mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
5dad9bfad7
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
73 lines
2.5 KiB
YAML
73 lines
2.5 KiB
YAML
name: Package hasher
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
push:
|
|
branches:
|
|
- main
|
|
paths:
|
|
- ".github/workflows/package-hasher.yml"
|
|
- "hack/package-hasher/Containerfile.hasher.apk"
|
|
schedule:
|
|
- cron: "0 22 */3 * *" # every 3 days at 22:00 UTC
|
|
|
|
jobs:
|
|
hash:
|
|
runs-on: ubuntu-22.04
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
steps:
|
|
- name: Only run on main branch
|
|
if: github.ref != 'refs/heads/main'
|
|
run: |
|
|
echo "::error::This workflow only runs on the main branch"
|
|
exit 1
|
|
|
|
- name: Checkout Constellation
|
|
uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
|
|
with:
|
|
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
|
|
|
- name: Install oras
|
|
env:
|
|
ORAS_VERSION: "0.16.0"
|
|
run: |
|
|
curl -fsSLO "https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_${ORAS_VERSION}_linux_amd64.tar.gz"
|
|
mkdir -p oras-install/
|
|
tar -zxf "oras_${ORAS_VERSION}_linux_amd64.tar.gz" -C oras-install/
|
|
mv oras-install/oras /usr/local/bin/
|
|
rm -rf "oras_${ORAS_VERSION}_linux_amd64.tar.gz" oras-install/
|
|
|
|
- name: Run apk hasher
|
|
env:
|
|
DOCKER_BUILDKIT: 1
|
|
run: docker build -o apko -f hack/package-hasher/Containerfile.apk.hasher .
|
|
|
|
- name: Upload apk packages to container registry content addressed storage
|
|
working-directory: apko/repository-apk
|
|
run: |
|
|
oras push \
|
|
-u ${{ github.actor }} \
|
|
-p ${{ secrets.GITHUB_TOKEN }} \
|
|
ghcr.io/edgelesssys/constellation/packages-apk:latest ./*.apk
|
|
|
|
- name: Remove apk packages
|
|
working-directory: apko
|
|
run: rm -rf repository-apk
|
|
|
|
- name: Create new PR
|
|
uses: peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 # v4.2.4
|
|
with:
|
|
branch: ci/hasher/apk
|
|
title: "deps: update apk package hashes"
|
|
commit-message: "deps: update apk package hashes"
|
|
body: |
|
|
:robot: *This is an automated PR.* :robot:
|
|
|
|
This PR updates (the hashes of) apk packages. It is generated by the package-hasher workflow.
|
|
committer: edgelessci <edgelessci@users.noreply.github.com>
|
|
labels: dependencies
|
|
# We need to push changes using a token, otherwise triggers like on:push and on:pull_request won't work.
|
|
token: ${{ !github.event.pull_request.head.repo.fork && secrets.CI_COMMIT_PUSH_PR || '' }}
|