Skip to content

Commit

Permalink
Use cloudsmith action 0.5.4 -> 0.6.10, new builder hosted by ghcr.io
Browse files Browse the repository at this point in the history
  • Loading branch information
Nuru committed Jun 18, 2024
1 parent f83240c commit 40a63de
Show file tree
Hide file tree
Showing 147 changed files with 3,528 additions and 2,793 deletions.
43 changes: 24 additions & 19 deletions .github/package-template.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,17 @@ on:
- rpm/**
- tasks/**
- vendor/%PACKAGE_NAME%/**
- .github/workflows/%PACKAGE_NAME%.yml
# Do not automatically trigger a build when the workflow file is changed, because we often make mass updates.
# If we need to run all the workflows, we can just uncomment the line below and make new workflows.
# - .github/workflows/%PACKAGE_NAME%.yml


pull_request:
types: [opened, synchronize, reopened]
# Ignore pulls on branches that start with "mass-update/"
# for when we make changes that do not require a new package build, like updating the action
branches-ignore:
- 'mass-update/**'
paths:
- apk/**
- deb/**
Expand All @@ -31,7 +37,6 @@ on:
- vendor/%PACKAGE_NAME%/**
- .github/workflows/%PACKAGE_NAME%.yml

#bridgecrew:skip=BC_REPO_GITHUB_ACTION_7:The whole point of the workflow dispatch is to feed in a version
workflow_dispatch:
inputs:
package_version_override:
Expand All @@ -47,6 +52,12 @@ env:
%PACKAGE_NAME%_VERSION: ${{ inputs.package_version_override }}
%PACKAGE_NAME%_RELEASE: ${{ inputs.release_number_override }}

permissions:
contents: read
packages: write
attestations: write
id-token: write

jobs:
# Mergify cannot distinguish between 2 jobs with the same name run from different workflows,
# so each job must have a unique name for the rules to work properly.
Expand Down Expand Up @@ -76,7 +87,7 @@ jobs:
# Build for alpine linux
# Kept separate because it is old and slightly different than the other package builds
# Kept separate because it is old and slightly different from the other package builds
alpine-%PACKAGE_JSON_NAME%:
needs: matrix-%PACKAGE_JSON_NAME%
if: github.event_name != 'schedule' && needs.matrix-%PACKAGE_JSON_NAME%.outputs.apk-enabled != 'false'
Expand All @@ -96,10 +107,10 @@ jobs:
PACKAGER_PUBKEY: ${{github.workspace}}/artifacts/ops@cloudposse.com.rsa.pub

container:
image: cloudposse/packages-apkbuild:${{matrix.alpine}}
image: ghcr.io/cloudposse/packages-apkbuild:${{matrix.alpine}}
credentials:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
username: ${{ github.actor }}
password: "${{ secrets.GITHUB_TOKEN }}"

steps:
# Checkout the packages repo so we can build the packages as a monorepo
Expand All @@ -118,17 +129,14 @@ jobs:
- name: "List packages"
run: 'find ${APK_PACKAGES_PATH} -type f -name \*.apk | xargs --no-run-if-empty ls -l | grep .'

# Export the artifact filename including path
# Path must be relative to workdir for Cloudsmith action to be able to find it
# Export the artifact filename including path.
# Path must be relative to workdir for Cloudsmith action to be able to find it.
- name: "Set output path to artifact"
id: artifact
shell: bash
run: |
artifact=$(find artifacts/${{matrix.alpine}} -type f -name \*.apk)
echo "path=$artifact" | tee -a $GITHUB_OUTPUT
echo creating '"pip"' cache directory for Cloudsmith
mkdir -p $HOME/.cache/pip && chmod -R 777 $HOME/.cache || echo Ignoring error creating '"pip"' cache directory
# Determine which package organization we should use (e.g. dev or prod)
- name: "Determine package repo"
Expand All @@ -145,7 +153,7 @@ jobs:

# Publish the artifacts
- name: "Push artifact to package repository"
uses: cloudsmith-io/action@v0.5.4
uses: cloudsmith-io/action@v0.6.10
with:
api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
command: 'push'
Expand Down Expand Up @@ -199,10 +207,10 @@ jobs:

# Unfortunately, there is no reasonable way to configure the docker image tag based on the package-type
container:
image: cloudposse/packages-${{matrix.package-type}}build:latest
image: ghcr.io/cloudposse/packages-${{matrix.package-type}}build:latest
credentials:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
username: "${{ github.actor }}"
password: "${{ secrets.GITHUB_TOKEN }}"

steps:
# Checkout the packages repo so we can build the packages as a monorepo
Expand Down Expand Up @@ -232,9 +240,6 @@ jobs:
echo "setting output"
echo "path=$packages" | tee -a $GITHUB_OUTPUT
echo creating '"pip"' cache directory for Cloudsmith
mkdir -p $HOME/.cache/pip && chmod -R 777 $HOME/.cache || echo Ignoring error creating '"pip"' cache directory
# Determine which package organization we should use (e.g. dev or prod)
- name: "Determine package repo"
shell: bash
Expand All @@ -250,7 +255,7 @@ jobs:

# Publish the artifacts
- name: "Push artifact to package repository"
uses: cloudsmith-io/action@v0.5.4
uses: cloudsmith-io/action@v0.6.10
with:
api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
command: 'push'
Expand Down
43 changes: 24 additions & 19 deletions .github/workflows/amazon-ecr-credential-helper.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,17 @@ on:
- rpm/**
- tasks/**
- vendor/amazon-ecr-credential-helper/**
- .github/workflows/amazon-ecr-credential-helper.yml
# Do not automatically trigger a build when the workflow file is changed, because we often make mass updates.
# If we need to run all the workflows, we can just uncomment the line below and make new workflows.
# - .github/workflows/amazon-ecr-credential-helper.yml


pull_request:
types: [opened, synchronize, reopened]
# Ignore pulls on branches that start with "mass-update/"
# for when we make changes that do not require a new package build, like updating the action
branches-ignore:
- 'mass-update/**'
paths:
- apk/**
- deb/**
Expand All @@ -31,7 +37,6 @@ on:
- vendor/amazon-ecr-credential-helper/**
- .github/workflows/amazon-ecr-credential-helper.yml

#bridgecrew:skip=BC_REPO_GITHUB_ACTION_7:The whole point of the workflow dispatch is to feed in a version
workflow_dispatch:
inputs:
package_version_override:
Expand All @@ -47,6 +52,12 @@ env:
amazon-ecr-credential-helper_VERSION: ${{ inputs.package_version_override }}
amazon-ecr-credential-helper_RELEASE: ${{ inputs.release_number_override }}

permissions:
contents: read
packages: write
attestations: write
id-token: write

jobs:
# Mergify cannot distinguish between 2 jobs with the same name run from different workflows,
# so each job must have a unique name for the rules to work properly.
Expand Down Expand Up @@ -76,7 +87,7 @@ jobs:
# Build for alpine linux
# Kept separate because it is old and slightly different than the other package builds
# Kept separate because it is old and slightly different from the other package builds
alpine-amazon-ecr-credential-helper:
needs: matrix-amazon-ecr-credential-helper
if: github.event_name != 'schedule' && needs.matrix-amazon-ecr-credential-helper.outputs.apk-enabled != 'false'
Expand All @@ -96,10 +107,10 @@ jobs:
PACKAGER_PUBKEY: ${{github.workspace}}/artifacts/ops@cloudposse.com.rsa.pub

container:
image: cloudposse/packages-apkbuild:${{matrix.alpine}}
image: ghcr.io/cloudposse/packages-apkbuild:${{matrix.alpine}}
credentials:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
username: ${{ github.actor }}
password: "${{ secrets.GITHUB_TOKEN }}"

steps:
# Checkout the packages repo so we can build the packages as a monorepo
Expand All @@ -118,17 +129,14 @@ jobs:
- name: "List packages"
run: 'find ${APK_PACKAGES_PATH} -type f -name \*.apk | xargs --no-run-if-empty ls -l | grep .'

# Export the artifact filename including path
# Path must be relative to workdir for Cloudsmith action to be able to find it
# Export the artifact filename including path.
# Path must be relative to workdir for Cloudsmith action to be able to find it.
- name: "Set output path to artifact"
id: artifact
shell: bash
run: |
artifact=$(find artifacts/${{matrix.alpine}} -type f -name \*.apk)
echo "path=$artifact" | tee -a $GITHUB_OUTPUT
echo creating '"pip"' cache directory for Cloudsmith
mkdir -p $HOME/.cache/pip && chmod -R 777 $HOME/.cache || echo Ignoring error creating '"pip"' cache directory
# Determine which package organization we should use (e.g. dev or prod)
- name: "Determine package repo"
Expand All @@ -145,7 +153,7 @@ jobs:

# Publish the artifacts
- name: "Push artifact to package repository"
uses: cloudsmith-io/action@v0.5.4
uses: cloudsmith-io/action@v0.6.10
with:
api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
command: 'push'
Expand Down Expand Up @@ -199,10 +207,10 @@ jobs:

# Unfortunately, there is no reasonable way to configure the docker image tag based on the package-type
container:
image: cloudposse/packages-${{matrix.package-type}}build:latest
image: ghcr.io/cloudposse/packages-${{matrix.package-type}}build:latest
credentials:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
username: "${{ github.actor }}"
password: "${{ secrets.GITHUB_TOKEN }}"

steps:
# Checkout the packages repo so we can build the packages as a monorepo
Expand Down Expand Up @@ -232,9 +240,6 @@ jobs:
echo "setting output"
echo "path=$packages" | tee -a $GITHUB_OUTPUT
echo creating '"pip"' cache directory for Cloudsmith
mkdir -p $HOME/.cache/pip && chmod -R 777 $HOME/.cache || echo Ignoring error creating '"pip"' cache directory
# Determine which package organization we should use (e.g. dev or prod)
- name: "Determine package repo"
shell: bash
Expand All @@ -250,7 +255,7 @@ jobs:

# Publish the artifacts
- name: "Push artifact to package repository"
uses: cloudsmith-io/action@v0.5.4
uses: cloudsmith-io/action@v0.6.10
with:
api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
command: 'push'
Expand Down
43 changes: 24 additions & 19 deletions .github/workflows/amtool.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,17 @@ on:
- rpm/**
- tasks/**
- vendor/amtool/**
- .github/workflows/amtool.yml
# Do not automatically trigger a build when the workflow file is changed, because we often make mass updates.
# If we need to run all the workflows, we can just uncomment the line below and make new workflows.
# - .github/workflows/amtool.yml


pull_request:
types: [opened, synchronize, reopened]
# Ignore pulls on branches that start with "mass-update/"
# for when we make changes that do not require a new package build, like updating the action
branches-ignore:
- 'mass-update/**'
paths:
- apk/**
- deb/**
Expand All @@ -31,7 +37,6 @@ on:
- vendor/amtool/**
- .github/workflows/amtool.yml

#bridgecrew:skip=BC_REPO_GITHUB_ACTION_7:The whole point of the workflow dispatch is to feed in a version
workflow_dispatch:
inputs:
package_version_override:
Expand All @@ -47,6 +52,12 @@ env:
amtool_VERSION: ${{ inputs.package_version_override }}
amtool_RELEASE: ${{ inputs.release_number_override }}

permissions:
contents: read
packages: write
attestations: write
id-token: write

jobs:
# Mergify cannot distinguish between 2 jobs with the same name run from different workflows,
# so each job must have a unique name for the rules to work properly.
Expand Down Expand Up @@ -76,7 +87,7 @@ jobs:
# Build for alpine linux
# Kept separate because it is old and slightly different than the other package builds
# Kept separate because it is old and slightly different from the other package builds
alpine-amtool:
needs: matrix-amtool
if: github.event_name != 'schedule' && needs.matrix-amtool.outputs.apk-enabled != 'false'
Expand All @@ -96,10 +107,10 @@ jobs:
PACKAGER_PUBKEY: ${{github.workspace}}/artifacts/ops@cloudposse.com.rsa.pub

container:
image: cloudposse/packages-apkbuild:${{matrix.alpine}}
image: ghcr.io/cloudposse/packages-apkbuild:${{matrix.alpine}}
credentials:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
username: ${{ github.actor }}
password: "${{ secrets.GITHUB_TOKEN }}"

steps:
# Checkout the packages repo so we can build the packages as a monorepo
Expand All @@ -118,17 +129,14 @@ jobs:
- name: "List packages"
run: 'find ${APK_PACKAGES_PATH} -type f -name \*.apk | xargs --no-run-if-empty ls -l | grep .'

# Export the artifact filename including path
# Path must be relative to workdir for Cloudsmith action to be able to find it
# Export the artifact filename including path.
# Path must be relative to workdir for Cloudsmith action to be able to find it.
- name: "Set output path to artifact"
id: artifact
shell: bash
run: |
artifact=$(find artifacts/${{matrix.alpine}} -type f -name \*.apk)
echo "path=$artifact" | tee -a $GITHUB_OUTPUT
echo creating '"pip"' cache directory for Cloudsmith
mkdir -p $HOME/.cache/pip && chmod -R 777 $HOME/.cache || echo Ignoring error creating '"pip"' cache directory
# Determine which package organization we should use (e.g. dev or prod)
- name: "Determine package repo"
Expand All @@ -145,7 +153,7 @@ jobs:

# Publish the artifacts
- name: "Push artifact to package repository"
uses: cloudsmith-io/action@v0.5.4
uses: cloudsmith-io/action@v0.6.10
with:
api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
command: 'push'
Expand Down Expand Up @@ -199,10 +207,10 @@ jobs:

# Unfortunately, there is no reasonable way to configure the docker image tag based on the package-type
container:
image: cloudposse/packages-${{matrix.package-type}}build:latest
image: ghcr.io/cloudposse/packages-${{matrix.package-type}}build:latest
credentials:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
username: "${{ github.actor }}"
password: "${{ secrets.GITHUB_TOKEN }}"

steps:
# Checkout the packages repo so we can build the packages as a monorepo
Expand Down Expand Up @@ -232,9 +240,6 @@ jobs:
echo "setting output"
echo "path=$packages" | tee -a $GITHUB_OUTPUT
echo creating '"pip"' cache directory for Cloudsmith
mkdir -p $HOME/.cache/pip && chmod -R 777 $HOME/.cache || echo Ignoring error creating '"pip"' cache directory
# Determine which package organization we should use (e.g. dev or prod)
- name: "Determine package repo"
shell: bash
Expand All @@ -250,7 +255,7 @@ jobs:

# Publish the artifacts
- name: "Push artifact to package repository"
uses: cloudsmith-io/action@v0.5.4
uses: cloudsmith-io/action@v0.6.10
with:
api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
command: 'push'
Expand Down
Loading

0 comments on commit 40a63de

Please sign in to comment.