Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use cloudsmith action 0.5.4 -> 0.6.10, new builder hosted by ghcr.io #4789

Merged
merged 2 commits into from
Jun 18, 2024
Merged

Use cloudsmith action 0.5.4 -> 0.6.10, new builder hosted by ghcr.io #4789

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
40a63de
Use cloudsmith action 0.5.4 -> 0.6.10, new builder hosted by ghcr.io
Nuru Jun 18, 2024
2322e89
[no ci] Remove erroneous branch-ignore
Nuru Jun 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 21 additions & 19 deletions .github/package-template.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,14 @@ on:
- rpm/**
- tasks/**
- vendor/%PACKAGE_NAME%/**
- .github/workflows/%PACKAGE_NAME%.yml
# Do not automatically trigger a build when the workflow file is changed, because we often make mass updates.
# If we need to run all the workflows, we can just uncomment the line below and make new workflows.
# - .github/workflows/%PACKAGE_NAME%.yml


pull_request:
types: [opened, synchronize, reopened]
# Include '[no ci]' in the commit message to keep the workflow from running on that commit in the PR.
paths:
- apk/**
- deb/**
Expand All @@ -31,7 +34,6 @@ on:
- vendor/%PACKAGE_NAME%/**
- .github/workflows/%PACKAGE_NAME%.yml

#bridgecrew:skip=BC_REPO_GITHUB_ACTION_7:The whole point of the workflow dispatch is to feed in a version
workflow_dispatch:
inputs:
package_version_override:
Expand All @@ -47,6 +49,12 @@ env:
%PACKAGE_NAME%_VERSION: ${{ inputs.package_version_override }}
%PACKAGE_NAME%_RELEASE: ${{ inputs.release_number_override }}

permissions:
contents: read
packages: write
attestations: write
id-token: write

jobs:
# Mergify cannot distinguish between 2 jobs with the same name run from different workflows,
# so each job must have a unique name for the rules to work properly.
Expand Down Expand Up @@ -76,7 +84,7 @@ jobs:


# Build for alpine linux
# Kept separate because it is old and slightly different than the other package builds
# Kept separate because it is old and slightly different from the other package builds
alpine-%PACKAGE_JSON_NAME%:
needs: matrix-%PACKAGE_JSON_NAME%
if: github.event_name != 'schedule' && needs.matrix-%PACKAGE_JSON_NAME%.outputs.apk-enabled != 'false'
Expand All @@ -96,10 +104,10 @@ jobs:
PACKAGER_PUBKEY: ${{github.workspace}}/artifacts/[email protected]

container:
image: cloudposse/packages-apkbuild:${{matrix.alpine}}
image: ghcr.io/cloudposse/packages-apkbuild:${{matrix.alpine}}
credentials:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
username: ${{ github.actor }}
password: "${{ secrets.GITHUB_TOKEN }}"

steps:
# Checkout the packages repo so we can build the packages as a monorepo
Expand All @@ -118,17 +126,14 @@ jobs:
- name: "List packages"
run: 'find ${APK_PACKAGES_PATH} -type f -name \*.apk | xargs --no-run-if-empty ls -l | grep .'

# Export the artifact filename including path
# Path must be relative to workdir for Cloudsmith action to be able to find it
# Export the artifact filename including path.
# Path must be relative to workdir for Cloudsmith action to be able to find it.
- name: "Set output path to artifact"
id: artifact
shell: bash
run: |
artifact=$(find artifacts/${{matrix.alpine}} -type f -name \*.apk)
echo "path=$artifact" | tee -a $GITHUB_OUTPUT
echo creating '"pip"' cache directory for Cloudsmith
mkdir -p $HOME/.cache/pip && chmod -R 777 $HOME/.cache || echo Ignoring error creating '"pip"' cache directory


# Determine which package organization we should use (e.g. dev or prod)
- name: "Determine package repo"
Expand All @@ -145,7 +150,7 @@ jobs:

# Publish the artifacts
- name: "Push artifact to package repository"
uses: cloudsmith-io/action@v0.5.4
uses: cloudsmith-io/action@v0.6.10
with:
api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
command: 'push'
Expand Down Expand Up @@ -199,10 +204,10 @@ jobs:

# Unfortunately, there is no reasonable way to configure the docker image tag based on the package-type
container:
image: cloudposse/packages-${{matrix.package-type}}build:latest
image: ghcr.io/cloudposse/packages-${{matrix.package-type}}build:latest
credentials:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
username: "${{ github.actor }}"
password: "${{ secrets.GITHUB_TOKEN }}"

steps:
# Checkout the packages repo so we can build the packages as a monorepo
Expand Down Expand Up @@ -232,9 +237,6 @@ jobs:
echo "setting output"
echo "path=$packages" | tee -a $GITHUB_OUTPUT

echo creating '"pip"' cache directory for Cloudsmith
mkdir -p $HOME/.cache/pip && chmod -R 777 $HOME/.cache || echo Ignoring error creating '"pip"' cache directory

# Determine which package organization we should use (e.g. dev or prod)
- name: "Determine package repo"
shell: bash
Expand All @@ -250,7 +252,7 @@ jobs:

# Publish the artifacts
- name: "Push artifact to package repository"
uses: cloudsmith-io/action@v0.5.4
uses: cloudsmith-io/action@v0.6.10
with:
api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
command: 'push'
Expand Down
40 changes: 21 additions & 19 deletions .github/workflows/amazon-ecr-credential-helper.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,14 @@ on:
- rpm/**
- tasks/**
- vendor/amazon-ecr-credential-helper/**
- .github/workflows/amazon-ecr-credential-helper.yml
# Do not automatically trigger a build when the workflow file is changed, because we often make mass updates.
# If we need to run all the workflows, we can just uncomment the line below and make new workflows.
# - .github/workflows/amazon-ecr-credential-helper.yml


pull_request:
types: [opened, synchronize, reopened]
# Include '[no ci]' in the commit message to keep the workflow from running on that commit in the PR.
paths:
- apk/**
- deb/**
Expand All @@ -31,7 +34,6 @@ on:
- vendor/amazon-ecr-credential-helper/**
- .github/workflows/amazon-ecr-credential-helper.yml

#bridgecrew:skip=BC_REPO_GITHUB_ACTION_7:The whole point of the workflow dispatch is to feed in a version
workflow_dispatch:
inputs:
package_version_override:
Expand All @@ -47,6 +49,12 @@ env:
amazon-ecr-credential-helper_VERSION: ${{ inputs.package_version_override }}
amazon-ecr-credential-helper_RELEASE: ${{ inputs.release_number_override }}

permissions:
contents: read
packages: write
attestations: write
id-token: write

jobs:
# Mergify cannot distinguish between 2 jobs with the same name run from different workflows,
# so each job must have a unique name for the rules to work properly.
Expand Down Expand Up @@ -76,7 +84,7 @@ jobs:


# Build for alpine linux
# Kept separate because it is old and slightly different than the other package builds
# Kept separate because it is old and slightly different from the other package builds
alpine-amazon-ecr-credential-helper:
needs: matrix-amazon-ecr-credential-helper
if: github.event_name != 'schedule' && needs.matrix-amazon-ecr-credential-helper.outputs.apk-enabled != 'false'
Expand All @@ -96,10 +104,10 @@ jobs:
PACKAGER_PUBKEY: ${{github.workspace}}/artifacts/[email protected]

container:
image: cloudposse/packages-apkbuild:${{matrix.alpine}}
image: ghcr.io/cloudposse/packages-apkbuild:${{matrix.alpine}}
credentials:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
username: ${{ github.actor }}
password: "${{ secrets.GITHUB_TOKEN }}"

steps:
# Checkout the packages repo so we can build the packages as a monorepo
Expand All @@ -118,17 +126,14 @@ jobs:
- name: "List packages"
run: 'find ${APK_PACKAGES_PATH} -type f -name \*.apk | xargs --no-run-if-empty ls -l | grep .'

# Export the artifact filename including path
# Path must be relative to workdir for Cloudsmith action to be able to find it
# Export the artifact filename including path.
# Path must be relative to workdir for Cloudsmith action to be able to find it.
- name: "Set output path to artifact"
id: artifact
shell: bash
run: |
artifact=$(find artifacts/${{matrix.alpine}} -type f -name \*.apk)
echo "path=$artifact" | tee -a $GITHUB_OUTPUT
echo creating '"pip"' cache directory for Cloudsmith
mkdir -p $HOME/.cache/pip && chmod -R 777 $HOME/.cache || echo Ignoring error creating '"pip"' cache directory


# Determine which package organization we should use (e.g. dev or prod)
- name: "Determine package repo"
Expand All @@ -145,7 +150,7 @@ jobs:

# Publish the artifacts
- name: "Push artifact to package repository"
uses: cloudsmith-io/action@v0.5.4
uses: cloudsmith-io/action@v0.6.10
with:
api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
command: 'push'
Expand Down Expand Up @@ -199,10 +204,10 @@ jobs:

# Unfortunately, there is no reasonable way to configure the docker image tag based on the package-type
container:
image: cloudposse/packages-${{matrix.package-type}}build:latest
image: ghcr.io/cloudposse/packages-${{matrix.package-type}}build:latest
credentials:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
username: "${{ github.actor }}"
password: "${{ secrets.GITHUB_TOKEN }}"

steps:
# Checkout the packages repo so we can build the packages as a monorepo
Expand Down Expand Up @@ -232,9 +237,6 @@ jobs:
echo "setting output"
echo "path=$packages" | tee -a $GITHUB_OUTPUT

echo creating '"pip"' cache directory for Cloudsmith
mkdir -p $HOME/.cache/pip && chmod -R 777 $HOME/.cache || echo Ignoring error creating '"pip"' cache directory

# Determine which package organization we should use (e.g. dev or prod)
- name: "Determine package repo"
shell: bash
Expand All @@ -250,7 +252,7 @@ jobs:

# Publish the artifacts
- name: "Push artifact to package repository"
uses: cloudsmith-io/action@v0.5.4
uses: cloudsmith-io/action@v0.6.10
with:
api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
command: 'push'
Expand Down
40 changes: 21 additions & 19 deletions .github/workflows/amtool.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,14 @@ on:
- rpm/**
- tasks/**
- vendor/amtool/**
- .github/workflows/amtool.yml
# Do not automatically trigger a build when the workflow file is changed, because we often make mass updates.
# If we need to run all the workflows, we can just uncomment the line below and make new workflows.
# - .github/workflows/amtool.yml


pull_request:
types: [opened, synchronize, reopened]
# Include '[no ci]' in the commit message to keep the workflow from running on that commit in the PR.
paths:
- apk/**
- deb/**
Expand All @@ -31,7 +34,6 @@ on:
- vendor/amtool/**
- .github/workflows/amtool.yml

#bridgecrew:skip=BC_REPO_GITHUB_ACTION_7:The whole point of the workflow dispatch is to feed in a version
workflow_dispatch:
inputs:
package_version_override:
Expand All @@ -47,6 +49,12 @@ env:
amtool_VERSION: ${{ inputs.package_version_override }}
amtool_RELEASE: ${{ inputs.release_number_override }}

permissions:
contents: read
packages: write
attestations: write
id-token: write

jobs:
# Mergify cannot distinguish between 2 jobs with the same name run from different workflows,
# so each job must have a unique name for the rules to work properly.
Expand Down Expand Up @@ -76,7 +84,7 @@ jobs:


# Build for alpine linux
# Kept separate because it is old and slightly different than the other package builds
# Kept separate because it is old and slightly different from the other package builds
alpine-amtool:
needs: matrix-amtool
if: github.event_name != 'schedule' && needs.matrix-amtool.outputs.apk-enabled != 'false'
Expand All @@ -96,10 +104,10 @@ jobs:
PACKAGER_PUBKEY: ${{github.workspace}}/artifacts/[email protected]

container:
image: cloudposse/packages-apkbuild:${{matrix.alpine}}
image: ghcr.io/cloudposse/packages-apkbuild:${{matrix.alpine}}
credentials:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
username: ${{ github.actor }}
password: "${{ secrets.GITHUB_TOKEN }}"

steps:
# Checkout the packages repo so we can build the packages as a monorepo
Expand All @@ -118,17 +126,14 @@ jobs:
- name: "List packages"
run: 'find ${APK_PACKAGES_PATH} -type f -name \*.apk | xargs --no-run-if-empty ls -l | grep .'

# Export the artifact filename including path
# Path must be relative to workdir for Cloudsmith action to be able to find it
# Export the artifact filename including path.
# Path must be relative to workdir for Cloudsmith action to be able to find it.
- name: "Set output path to artifact"
id: artifact
shell: bash
run: |
artifact=$(find artifacts/${{matrix.alpine}} -type f -name \*.apk)
echo "path=$artifact" | tee -a $GITHUB_OUTPUT
echo creating '"pip"' cache directory for Cloudsmith
mkdir -p $HOME/.cache/pip && chmod -R 777 $HOME/.cache || echo Ignoring error creating '"pip"' cache directory


# Determine which package organization we should use (e.g. dev or prod)
- name: "Determine package repo"
Expand All @@ -145,7 +150,7 @@ jobs:

# Publish the artifacts
- name: "Push artifact to package repository"
uses: cloudsmith-io/action@v0.5.4
uses: cloudsmith-io/action@v0.6.10
with:
api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
command: 'push'
Expand Down Expand Up @@ -199,10 +204,10 @@ jobs:

# Unfortunately, there is no reasonable way to configure the docker image tag based on the package-type
container:
image: cloudposse/packages-${{matrix.package-type}}build:latest
image: ghcr.io/cloudposse/packages-${{matrix.package-type}}build:latest
credentials:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
username: "${{ github.actor }}"
password: "${{ secrets.GITHUB_TOKEN }}"

steps:
# Checkout the packages repo so we can build the packages as a monorepo
Expand Down Expand Up @@ -232,9 +237,6 @@ jobs:
echo "setting output"
echo "path=$packages" | tee -a $GITHUB_OUTPUT

echo creating '"pip"' cache directory for Cloudsmith
mkdir -p $HOME/.cache/pip && chmod -R 777 $HOME/.cache || echo Ignoring error creating '"pip"' cache directory

# Determine which package organization we should use (e.g. dev or prod)
- name: "Determine package repo"
shell: bash
Expand All @@ -250,7 +252,7 @@ jobs:

# Publish the artifacts
- name: "Push artifact to package repository"
uses: cloudsmith-io/action@v0.5.4
uses: cloudsmith-io/action@v0.6.10
with:
api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
command: 'push'
Expand Down
Loading