From c8135ffab14992b293306e47a63b9bf49dd58d32 Mon Sep 17 00:00:00 2001 From: Palassis <40472433+MxNxPx@users.noreply.github.com> Date: Thu, 15 Feb 2024 12:33:12 -0500 Subject: [PATCH] ci: use uds task instead of GH action for registry login (#162) ## Description Due to intermittent login issues that fail CI workflow runs, we would benefit from being able to retry logins with some delay between retries. This would move from using the GH Actions docker/login-action to a uds run task for registry logins. ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [ ] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request) followed --------- Co-authored-by: Micah Nagel --- .github/actions/setup/action.yaml | 14 -------------- .github/workflows/test.yaml | 10 ++++++---- renovate.json | 18 ++++++++++++------ tasks.yaml | 10 ++++++++++ 4 files changed, 28 insertions(+), 24 deletions(-) diff --git a/.github/actions/setup/action.yaml b/.github/actions/setup/action.yaml index 644b21ce8..34be667df 100644 --- a/.github/actions/setup/action.yaml +++ b/.github/actions/setup/action.yaml @@ -31,17 +31,3 @@ runs: shell: bash # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver run: brew install defenseunicorns/tap/uds@0.9.0 - - - name: Login to GHCR - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3 - with: - registry: ghcr.io - username: dummy - password: ${{ inputs.gh_token }} - - - name: Login to registry1 - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3 - with: - registry: registry1.dso.mil - username: ${{ inputs.ib_user }} - password: ${{ inputs.ib_password }} diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index a083d0125..ff225349c 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -49,10 +49,12 @@ jobs: - name: Environment setup uses: ./.github/actions/setup - with: - gh_token: ${{ secrets.GITHUB_TOKEN }} - ib_user: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} - ib_password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} + + - name: Login to GHCR + run: uds run registry-login --set REGISTRY=ghcr.io --set REGISTRY_USERNAME=dummy --set REGISTRY_PASSWORD=${{ secrets.GITHUB_TOKEN }} --set REGISTRY_RETRY_INTERVAL=90 + + - name: Login to registry1 + run: uds run registry-login --set REGISTRY=registry1.dso.mil --set REGISTRY_USERNAME=${{ secrets.IRON_BANK_ROBOT_USERNAME }} --set REGISTRY_PASSWORD=${{ secrets.IRON_BANK_ROBOT_PASSWORD }} --set REGISTRY_RETRY_INTERVAL=90 - name: Test a single source package if: ${{ inputs.package != 'all' && inputs.test_type == 'install' }} diff --git a/renovate.json b/renovate.json index a9e19250b..26e27e0d5 100644 --- a/renovate.json +++ b/renovate.json @@ -33,10 +33,9 @@ "extractVersionTemplate": "^v(?.*)$" }, { - "fileMatch": ["\\.*\\.ya?ml$", "^\\.vscode/settings\\.json$"], + "fileMatch": ["\\.*\\.ya?ml$"], "matchStrings": [ - "# renovate: datasource=github-tags depName=(?[^ ]+) versioning=(?.*?)( extractVersion=(?.*?))?\n.*?(version:|ref:) (?.*)", - "\/\/ renovate: datasource=github-tags depName=(?[^ ]+) versioning=(?.*?)( extractVersion=(?.*?))?\n.*?(https:\/\/raw.githubusercontent.com\/defenseunicorns\/zarf\/)(?[^\\s]+)\/" + "# renovate: datasource=github-tags depName=(?[^ ]+) versioning=(?.*?)( extractVersion=(?.*?))?\n.*?(version:|ref:) (?.*)" ], "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}", "datasourceTemplate": "github-tags" @@ -44,14 +43,21 @@ }, { "depNameTemplate": "defenseunicorns/uds-cli", - "fileMatch": ["\\.*\\.ya?ml$", "^\\.vscode/settings\\.json$"], + "fileMatch": ["\\.*\\.ya?ml$"], "matchStrings": [ - "# renovate: datasource=github-tags depName=(?[^ ]+) versioning=(?[^\n]+)\n.*?uds@(?.*)", - "\/\/ renovate: datasource=github-tags depName=(?[^ ]+) versioning=(?.*?)( extractVersion=(?.*?))?\n.*?(https:\/\/raw.githubusercontent.com\/defenseunicorns\/uds-cli\/v)(?[^\\s]+)\/" + "# renovate: datasource=github-tags depName=(?[^ ]+) versioning=(?[^\n]+)\n.*?uds@(?.*)" ], "datasourceTemplate": "github-tags", "extractVersionTemplate": "^v(?.*)$" }, + { + "fileMatch": ["^tasks.ya?ml$", "^tasks/.*\\.ya?ml$", "^\\.vscode/settings\\.json$"], + "matchStrings": [ + "https:\\/\\/raw\\.githubusercontent\\.com\\/(?[^\\/]+\\/[^\\/]+)\\/(?[^\\/]+)" + ], + "versioningTemplate": "semver-coerced", + "datasourceTemplate": "github-tags" + }, { "fileMatch": ["\\.*\\.ya?ml$"], "matchStrings": [ diff --git a/tasks.yaml b/tasks.yaml index cc4ca1d2b..1c7159f2d 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -10,6 +10,7 @@ includes: - deploy: ./tasks/deploy.yaml - test: ./tasks/test.yaml - lint: ./tasks/lint.yaml + - common-setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.2.0/tasks/setup.yaml tasks: - name: dev-setup actions: @@ -35,6 +36,15 @@ tasks: actions: - task: setup:k3d-test-cluster + - name: registry-login + actions: + - task: common-setup:registry-login + with: + registry: ${REGISTRY} + registryUsername: ${REGISTRY_USERNAME} + registryPassword: ${REGISTRY_PASSWORD} + registryRetryInterval: ${REGISTRY_RETRY_INTERVAL} + - name: create-single-package actions: - task: create:single-package