From 555d6a9ba422cc152c5ec31ecf19686047f3b0dc Mon Sep 17 00:00:00 2001 From: zhijie-yang Date: Tue, 11 Feb 2025 16:42:48 +0000 Subject: [PATCH 01/15] ci: automatically update oci/opentelemetry-collector/_releases.json, from https://github.com/canonical/oci-factory/actions/runs/13262359722 --- oci/opentelemetry-collector/_releases.json | 47 ++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 oci/opentelemetry-collector/_releases.json diff --git a/oci/opentelemetry-collector/_releases.json b/oci/opentelemetry-collector/_releases.json new file mode 100644 index 00000000..39e8260d --- /dev/null +++ b/oci/opentelemetry-collector/_releases.json @@ -0,0 +1,47 @@ +{ + "0-24.04": { + "end-of-life": "2025-04-18T00:00:00Z", + "stable": { + "target": "1" + }, + "candidate": { + "target": "0-24.04_stable" + }, + "beta": { + "target": "0-24.04_candidate" + }, + "edge": { + "target": "0-24.04_beta" + } + }, + "0.118-24.04": { + "end-of-life": "2025-04-18T00:00:00Z", + "stable": { + "target": "1" + }, + "candidate": { + "target": "0.118-24.04_stable" + }, + "beta": { + "target": "0.118-24.04_candidate" + }, + "edge": { + "target": "0.118-24.04_beta" + } + }, + "0.118.0-24.04": { + "end-of-life": "2025-04-18T00:00:00Z", + "stable": { + "target": "1" + }, + "candidate": { + "target": "0.118.0-24.04_stable" + }, + "beta": { + "target": "0.118.0-24.04_candidate" + }, + "edge": { + "target": "0.118.0-24.04_beta" + } + } +} \ No newline at end of file From 1e5403b673887f955a0e305f0341d3c8c4e6bd9e Mon Sep 17 00:00:00 2001 From: Alessandro Cabbia Date: Thu, 13 Feb 2025 10:36:21 +0000 Subject: [PATCH 02/15] feat: add glauth to oci-factory (#353) --- oci/glauth/.trivyignore | 2 ++ oci/glauth/contacts.yaml | 7 ++++++ oci/glauth/documentation.yaml | 40 +++++++++++++++++++++++++++++++++++ oci/glauth/image.yaml | 12 +++++++++++ 4 files changed, 61 insertions(+) create mode 100644 oci/glauth/.trivyignore create mode 100644 oci/glauth/contacts.yaml create mode 100644 oci/glauth/documentation.yaml create mode 100644 oci/glauth/image.yaml diff --git a/oci/glauth/.trivyignore b/oci/glauth/.trivyignore new file mode 100644 index 00000000..9bff5ba4 --- /dev/null +++ b/oci/glauth/.trivyignore @@ -0,0 +1,2 @@ +# Upstream CVEs + diff --git a/oci/glauth/contacts.yaml b/oci/glauth/contacts.yaml new file mode 100644 index 00000000..a0665c00 --- /dev/null +++ b/oci/glauth/contacts.yaml @@ -0,0 +1,7 @@ +notify: + emails: + - identity.charmers@lists.launchpad.net + mattermost-channels: + - ofi4for9obfq8m978h318x56ar +maintainers: + - canonical-iam diff --git a/oci/glauth/documentation.yaml b/oci/glauth/documentation.yaml new file mode 100644 index 00000000..3d71b1cc --- /dev/null +++ b/oci/glauth/documentation.yaml @@ -0,0 +1,40 @@ +version: 1 +application: glauth +is_chiselled: True +description: | + Go-lang LDAP Authentication (GLAuth) is a secure, easy-to-use, LDAP server w/ configurable + backends. Use it to centralize account management across your Linux servers, your OSX machines, + and your support applications (Jenkins, Apache/Nginx, Graylog2, and many more!). + * Centrally manage accounts across your infrastructure + * Centrally manage SSH keys, Linux accounts, and passwords for cloud servers. + * Lightweight alternative to OpenLDAP and Active Directory for development, or a homelab. + * Store your user directory in a file, local or in S3; SQL database; or proxy to existing LDAP servers. + * Two Factor Authentication (transparent to applications) + * Multiple backends can be chained to inject features +docker: + parameters: + - -p 3893:3893 # ldap + - -p 3894:3894 # ldaps + - -p 5555:5555 # ui and prometheus metrics + access: Access the LDAP server on "ldap://localhost:3893" +parameters: + - type: -p + value: '3893:3893' + description: LDAP port. + - type: -p + value: '3894:3894' + description: LDAPS port. + - type: -p + value: '5555:5555' + description: UI and metrics port. + - type: -v + value: '/path/to/glauth/config.cfg:/glauth.cfg' + description: > + GLAuth config contains all the information needed to successfully configure a basic LDAP + server, see https://github.com/glauth/glauth/blob/master/v2/sample-simple.cfg as a reference + - type: CMD + value: "glauth -c /glauth.cfg" + description: > + Launch GLAuth server with a set config. +debug: + text: "" diff --git a/oci/glauth/image.yaml b/oci/glauth/image.yaml new file mode 100644 index 00000000..05cb39c3 --- /dev/null +++ b/oci/glauth/image.yaml @@ -0,0 +1,12 @@ +version: 1 +upload: + - source: "canonical/glauth-rock" + commit: 388696fcf8976768cf84d551bde84f0bf1ae2e35 + directory: . + release: + 2-22.04: + risks: + - stable + - candidate + - edge + end-of-life: "2025-05-01T00:00:00Z" From 8544ed36a3d2dd3a464a4a2ca93735b8ce62f01b Mon Sep 17 00:00:00 2001 From: zhijie-yang Date: Thu, 13 Feb 2025 10:38:50 +0000 Subject: [PATCH 03/15] ci: automatically update oci/openfga/_releases.json, from https://github.com/canonical/oci-factory/actions/runs/13262590980 --- oci/openfga/_releases.json | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 oci/openfga/_releases.json diff --git a/oci/openfga/_releases.json b/oci/openfga/_releases.json new file mode 100644 index 00000000..6e450f27 --- /dev/null +++ b/oci/openfga/_releases.json @@ -0,0 +1,17 @@ +{ + "1-22.04": { + "end-of-life": "2025-05-01T00:00:00Z", + "stable": { + "target": "2" + }, + "candidate": { + "target": "2" + }, + "edge": { + "target": "2" + }, + "beta": { + "target": "1-22.04_candidate" + } + } +} \ No newline at end of file From cd0b719102f44aee3c369d7bd18b011f743d9db1 Mon Sep 17 00:00:00 2001 From: zhijie-yang Date: Thu, 13 Feb 2025 10:48:47 +0000 Subject: [PATCH 04/15] ci: automatically update oci/glauth/_releases.json, from https://github.com/canonical/oci-factory/actions/runs/13305762273 --- oci/glauth/_releases.json | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 oci/glauth/_releases.json diff --git a/oci/glauth/_releases.json b/oci/glauth/_releases.json new file mode 100644 index 00000000..63ac6395 --- /dev/null +++ b/oci/glauth/_releases.json @@ -0,0 +1,17 @@ +{ + "2-22.04": { + "end-of-life": "2025-05-01T00:00:00Z", + "stable": { + "target": "1" + }, + "candidate": { + "target": "1" + }, + "edge": { + "target": "1" + }, + "beta": { + "target": "2-22.04_candidate" + } + } +} \ No newline at end of file From 17c4d1aa911895f9541023f465678b6c531cc719 Mon Sep 17 00:00:00 2001 From: Noctua Date: Fri, 14 Feb 2025 16:23:20 +0100 Subject: [PATCH 05/15] chore: Add new opentelemetry-collector releases (#358) Co-authored-by: lucabello --- oci/opentelemetry-collector/image.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/oci/opentelemetry-collector/image.yaml b/oci/opentelemetry-collector/image.yaml index 6872e04f..f30c8b53 100644 --- a/oci/opentelemetry-collector/image.yaml +++ b/oci/opentelemetry-collector/image.yaml @@ -1,18 +1,18 @@ version: 1 upload: - source: canonical/opentelemetry-collector-rock - commit: 9169b0160226c79500eb0450c500a93ea3eb65f4 - directory: 0.118.0 + commit: d74173a97927b2689613c9f659a25bdd228c0e53 + directory: 0.119.0 release: 0-24.04: - end-of-life: '2025-04-18T00:00:00Z' + end-of-life: '2025-05-16T00:00:00Z' risks: - stable - 0.118-24.04: - end-of-life: '2025-04-18T00:00:00Z' + 0.119-24.04: + end-of-life: '2025-05-16T00:00:00Z' risks: - stable - 0.118.0-24.04: - end-of-life: '2025-04-18T00:00:00Z' + 0.119.0-24.04: + end-of-life: '2025-05-16T00:00:00Z' risks: - stable From 00da5a09028e14a708d93610a070f473076d5e2f Mon Sep 17 00:00:00 2001 From: cjdcordeiro Date: Fri, 14 Feb 2025 15:38:05 +0000 Subject: [PATCH 06/15] ci: automatically update oci/opentelemetry-collector/_releases.json, from https://github.com/canonical/oci-factory/actions/runs/13332189447 --- oci/opentelemetry-collector/_releases.json | 34 ++++++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) diff --git a/oci/opentelemetry-collector/_releases.json b/oci/opentelemetry-collector/_releases.json index 39e8260d..c76bb6c8 100644 --- a/oci/opentelemetry-collector/_releases.json +++ b/oci/opentelemetry-collector/_releases.json @@ -1,8 +1,8 @@ { "0-24.04": { - "end-of-life": "2025-04-18T00:00:00Z", + "end-of-life": "2025-05-16T00:00:00Z", "stable": { - "target": "1" + "target": "2" }, "candidate": { "target": "0-24.04_stable" @@ -43,5 +43,35 @@ "edge": { "target": "0.118.0-24.04_beta" } + }, + "0.119-24.04": { + "end-of-life": "2025-05-16T00:00:00Z", + "stable": { + "target": "2" + }, + "candidate": { + "target": "0.119-24.04_stable" + }, + "beta": { + "target": "0.119-24.04_candidate" + }, + "edge": { + "target": "0.119-24.04_beta" + } + }, + "0.119.0-24.04": { + "end-of-life": "2025-05-16T00:00:00Z", + "stable": { + "target": "2" + }, + "candidate": { + "target": "0.119.0-24.04_stable" + }, + "beta": { + "target": "0.119.0-24.04_candidate" + }, + "edge": { + "target": "0.119.0-24.04_beta" + } } } \ No newline at end of file From a530a3e44e941eef23a68425e968b8a463b5813c Mon Sep 17 00:00:00 2001 From: Noctua Date: Fri, 14 Feb 2025 17:12:34 +0100 Subject: [PATCH 07/15] chore: Add new loki releases (#356) Co-authored-by: observability-noctua-bot --- oci/loki/image.yaml | 32 ++++++++------------------------ 1 file changed, 8 insertions(+), 24 deletions(-) diff --git a/oci/loki/image.yaml b/oci/loki/image.yaml index d46fb5bc..6dbd5f64 100644 --- a/oci/loki/image.yaml +++ b/oci/loki/image.yaml @@ -1,34 +1,18 @@ version: 1 upload: - source: canonical/loki-rock - commit: fefb865d4becf7f9621330dc7b2e0aadd57e4099 - directory: 2.9.6 + commit: e9a2206bbeb788695062e9307a3378ce683e82f9 + directory: 3.4.1 release: - 2.9.6-22.04: - end-of-life: "2025-05-28T00:00:00Z" + 3-24.04: + end-of-life: '2025-05-16T00:00:00Z' risks: - stable - 2.9-22.04: - end-of-life: "2025-05-28T00:00:00Z" + 3.4-24.04: + end-of-life: '2025-05-16T00:00:00Z' risks: - stable - 2-22.04: - end-of-life: "2025-05-28T00:00:00Z" - risks: - - stable - - source: canonical/loki-rock - commit: fefb865d4becf7f9621330dc7b2e0aadd57e4099 - directory: 3.0.0 - release: - 3.0.0-22.04: - end-of-life: "2025-05-28T00:00:00Z" - risks: - - stable - 3.0-22.04: - end-of-life: "2025-05-28T00:00:00Z" - risks: - - stable - 3-22.04: - end-of-life: "2025-05-28T00:00:00Z" + 3.4.1-24.04: + end-of-life: '2025-05-16T00:00:00Z' risks: - stable From bd605380e055146e00cc91973a4c97b776b8909b Mon Sep 17 00:00:00 2001 From: cjdcordeiro Date: Fri, 14 Feb 2025 16:29:35 +0000 Subject: [PATCH 08/15] ci: automatically update oci/loki/_releases.json, from https://github.com/canonical/oci-factory/actions/runs/13333043361 --- oci/loki/_releases.json | 45 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/oci/loki/_releases.json b/oci/loki/_releases.json index 680c5caa..d8d6bc4b 100644 --- a/oci/loki/_releases.json +++ b/oci/loki/_releases.json @@ -178,5 +178,50 @@ "edge": { "target": "90" } + }, + "3-24.04": { + "end-of-life": "2025-05-16T00:00:00Z", + "stable": { + "target": "91" + }, + "candidate": { + "target": "3-24.04_stable" + }, + "beta": { + "target": "3-24.04_candidate" + }, + "edge": { + "target": "3-24.04_beta" + } + }, + "3.4-24.04": { + "end-of-life": "2025-05-16T00:00:00Z", + "stable": { + "target": "91" + }, + "candidate": { + "target": "3.4-24.04_stable" + }, + "beta": { + "target": "3.4-24.04_candidate" + }, + "edge": { + "target": "3.4-24.04_beta" + } + }, + "3.4.1-24.04": { + "end-of-life": "2025-05-16T00:00:00Z", + "stable": { + "target": "91" + }, + "candidate": { + "target": "3.4.1-24.04_stable" + }, + "beta": { + "target": "3.4.1-24.04_candidate" + }, + "edge": { + "target": "3.4.1-24.04_beta" + } } } \ No newline at end of file From b750ba494dbb7d66490e7b2692ffc018cf82bed3 Mon Sep 17 00:00:00 2001 From: Noctua Date: Mon, 17 Feb 2025 10:07:51 +0100 Subject: [PATCH 09/15] chore: Add new loki releases (#359) Co-authored-by: observability-noctua-bot --- oci/loki/image.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/oci/loki/image.yaml b/oci/loki/image.yaml index 6dbd5f64..af9272ca 100644 --- a/oci/loki/image.yaml +++ b/oci/loki/image.yaml @@ -1,18 +1,18 @@ version: 1 upload: - source: canonical/loki-rock - commit: e9a2206bbeb788695062e9307a3378ce683e82f9 - directory: 3.4.1 + commit: 4eb743291bad1ea53d79a338c5b32c5fdee1a649 + directory: 3.4.2 release: 3-24.04: - end-of-life: '2025-05-16T00:00:00Z' + end-of-life: '2025-05-18T00:00:00Z' risks: - stable 3.4-24.04: - end-of-life: '2025-05-16T00:00:00Z' + end-of-life: '2025-05-18T00:00:00Z' risks: - stable - 3.4.1-24.04: - end-of-life: '2025-05-16T00:00:00Z' + 3.4.2-24.04: + end-of-life: '2025-05-18T00:00:00Z' risks: - stable From 09bc02c2b651f1fb3075a4c23ffec76f3b868c4a Mon Sep 17 00:00:00 2001 From: Noctua Date: Mon, 17 Feb 2025 10:22:46 +0100 Subject: [PATCH 10/15] chore: Add new grafana-agent releases (#339) Co-authored-by: lucabello --- oci/grafana-agent/image.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/oci/grafana-agent/image.yaml b/oci/grafana-agent/image.yaml index 6215c6bb..24b5b1cc 100644 --- a/oci/grafana-agent/image.yaml +++ b/oci/grafana-agent/image.yaml @@ -1,18 +1,18 @@ version: 1 upload: - source: canonical/grafana-agent-rock - commit: d3c1eaec89c38897141ff2b5b2e549664dea3992 - directory: 0.43.4 + commit: c47016c42c66c2d2b9a8f3bba6ed48feca714f9f + directory: 0.44.2 release: 0-24.04: - end-of-life: '2025-03-12T00:00:00Z' + end-of-life: '2025-05-02T00:00:00Z' risks: - stable - 0.43-24.04: - end-of-life: '2025-03-12T00:00:00Z' + 0.44-24.04: + end-of-life: '2025-05-02T00:00:00Z' risks: - stable - 0.43.4-24.04: - end-of-life: '2025-03-12T00:00:00Z' + 0.44.2-24.04: + end-of-life: '2025-05-02T00:00:00Z' risks: - stable From bc6e834fd65e11761ac511395d064fcba6e052c7 Mon Sep 17 00:00:00 2001 From: zhijie-yang Date: Mon, 17 Feb 2025 09:23:14 +0000 Subject: [PATCH 11/15] ci: automatically update oci/loki/_releases.json, from https://github.com/canonical/oci-factory/actions/runs/13366627805 --- oci/loki/_releases.json | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/oci/loki/_releases.json b/oci/loki/_releases.json index d8d6bc4b..b04529b9 100644 --- a/oci/loki/_releases.json +++ b/oci/loki/_releases.json @@ -180,9 +180,9 @@ } }, "3-24.04": { - "end-of-life": "2025-05-16T00:00:00Z", + "end-of-life": "2025-05-18T00:00:00Z", "stable": { - "target": "91" + "target": "92" }, "candidate": { "target": "3-24.04_stable" @@ -195,9 +195,9 @@ } }, "3.4-24.04": { - "end-of-life": "2025-05-16T00:00:00Z", + "end-of-life": "2025-05-18T00:00:00Z", "stable": { - "target": "91" + "target": "92" }, "candidate": { "target": "3.4-24.04_stable" @@ -223,5 +223,20 @@ "edge": { "target": "3.4.1-24.04_beta" } + }, + "3.4.2-24.04": { + "end-of-life": "2025-05-18T00:00:00Z", + "stable": { + "target": "92" + }, + "candidate": { + "target": "3.4.2-24.04_stable" + }, + "beta": { + "target": "3.4.2-24.04_candidate" + }, + "edge": { + "target": "3.4.2-24.04_beta" + } } } \ No newline at end of file From 0e8658d2912d34d6fb5ba59829a0f6bf9cf6cbeb Mon Sep 17 00:00:00 2001 From: zhijie-yang Date: Mon, 17 Feb 2025 09:42:56 +0000 Subject: [PATCH 12/15] ci: automatically update oci/grafana-agent/_releases.json, from https://github.com/canonical/oci-factory/actions/runs/13366902880 --- oci/grafana-agent/_releases.json | 34 ++++++++++++++++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) diff --git a/oci/grafana-agent/_releases.json b/oci/grafana-agent/_releases.json index 115c9126..cdc4ee21 100644 --- a/oci/grafana-agent/_releases.json +++ b/oci/grafana-agent/_releases.json @@ -270,9 +270,9 @@ } }, "0-24.04": { - "end-of-life": "2025-03-12T00:00:00Z", + "end-of-life": "2025-05-02T00:00:00Z", "stable": { - "target": "79" + "target": "80" }, "candidate": { "target": "0-24.04_stable" @@ -313,5 +313,35 @@ "edge": { "target": "0.43.4-24.04_beta" } + }, + "0.44-24.04": { + "end-of-life": "2025-05-02T00:00:00Z", + "stable": { + "target": "80" + }, + "candidate": { + "target": "0.44-24.04_stable" + }, + "beta": { + "target": "0.44-24.04_candidate" + }, + "edge": { + "target": "0.44-24.04_beta" + } + }, + "0.44.2-24.04": { + "end-of-life": "2025-05-02T00:00:00Z", + "stable": { + "target": "80" + }, + "candidate": { + "target": "0.44.2-24.04_stable" + }, + "beta": { + "target": "0.44.2-24.04_candidate" + }, + "edge": { + "target": "0.44.2-24.04_beta" + } } } \ No newline at end of file From a0444a09a94a0dc57d53f0b4dc44205e364ac680 Mon Sep 17 00:00:00 2001 From: Adrian Clay Lake Date: Tue, 18 Feb 2025 00:05:19 +0100 Subject: [PATCH 13/15] feat: Private Token for Build-Rock and Test-Rock Workflows (#347) --- .github/actions/checkout/action.yaml | 10 ++++++++++ .github/workflows/Build-Rock.yaml | 14 +++++++++++--- .github/workflows/Image.yaml | 4 ++-- .github/workflows/Test-Rock.yaml | 8 ++++++-- README.md | 24 ++++++++++++++++++++++++ oci/mock-rock/_releases.json | 14 +++++++------- 6 files changed, 60 insertions(+), 14 deletions(-) diff --git a/.github/actions/checkout/action.yaml b/.github/actions/checkout/action.yaml index f2f0dcf1..3ab93938 100644 --- a/.github/actions/checkout/action.yaml +++ b/.github/actions/checkout/action.yaml @@ -18,6 +18,10 @@ inputs: github-server-url: description: 'The base URL for the GitHub instance that you are trying to clone from' default: 'https://github.com' + token: + description: "Github token for pulling from private repositories" + default: '' + required: false runs: using: "composite" @@ -34,6 +38,12 @@ runs: git_url="${{ inputs.github-server-url }}/${{ inputs.repository }}.git" fi + # if a token is provided, use it + if ! [[ -z "${{ inputs.token }}" ]]; then + protocol=$(echo "$git_url" | grep -oE '^[a-zA-Z]+://') + git_url="${git_url/${protocol}/${protocol}${{ inputs.token }}@}" + fi + # create repo path relative to GITHUB_WORKSPACE as per actions/checkout@v4 repo_path="$GITHUB_WORKSPACE/${{ inputs.path }}" diff --git a/.github/workflows/Build-Rock.yaml b/.github/workflows/Build-Rock.yaml index 4a24bb13..6ca7dcf1 100644 --- a/.github/workflows/Build-Rock.yaml +++ b/.github/workflows/Build-Rock.yaml @@ -35,7 +35,13 @@ on: description: "Enable fallback to Launchpad build when runners for target arch are not available." type: boolean default: false - + + secrets: + # authentication parameters + host-github-token: + description: "GitHub token from repository executing this workflow." + source-github-token: + description: "GitHub token for pulling a Rockcraft project from a private repository." env: ROCK_REPO_DIR: rock-repo # path where the image repo is cloned into ROCK_CI_FOLDER: ci-rocks # path of uploaded/downloaded artifacts @@ -53,13 +59,12 @@ jobs: steps: - name: Get Workflow Version - # Note: we may need to pass a github token when working with private repositories. - # https://github.com/canonical/get-workflow-version-action id: workflow-version uses: canonical/get-workflow-version-action@v1 with: repository-name: canonical/oci-factory file-name: Build-Rock.yaml + github-token: ${{ secrets.host-github-token }} - name: Cloning OCI Factory uses: actions/checkout@v4 @@ -75,6 +80,7 @@ jobs: path: ${{ env.ROCK_REPO_DIR }} ref: ${{ inputs.rock-repo-commit }} submodules: "recursive" + token: ${{ secrets.source-github-token }} - name: Installing Python uses: actions/setup-python@v5 @@ -118,6 +124,7 @@ jobs: path: ${{ env.ROCK_REPO_DIR }} ref: ${{ inputs.rock-repo-commit }} submodules: "recursive" + token: ${{ secrets.source-github-token }} - name: Building Target id: rockcraft @@ -167,6 +174,7 @@ jobs: path: ${{ env.ROCK_REPO_DIR }} ref: ${{ inputs.rock-repo-commit }} submodules: "recursive" + token: ${{ secrets.source-github-token }} - name: Building Target # TODO: Replace this retry action with bash equivalent for better testing diff --git a/.github/workflows/Image.yaml b/.github/workflows/Image.yaml index 557b6dbe..6bb4f77b 100644 --- a/.github/workflows/Image.yaml +++ b/.github/workflows/Image.yaml @@ -399,7 +399,7 @@ jobs: run: | oci_images="${PWD}/images-oci" rm -fr $oci_images - mkdir -p $oci_images + mkdir -p $oci_images tar -xf ${{ steps.rename-oci-archive.outputs.name }} -C $oci_images @@ -485,7 +485,7 @@ jobs: do ret=0 release=$(jq -er .release < ${{ env.REVISION_DATA_DIR }}/$revision_file) || ret=1 - + if [ $ret -eq 1 ] then echo "Revision $revision_file not marked for release" diff --git a/.github/workflows/Test-Rock.yaml b/.github/workflows/Test-Rock.yaml index 651b83a2..32f9a2de 100644 --- a/.github/workflows/Test-Rock.yaml +++ b/.github/workflows/Test-Rock.yaml @@ -45,6 +45,11 @@ on: default: true type: boolean + secrets: + # authentication parameters + host-github-token: + description: "GitHub token from repository executing this workflow." + env: VULNERABILITY_REPORT_SUFFIX: ".vulnerability-report.json" # TODO: inherit string from caller TEST_IMAGE_NAME: "test-img" @@ -66,13 +71,12 @@ jobs: steps: - name: Get Workflow Version - # Note: we may need to pass a github token when working with private repositories. - # https://github.com/canonical/get-workflow-version-action id: workflow-version uses: canonical/get-workflow-version-action@v1 with: repository-name: canonical/oci-factory file-name: Test-Rock.yaml + github-token: ${{ secrets.host-github-token }} - name: Cloning OCI Factory uses: actions/checkout@v4 diff --git a/README.md b/README.md index 317d2f09..6ff270a3 100644 --- a/README.md +++ b/README.md @@ -407,6 +407,15 @@ supported through Launchpad build services. - [Building an external Rock](https://github.com/canonical/rocks-toolbox/blob/main/.github/workflows/oci-factory_build_external_rock.yaml) - Build a Chiseled-Python Rock from an external repository using a specified Git commit hash. + +**Note on Private Repositories** +When using reusable workflows with private repositories, one or more GitHub +tokens must be provided. If the repository executing the workflow is private, +the `host-github-token` is required. If the source repository containing the +rockcraft.yaml file is private, the `source-github-token` must be provided. In +many cases, these repositories are the same, meaning both `host-github-token` and +`source-github-token` are required and should use the same token. + **Workflow Inputs:** | Property | Required | Type | Description | |---|---|---|---| @@ -418,6 +427,14 @@ supported through Launchpad build services. | `arch-map` | False | JSON str | JSON string mapping target architecture to runners. | | `lpci-fallback` | False | bool | Enable fallback to Launchpad build when runners for target arch are not available. | +**Workflow Secrets:** + +_See Note on Private Repositories._ +| Property | Required | Description | +|---|---|---| +| `source-github-token` | False | GitHub token for pulling a Rockcraft project from a private repository. | +| `host-github-token` | False | GitHub token from repository executing this workflow. | + ### Test-Rock Workflow The [Test-Rock workflow](.github/workflows/Test-Rock.yaml) @@ -458,3 +475,10 @@ needed. |`test-vulnerabilities`| False | bool | Enable Trivy vulnerability test. Enabled by default. | |`trivyignore-path`| False | str | Optional path to `.trivyignore` file used in vulnerability scan. | |`test-malware`| False | bool | Enable ClamAV malware test. Enabled by default. | + +**Workflow Secrets:** + +_See Note on Private Repositories._ +| Property | Required | Description | +|---|---|---| +| `host-github-token` | False | GitHub token from repository executing this workflow. | diff --git a/oci/mock-rock/_releases.json b/oci/mock-rock/_releases.json index b67eeb8a..fdb09cb2 100644 --- a/oci/mock-rock/_releases.json +++ b/oci/mock-rock/_releases.json @@ -35,31 +35,31 @@ "1.1-22.04": { "end-of-life": "2030-05-01T00:00:00Z", "candidate": { - "target": "1152" + "target": "1161" }, "beta": { - "target": "1152" + "target": "1161" }, "edge": { - "target": "1152" + "target": "1161" } }, "1-22.04": { "end-of-life": "2030-05-01T00:00:00Z", "candidate": { - "target": "1152" + "target": "1161" }, "beta": { - "target": "1152" + "target": "1161" }, "edge": { - "target": "1152" + "target": "1161" } }, "1.2-22.04": { "end-of-life": "2030-05-01T00:00:00Z", "beta": { - "target": "1153" + "target": "1162" }, "edge": { "target": "1.2-22.04_beta" From 6a8bb69489b6729149643af032b7cde8d2dd9771 Mon Sep 17 00:00:00 2001 From: zhijie-yang Date: Mon, 17 Feb 2025 23:15:13 +0000 Subject: [PATCH 14/15] ci: automatically update oci/mock-rock/_releases.json, from https://github.com/canonical/oci-factory/actions/runs/13379906373 --- oci/mock-rock/_releases.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/oci/mock-rock/_releases.json b/oci/mock-rock/_releases.json index fdb09cb2..66ba4f46 100644 --- a/oci/mock-rock/_releases.json +++ b/oci/mock-rock/_releases.json @@ -35,31 +35,31 @@ "1.1-22.04": { "end-of-life": "2030-05-01T00:00:00Z", "candidate": { - "target": "1161" + "target": "1164" }, "beta": { - "target": "1161" + "target": "1164" }, "edge": { - "target": "1161" + "target": "1164" } }, "1-22.04": { "end-of-life": "2030-05-01T00:00:00Z", "candidate": { - "target": "1161" + "target": "1164" }, "beta": { - "target": "1161" + "target": "1164" }, "edge": { - "target": "1161" + "target": "1164" } }, "1.2-22.04": { "end-of-life": "2030-05-01T00:00:00Z", "beta": { - "target": "1162" + "target": "1165" }, "edge": { "target": "1.2-22.04_beta" From 8585bdd28c341ca2a25599f616e8279cf80d87e0 Mon Sep 17 00:00:00 2001 From: zhijie-yang Date: Wed, 19 Feb 2025 16:14:18 +0100 Subject: [PATCH 15/15] chore(ci): bump cla check to v2 --- .github/workflows/CLA-Check.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/CLA-Check.yaml b/.github/workflows/CLA-Check.yaml index f42cf707..50150431 100644 --- a/.github/workflows/CLA-Check.yaml +++ b/.github/workflows/CLA-Check.yaml @@ -6,7 +6,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Check if CLA signed - uses: canonical/has-signed-canonical-cla@v1 + uses: canonical/has-signed-canonical-cla@v2 with: # This is to avoid failing the checks for ROCKsBot accept-existing-contributors: true