ci: use uds task instead of GH action for registry login (#162)

## Description Due to intermittent login issues that fail CI workflow runs, we would benefit from being able to retry logins with some delay between retries. This would move from using the GH Actions docker/login-action to a uds run task for registry logins. ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [ ] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request) followed --------- Co-authored-by: Micah Nagel <[email protected]>
defenseunicorns · Feb 15, 2024 · c8135ff · c8135ff
1 parent 2f0a1a7
commit c8135ff
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 24 deletions.
diff --git a/.github/actions/setup/action.yaml b/.github/actions/setup/action.yaml
@@ -31,17 +31,3 @@ runs:
       shell: bash
       # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
       run: brew install defenseunicorns/tap/[email protected]
-
-    - name: Login to GHCR
-      uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
-      with:
-        registry: ghcr.io
-        username: dummy
-        password: ${{ inputs.gh_token }}
-
-    - name: Login to registry1
-      uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
-      with:
-        registry: registry1.dso.mil
-        username: ${{ inputs.ib_user }}
-        password: ${{ inputs.ib_password }}
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -49,10 +49,12 @@ jobs:
 
       - name: Environment setup
         uses: ./.github/actions/setup
-        with:
-          gh_token: ${{ secrets.GITHUB_TOKEN }}
-          ib_user: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
-          ib_password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
+
+      - name: Login to GHCR
+        run: uds run registry-login --set REGISTRY=ghcr.io --set REGISTRY_USERNAME=dummy --set REGISTRY_PASSWORD=${{ secrets.GITHUB_TOKEN }} --set REGISTRY_RETRY_INTERVAL=90
+
+      - name: Login to registry1
+        run: uds run registry-login --set REGISTRY=registry1.dso.mil --set REGISTRY_USERNAME=${{ secrets.IRON_BANK_ROBOT_USERNAME }} --set REGISTRY_PASSWORD=${{ secrets.IRON_BANK_ROBOT_PASSWORD }} --set REGISTRY_RETRY_INTERVAL=90
 
       - name: Test a single source package
         if: ${{ inputs.package != 'all' && inputs.test_type == 'install' }}

diff --git a/renovate.json b/renovate.json
@@ -33,25 +33,31 @@
       "extractVersionTemplate": "^v(?<version>.*)$"
     },
     {
-      "fileMatch": ["\\.*\\.ya?ml$", "^\\.vscode/settings\\.json$"],
+      "fileMatch": ["\\.*\\.ya?ml$"],
       "matchStrings": [
-        "# renovate: datasource=github-tags depName=(?<depName>[^ ]+) versioning=(?<versioning>.*?)( extractVersion=(?<extractVersion>.*?))?\n.*?(version:|ref:) (?<currentValue>.*)",
-        "\/\/ renovate: datasource=github-tags depName=(?<depName>[^ ]+) versioning=(?<versioning>.*?)( extractVersion=(?<extractVersion>.*?))?\n.*?(https:\/\/raw.githubusercontent.com\/defenseunicorns\/zarf\/)(?<currentValue>[^\\s]+)\/"
+        "# renovate: datasource=github-tags depName=(?<depName>[^ ]+) versioning=(?<versioning>.*?)( extractVersion=(?<extractVersion>.*?))?\n.*?(version:|ref:) (?<currentValue>.*)"
       ],
       "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}",
       "datasourceTemplate": "github-tags"
 
     },
     {
       "depNameTemplate": "defenseunicorns/uds-cli",
-      "fileMatch": ["\\.*\\.ya?ml$", "^\\.vscode/settings\\.json$"],
+      "fileMatch": ["\\.*\\.ya?ml$"],
       "matchStrings": [
-        "# renovate: datasource=github-tags depName=(?<depName>[^ ]+) versioning=(?<versioning>[^\n]+)\n.*?uds@(?<currentValue>.*)",
-        "\/\/ renovate: datasource=github-tags depName=(?<depName>[^ ]+) versioning=(?<versioning>.*?)( extractVersion=(?<extractVersion>.*?))?\n.*?(https:\/\/raw.githubusercontent.com\/defenseunicorns\/uds-cli\/v)(?<currentValue>[^\\s]+)\/"
+        "# renovate: datasource=github-tags depName=(?<depName>[^ ]+) versioning=(?<versioning>[^\n]+)\n.*?uds@(?<currentValue>.*)"
       ],
       "datasourceTemplate": "github-tags",
       "extractVersionTemplate": "^v(?<version>.*)$"
     },
+    {
+      "fileMatch": ["^tasks.ya?ml$", "^tasks/.*\\.ya?ml$", "^\\.vscode/settings\\.json$"],
+      "matchStrings": [
+         "https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\/]+\\/[^\\/]+)\\/(?<currentValue>[^\\/]+)"
+      ],
+      "versioningTemplate": "semver-coerced",
+      "datasourceTemplate": "github-tags"
+    },
     {
       "fileMatch": ["\\.*\\.ya?ml$"],
       "matchStrings": [

diff --git a/tasks.yaml b/tasks.yaml
@@ -10,6 +10,7 @@ includes:
   - deploy: ./tasks/deploy.yaml
   - test: ./tasks/test.yaml
   - lint: ./tasks/lint.yaml
+  - common-setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.2.0/tasks/setup.yaml
 tasks:
   - name: dev-setup
     actions:
@@ -35,6 +36,15 @@ tasks:
     actions:
       - task: setup:k3d-test-cluster
 
+  - name: registry-login
+    actions:
+      - task: common-setup:registry-login
+        with:
+          registry: ${REGISTRY}
+          registryUsername: ${REGISTRY_USERNAME}
+          registryPassword: ${REGISTRY_PASSWORD}
+          registryRetryInterval: ${REGISTRY_RETRY_INTERVAL}
+
   - name: create-single-package
     actions:
       - task: create:single-package