From 9c58197ba838c3d5e81013cb28b74d2a8709e2a6 Mon Sep 17 00:00:00 2001
From: Sujay Kumar Suman <ssuman2@infoblox.com>
Date: Sat, 4 Nov 2023 22:16:04 +0530
Subject: [PATCH 1/2] [ib] update github ci workflow to publish package to ghcr

---
 .github/workflows/ci.yml      | 66 +++++++++++++++++++----------------
 .github/workflows/promote.yml | 21 +++++------
 Makefile                      |  5 +--
 3 files changed, 45 insertions(+), 47 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 499b13fd50..62f8c5285d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -6,7 +6,11 @@ on:
       - master
       - release-*
   pull_request: {}
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Release version (e.g. v0.1.0)'
+        required: false
 
 env:
   # Common versions
@@ -14,12 +18,7 @@ env:
   GOLANGCI_VERSION: 'v1.54.2'
   DOCKER_BUILDX_VERSION: 'v0.10.0'
 
-  # Common users. We can't run a step 'if secrets.AWS_USR != ""' but we can run
-  # a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether
-  # credentials have been provided before trying to run steps that need them.
-  CONTRIB_DOCKER_USR: ${{ secrets.CONTRIB_DOCKER_USR }}
-  XPKG_ACCESS_ID: ${{ secrets.XPKG_ACCESS_ID }}
-  AWS_USR: ${{ secrets.AWS_USR }}
+  DOCKER_USR: ${{ github.actor }}
 
 jobs:
   check-diff:
@@ -193,7 +192,7 @@ jobs:
   trivy-scan-fs:
     runs-on: ubuntu-22.04
     needs: detect-noop
-    if: needs.detect-noop.outputs.noop != 'true'
+    if: needs.detect-noop.outputs.noop != 'true' && github.ref == 'refs/heads/master'
     steps:
       - name: Checkout
         uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
@@ -381,12 +380,24 @@ jobs:
       - name: Vendor Dependencies
         run: make vendor vendor.check
 
-      - name: Build Artifacts
+      - name: Build Artifacts with Version
+        run: make -j2 build.all VERSION=${XPKG_VERSION}
+        if: env.XPKG_VERSION != ''
+        env:
+          # We're using docker buildx, which doesn't actually load the images it
+          # builds by default. Specifying --load does so.
+          BUILD_ARGS: "--load"
+          XPKG_VERSION: ${{ github.event.inputs.version }}
+
+      - name: Build Artifacts without Version
         run: make -j2 build.all
+        if: env.XPKG_VERSION == ''
         env:
           # We're using docker buildx, which doesn't actually load the images it
           # builds by default. Specifying --load does so.
           BUILD_ARGS: "--load"
+          XPKG_VERSION: ${{ github.event.inputs.version }}
+
 
       - name: Publish Artifacts to GitHub
         uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3
@@ -394,36 +405,31 @@ jobs:
           name: output
           path: _output/**
 
-      - name: Login to DockerHub
+      - name: Login to GHCR
         uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
-        if: env.CONTRIB_DOCKER_USR != ''
+        if: env.DOCKER_USR != ''
         with:
-          username: ${{ secrets.CONTRIB_DOCKER_USR }}
-          password: ${{ secrets.CONTRIB_DOCKER_PSW }}
+          registry: ghcr.io
+          username: ${{ env.DOCKER_USR }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Login to Upbound
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
-        if: env.XPKG_ACCESS_ID != ''
-        with:
-          registry: xpkg.upbound.io
-          username: ${{ secrets.XPKG_ACCESS_ID }}
-          password: ${{ secrets.XPKG_TOKEN }}
+      - name: Publish Artifacts to GHCR with Version
+        run: make -j2 publish BRANCH_NAME=${GITHUB_REF##*/} VERSION=${XPKG_VERSION}
+        if: env.DOCKER_USR != '' && env.XPKG_VERSION != ''
+        env:
+          GIT_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          XPKG_VERSION: ${{ github.event.inputs.version }}
 
-      - name: Publish Artifacts to S3, Marketplace, DockerHub
+      - name: Publish Artifacts to GHCR without Version
         run: make -j2 publish BRANCH_NAME=${GITHUB_REF##*/}
-        if: env.AWS_USR != '' && env.CONTRIB_DOCKER_USR != ''
+        if: env.DOCKER_USR != '' && env.XPKG_VERSION == ''
         env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USR }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }}
-          AWS_DEFAULT_REGION: us-east-1
           GIT_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          XPKG_VERSION: ${{ github.event.inputs.version }}
 
-      - name: Promote Artifacts in S3, DockerHub
-        if: github.ref == 'refs/heads/master' && env.AWS_USR != '' && env.CONTRIB_DOCKER_USR != ''
+      - name: Promote Artifacts in Docker Hub
+        if: github.ref == 'refs/heads/master' && env.DOCKER_USR != ''
         run: make -j2 promote
         env:
           BRANCH_NAME: master
           CHANNEL: master
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USR }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }}
-          AWS_DEFAULT_REGION: us-east-1
diff --git a/.github/workflows/promote.yml b/.github/workflows/promote.yml
index e6d9352a36..cec43eca45 100644
--- a/.github/workflows/promote.yml
+++ b/.github/workflows/promote.yml
@@ -15,11 +15,7 @@ env:
   # Common versions
   GO_VERSION: '1.19'
 
-  # Common users. We can't run a step 'if secrets.AWS_USR != ""' but we can run
-  # a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether
-  # credentials have been provided before trying to run steps that need them.
-  CONTRIB_DOCKER_USR: ${{ secrets.CONTRIB_DOCKER_USR }}
-  AWS_USR: ${{ secrets.AWS_USR }}
+  DOCKER_USR: ${{ github.actor }}
 
 jobs:
   promote-artifacts:
@@ -39,19 +35,18 @@ jobs:
       - name: Fetch History
         run: git fetch --prune --unshallow
 
-      - name: Login to Docker
+      - name: Login to GHCR
         uses: docker/login-action@v1
-        if: env.CONTRIB_DOCKER_USR != ''
+        if: env.DOCKER_USR != ''
         with:
-          username: ${{ secrets.CONTRIB_DOCKER_USR }}
-          password: ${{ secrets.CONTRIB_DOCKER_PSW }}
+          registry: ghcr.io
+          username: ${{ secrets.DOCKER_USR }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Promote Artifacts in S3 and Docker Hub
-        if: env.AWS_USR != '' && env.CONTRIB_DOCKER_USR != ''
+      - name: Promote Artifacts in GHCR
+        if: env.DOCKER_USR != ''
         run: make -j2 promote BRANCH_NAME=${GITHUB_REF##*/}
         env:
           VERSION: ${{ github.event.inputs.version }}
           CHANNEL: ${{ github.event.inputs.channel }}
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USR }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }}
         
diff --git a/Makefile b/Makefile
index ea2cecf0aa..9316f40ee0 100644
--- a/Makefile
+++ b/Makefile
@@ -60,10 +60,7 @@ IMAGES = provider-aws
 # ====================================================================================
 # Setup XPKG
 
-XPKG_REG_ORGS ?= xpkg.upbound.io/crossplane-contrib index.docker.io/crossplanecontrib
-# NOTE(hasheddan): skip promoting on xpkg.upbound.io as channel tags are
-# inferred.
-XPKG_REG_ORGS_NO_PROMOTE ?= xpkg.upbound.io/crossplane-contrib
+XPKG_REG_ORGS ?= ghcr.io/infobloxopen
 XPKGS = provider-aws
 -include build/makelib/xpkg.mk
 

From 750e269b1000d9123cf2c06aba4f227a1031444d Mon Sep 17 00:00:00 2001
From: Sujay Kumar Suman <ssuman2@infoblox.com>
Date: Thu, 16 Nov 2023 20:16:44 +0530
Subject: [PATCH 2/2] [ib] update rds/dbinstance to update tags if modified

---
 pkg/controller/rds/dbinstance/setup.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/pkg/controller/rds/dbinstance/setup.go b/pkg/controller/rds/dbinstance/setup.go
index 38849473f9..8dc71a668c 100644
--- a/pkg/controller/rds/dbinstance/setup.go
+++ b/pkg/controller/rds/dbinstance/setup.go
@@ -31,6 +31,7 @@ import (
 	aws "github.com/crossplane-contrib/provider-aws/pkg/clients"
 	dbinstance "github.com/crossplane-contrib/provider-aws/pkg/clients/rds"
 	"github.com/crossplane-contrib/provider-aws/pkg/controller/rds/utils"
+	svcutils "github.com/crossplane-contrib/provider-aws/pkg/controller/rds/utils"
 	"github.com/crossplane-contrib/provider-aws/pkg/features"
 )
 
@@ -423,7 +424,6 @@ func lateInitialize(in *svcapitypes.DBInstanceParameters, out *svcsdk.DescribeDB
 
 func (e *custom) isUpToDate(ctx context.Context, cr *svcapitypes.DBInstance, out *svcsdk.DescribeDBInstancesOutput) (upToDate bool, diff string, err error) { //nolint:gocyclo
 	db := out.DBInstances[0]
-
 	patch, err := createPatch(out, &cr.Spec.ForProvider)
 	if err != nil {
 		return false, "", err
@@ -506,11 +506,15 @@ func (e *custom) isUpToDate(ctx context.Context, cr *svcapitypes.DBInstance, out
 	}
 	if tagsChanged {
 		diff += fmt.Sprintf("\nadd %d tag(s) and remove %d tag(s)", len(e.cache.addTags), len(e.cache.removeTags))
+		err = svcutils.UpdateTagsForResource(ctx, e.client, cr.Spec.ForProvider.Tags, cr.Status.AtProvider.DBInstanceARN)
+		if err != nil {
+			log.Printf("Failed to update tags. [ERROR]: %v", aws.Wrap(err, errDescribe))
+		}
 	}
 
 	log.Println(diff)
 
-	return false, diff, nil
+	return false, diff, err
 }
 
 func isEngineVersionUpToDate(cr *svcapitypes.DBInstance, out *svcsdk.DescribeDBInstancesOutput) bool {