diff --git a/.github/workflows/ci-docs-shim.yaml b/.github/workflows/ci-docs-shim.yaml index 0c62b88c..3089d2b8 100644 --- a/.github/workflows/ci-docs-shim.yaml +++ b/.github/workflows/ci-docs-shim.yaml @@ -6,15 +6,13 @@ on: types: [milestoned, opened, synchronize] jobs: - run-test: - name: ${{ matrix.type }} ${{ matrix.flavor }} - runs-on: "ubuntu-latest" - timeout-minutes: 20 + validate: strategy: matrix: - flavor: [upstream, registry1] type: [install, upgrade] - steps: - - name: Shim for ${{ matrix.type }} ${{ matrix.flavor }} - run: | - echo "Documentation-only change detected; marking ${{ matrix.type }} ${{ matrix.flavor }} as successful." + flavor: [upstream, registry1, unicorn] + uses: defenseunicorns/uds-common/.github/workflows/callable-ci-docs-shim.yaml@86886015d1edc43036b3dd000fbd972a384beb8f # v1.0.0 + with: + flavor: ${{ matrix.flavor }} + type: ${{ matrix.type }} + secrets: inherit # Inherits all secrets from the parent workflow. diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml deleted file mode 100644 index 210ba8d6..00000000 --- a/.github/workflows/codeql.yaml +++ /dev/null @@ -1,45 +0,0 @@ -name: "CodeQL" - -on: - push: - branches: ["main"] - pull_request: - # The branches below must be a subset of the branches above - branches: ["main"] - schedule: - - cron: "0 0 * * 1" - -permissions: - contents: read - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: ["javascript"] - - steps: - - - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 - with: - languages: ${{ matrix.language }} - - name: Autobuild - uses: github/codeql-action/autobuild@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 - with: - category: "/language:${{matrix.language}}" diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml index 1ecdf000..16072c85 100644 --- a/.github/workflows/commitlint.yaml +++ b/.github/workflows/commitlint.yaml @@ -7,5 +7,4 @@ on: jobs: validate: - name: Validate - uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@76287d41ec5f06ecbdd0a6453877a78675aceffe # v0.11.2 + uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@86886015d1edc43036b3dd000fbd972a384beb8f # v1.0.0 diff --git a/.github/workflows/dependencyreview.yaml b/.github/workflows/dependencyreview.yaml deleted file mode 100644 index bf2dcfba..00000000 --- a/.github/workflows/dependencyreview.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Dependency Review Action -# -# This Action will scan dependency manifest files that change as part of a Pull Request, -# surfacing known-vulnerable versions of the packages declared or updated in the PR. -# Once installed, if the workflow run is marked as required, -# PRs introducing known-vulnerable packages will be blocked from merging. -# -# Source repository: https://github.com/actions/dependency-review-action -name: 'Dependency Review' -on: [pull_request] - -permissions: - contents: read - -jobs: - dependency-review: - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 - with: - egress-policy: audit - - - name: 'Checkout Repository' - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: 'Dependency Review' - uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4 diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index b81add5f..1af44b29 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -1,37 +1,12 @@ -name: Scan +name: Lint on: # This workflow is triggered on pull requests to the main branch. pull_request: - branches: [main] - types: [milestoned, opened, synchronize] + # milestoned is added here as a workaround for release-please not triggering PR workflows (PRs should be added to a milestone to trigger the workflow). + types: [milestoned, opened, reopened, synchronize] jobs: validate: - runs-on: ubuntu-latest - name: Lint - permissions: - contents: read # Allows reading the repo contents - id-token: write - - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - fetch-depth: 0 - - - name: Environment setup - uses: defenseunicorns/uds-common/.github/actions/setup@76287d41ec5f06ecbdd0a6453877a78675aceffe # v0.11.2 - with: - registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} - registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} - ghToken: ${{ secrets.GITHUB_TOKEN }} - chainguardIdentity: ${{ secrets.CHAINGUARD_IDENTITY }} - - - name: Install lint deps - run: | - uds run lint:deps - - - name: Lint the repository - run: | - uds run lint:yaml + uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@86886015d1edc43036b3dd000fbd972a384beb8f # v1.0.0 + secrets: inherit diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 00000000..ead8a14a --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,46 @@ +name: Release + +on: + push: + branches: + - main + +# Permissions for the GITHUB_TOKEN used by the workflow. +permissions: + contents: read # Allows reading the content of the repository. + packages: read # Allows reading the content of the repository's packages. + id-token: write + +jobs: + tag-new-version: + permissions: write-all + runs-on: ubuntu-latest + outputs: + release_created: ${{ steps.release-flag.outputs.release_created }} + steps: + - name: Create Release Tag + id: tag + uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f # v4.1.3 + - id: release-flag + run: echo "release_created=${{ steps.tag.outputs.release_created || false }}" >> "$GITHUB_OUTPUT" + + publish: + permissions: + contents: read # Allows reading the content of the repository. + packages: write # Allows reading the content of the repository's packages. + id-token: write + needs: tag-new-version + if: ${{ needs.tag-new-version.outputs.release_created == 'true' }} + strategy: + matrix: + flavor: [upstream, registry1, unicorn] + architecture: [amd64, arm64] + exclude: + - flavor: registry1 + architecture: arm64 + uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@86886015d1edc43036b3dd000fbd972a384beb8f # v1.0.0 + with: + flavor: ${{ matrix.flavor }} + runsOn: ${{ matrix.architecture == 'arm64' && 'uds-swf-ubuntu-arm64-4-core' || 'uds-swf-ubuntu-big-boy-4-core' }} + reports-path: "tests/.playwright/reports/" + secrets: inherit # Inherits all secrets from the parent workflow. diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 5a7e596e..a177f87f 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -11,40 +11,11 @@ on: permissions: read-all jobs: - analysis: - name: Scorecards analysis - runs-on: ubuntu-latest + validate: permissions: # Needed to upload the results to code-scanning dashboard. security-events: write # Used to receive a badge. id-token: write - - steps: - - name: "Checkout code" - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - persist-credentials: false - - - name: "Run analysis" - uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 - with: - results_file: results.sarif - results_format: sarif - repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} - publish_results: true - - # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF - # format to the repository Actions tab. - - name: "Upload artifact" - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 - with: - name: SARIF file - path: results.sarif - retention-days: 5 - - # Upload the results to GitHub's code scanning dashboard. - - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 - with: - sarif_file: results.sarif + uses: defenseunicorns/uds-common/.github/workflows/callable-scorecard.yaml@86886015d1edc43036b3dd000fbd972a384beb8f # v1.0.0 + secrets: inherit diff --git a/.github/workflows/tag-and-release.yaml b/.github/workflows/tag-and-release.yaml deleted file mode 100644 index a3bfd78a..00000000 --- a/.github/workflows/tag-and-release.yaml +++ /dev/null @@ -1,79 +0,0 @@ -name: Publish UDS Package Mattermost - -on: - push: - branches: - - main - -permissions: - contents: read - -jobs: - tag-new-version: - name: Tag New Version - permissions: write-all - runs-on: ubuntu-latest - outputs: - release_created: ${{ steps.release-flag.outputs.release_created }} - steps: - - name: Create release tag - id: tag - uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f # v4.1.3 - - id: release-flag - run: echo "release_created=${{ steps.tag.outputs.release_created || false }}" >> $GITHUB_OUTPUT - - publish-package: - needs: tag-new-version - if: ${{ needs.tag-new-version.outputs.release_created == 'true' }} - runs-on: ${{ matrix.architecture == 'arm64' && 'uds-swf-ubuntu-arm64-4-core' || 'uds-swf-ubuntu-big-boy-4-core' }} - strategy: - matrix: - flavor: [upstream, unicorn, registry1] - architecture: [amd64, arm64] - exclude: - - flavor: registry1 - architecture: arm64 - name: Publish ${{ matrix.flavor }} ${{ matrix.architecture }} - - permissions: - contents: read - packages: write - id-token: write - - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Environment setup - uses: defenseunicorns/uds-common/.github/actions/setup@76287d41ec5f06ecbdd0a6453877a78675aceffe # v0.11.2 - with: - registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} - registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} - ghToken: ${{ secrets.GITHUB_TOKEN }} - chainguardIdentity: ${{ secrets.CHAINGUARD_IDENTITY }} - - - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 - - - name: Build Package - run: uds run -f tasks/publish.yaml build-package --set FLAVOR=${{ matrix.flavor }} --no-progress - - - name: Test Package - if: ${{ runner.arch != 'ARM64' }} - run: uds run -f tasks/publish.yaml test-package --set FLAVOR=${{ matrix.flavor }} --no-progress - - - name: Publish Package - run: uds run -f tasks/publish.yaml publish-package --set FLAVOR=${{ matrix.flavor }} --no-progress - - # Only publish one version of the plugin package since it is "flavorless" - - name: Publish Plugin Package - if: ${{ matrix.flavor == 'upstream' }} - run: uds run -f tasks/publish.yaml publish-plugin-package --set FLAVOR=${{ matrix.flavor }} --no-progress - - - name: Debug Output - if: ${{ always() }} - uses: defenseunicorns/uds-common/.github/actions/debug-output@76287d41ec5f06ecbdd0a6453877a78675aceffe # v0.11.2 - - - name: Save logs - if: always() - uses: defenseunicorns/uds-common/.github/actions/save-logs@76287d41ec5f06ecbdd0a6453877a78675aceffe # v0.11.2 - with: - suffix: ${{ matrix.flavor }}-${{ matrix.architecture }}-${{ github.run_id }}-${{ github.run_attempt }} diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 282dcbbd..e281550f 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,85 +1,62 @@ name: Test -# This workflow is triggered on pull requests to the main branch. on: + # This workflow is triggered on pull requests to the main branch. pull_request: - branches: [main] - types: [milestoned, opened, synchronize] + # milestoned is added here as a workaround for release-please not triggering PR workflows (PRs should be added to a milestone to trigger the workflow). + types: [milestoned, opened, reopened, synchronize] paths-ignore: - "**.md" - "**.jpg" - "**.png" - "**.gif" - "**.svg" - - "adr/**" - - "docs/**" - - ".gitignore" - - "renovate.json" - - ".release-please-config.json" - - "release-please-config.json" - - "oscal-component.yaml" - - "CODEOWNERS" - - "LICENSE" - - "CONTRIBUTING.md" - - "SECURITY.md" + - adr/** + - docs/** + - .gitignore + - renovate.json + - .release-please-config.json + - release-please-config.json + - CODEOWNERS + - LICENSE + - CONTRIBUTING.md + - SECURITY.md + +# Permissions for the GITHUB_TOKEN used by the workflow. +permissions: + contents: read # Allows reading the content of the repository. + packages: read # Allows reading the content of the repository's packages. + id-token: write # Abort prior jobs in the same workflow / PR concurrency: group: test-${{ github.ref }} cancel-in-progress: true -permissions: - contents: read - id-token: write - jobs: - run-test: - name: ${{ matrix.type }} ${{ matrix.flavor }} - runs-on: 'uds-swf-ubuntu-big-boy-4-core' - timeout-minutes: 20 - strategy: - matrix: - flavor: [upstream, unicorn, registry1] - type: [install, upgrade] - # do not run upgrade tests for unicorn - # TODO @WSTARR: remove after first unicorn release - exclude: - - flavor: unicorn - type: upgrade - + check-flavor: + runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Environment setup - uses: defenseunicorns/uds-common/.github/actions/setup@76287d41ec5f06ecbdd0a6453877a78675aceffe # v0.11.2 - with: - registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} - registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} - ghToken: ${{ secrets.GITHUB_TOKEN }} - chainguardIdentity: ${{ secrets.CHAINGUARD_IDENTITY }} - - - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 - - - name: Test - uses: defenseunicorns/uds-common/.github/actions/test@76287d41ec5f06ecbdd0a6453877a78675aceffe # v0.11.2 - with: - flavor: ${{ matrix.flavor }} - type: ${{ matrix.type }} - - - name: Debug Output - if: ${{ always() }} - uses: defenseunicorns/uds-common/.github/actions/debug-output@76287d41ec5f06ecbdd0a6453877a78675aceffe # v0.11.2 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - - name: Save logs - if: always() - uses: defenseunicorns/uds-common/.github/actions/save-logs@76287d41ec5f06ecbdd0a6453877a78675aceffe # v0.11.2 - with: - suffix: ${{ matrix.type }}-${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }} + - name: test-flavor + uses: defenseunicorns/uds-common/.github/actions/test-flavor@86886015d1edc43036b3dd000fbd972a384beb8f # v1.0.0 + id: test-flavor + outputs: + upgrade-flavors: ${{ steps.test-flavor.outputs.upgrade-flavors }} - - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 - if: always() - with: - name: playwright-report-${{ matrix.type }}-${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }} - path: tests/.playwright/reports/ - retention-days: 30 + validate: + needs: check-flavor + strategy: + fail-fast: false + matrix: + type: [install, upgrade] + flavor: [upstream, unicorn, registry1] + uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@86886015d1edc43036b3dd000fbd972a384beb8f # v1.0.0 + with: + upgrade-flavors: ${{ needs.check-flavor.outputs.upgrade-flavors }} + flavor: ${{ matrix.flavor }} + type: ${{ matrix.type }} + reports-path: "tests/.playwright/reports/" + secrets: inherit # Inherits all secrets from the parent workflow. diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml deleted file mode 100644 index 5344be12..00000000 --- a/.pre-commit-config.yaml +++ /dev/null @@ -1,54 +0,0 @@ -repos: - - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.6.0 - hooks: - - id: check-added-large-files - args: ["--maxkb=1024"] - - id: check-merge-conflict - - id: detect-aws-credentials - args: - - "--allow-missing-credentials" - - id: detect-private-key - exclude: | - (?x)^( - kustomizations/bigbang/environment-bb/values-bigbang.enc.yaml - )$ - - id: end-of-file-fixer - exclude: "^kustomizations/bigbang/vendor/.*$" - - id: fix-byte-order-marker - - id: trailing-whitespace - exclude: "^kustomizations/bigbang/vendor/.*$" - args: [--markdown-linebreak-ext=md] - - id: check-yaml - exclude: | - (?x)^( - chart/templates/uds-package.yaml| - chart/templates/mattermost-postgres.yaml - )$ - args: - - "--allow-multiple-documents" - - repo: https://github.com/sirosen/fix-smartquotes - rev: 0.2.0 - hooks: - - id: fix-smartquotes - - repo: https://github.com/python-jsonschema/check-jsonschema - rev: 0.29.1 - hooks: - - id: check-jsonschema - name: "Validate Zarf Configs Against Schema" - files: "zarf.yaml" - types: [yaml] - args: - [ - "--schemafile", - "https://raw.githubusercontent.com/defenseunicorns/zarf/v0.37.0/zarf.schema.json", - "--no-cache" - ] - - repo: https://github.com/golangci/golangci-lint - rev: v1.59.1 - hooks: - - id: golangci-lint - - repo: https://github.com/renovatebot/pre-commit-hooks - rev: 38.21.2 - hooks: - - id: renovate-config-validator diff --git a/plugins/Dockerfile b/plugins/Dockerfile index 0de2de3f..6e3c25cb 100644 --- a/plugins/Dockerfile +++ b/plugins/Dockerfile @@ -1,7 +1,7 @@ FROM cgr.dev/chainguard/busybox:latest # renovate: datasource=github-tags depName=mattermost/mattermost-plugin-ai versioning=semver -ENV MATTERMOST_AI_PLUGIN_VERSION=0.9.1 +ENV MATTERMOST_AI_PLUGIN_VERSION=1.0.0 # renovate: datasource=github-tags depName=mattermost/mattermost-plugin-gitlab versioning=semver ENV MATTERMOST_GITLAB_PLUGIN_VERSION=1.9.1 diff --git a/plugins/entrypoint.sh b/plugins/entrypoint.sh index 93238efc..19923ca2 100755 --- a/plugins/entrypoint.sh +++ b/plugins/entrypoint.sh @@ -10,7 +10,7 @@ for plugin_tar in ${PLUGINS_TAR}; do plugin_tar="/extra-plugins/${plugin_tar##*/}" echo "extracting $plugin_tar ..." - tar -xf $plugin_tar + tar -xf "$plugin_tar" done echo "finished loading plugins" diff --git a/tasks.yaml b/tasks.yaml index a3fe4e16..5832e23b 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -2,21 +2,26 @@ includes: - cleanup: ./tasks/cleanup.yaml - dependencies: ./tasks/dependencies.yaml - test: ./tasks/test.yaml - - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.11.2/tasks/create.yaml - - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.11.2/tasks/lint.yaml - - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.11.2/tasks/pull.yaml - - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.11.2/tasks/deploy.yaml - - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.11.2/tasks/setup.yaml + - publish: ./tasks/publish.yaml + - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.0.0/tasks/create.yaml + - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.0.0/tasks/lint.yaml + - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.0.0/tasks/pull.yaml + - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.0.0/tasks/deploy.yaml + - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.0.0/tasks/setup.yaml + - actions: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.0.0/tasks/actions.yaml + - badge: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.0.0/tasks/badge.yaml + - upgrade: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.0.0/tasks/upgrade.yaml + - compliance: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.0.0/tasks/compliance.yaml tasks: - name: default description: Setup k3d cluster, deploy Mattermost actions: - - task: create-mm-test-bundle + - task: create-dev-package - task: setup:k3d-test-cluster - - task: deploy:test-bundle + - task: create-deploy-test-bundle - - name: create-mm-package + - name: create-dev-package description: Create the Mattermost package actions: - task: create:package @@ -27,50 +32,53 @@ tasks: path: ./plugins options: "--skip-sbom --flavor ''" - - name: create-mm-test-bundle - description: Create a local UDS Mattermost bundle - actions: - - task: create-mm-package - - task: dependencies:create - - task: create:test-bundle - - - name: create-mm-latest-release-bundle - description: Create UDS Mattermost bundle based on the latest release + - name: create-deploy-test-bundle + description: Test and validate cluster is deployed with Mattermost actions: - - task: create:package - with: - path: ./plugins - options: "--skip-sbom --flavor ''" - - task: pull:latest-package-release - with: - spoof_release: "true" - task: dependencies:create - task: create:test-bundle + - task: deploy:test-bundle + - task: setup:create-doug-user + - task: test:all - name: dev description: Create and deploy the bundle on an existing cluster (for iteration/dev speed) actions: - - task: create-mm-test-bundle + - task: create-dev-package + - task: create:test-bundle - task: deploy:test-bundle -# CI will execute the following (via uds-common/.github/actions/test) so they need to be here with these names +# CI will execute the following (via uds-common/.github/workflows/callable-[test|publish].yaml) so they need to be here with these names - name: test-package description: Test deploying the current branch to a new cluster actions: - - task: create-mm-test-bundle + - task: create-dev-package - task: setup:k3d-test-cluster - - task: deploy:test-bundle - - task: setup:create-doug-user - - task: test:all + - task: create-deploy-test-bundle + - task: compliance:validate - name: test-upgrade description: Test an upgrade from the latest released package to the current branch actions: - - task: create-mm-latest-release-bundle + - task: upgrade:create-latest-tag-bundle + with: + # TODO: (@ZMILLER) remove zarf package create on next release + dep_commands: "./uds run dependencies:create && ./uds zarf package create plugins/ --confirm --no-progress" - task: setup:k3d-test-cluster - task: deploy:test-bundle - - task: setup:create-doug-user - - task: create-mm-test-bundle - - task: deploy:test-bundle - - task: test:all + - task: compliance:validate + - task: create-dev-package + - task: create-deploy-test-bundle + - task: compliance:validate + - task: compliance:evaluate + + - name: publish-package + description: Build and publish the packages + actions: + - task: actions:determine-arch + - task: publish:build-package + - task: create-deploy-test-bundle + if: ${{ and (ne .variables.FLAVOR "upstream") (ne .variables.ARCH "arm64") }} + - task: publish:publish-package + - task: publish:publish-plugin-package diff --git a/tasks/dependencies.yaml b/tasks/dependencies.yaml index f10ef64f..3c1dd5dc 100644 --- a/tasks/dependencies.yaml +++ b/tasks/dependencies.yaml @@ -2,5 +2,6 @@ tasks: - name: create description: Create the Dependency Zarf Package actions: - - cmd: uds zarf package create src/dev-secrets/ --confirm --no-progress --architecture=${UDS_ARCH} - - cmd: uds zarf package create src/namespace/ --confirm --no-progress --architecture=${UDS_ARCH} + - cmd: ./uds zarf package create src/dev-secrets/ --confirm --no-progress --architecture="${UDS_ARCH}" + - cmd: ./uds zarf package create src/namespace/ --confirm --no-progress --architecture="${UDS_ARCH}" + - cmd: ./uds zarf package create plugins/ --confirm --no-progress diff --git a/tasks/publish.yaml b/tasks/publish.yaml index a44670ca..a36a78ea 100644 --- a/tasks/publish.yaml +++ b/tasks/publish.yaml @@ -1,10 +1,10 @@ includes: - dependencies: ./dependencies.yaml - test: ./test.yaml - - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.11.2/tasks/create.yaml - - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.11.2/tasks/deploy.yaml - - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.11.2/tasks/publish.yaml - - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.11.2/tasks/setup.yaml + - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.0.0/tasks/create.yaml + - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.0.0/tasks/deploy.yaml + - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.0.0/tasks/publish.yaml + - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.0.0/tasks/setup.yaml tasks: - name: build-package @@ -16,16 +16,6 @@ tasks: path: ./plugins options: "--flavor ''" - - name: test-package - description: Test the package - actions: - - task: dependencies:create - - task: create:test-bundle - - task: setup:k3d-test-cluster - - task: deploy:test-bundle - - task: setup:create-doug-user - - task: test:all - - name: publish-package description: Publish the packages actions: