diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 1f5b215..bf99f0e 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -16,3 +16,8 @@ updates: update-types: - "minor" - "patch" + exclude-patterns: + - "github.com/anchore/stereoscope" + - "github.com/testcontainers/testcontainers-go" + - "github.com/docker/docker" + - "github.com/containerd/containerd" diff --git a/.github/workflows/create-draft-release.yml b/.github/workflows/create-draft-release.yml index 9011308..b5a6009 100644 --- a/.github/workflows/create-draft-release.yml +++ b/.github/workflows/create-draft-release.yml @@ -52,11 +52,9 @@ jobs: go-version: 'stable' - name: Checkout uses: actions/checkout@v3 - - run: git fetch --depth=1 origin +refs/tags/*:refs/tags/* || true - name: Run Integration Tests - run: ./scripts/integration.sh --use-token --builder ${{ matrix.builder }} + run: ./scripts/integration.sh --builder ${{ matrix.builder }} --token ${{ github.token }} env: - GIT_TOKEN: ${{ github.token }} TMPDIR: "${{ runner.temp }}" release: @@ -70,7 +68,8 @@ jobs: go-version: 'stable' - name: Checkout uses: actions/checkout@v3 - - run: git fetch --depth=1 origin +refs/tags/*:refs/tags/* || true + with: + fetch-tags: true - name: Reset Draft Release id: reset uses: initializ-buildpacks/github-config/actions/release/reset-draft@main diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 130481f..d100818 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -16,7 +16,7 @@ jobs: - name: Setup Go uses: actions/setup-go@v3 with: - go-version: 1.20.x + go-version: 'stable' - name: Checkout uses: actions/checkout@v3 diff --git a/.github/workflows/publish-releases.yml b/.github/workflows/publish-releases.yml new file mode 100644 index 0000000..4f85719 --- /dev/null +++ b/.github/workflows/publish-releases.yml @@ -0,0 +1,41 @@ +name: Publish Draft Releases + +on: + workflow_dispatch: {} + schedule: + - cron: '0 5 * * WED' # Weekly on Wednesday at 5:00 AM UTC + +concurrency: + group: publish-release + +jobs: + publish: + name: Publish + runs-on: ubuntu-22.04 + steps: + - name: Publish Draft Release With Highest Semantic Version + id: drafts + env: + GITHUB_TOKEN: ${{ secrets.PAT }} + uses: initializ-buildpacks/github-config/actions/release/publish-drafts@main + with: + repo: ${{ github.repository }} + + failure: + name: Alert on Failure + runs-on: ubuntu-22.04 + needs: [ publish ] + if: ${{ always() && needs.publish.result == 'failure' }} + steps: + - name: File Failure Alert Issue + uses: initializ-buildpacks/github-config/actions/issue/file@main + with: + token: ${{ secrets.GITHUB_TOKEN }} + repo: ${{ github.repository }} + label: "failure:release" + comment_if_exists: true + issue_title: "Failure: Publish draft releases" + issue_body: | + Publish All Draft Releases workflow [failed](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}). + comment_body: | + Another failure occurred: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}} \ No newline at end of file diff --git a/.github/workflows/push-buildpackage.yml b/.github/workflows/push-buildpackage.yml index 1db4316..cc84878 100644 --- a/.github/workflows/push-buildpackage.yml +++ b/.github/workflows/push-buildpackage.yml @@ -5,6 +5,10 @@ on: types: - published +permissions: + id-token: write + contents: read + jobs: push: name: Push @@ -39,15 +43,6 @@ jobs: exit 1 fi - - name: Push to GCR - env: - GCR_PUSH_BOT_JSON_KEY: ${{ secrets.GCR_PUSH_BOT_JSON_KEY }} - run: | - echo "${GCR_PUSH_BOT_JSON_KEY}" | sudo skopeo login --username _json_key --password-stdin gcr.io - sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://gcr.io/${{ github.repository }}:${{ steps.event.outputs.tag_full }}" - sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://gcr.io/${{ github.repository }}:${{ steps.event.outputs.tag_minor }}" - sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://gcr.io/${{ github.repository }}:${{ steps.event.outputs.tag_major }}" - sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://gcr.io/${{ github.repository }}:latest" - name: Push to DockerHub id: push diff --git a/.github/workflows/test-pull-request.yml b/.github/workflows/test-pull-request.yml index cea4d3a..6574ff7 100644 --- a/.github/workflows/test-pull-request.yml +++ b/.github/workflows/test-pull-request.yml @@ -54,12 +54,9 @@ jobs: - name: Checkout uses: actions/checkout@v3 - - run: git fetch --depth=1 origin +refs/tags/*:refs/tags/* || true - - name: Run Integration Tests - run: ./scripts/integration.sh --use-token --builder ${{ matrix.builder }} + run: ./scripts/integration.sh --builder ${{ matrix.builder }} --token ${{ github.token }} env: - GIT_TOKEN: ${{ github.token }} TMPDIR: "${{ runner.temp }}" roundup: diff --git a/.github/workflows/update-github-config.yml b/.github/workflows/update-github-config.yml index 0807300..9e36c0d 100644 --- a/.github/workflows/update-github-config.yml +++ b/.github/workflows/update-github-config.yml @@ -27,7 +27,7 @@ jobs: - name: Checkout Branch uses: initializ-buildpacks/github-config/actions/pull-request/checkout-branch@main with: - branch: automation/github-config/update + branch: automations/github-config/update - name: Run the sync action uses: initializ-buildpacks/github-config/actions/sync@main @@ -51,7 +51,7 @@ jobs: if: ${{ steps.commit.outputs.commit_sha != '' }} uses: initializ-buildpacks/github-config/actions/pull-request/push-branch@main with: - branch: automation/github-config/update + branch: automations/github-config/update - name: Open Pull Request if: ${{ steps.commit.outputs.commit_sha != '' }} @@ -59,7 +59,7 @@ jobs: with: token: ${{ secrets.PAT }} title: "Updates github-config" - branch: automation/github-config/update + branch: automations/github-config/update failure: name: Alert on Failure diff --git a/.github/workflows/update-go-mod-version.yml b/.github/workflows/update-go-mod-version.yml new file mode 100644 index 0000000..26ae0ee --- /dev/null +++ b/.github/workflows/update-go-mod-version.yml @@ -0,0 +1,93 @@ +name: Update Go version + +on: + schedule: + - cron: '48 4 * * MON' # every monday at 4:48 UTC + workflow_dispatch: + +concurrency: update-go + +jobs: + update-go: + name: Update go toolchain in go.mod + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v4 + - name: Checkout PR Branch + uses: initializ-buildpacks/github-config/actions/pull-request/checkout-branch@main + with: + branch: automations/go-mod-update/update-main + - name: Setup Go + id: setup-go + uses: actions/setup-go@v5 + with: + go-version: 'stable' + - name: Get current go toolchain version + id: current-go-version + uses: initializ-buildpacks/github-config/actions/update-go-mod-version@main + with: + go-version: ${{ steps.setup-go.outputs.go-version }} + - name: Go mod tidy + run: | + #!/usr/bin/env bash + set -euo pipefail + shopt -s inherit_errexit + + echo "Before running go mod tidy" + echo "head -n10 go.mod " + head -n10 go.mod + + echo "git diff" + git diff + + echo "Running go mod tidy" + go mod tidy + + echo "After running go mod tidy" + echo "head -n10 go.mod " + head -n10 go.mod + + echo "git diff" + git diff + - name: Commit + id: commit + uses: initializ-buildpacks/github-config/actions/pull-request/create-commit@main + with: + message: "Updates go mod version to ${{ steps.setup-go.outputs.go-version }}" + pathspec: "." + keyid: ${{ secrets.INITIALIZ_BOT_GPG_SIGNING_KEY_ID }} + key: ${{ secrets.INITIALIZ_BOT_GPG_SIGNING_KEY }} + + - name: Push Branch + if: ${{ steps.commit.outputs.commit_sha != '' }} + uses: initializ-buildpacks/github-config/actions/pull-request/push-branch@main + with: + branch: automations/go-mod-update/update-main + + - name: Open Pull Request + if: ${{ steps.commit.outputs.commit_sha != '' }} + uses: initializ-buildpacks/github-config/actions/pull-request/open@main + with: + token: ${{ secrets.PAT }} + title: "Updates go mod version to ${{ steps.setup-go.outputs.go-version }}" + branch: automations/go-mod-update/update-main + + failure: + name: Alert on Failure + runs-on: ubuntu-22.04 + needs: [update-go] + if: ${{ always() && needs.update-go.result == 'failure' }} + steps: + - name: File Failure Alert Issue + uses: initializ-buildpacks/github-config/actions/issue/file@main + with: + token: ${{ secrets.GITHUB_TOKEN }} + repo: ${{ github.repository }} + label: "failure:update-go-version" + comment_if_exists: true + issue_title: "Failure: Update Go Mod Version workflow" + issue_body: | + Update Go Mod Version workflow [failed](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}). + comment_body: | + Another failure occurred: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}} \ No newline at end of file diff --git a/scripts/.util/builders.sh b/scripts/.util/builders.sh index 7bcd24f..fd2a9b3 100644 --- a/scripts/.util/builders.sh +++ b/scripts/.util/builders.sh @@ -19,7 +19,7 @@ function util::builders::list() { if [[ -z "${builders}" ]]; then util::print::info "No builders specified. Falling back to default builder..." - builders="$(jq --compact-output --null-input '["index.docker.io/paketobuildpacks/builder-jammy-full:latest"]')" + builders="$(jq --compact-output --null-input '["index.docker.io/initializbuildpacks/securepacks-initzbuilder:latest"]')" fi echo "${builders}" diff --git a/scripts/.util/git.sh b/scripts/.util/git.sh deleted file mode 100644 index 71965bc..0000000 --- a/scripts/.util/git.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env bash - -set -eu -set -o pipefail - -# shellcheck source=SCRIPTDIR/print.sh -source "$(dirname "${BASH_SOURCE[0]}")/print.sh" - -function util::git::token::fetch() { - if [[ -z "${GIT_TOKEN:-""}" ]]; then - util::print::title "Fetching GIT_TOKEN" - - GIT_TOKEN="$( - lpass show Shared-CF\ Buildpacks/concourse-private.yml \ - | grep buildpacks-github-token \ - | cut -d ' ' -f 2 - )" - fi - - printf "%s" "${GIT_TOKEN}" -} diff --git a/scripts/.util/tools.json b/scripts/.util/tools.json index ff08070..024a05f 100644 --- a/scripts/.util/tools.json +++ b/scripts/.util/tools.json @@ -1,5 +1,5 @@ { - "createpackage": "v1.67.2", - "jam": "v2.6.0", - "pack": "v0.34.2" + "createpackage": "v1.70.0", + "jam": "v2.7.2", + "pack": "v0.35.0" } diff --git a/scripts/.util/tools.sh b/scripts/.util/tools.sh index 35addb0..547808d 100644 --- a/scripts/.util/tools.sh +++ b/scripts/.util/tools.sh @@ -135,6 +135,13 @@ function util::tools::pack::install() { version="$(jq -r .pack "$(dirname "${BASH_SOURCE[0]}")/tools.json")" + local pack_config_enable_experimental + if [ -f "$(dirname "${BASH_SOURCE[0]}")/../options.json" ]; then + pack_config_enable_experimental="$(jq -r .pack_config_enable_experimental "$(dirname "${BASH_SOURCE[0]}")/../options.json")" + else + pack_config_enable_experimental="false" + fi + tmp_location="/tmp/pack.tgz" curl_args=( "--fail" @@ -158,6 +165,10 @@ function util::tools::pack::install() { tar xzf "${tmp_location}" -C "${dir}" chmod +x "${dir}/pack" + if [[ "${pack_config_enable_experimental}" == "true" ]]; then + "${dir}"/pack config experimental true + fi + rm "${tmp_location}" else util::print::info "Using pack $("${dir}"/pack version)" @@ -224,4 +235,4 @@ function util::tools::tests::checkfocus() { util::print::success "** GO Test Succeeded **" 197 fi rm "${testout}" -} +} \ No newline at end of file diff --git a/scripts/build.sh b/scripts/build.sh index a3e1d3d..f603604 100755 --- a/scripts/build.sh +++ b/scripts/build.sh @@ -56,7 +56,15 @@ function run::build() { echo "Success!" - for name in detect build; do + names=("detect") + + if [ -f "${BUILDPACKDIR}/extension.toml" ]; then + names+=("generate") + else + names+=("build") + fi + + for name in "${names[@]}"; do printf "%s" "Linking ${name}... " ln -sf "run" "${name}" @@ -73,18 +81,22 @@ function cmd::build() { for src in "${BUILDPACKDIR}"/cmd/*; do name="$(basename "${src}")" - printf "%s" "Building ${name}... " + if [[ -f "${src}/main.go" ]]; then + printf "%s" "Building ${name}... " - GOOS="linux" \ - CGO_ENABLED=0 \ - go build \ - -ldflags="-s -w" \ - -o "${BUILDPACKDIR}/bin/${name}" \ - "${src}/main.go" + GOOS="linux" \ + CGO_ENABLED=0 \ + go build \ + -ldflags="-s -w" \ + -o "${BUILDPACKDIR}/bin/${name}" \ + "${src}/main.go" - echo "Success!" + echo "Success!" + else + printf "%s" "Skipping ${name}... " + fi done fi } -main "${@:-}" +main "${@:-}" \ No newline at end of file diff --git a/scripts/integration.sh b/scripts/integration.sh index 13a5635..46ffbdb 100755 --- a/scripts/integration.sh +++ b/scripts/integration.sh @@ -12,22 +12,16 @@ source "${PROGDIR}/.util/tools.sh" # shellcheck source=SCRIPTDIR/.util/print.sh source "${PROGDIR}/.util/print.sh" -# shellcheck source=SCRIPTDIR/.util/git.sh -source "${PROGDIR}/.util/git.sh" - # shellcheck source=SCRIPTDIR/.util/builders.sh source "${PROGDIR}/.util/builders.sh" function main() { - local builderArray + local builderArray token builderArray=() + token="" + while [[ "${#}" != 0 ]]; do case "${1}" in - --use-token|-t) - shift 1 - token::fetch - ;; - --help|-h) shift 1 usage @@ -39,6 +33,11 @@ function main() { shift 2 ;; + --token|-t) + token="${2}" + shift 2 + ;; + "") # skip if the argument is empty shift 1 @@ -53,7 +52,7 @@ function main() { util::print::warn "** WARNING No Integration tests **" fi - tools::install "${GIT_TOKEN:-}" + tools::install "${token}" if [ ${#builderArray[@]} -eq 0 ]; then util::print::title "No builders provided. Finding builders in integration.json..." @@ -93,9 +92,9 @@ Runs the integration test suite. OPTIONS --help -h prints the command usage - --use-token -t use GIT_TOKEN from lastpass --builder -b sets the name of the builder(s) that are pulled / used for testing. Defaults to "builders" array in integration.json, if present. + --token Token used to download assets from GitHub (e.g. jam, pack, etc) (optional) USAGE } @@ -144,11 +143,6 @@ function builder_images::pull() { docker pull "${lifecycle_image}" } -function token::fetch() { - GIT_TOKEN="$(util::git::token::fetch)" - export GIT_TOKEN -} - function tests::run() { util::print::title "Run Buildpack Runtime Integration Tests" util::print::info "Using ${1} as builder..." diff --git a/scripts/package.sh b/scripts/package.sh index d58f61c..916363e 100755 --- a/scripts/package.sh +++ b/scripts/package.sh @@ -64,20 +64,25 @@ function main { tools::install "${token}" - buildpack::archive "${version}" - buildpackage::create "${output}" + buildpack_type=buildpack + if [ -f "${ROOT_DIR}/extension.toml" ]; then + buildpack_type=extension + fi + + buildpack::archive "${version}" "${buildpack_type}" + buildpackage::create "${output}" "${buildpack_type}" } function usage() { cat <<-USAGE package.sh --version [OPTIONS] -Packages the buildpack into a buildpackage .cnb file. +Packages a buildpack or an extension into a buildpackage .cnb file. OPTIONS --help -h prints the command usage - --version -v specifies the version number to use when packaging the buildpack - --output -o location to output the packaged buildpackage artifact (default: ${ROOT_DIR}/build/buildpackage.cnb) + --version -v specifies the version number to use when packaging a buildpack or an extension + --output -o location to output the packaged buildpackage or extension artifact (default: ${ROOT_DIR}/build/buildpackage.cnb) --token Token used to download assets from GitHub (e.g. jam, pack, etc) (optional) USAGE } @@ -114,8 +119,9 @@ function tools::install() { function buildpack::archive() { local version version="${1}" + buildpack_type="${2}" - util::print::title "Packaging buildpack into ${BUILD_DIR}/buildpack.tgz..." + util::print::title "Packaging ${buildpack_type} into ${BUILD_DIR}/buildpack.tgz..." if [[ -f "${ROOT_DIR}/.libbuildpack" ]]; then packager \ @@ -125,7 +131,7 @@ function buildpack::archive() { "${BUILD_DIR}/buildpack" else jam pack \ - --buildpack "${ROOT_DIR}/buildpack.toml" \ + "--${buildpack_type}" "${ROOT_DIR}/${buildpack_type}.toml"\ --version "${version}" \ --output "${BUILD_DIR}/buildpack.tgz" fi @@ -134,13 +140,30 @@ function buildpack::archive() { function buildpackage::create() { local output output="${1}" + buildpack_type="${2}" + + util::print::title "Packaging ${buildpack_type}... ${output}" - util::print::title "Packaging buildpack..." + if [ "$buildpack_type" == "extension" ]; then + cwd=$(pwd) + cd ${BUILD_DIR} + mkdir cnbdir + cd cnbdir + cp ../buildpack.tgz . + tar -xvf buildpack.tgz + rm buildpack.tgz - pack \ - buildpack package "${output}" \ - --path "${BUILD_DIR}/buildpack.tgz" \ - --format file + pack \ + extension package "${output}" \ + --format file + + cd $cwd + else + pack \ + buildpack package "${output}" \ + --path "${BUILD_DIR}/buildpack.tgz" \ + --format file + fi } -main "${@:-}" +main "${@:-}" \ No newline at end of file