From 378f7f5bdd791ff9462edc4d860533655a8c87dc Mon Sep 17 00:00:00 2001 From: Daniel Mikusa Date: Mon, 30 Jan 2023 23:11:50 -0500 Subject: [PATCH 1/2] Update `pipeline-descriptor.yml` Update `pipeline-descriptor.yml` to use new tokens, codeowners, and to publish to DockerHub as well as GCR.io --- .github/CODEOWNERS | 2 +- .github/pipeline-descriptor.yml | 15 ++++++----- .github/workflows/pb-create-package.yml | 25 ++++++++++++------- .github/workflows/pb-minimal-labels.yml | 4 +-- .github/workflows/pb-synchronize-labels.yml | 2 +- .github/workflows/pb-tests.yml | 8 +++--- .github/workflows/pb-update-draft-release.yml | 4 +-- .github/workflows/pb-update-go.yml | 10 ++++---- .github/workflows/pb-update-jattach.yml | 12 ++++----- .github/workflows/pb-update-pipeline.yml | 12 +++++---- 10 files changed, 53 insertions(+), 41 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index c3b2fc0..ad7caf9 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1 +1 @@ -* @paketo-buildpacks/java-buildpacks \ No newline at end of file +* @paketo-buildpacks/java-maintainers \ No newline at end of file diff --git a/.github/pipeline-descriptor.yml b/.github/pipeline-descriptor.yml index 684a005..a884c43 100644 --- a/.github/pipeline-descriptor.yml +++ b/.github/pipeline-descriptor.yml @@ -1,20 +1,23 @@ github: username: ${{ secrets.JAVA_GITHUB_USERNAME }} - token: ${{ secrets.JAVA_GITHUB_TOKEN }} + token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }} codeowners: - path: "*" - owner: "@paketo-buildpacks/java-buildpacks" + owner: "@paketo-buildpacks/java-maintainers" package: - repository: gcr.io/paketo-buildpacks/jattach + repositories: ["docker.io/paketobuildpacks/jattach","gcr.io/paketo-buildpacks/jattach"] register: true - registry_token: ${{ secrets.JAVA_GITHUB_TOKEN }} + registry_token: ${ secrets.PAKETO_BOT_GITHUB_TOKEN } docker_credentials: - registry: gcr.io username: _json_key - password: ${{ secrets.JAVA_GCLOUD_SERVICE_ACCOUNT_KEY }} + password: ${{ secrets.GCR_PUSH_BOT_JSON_KEY }} +- registry: docker.io + username: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_USERNAME }} + password: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_PASSWORD }} dependencies: - name: jattach @@ -25,4 +28,4 @@ dependencies: owner: apangin repository: jattach tag_filter: v([\d.]*) - token: ${{ secrets.JAVA_GITHUB_TOKEN }} + token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }} diff --git a/.github/workflows/pb-create-package.yml b/.github/workflows/pb-create-package.yml index dd336dd..a7d33b4 100644 --- a/.github/workflows/pb-create-package.yml +++ b/.github/workflows/pb-create-package.yml @@ -13,9 +13,16 @@ jobs: if: ${{ (github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork) && (github.actor != 'dependabot[bot]') }} uses: docker/login-action@v2 with: - password: ${{ secrets.JAVA_GCLOUD_SERVICE_ACCOUNT_KEY }} + password: ${{ secrets.GCR_PUSH_BOT_JSON_KEY }} registry: gcr.io username: _json_key + - name: Docker login docker.io + if: ${{ (github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork) && (github.actor != 'dependabot[bot]') }} + uses: docker/login-action@v2 + with: + password: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_PASSWORD }} + registry: docker.io + username: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_USERNAME }} - uses: actions/setup-go@v3 with: go-version: "1.18" @@ -102,15 +109,15 @@ jobs: MAJOR_VERSION="$(echo "${VERSION}" | awk -F '.' '{print $1 }')" MINOR_VERSION="$(echo "${VERSION}" | awk -F '.' '{print $1 "." $2 }')" - echo "::set-output name=version-major::${MAJOR_VERSION}" - echo "::set-output name=version-minor::${MINOR_VERSION}" + echo "version-major=${MAJOR_VERSION}" >> "$GITHUB_OUTPUT" + echo "version-minor=${MINOR_VERSION}" >> "$GITHUB_OUTPUT" elif [[ ${GITHUB_REF} =~ refs/heads/(.+) ]]; then VERSION=${BASH_REMATCH[1]} else VERSION=$(git rev-parse --short HEAD) fi - echo "::set-output name=version::${VERSION}" + echo "version=${VERSION}" >> "$GITHUB_OUTPUT" echo "Selected ${VERSION} from * ref: ${GITHUB_REF} * sha: ${GITHUB_SHA} @@ -166,7 +173,7 @@ jobs: crane tag "${PACKAGE}:${VERSION}" "${VERSION_MAJOR}" fi crane tag "${PACKAGE}:${VERSION}" latest - echo "::set-output name=digest::$(crane digest "${PACKAGE}:${VERSION}")" + echo "digest=$(crane digest "${PACKAGE}:${VERSION}")" >> "$GITHUB_OUTPUT" # copy to other repositories specified for P in "${PACKAGE_LIST[@]}" @@ -188,7 +195,7 @@ jobs: --format "${FORMAT}" fi env: - PACKAGES: gcr.io/paketo-buildpacks/jattach + PACKAGES: docker.io/paketobuildpacks/jattach gcr.io/paketo-buildpacks/jattach PUBLISH: "true" VERSION: ${{ steps.version.outputs.version }} VERSION_MAJOR: ${{ steps.version.outputs.version-major }} @@ -214,11 +221,11 @@ jobs: --field "body=${RELEASE_BODY///\`${DIGEST}\`}" env: DIGEST: ${{ steps.package.outputs.digest }} - GITHUB_TOKEN: ${{ secrets.JAVA_GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }} - if: ${{ true }} uses: docker://ghcr.io/buildpacks/actions/registry/request-add-entry:4.0.1 with: - address: gcr.io/paketo-buildpacks/jattach@${{ steps.package.outputs.digest }} + address: docker.io/paketobuildpacks/jattach@${{ steps.package.outputs.digest }} id: paketo-buildpacks/jattach - token: ${{ secrets.JAVA_GITHUB_TOKEN }} + token: ${ secrets.PAKETO_BOT_GITHUB_TOKEN } version: ${{ steps.version.outputs.version }} diff --git a/.github/workflows/pb-minimal-labels.yml b/.github/workflows/pb-minimal-labels.yml index 8f4aab5..39c568e 100644 --- a/.github/workflows/pb-minimal-labels.yml +++ b/.github/workflows/pb-minimal-labels.yml @@ -12,7 +12,7 @@ jobs: runs-on: - ubuntu-latest steps: - - uses: mheap/github-action-required-labels@v2 + - uses: mheap/github-action-required-labels@v3 with: count: 1 labels: semver:major, semver:minor, semver:patch @@ -22,7 +22,7 @@ jobs: runs-on: - ubuntu-latest steps: - - uses: mheap/github-action-required-labels@v2 + - uses: mheap/github-action-required-labels@v3 with: count: 1 labels: type:bug, type:dependency-upgrade, type:documentation, type:enhancement, type:question, type:task diff --git a/.github/workflows/pb-synchronize-labels.yml b/.github/workflows/pb-synchronize-labels.yml index 86241f8..8f93206 100644 --- a/.github/workflows/pb-synchronize-labels.yml +++ b/.github/workflows/pb-synchronize-labels.yml @@ -14,4 +14,4 @@ jobs: - uses: actions/checkout@v3 - uses: micnncim/action-label-syncer@v1 env: - GITHUB_TOKEN: ${{ secrets.JAVA_GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }} diff --git a/.github/workflows/pb-tests.yml b/.github/workflows/pb-tests.yml index 98eff15..0075abc 100644 --- a/.github/workflows/pb-tests.yml +++ b/.github/workflows/pb-tests.yml @@ -76,15 +76,15 @@ jobs: MAJOR_VERSION="$(echo "${VERSION}" | awk -F '.' '{print $1 }')" MINOR_VERSION="$(echo "${VERSION}" | awk -F '.' '{print $1 "." $2 }')" - echo "::set-output name=version-major::${MAJOR_VERSION}" - echo "::set-output name=version-minor::${MINOR_VERSION}" + echo "version-major=${MAJOR_VERSION}" >> "$GITHUB_OUTPUT" + echo "version-minor=${MINOR_VERSION}" >> "$GITHUB_OUTPUT" elif [[ ${GITHUB_REF} =~ refs/heads/(.+) ]]; then VERSION=${BASH_REMATCH[1]} else VERSION=$(git rev-parse --short HEAD) fi - echo "::set-output name=version::${VERSION}" + echo "version=${VERSION}" >> "$GITHUB_OUTPUT" echo "Selected ${VERSION} from * ref: ${GITHUB_REF} * sha: ${GITHUB_SHA} @@ -138,7 +138,7 @@ jobs: crane tag "${PACKAGE}:${VERSION}" "${VERSION_MAJOR}" fi crane tag "${PACKAGE}:${VERSION}" latest - echo "::set-output name=digest::$(crane digest "${PACKAGE}:${VERSION}")" + echo "digest=$(crane digest "${PACKAGE}:${VERSION}")" >> "$GITHUB_OUTPUT" # copy to other repositories specified for P in "${PACKAGE_LIST[@]}" diff --git a/.github/workflows/pb-update-draft-release.yml b/.github/workflows/pb-update-draft-release.yml index f053bd7..2aae7bf 100644 --- a/.github/workflows/pb-update-draft-release.yml +++ b/.github/workflows/pb-update-draft-release.yml @@ -12,12 +12,12 @@ jobs: - id: release-drafter uses: release-drafter/release-drafter@v5 env: - GITHUB_TOKEN: ${{ secrets.JAVA_GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }} - uses: actions/checkout@v3 - name: Update draft release with buildpack information uses: docker://ghcr.io/paketo-buildpacks/actions/draft-release:main with: - github_token: ${{ secrets.JAVA_GITHUB_TOKEN }} + github_token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }} release_body: ${{ steps.release-drafter.outputs.body }} release_id: ${{ steps.release-drafter.outputs.id }} release_name: ${{ steps.release-drafter.outputs.name }} diff --git a/.github/workflows/pb-update-go.yml b/.github/workflows/pb-update-go.yml index 9ca77d9..588d73f 100644 --- a/.github/workflows/pb-update-go.yml +++ b/.github/workflows/pb-update-go.yml @@ -1,7 +1,7 @@ name: Update Go "on": schedule: - - cron: 0 2 * * 1 + - cron: 14 2 * * 1 workflow_dispatch: {} jobs: update: @@ -45,9 +45,9 @@ jobs: COMMIT_SEMVER="semver:minor" fi - echo "::set-output name=commit-title::${COMMIT_TITLE}" - echo "::set-output name=commit-body::${COMMIT_BODY}" - echo "::set-output name=commit-semver::${COMMIT_SEMVER}" + echo "commit-title=${COMMIT_TITLE}" >> "$GITHUB_OUTPUT" + echo "commit-body=${COMMIT_BODY}" >> "$GITHUB_OUTPUT" + echo "commit-semver=${COMMIT_SEMVER}" >> "$GITHUB_OUTPUT" env: GO_VERSION: "1.18" - uses: peter-evans/create-pull-request@v4 @@ -69,4 +69,4 @@ jobs: labels: ${{ steps.update-go.outputs.commit-semver }}, type:task signoff: true title: ${{ steps.update-go.outputs.commit-title }} - token: ${{ secrets.JAVA_GITHUB_TOKEN }} + token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }} diff --git a/.github/workflows/pb-update-jattach.yml b/.github/workflows/pb-update-jattach.yml index 8f141eb..b994170 100644 --- a/.github/workflows/pb-update-jattach.yml +++ b/.github/workflows/pb-update-jattach.yml @@ -48,10 +48,10 @@ jobs: owner: apangin repository: jattach tag_filter: v([\d.]*) - token: ${{ secrets.JAVA_GITHUB_TOKEN }} + token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }} - name: Update Buildpack Dependency id: buildpack - run: |- + run: | #!/usr/bin/env bash set -euo pipefail @@ -85,9 +85,9 @@ jobs: LABEL="semver:patch" fi - echo "::set-output name=old-version::${OLD_VERSION}" - echo "::set-output name=new-version::${VERSION}" - echo "::set-output name=version-label::${LABEL}" + echo "old-version=${OLD_VERSION}" >> "$GITHUB_OUTPUT" + echo "new-version=${VERSION}" >> "$GITHUB_OUTPUT" + echo "version-label=${LABEL}" >> "$GITHUB_OUTPUT" env: CPE: ${{ steps.dependency.outputs.cpe }} CPE_PATTERN: "" @@ -111,4 +111,4 @@ jobs: labels: ${{ steps.buildpack.outputs.version-label }}, type:dependency-upgrade signoff: true title: Bump jattach from ${{ steps.buildpack.outputs.old-version }} to ${{ steps.buildpack.outputs.new-version }} - token: ${{ secrets.JAVA_GITHUB_TOKEN }} + token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }} diff --git a/.github/workflows/pb-update-pipeline.yml b/.github/workflows/pb-update-pipeline.yml index 598f5fc..710c660 100644 --- a/.github/workflows/pb-update-pipeline.yml +++ b/.github/workflows/pb-update-pipeline.yml @@ -57,12 +57,14 @@ jobs: git add .github/ git checkout -- . - echo "::set-output name=old-version::${OLD_VERSION}" - echo "::set-output name=new-version::${NEW_VERSION}" - echo "::set-output name=release-notes::${RELEASE_NOTES//$'\n'/%0A}" + echo "old-version=${OLD_VERSION}" >> "$GITHUB_OUTPUT" + echo "new-version=${NEW_VERSION}" >> "$GITHUB_OUTPUT" + + DELIMITER=$(openssl rand -hex 16) # roughly the same entropy as uuid v4 used in https://github.com/actions/toolkit/blob/b36e70495fbee083eb20f600eafa9091d832577d/packages/core/src/file-command.ts#L28 + printf "release-notes<<%s\n%s\n%s\n" "${DELIMITER}" "${RELEASE_NOTES}" "${DELIMITER}" >> "${GITHUB_OUTPUT}" # see https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings env: DESCRIPTOR: .github/pipeline-descriptor.yml - GITHUB_TOKEN: ${{ secrets.JAVA_GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }} - uses: peter-evans/create-pull-request@v4 with: author: ${{ secrets.JAVA_GITHUB_USERNAME }} <${{ secrets.JAVA_GITHUB_USERNAME }}@users.noreply.github.com> @@ -82,4 +84,4 @@ jobs: labels: semver:patch, type:task signoff: true title: Bump pipeline from ${{ steps.pipeline.outputs.old-version }} to ${{ steps.pipeline.outputs.new-version }} - token: ${{ secrets.JAVA_GITHUB_TOKEN }} + token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }} From 37fa7653224645de17eb2715389457616cd43bdd Mon Sep 17 00:00:00 2001 From: Daniel Mikusa Date: Tue, 31 Jan 2023 22:46:39 -0500 Subject: [PATCH 2/2] Update .github/pipeline-descriptor.yml --- .github/pipeline-descriptor.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/pipeline-descriptor.yml b/.github/pipeline-descriptor.yml index a884c43..eb96451 100644 --- a/.github/pipeline-descriptor.yml +++ b/.github/pipeline-descriptor.yml @@ -9,7 +9,7 @@ codeowners: package: repositories: ["docker.io/paketobuildpacks/jattach","gcr.io/paketo-buildpacks/jattach"] register: true - registry_token: ${ secrets.PAKETO_BOT_GITHUB_TOKEN } + registry_token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }} docker_credentials: - registry: gcr.io