Merge pull request #21 from initializ-buildpacks/automation/github-config/update

Updates github-config

Author: supriyasingh007

.github/dependabot.yml

@@ -16,3 +16,8 @@ updates:
       update-types:
       - "minor"
       - "patch"
+      exclude-patterns:
+      - "github.com/anchore/stereoscope"
+      - "github.com/testcontainers/testcontainers-go"
+      - "github.com/docker/docker"
+      - "github.com/containerd/containerd"

.github/workflows/create-draft-release.yml

@@ -52,11 +52,9 @@ jobs:
         go-version: 'stable'
     - name: Checkout
       uses: actions/checkout@v3
-    - run: git fetch --depth=1 origin +refs/tags/*:refs/tags/* || true
     - name: Run Integration Tests
-      run: ./scripts/integration.sh --use-token --builder ${{ matrix.builder }}
+      run: ./scripts/integration.sh --builder ${{ matrix.builder }} --token ${{ github.token }}
       env:
-        GIT_TOKEN: ${{ github.token }}
         TMPDIR: "${{ runner.temp }}"
 
   release:
@@ -70,7 +68,8 @@ jobs:
         go-version: 'stable'
     - name: Checkout
       uses: actions/checkout@v3
-    - run: git fetch --depth=1 origin +refs/tags/*:refs/tags/* || true
+      with:
+        fetch-tags: true
     - name: Reset Draft Release
       id: reset
       uses: initializ-buildpacks/github-config/actions/release/reset-draft@main

.github/workflows/lint.yml

@@ -16,7 +16,7 @@ jobs:
     - name: Setup Go
       uses: actions/setup-go@v3
       with:
-        go-version: 1.20.x
+        go-version: 'stable'
 
     - name: Checkout
       uses: actions/checkout@v3

.github/workflows/publish-releases.yml

@@ -0,0 +1,41 @@
+name: Publish Draft Releases
+
+on:
+  workflow_dispatch: {}
+  schedule:
+    - cron: '0 5 * * WED'  # Weekly on Wednesday at 5:00 AM UTC
+
+concurrency:
+  group: publish-release
+
+jobs:
+  publish:
+    name: Publish
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Publish Draft Release With Highest Semantic Version
+        id: drafts
+        env:
+          GITHUB_TOKEN: ${{ secrets.PAT }}
+        uses: initializ-buildpacks/github-config/actions/release/publish-drafts@main
+        with:
+          repo: ${{ github.repository }}
+
+  failure:
+    name: Alert on Failure
+    runs-on: ubuntu-22.04
+    needs: [ publish ]
+    if: ${{ always() && needs.publish.result == 'failure' }}
+    steps:
+      - name: File Failure Alert Issue
+        uses: initializ-buildpacks/github-config/actions/issue/file@main
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          repo: ${{ github.repository }}
+          label: "failure:release"
+          comment_if_exists: true
+          issue_title: "Failure: Publish draft releases"
+          issue_body: |
+            Publish All Draft Releases workflow [failed](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}).
+          comment_body: |
+             Another failure occurred: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}

.github/workflows/push-buildpackage.yml

@@ -5,6 +5,10 @@ on:
     types:
     - published
 
+permissions:
+  id-token: write 
+  contents: read
+
 jobs:
   push:
     name: Push
@@ -39,15 +43,6 @@ jobs:
           exit 1
         fi
 
-    - name: Push to GCR
-      env:
-        GCR_PUSH_BOT_JSON_KEY: ${{ secrets.GCR_PUSH_BOT_JSON_KEY }}
-      run: |
-        echo "${GCR_PUSH_BOT_JSON_KEY}" | sudo skopeo login --username _json_key --password-stdin gcr.io
-        sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://gcr.io/${{ github.repository }}:${{ steps.event.outputs.tag_full }}"
-        sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://gcr.io/${{ github.repository }}:${{ steps.event.outputs.tag_minor }}"
-        sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://gcr.io/${{ github.repository }}:${{ steps.event.outputs.tag_major }}"
-        sudo skopeo copy "oci-archive:${GITHUB_WORKSPACE}/buildpackage.cnb" "docker://gcr.io/${{ github.repository }}:latest"
 
     - name: Push to DockerHub
       id: push

.github/workflows/test-pull-request.yml

@@ -54,12 +54,9 @@ jobs:
     - name: Checkout
       uses: actions/checkout@v3
 
-    - run: git fetch --depth=1 origin +refs/tags/*:refs/tags/* || true
-
     - name: Run Integration Tests
-      run: ./scripts/integration.sh --use-token --builder ${{ matrix.builder }}
+      run: ./scripts/integration.sh --builder ${{ matrix.builder }} --token ${{ github.token }}
       env:
-        GIT_TOKEN: ${{ github.token }}
         TMPDIR: "${{ runner.temp }}"
 
   roundup:

.github/workflows/update-github-config.yml

@@ -27,7 +27,7 @@ jobs:
     - name: Checkout Branch
       uses: initializ-buildpacks/github-config/actions/pull-request/checkout-branch@main
       with:
-        branch: automation/github-config/update
+        branch: automations/github-config/update
 
     - name: Run the sync action
       uses: initializ-buildpacks/github-config/actions/sync@main
@@ -51,15 +51,15 @@ jobs:
       if: ${{ steps.commit.outputs.commit_sha != '' }}
       uses: initializ-buildpacks/github-config/actions/pull-request/push-branch@main
       with:
-        branch: automation/github-config/update
+        branch: automations/github-config/update
 
     - name: Open Pull Request
       if: ${{ steps.commit.outputs.commit_sha != '' }}
       uses: initializ-buildpacks/github-config/actions/pull-request/open@main
       with:
         token: ${{ secrets.PAT }}
         title: "Updates github-config"
-        branch: automation/github-config/update
+        branch: automations/github-config/update
 
   failure:
     name: Alert on Failure
@@ -70,7 +70,7 @@ jobs:
     - name: File Failure Alert Issue
       uses: initializ-buildpacks/github-config/actions/issue/file@main
       with:
-        token: ${{ secrets.PAT }}
+        token: ${{ secrets.GITHUB_TOKEN }}
         repo: ${{ github.repository }}
         label: "failure:update-github-config"
         comment_if_exists: true

.github/workflows/update-go-mod-version.yml

@@ -0,0 +1,93 @@
+name: Update Go version
+
+on:
+  schedule:
+    - cron: '48 4 * * MON'  # every monday at 4:48 UTC
+  workflow_dispatch:
+
+concurrency: update-go
+
+jobs:
+  update-go:
+    name: Update go toolchain in go.mod
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: Checkout PR Branch
+        uses: initializ-buildpacks/github-config/actions/pull-request/checkout-branch@main
+        with:
+          branch: automations/go-mod-update/update-main
+      - name: Setup Go
+        id: setup-go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 'stable'
+      - name: Get current go toolchain version
+        id: current-go-version
+        uses: initializ-buildpacks/github-config/actions/update-go-mod-version@main
+        with:
+          go-version: ${{ steps.setup-go.outputs.go-version }}
+      - name: Go mod tidy
+        run: |
+          #!/usr/bin/env bash
+          set -euo pipefail
+          shopt -s inherit_errexit
+
+          echo "Before running go mod tidy"
+          echo "head -n10 go.mod "
+          head -n10 go.mod
+
+          echo "git diff"
+          git diff
+
+          echo "Running go mod tidy"
+          go mod tidy
+
+          echo "After running go mod tidy"
+          echo "head -n10 go.mod "
+          head -n10 go.mod
+
+          echo "git diff"
+          git diff
+      - name: Commit
+        id: commit
+        uses: initializ-buildpacks/github-config/actions/pull-request/create-commit@main
+        with:
+          message: "Updates go mod version to ${{ steps.setup-go.outputs.go-version }}"
+          pathspec: "."
+          keyid: ${{ secrets.INITIALIZ_BOT_GPG_SIGNING_KEY_ID }}
+          key: ${{ secrets.INITIALIZ_BOT_GPG_SIGNING_KEY }}
+
+      - name: Push Branch
+        if: ${{ steps.commit.outputs.commit_sha != '' }}
+        uses: initializ-buildpacks/github-config/actions/pull-request/push-branch@main
+        with:
+          branch: automations/go-mod-update/update-main
+
+      - name: Open Pull Request
+        if: ${{ steps.commit.outputs.commit_sha != '' }}
+        uses: initializ-buildpacks/github-config/actions/pull-request/open@main
+        with:
+          token: ${{ secrets.PAT }}
+          title: "Updates go mod version to ${{ steps.setup-go.outputs.go-version }}"
+          branch: automations/go-mod-update/update-main
+
+  failure:
+    name: Alert on Failure
+    runs-on: ubuntu-22.04
+    needs: [update-go]
+    if: ${{ always() && needs.update-go.result == 'failure' }}
+    steps:
+      - name: File Failure Alert Issue
+        uses: initializ-buildpacks/github-config/actions/issue/file@main
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          repo: ${{ github.repository }}
+          label: "failure:update-go-version"
+          comment_if_exists: true
+          issue_title: "Failure: Update Go Mod Version workflow"
+          issue_body: |
+            Update Go Mod Version workflow [failed](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}).
+          comment_body: |
+            Another failure occurred: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}

scripts/.util/builders.sh

@@ -19,7 +19,7 @@ function util::builders::list() {
 
   if [[ -z "${builders}" ]]; then
     util::print::info "No builders specified. Falling back to default builder..."
-    builders="$(jq --compact-output --null-input '["index.docker.io/paketobuildpacks/builder-jammy-full:latest"]')"
+    builders="$(jq --compact-output --null-input '["index.docker.io/initializbuildpacks/securepacks-initzbuilder:latest"]')"
   fi
 
   echo "${builders}"