + Another failure occurred: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}