2023-01-24 09:21:50 -05:00
|
|
|
name: Package hasher
|
|
|
|
|
|
|
|
on:
|
|
|
|
workflow_dispatch:
|
|
|
|
push:
|
|
|
|
branches:
|
|
|
|
- main
|
|
|
|
paths:
|
|
|
|
- ".github/workflows/package-hasher.yml"
|
|
|
|
- "hack/package-hasher/Containerfile.hasher.apk"
|
|
|
|
schedule:
|
|
|
|
- cron: "0 22 */3 * *" # every 3 days at 22:00 UTC
|
|
|
|
|
|
|
|
jobs:
|
|
|
|
hash:
|
|
|
|
runs-on: ubuntu-22.04
|
2023-01-31 10:31:40 -05:00
|
|
|
permissions:
|
|
|
|
contents: read
|
|
|
|
packages: write
|
2023-01-24 09:21:50 -05:00
|
|
|
steps:
|
|
|
|
- name: Only run on main branch
|
|
|
|
if: github.ref != 'refs/heads/main'
|
|
|
|
run: |
|
|
|
|
echo "::error::This workflow only runs on the main branch"
|
|
|
|
exit 1
|
|
|
|
|
|
|
|
- name: Checkout Constellation
|
|
|
|
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
|
|
|
with:
|
|
|
|
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
|
|
|
|
|
|
|
- name: Install oras
|
|
|
|
env:
|
2023-01-30 10:09:38 -05:00
|
|
|
ORAS_VERSION: "0.16.0"
|
2023-01-24 09:21:50 -05:00
|
|
|
run: |
|
|
|
|
curl -fsSLO "https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_${ORAS_VERSION}_linux_amd64.tar.gz"
|
|
|
|
mkdir -p oras-install/
|
2023-01-30 10:09:38 -05:00
|
|
|
tar -zxf "oras_${ORAS_VERSION}_linux_amd64.tar.gz" -C oras-install/
|
2023-01-24 09:21:50 -05:00
|
|
|
mv oras-install/oras /usr/local/bin/
|
2023-01-30 10:09:38 -05:00
|
|
|
rm -rf "oras_${ORAS_VERSION}_linux_amd64.tar.gz" oras-install/
|
2023-01-24 09:21:50 -05:00
|
|
|
|
|
|
|
- name: Run apk hasher
|
|
|
|
env:
|
|
|
|
DOCKER_BUILDKIT: 1
|
|
|
|
run: docker build -o apko -f hack/package-hasher/Containerfile.apk.hasher .
|
|
|
|
|
|
|
|
- name: Upload apk packages to container registry content addressed storage
|
|
|
|
working-directory: apko/repository-apk
|
|
|
|
run: |
|
|
|
|
oras push \
|
|
|
|
-u ${{ github.actor }} \
|
|
|
|
-p ${{ secrets.GITHUB_TOKEN }} \
|
|
|
|
ghcr.io/edgelesssys/constellation/packages-apk:latest ./*.apk
|
|
|
|
|
|
|
|
- name: Remove apk packages
|
|
|
|
working-directory: apko
|
|
|
|
run: rm -rf repository-apk
|
|
|
|
|
|
|
|
- name: Create new PR
|
|
|
|
uses: peter-evans/create-pull-request@2b011faafdcbc9ceb11414d64d0573f37c774b04 # v4.2.3
|
|
|
|
with:
|
|
|
|
branch: ci/hasher/apk
|
|
|
|
title: "deps: update apk package hashes"
|
|
|
|
commit-message: "deps: update apk package hashes"
|
|
|
|
body: |
|
|
|
|
:robot: *This is an automated PR.* :robot:
|
|
|
|
|
|
|
|
This PR updates (the hashes of) apk packages. It is generated by the package-hasher workflow.
|
|
|
|
committer: edgelessci <edgelessci@users.noreply.github.com>
|
|
|
|
labels: dependencies
|
2023-02-27 09:16:07 -05:00
|
|
|
# We need to push changes using a token, otherwise triggers like on:push and on:pull_request won't work.
|
|
|
|
token: ${{ !github.event.pull_request.head.repo.fork && secrets.TIDY_RENOVATE_PUSH || '' }}
|