Updating github-config

.github/dependabot.yml

@@ -16,3 +16,8 @@ updates:
       update-types:
       - "minor"
       - "patch"
+      exclude-patterns:
+      - "github.com/anchore/stereoscope"
+      - "github.com/testcontainers/testcontainers-go"
+      - "github.com/docker/docker"
+      - "github.com/containerd/containerd"

.github/workflows/create-draft-release.yml

@@ -52,11 +52,9 @@ jobs:
         go-version: 'stable'
     - name: Checkout
       uses: actions/checkout@v3
-    - run: git fetch --depth=1 origin +refs/tags/*:refs/tags/* || true
     - name: Run Integration Tests
-      run: ./scripts/integration.sh --use-token --builder ${{ matrix.builder }}
+      run: ./scripts/integration.sh --builder ${{ matrix.builder }} --token ${{ github.token }}
       env:
-        GIT_TOKEN: ${{ github.token }}
         TMPDIR: "${{ runner.temp }}"
 
   release:
@@ -70,7 +68,8 @@ jobs:
         go-version: 'stable'
     - name: Checkout
       uses: actions/checkout@v3
-    - run: git fetch --depth=1 origin +refs/tags/*:refs/tags/* || true
+      with:
+        fetch-tags: true
     - name: Reset Draft Release
       id: reset
       uses: initializ-buildpacks/github-config/actions/release/reset-draft@main

.github/workflows/lint.yml

@@ -16,7 +16,7 @@ jobs:
     - name: Setup Go
       uses: actions/setup-go@v3
       with:
-        go-version: 1.20.x
+        go-version: 'stable'
 
     - name: Checkout
       uses: actions/checkout@v3

.github/workflows/publish-releases.yml

@@ -0,0 +1,41 @@
+name: Publish Draft Releases
+
+on:
+  workflow_dispatch: {}
+  schedule:
+    - cron: '0 5 * * WED'  # Weekly on Wednesday at 5:00 AM UTC
+
+concurrency:
+  group: publish-release
+
+jobs:
+  publish:
+    name: Publish
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Publish Draft Release With Highest Semantic Version
+        id: drafts
+        env:
+          GITHUB_TOKEN: ${{ secrets.PAT }}
+        uses: initializ-buildpacks/github-config/actions/release/publish-drafts@main
+        with:
+          repo: ${{ github.repository }}
+
+  failure:
+    name: Alert on Failure
+    runs-on: ubuntu-22.04
+    needs: [ publish ]
+    if: ${{ always() && needs.publish.result == 'failure' }}
+    steps:
+      - name: File Failure Alert Issue
+        uses: initializ-buildpacks/github-config/actions/issue/file@main
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          repo: ${{ github.repository }}
+          label: "failure:release"
+          comment_if_exists: true
+          issue_title: "Failure: Publish draft releases"
+          issue_body: |
+            Publish All Draft Releases workflow [failed](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}).
+          comment_body: |
+             Another failure occurred: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}

.github/workflows/push-buildpackage.yml

@@ -5,6 +5,10 @@ on:
     types:
     - published
 
+permissions:
+  id-token: write 
+  contents: read
+
 jobs:
   push:
     name: Push
@@ -39,15 +43,6 @@ jobs:
           exit 1
         fi
 
-    - name: Push to GCR
-      env:
-        GCR_PUSH_BOT_JSON_KEY: ${{ secrets.GCR_PUSH_BOT_JSON_KEY }}
-      run: |
-        echo "${GCR_PUSH_BOT_JSON_KEY}" | sudo skopeo login --username _json_key --password-stdin gcr.io
-        sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://gcr.io/${{ github.repository }}:${{ steps.event.outputs.tag_full }}"
-        sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://gcr.io/${{ github.repository }}:${{ steps.event.outputs.tag_minor }}"
-        sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://gcr.io/${{ github.repository }}:${{ steps.event.outputs.tag_major }}"
-        sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://gcr.io/${{ github.repository }}:latest"
 
     - name: Push to DockerHub
       id: push

.github/workflows/test-pull-request.yml

@@ -54,12 +54,9 @@ jobs:
     - name: Checkout
       uses: actions/checkout@v3
 
-    - run: git fetch --depth=1 origin +refs/tags/*:refs/tags/* || true
-
     - name: Run Integration Tests
-      run: ./scripts/integration.sh --use-token --builder ${{ matrix.builder }}
+      run: ./scripts/integration.sh --builder ${{ matrix.builder }} --token ${{ github.token }}
       env:
-        GIT_TOKEN: ${{ github.token }}
         TMPDIR: "${{ runner.temp }}"
 
   roundup:

.github/workflows/update-github-config.yml

@@ -27,7 +27,7 @@ jobs:
     - name: Checkout Branch
       uses: initializ-buildpacks/github-config/actions/pull-request/checkout-branch@main
       with:
-        branch: automation/github-config/update
+        branch: automations/github-config/update
 
     - name: Run the sync action
       uses: initializ-buildpacks/github-config/actions/sync@main
@@ -51,15 +51,15 @@ jobs:
       if: ${{ steps.commit.outputs.commit_sha != '' }}
       uses: initializ-buildpacks/github-config/actions/pull-request/push-branch@main
       with:
-        branch: automation/github-config/update
+        branch: automations/github-config/update
 
     - name: Open Pull Request
       if: ${{ steps.commit.outputs.commit_sha != '' }}
       uses: initializ-buildpacks/github-config/actions/pull-request/open@main
       with:
         token: ${{ secrets.PAT }}
         title: "Updates github-config"
-        branch: automation/github-config/update
+        branch: automations/github-config/update
 
   failure:
     name: Alert on Failure

.github/workflows/update-go-mod-version.yml

@@ -0,0 +1,93 @@
+name: Update Go version
+
+on:
+  schedule:
+    - cron: '48 4 * * MON'  # every monday at 4:48 UTC
+  workflow_dispatch:
+
+concurrency: update-go
+
+jobs:
+  update-go:
+    name: Update go toolchain in go.mod
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: Checkout PR Branch
+        uses: initializ-buildpacks/github-config/actions/pull-request/checkout-branch@main
+        with:
+          branch: automations/go-mod-update/update-main
+      - name: Setup Go
+        id: setup-go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 'stable'
+      - name: Get current go toolchain version
+        id: current-go-version
+        uses: initializ-buildpacks/github-config/actions/update-go-mod-version@main
+        with:
+          go-version: ${{ steps.setup-go.outputs.go-version }}
+      - name: Go mod tidy
+        run: |
+          #!/usr/bin/env bash
+          set -euo pipefail
+          shopt -s inherit_errexit
+
+          echo "Before running go mod tidy"
+          echo "head -n10 go.mod "
+          head -n10 go.mod
+
+          echo "git diff"
+          git diff
+
+          echo "Running go mod tidy"
+          go mod tidy
+
+          echo "After running go mod tidy"
+          echo "head -n10 go.mod "
+          head -n10 go.mod
+
+          echo "git diff"
+          git diff
+      - name: Commit
+        id: commit
+        uses: initializ-buildpacks/github-config/actions/pull-request/create-commit@main
+        with:
+          message: "Updates go mod version to ${{ steps.setup-go.outputs.go-version }}"
+          pathspec: "."
+          keyid: ${{ secrets.INITIALIZ_BOT_GPG_SIGNING_KEY_ID }}
+          key: ${{ secrets.INITIALIZ_BOT_GPG_SIGNING_KEY }}
+
+      - name: Push Branch
+        if: ${{ steps.commit.outputs.commit_sha != '' }}
+        uses: initializ-buildpacks/github-config/actions/pull-request/push-branch@main
+        with:
+          branch: automations/go-mod-update/update-main
+
+      - name: Open Pull Request
+        if: ${{ steps.commit.outputs.commit_sha != '' }}
+        uses: initializ-buildpacks/github-config/actions/pull-request/open@main
+        with:
+          token: ${{ secrets.PAT }}
+          title: "Updates go mod version to ${{ steps.setup-go.outputs.go-version }}"
+          branch: automations/go-mod-update/update-main
+
+  failure:
+    name: Alert on Failure
+    runs-on: ubuntu-22.04
+    needs: [update-go]
+    if: ${{ always() && needs.update-go.result == 'failure' }}
+    steps:
+      - name: File Failure Alert Issue
+        uses: initializ-buildpacks/github-config/actions/issue/file@main
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          repo: ${{ github.repository }}
+          label: "failure:update-go-version"
+          comment_if_exists: true
+          issue_title: "Failure: Update Go Mod Version workflow"
+          issue_body: |
+            Update Go Mod Version workflow [failed](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}).
+          comment_body: |
+            Another failure occurred: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}

scripts/.util/builders.sh

@@ -19,7 +19,7 @@ function util::builders::list() {
 
   if [[ -z "${builders}" ]]; then
     util::print::info "No builders specified. Falling back to default builder..."
-    builders="$(jq --compact-output --null-input '["index.docker.io/paketobuildpacks/builder-jammy-full:latest"]')"
+    builders="$(jq --compact-output --null-input '["index.docker.io/initializbuildpacks/securepacks-initzbuilder:latest"]')"
   fi
 
   echo "${builders}"

scripts/.util/tools.json

@@ -1,5 +1,5 @@
 {
-  "createpackage": "v1.67.2",
-  "jam": "v2.6.0",
-  "pack": "v0.34.2"
+  "createpackage": "v1.70.0",
+  "jam": "v2.7.2",
+  "pack": "v0.35.0"
 }

scripts/.util/tools.sh

@@ -135,6 +135,13 @@ function util::tools::pack::install() {
 
     version="$(jq -r .pack "$(dirname "${BASH_SOURCE[0]}")/tools.json")"
 
+    local pack_config_enable_experimental
+    if [ -f "$(dirname "${BASH_SOURCE[0]}")/../options.json" ]; then
+      pack_config_enable_experimental="$(jq -r .pack_config_enable_experimental "$(dirname "${BASH_SOURCE[0]}")/../options.json")"
+    else
+      pack_config_enable_experimental="false"
+    fi
+
     tmp_location="/tmp/pack.tgz"
     curl_args=(
       "--fail"
@@ -158,6 +165,10 @@ function util::tools::pack::install() {
     tar xzf "${tmp_location}" -C "${dir}"
     chmod +x "${dir}/pack"
 
+    if [[ "${pack_config_enable_experimental}" == "true" ]]; then
+      "${dir}"/pack config experimental true
+    fi
+
     rm "${tmp_location}"
   else
     util::print::info "Using pack $("${dir}"/pack version)"
@@ -224,4 +235,4 @@ function util::tools::tests::checkfocus() {
     util::print::success "** GO Test Succeeded **" 197
   fi
   rm "${testout}"
-}
+}

scripts/build.sh

@@ -56,7 +56,15 @@ function run::build() {
 
       echo "Success!"
 
-      for name in detect build; do
+      names=("detect")
+
+      if [ -f "${BUILDPACKDIR}/extension.toml" ]; then
+        names+=("generate")
+      else
+        names+=("build")
+      fi
+
+      for name in "${names[@]}"; do
         printf "%s" "Linking ${name}... "
 
         ln -sf "run" "${name}"
@@ -73,18 +81,22 @@ function cmd::build() {
     for src in "${BUILDPACKDIR}"/cmd/*; do
       name="$(basename "${src}")"
 
-      printf "%s" "Building ${name}... "
+      if [[ -f "${src}/main.go" ]]; then
+        printf "%s" "Building ${name}... "
 
-      GOOS="linux" \
-      CGO_ENABLED=0 \
-        go build \
-          -ldflags="-s -w" \
-          -o "${BUILDPACKDIR}/bin/${name}" \
-            "${src}/main.go"
+        GOOS="linux" \
+        CGO_ENABLED=0 \
+          go build \
+            -ldflags="-s -w" \
+            -o "${BUILDPACKDIR}/bin/${name}" \
+              "${src}/main.go"
 
-      echo "Success!"
+        echo "Success!"
+      else
+        printf "%s" "Skipping ${name}... "
+      fi
     done
   fi
 }
 
-main "${@:-}"
+main "${@:-}"