From 841f8730bb6b90c9a2b59377c2367e791fbee9d4 Mon Sep 17 00:00:00 2001 From: Paul Abel Date: Fri, 14 Jun 2024 10:03:41 +0100 Subject: [PATCH 1/3] add NGINX_PLUS_VERSION to common docker target --- build/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/build/Dockerfile b/build/Dockerfile index 32bdabc8ff..41e7a13223 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -531,6 +531,7 @@ ARG BUILD_OS ARG IC_VERSION ARG TARGETPLATFORM ARG NAP_MODULES=none +ARG NGINX_PLUS_VERSION RUN --mount=type=bind,target=/tmp \ --mount=type=bind,from=nginx-files,src=common.sh,target=/usr/local/bin/common.sh \ From 261ca1e4735bdc0763183f3c37fe1affc98ee652 Mon Sep 17 00:00:00 2001 From: Paul Abel Date: Fri, 14 Jun 2024 10:12:38 +0100 Subject: [PATCH 2/3] allow to skip all release steps --- .github/scripts/create-release-tarballs.sh | 43 ++++++++++++++++++++++ .github/workflows/release.yml | 14 ++++--- 2 files changed, 52 insertions(+), 5 deletions(-) create mode 100755 .github/scripts/create-release-tarballs.sh diff --git a/.github/scripts/create-release-tarballs.sh b/.github/scripts/create-release-tarballs.sh new file mode 100755 index 0000000000..4954c4dfe5 --- /dev/null +++ b/.github/scripts/create-release-tarballs.sh @@ -0,0 +1,43 @@ +#!/usr/bin/env bash + +set -e + +directory=$1 +version=$2 +tarball_dir=${TARBALL_DIR:-tarballs} +releases=$(find "${directory}" -mindepth 1 -type d) +syft_binary=${SYFT_BIN:-"syft"} +cosign_binary=${COSIGN_BIN:-"cosign"} + +if [ ! -d "${tarball_dir}" ]; then + mkdir "${tarball_dir}" +fi + +for i in ${releases}; do + # fix for v1 in kubernetes-ingress_linux_amd64_v1 + if [[ ${i} =~ v1 ]]; then + mv "${i}" "${i%*_v1}" + i=${i%*_v1} + fi + + if [[ ${i} =~ aws ]]; then + continue + fi + product_name=$(basename "${i}" | cut -d '_' -f 1) + product_arch=$(echo "${i}" | cut -d '_' -f 2-) + product_release="${product_name}_${version}_${product_arch}" + # shellcheck disable=SC2086 + tarball_name="${tarball_dir}/${product_release}.tar.gz" + cp -r "${i}" "${directory}/${product_release}" + cp README.md LICENSE CHANGELOG.md "${directory}/${product_release}" + + tar -czf "${tarball_name}" "${directory}/${product_release}" + ${syft_binary} scan file:"${directory}/${product_release}/nginx-ingress" -o spdx-json > "${tarball_name}.spdx.json" + pushd "${tarball_dir}" + sha256sum "${product_release}.tar.gz" >> "${product_name}_${version}_checksums.txt" + sha256sum "${product_release}.tar.gz.spdx.json" >> "${product_name}_${version}_checksums.txt" + popd +done + +checksum_file=$(ls "${tarball_dir}"/*_checksums.txt ) +${cosign_binary} sign-blob "${checksum_file}" --output-signature="${checksum_file}.sig" --output-certificate="${checksum_file}.pem" -y diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4bf86647f7..16bbd4b7d9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -29,7 +29,7 @@ on: default: false skip_step: description: "Comma separated list of jobs to skip" - # publish-helm-chart,operator,aws-marketplace,azure-marketplace,gcp-marketplace,github-release,release-image-notification + # publish-helm-chart,operator,release-oss,release-plus,certify-openshift-images,aws-marketplace,azure-marketplace,gcp-marketplace,azure-upload,github-release,release-image-notification type: string required: false @@ -61,7 +61,7 @@ jobs: - name: Output Variables id: vars run: | - if ${{ inputs.source_tag }}; then + if [ -n "${{ inputs.source_tag }}" ]; then echo "stable_tag=${{ inputs.source_tag }}" >> $GITHUB_OUTPUT else ./.github/scripts/variables.sh stable_tag >> $GITHUB_OUTPUT @@ -89,12 +89,13 @@ jobs: uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ inputs.release_branch }} + fetch-depth: 0 - name: Create new release Tag run: | branch="${{ inputs.release_branch }}" tag="v${{ inputs.nic_version }}" - if git rev-parse --verify refs/tags/${tag}; then + if ! git rev-parse --verify refs/tags/${tag}; then echo "Adding tag ${tag}." git tag -a ${tag} -m "Version ${tag#v*}" echo "Pushing to tag ${tag} to branch ${branch}" @@ -111,6 +112,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.NGINX_PAT }} release-oss: + if: ${{ ! contains(inputs.skip_step, 'release-oss') }} name: Release Docker OSS needs: [variables] uses: ./.github/workflows/oss-release.yml @@ -131,6 +133,7 @@ jobs: secrets: inherit release-plus: + if: ${{ ! contains(inputs.skip_step, 'release-plus') }} name: Release Docker Plus needs: [variables] uses: ./.github/workflows/plus-release.yml @@ -164,7 +167,7 @@ jobs: secrets: inherit certify-openshift-images: - if: ${{ ! inputs.dry_run }} + if: ${{ ! inputs.dry_run && ! contains(inputs.skip_step, 'certify-openshift-images') }} name: Certify OpenShift UBI images runs-on: ubuntu-22.04 needs: [release-oss] @@ -327,6 +330,7 @@ jobs: if: ${{ needs.variables.outputs.binary_cache_sign_hit != 'true' }} azure-upload: + if: ${{ ! contains(inputs.skip_step, 'azure-upload') }} name: Upload packages to Azure runs-on: ubuntu-22.04 needs: [variables, binaries] @@ -452,7 +456,7 @@ jobs: # runs-on: ubuntu-22.04 # needs: [variables, binaries, release-oss, release-plus] # permissions: - # contents: read + # contents: read s # actions: read # strategy: # fail-fast: false From 022e69050229abee9d1674a19132ffe25e7f1696 Mon Sep 17 00:00:00 2001 From: Paul Abel Date: Fri, 14 Jun 2024 11:21:03 +0100 Subject: [PATCH 3/3] add skopeo docker image --- .github/actions/install-skopeo/action.yml | 33 ---------------- .github/scripts/copy-images.sh | 47 +++++++++++++---------- .github/workflows/oss-release.yml | 15 -------- .github/workflows/plus-release.yml | 15 -------- .github/workflows/release.yml | 2 +- .github/workflows/retag-images.yml | 3 -- tests/Dockerfile | 3 ++ 7 files changed, 30 insertions(+), 88 deletions(-) delete mode 100644 .github/actions/install-skopeo/action.yml diff --git a/.github/actions/install-skopeo/action.yml b/.github/actions/install-skopeo/action.yml deleted file mode 100644 index ad95b2d06d..0000000000 --- a/.github/actions/install-skopeo/action.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: Install Skopeo -description: Install Skopeo from source on ubuntu runner - -inputs: - version: - description: The Skopeo version to install - default: v1.14.2 - required: false - repo: - description: The Skopeo repository - default: github.com/containers/skopeo - required: false - -outputs: - result: - description: Did the installation succeed? - value: ${{ steps.result.outputs.result == 0 && true || false }} - -runs: - using: composite - steps: - - name: Install Skopeo - id: result - run: | - sudo apt-get -y update - sudo apt install libgpgme-dev libassuan-dev libbtrfs-dev libdevmapper-dev pkg-config go-md2man - sudo mkdir -p $GOPATH/src/${{ inputs.repo }} - sudo git clone --depth 1 -b ${{ inputs.version }} https://${{ inputs.repo }} $GOPATH/src/${{ inputs.repo }} - pushd $GOPATH/src/${{ inputs.repo }} && sudo make install - popd - skopeo --version - echo "result=$?" >> $GITHUB_OUTPUT - shell: bash diff --git a/.github/scripts/copy-images.sh b/.github/scripts/copy-images.sh index b729509a8e..d5eaba3cc5 100755 --- a/.github/scripts/copy-images.sh +++ b/.github/scripts/copy-images.sh @@ -2,6 +2,14 @@ set -eo pipefail +# shellcheck disable=SC2155 +export ROOTDIR=$(git rev-parse --show-toplevel || echo ".") + +SKOPEO_BIN=skopeo +if [ -n "$CI" ]; then + SKOPEO_BIN="docker run --rm -v $HOME/.docker/config.json:/tmp/auth.json $(grep skopeo "${ROOTDIR}/tests/Dockerfile" | grep FROM | cut -d ' ' -f 2)" +fi + ## Setup inputs SOURCE_TAG=${SOURCE_TAG:-stable} @@ -31,22 +39,19 @@ SOURCE_NAP_WAF_IMAGE_PREFIX=${SOURCE_NAP_WAF_IMAGE_PREFIX:-"nginx-ic-nap/nginx-p SOURCE_NAP_WAFV5_IMAGE_PREFIX=${SOURCE_NAP_WAFV5_IMAGE_PREFIX:-"nginx-ic-nap-v5/nginx-plus-ingress"} SOURCE_NAP_DOS_IMAGE_PREFIX=${SOURCE_NAP_DOS_IMAGE_PREFIX:-"nginx-ic-dos/nginx-plus-ingress"} SOURCE_NAP_WAF_DOS_IMAGE_PREFIX=${SOURCE_NAP_WAF_DOS_IMAGE_PREFIX:-"nginx-ic-dos-nap/nginx-plus-ingress"} -SOURCE_NAP_WAFV5_DOS_IMAGE_PREFIX=${SOURCE_NAP_WAFV5_DOS_IMAGE_PREFIX:-"nginx-ic-dos-nap-v5/nginx-plus-ingress"} TARGET_PLUS_IMAGE_PREFIX=${TARGET_PLUS_IMAGE_PREFIX:-"nginx-ic/nginx-plus-ingress"} TARGET_NAP_WAF_IMAGE_PREFIX=${TARGET_NAP_WAF_IMAGE_PREFIX:-"nginx-ic-nap/nginx-plus-ingress"} TARGET_NAP_WAFV5_IMAGE_PREFIX=${TARGET_NAP_WAFV5_IMAGE_PREFIX:-"nginx-ic-nap/nginx-plus-ingress"} TARGET_NAP_DOS_IMAGE_PREFIX=${TARGET_NAP_DOS_IMAGE_PREFIX:-"nginx-ic-dos/nginx-plus-ingress"} TARGET_NAP_WAF_DOS_IMAGE_PREFIX=${TARGET_NAP_WAF_DOS_IMAGE_PREFIX:-"nginx-ic-dos-nap/nginx-plus-ingress"} -TARGET_NAP_WAFV5_DOS_IMAGE_PREFIX=${TARGET_NAP_WAFV5_DOS_IMAGE_PREFIX:-"nginx-ic-dos-nap-v5/nginx-plus-ingress"} declare -a OSS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine") declare -a PLUS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine" "-alpine-fips") declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-ubi" "-alpine-fips") -declare -a NAP_WAFV5_TAG_POSTFIX_LIST=() +declare -a NAP_WAFV5_TAG_POSTFIX_LIST=("" "-ubi" "-alpine-fips") declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-ubi") declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-ubi") -declare -a NAP_WAFV5_DOS_TAG_POSTFIX_LIST=() declare -a ADDITIONAL_TAGS=("latest" "${ADDITIONAL_TAG}") CONFIG_PATH=${CONFIG_PATH:-~/.nic-release/config} @@ -89,7 +94,7 @@ if $PUBLISH_OSS; then new_tag=${TARGET_REGISTRY}/${TARGET_OSS_IMAGE_PREFIX}:${TARGET_TAG}${postfix} echo " Pushing image OSS ${new_tag}..." if ! $DRY_RUN; then - skopeo copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag} + ${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag} fi for tag in "${ADDITIONAL_TAGS[@]}"; do if [ -z "${tag}" ]; then @@ -98,7 +103,7 @@ if $PUBLISH_OSS; then additional_tag=${TARGET_REGISTRY}/${TARGET_OSS_IMAGE_PREFIX}:${tag}${postfix} echo " Pushing image OSS ${additional_tag}..." if ! $DRY_RUN; then - skopeo copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag} + ${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag} fi done done @@ -111,12 +116,12 @@ if $PUBLISH_PLUS; then image=${SOURCE_REGISTRY}/${SOURCE_PLUS_IMAGE_PREFIX}:${SOURCE_TAG}${postfix} echo "Processing image ${image}" new_tag=${TARGET_REGISTRY}/${TARGET_PLUS_IMAGE_PREFIX}:${TARGET_TAG}${postfix} - if $IS_IMMUTABLE && skopeo --override-os linux --override-arch amd64 inspect docker://${new_tag} > /dev/null 2>&1; then + if $IS_IMMUTABLE && ${SKOPEO_BIN} --override-os linux --override-arch amd64 inspect docker://${new_tag} > /dev/null 2>&1; then echo " ECR is immutable & tag ${new_tag} already exists, skipping." else echo " Pushing image Plus ${new_tag}..." if ! $DRY_RUN; then - skopeo copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag} + ${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag} fi for tag in "${ADDITIONAL_TAGS[@]}"; do if [ -z "${tag}" ]; then @@ -125,7 +130,7 @@ if $PUBLISH_PLUS; then additional_tag=${TARGET_REGISTRY}/${TARGET_PLUS_IMAGE_PREFIX}:${tag}${postfix} echo " Pushing image Plus ${additional_tag}..." if ! $DRY_RUN; then - skopeo copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag} + ${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag} fi done fi @@ -139,12 +144,12 @@ if $PUBLISH_WAF; then image=${SOURCE_REGISTRY}/${SOURCE_NAP_WAF_IMAGE_PREFIX}:${SOURCE_TAG}${postfix} echo "Processing image ${image}" new_tag=${TARGET_REGISTRY}/${TARGET_NAP_WAF_IMAGE_PREFIX}:${TARGET_TAG}${postfix} - if $IS_IMMUTABLE && skopeo --override-os linux --override-arch amd64 inspect docker://${new_tag} > /dev/null 2>&1; then + if $IS_IMMUTABLE && ${SKOPEO_BIN} --override-os linux --override-arch amd64 inspect docker://${new_tag} > /dev/null 2>&1; then echo " ECR is immutable & tag ${new_tag} already exists, skipping." else echo " Pushing image NAP WAF ${new_tag}..." if ! $DRY_RUN; then - skopeo copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag} + ${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag} fi for tag in "${ADDITIONAL_TAGS[@]}"; do if [ -z "${tag}" ]; then @@ -153,7 +158,7 @@ if $PUBLISH_WAF; then additional_tag=${TARGET_REGISTRY}/${TARGET_NAP_WAF_IMAGE_PREFIX}:${tag}${postfix} echo " Pushing image NAP WAF ${additional_tag}..." if ! $DRY_RUN; then - skopeo copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag} + ${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag} fi done fi @@ -162,12 +167,12 @@ if $PUBLISH_WAF; then image=${SOURCE_REGISTRY}/${SOURCE_NAP_WAFV5_IMAGE_PREFIX}:${SOURCE_TAG}${postfix} echo "Processing image ${image}" new_tag=${TARGET_REGISTRY}/${TARGET_NAP_WAFV5_IMAGE_PREFIX}:${TARGET_TAG}${postfix} - if $IS_IMMUTABLE && skopeo --override-os linux --override-arch amd64 inspect docker://${new_tag} > /dev/null 2>&1; then + if $IS_IMMUTABLE && ${SKOPEO_BIN} --override-os linux --override-arch amd64 inspect docker://${new_tag} > /dev/null 2>&1; then echo " ECR is immutable & tag ${new_tag} already exists, skipping." else echo " Pushing image NAP WAFV5 ${new_tag}..." if ! $DRY_RUN; then - skopeo copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag} + ${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag} fi for tag in "${ADDITIONAL_TAGS[@]}"; do if [ -z "${tag}" ]; then @@ -176,7 +181,7 @@ if $PUBLISH_WAF; then additional_tag=${TARGET_REGISTRY}/${TARGET_NAP_WAFV5_IMAGE_PREFIX}:${tag}${postfix} echo " Pushing image NAP WAFV5 ${additional_tag}..." if ! $DRY_RUN; then - skopeo copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag} + ${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag} fi done fi @@ -190,12 +195,12 @@ if $PUBLISH_DOS; then image=${SOURCE_REGISTRY}/${SOURCE_NAP_DOS_IMAGE_PREFIX}:${SOURCE_TAG}${postfix} echo "Processing image ${image}" new_tag=${TARGET_REGISTRY}/${TARGET_NAP_DOS_IMAGE_PREFIX}:${TARGET_TAG}${postfix} - if $IS_IMMUTABLE && skopeo --override-os linux --override-arch amd64 inspect docker://${new_tag} > /dev/null 2>&1; then + if $IS_IMMUTABLE && ${SKOPEO_BIN} --override-os linux --override-arch amd64 inspect docker://${new_tag} > /dev/null 2>&1; then echo " ECR is immutable & tag ${new_tag} already exists, skipping." else echo " Pushing image NAP DOS ${new_tag}..." if ! $DRY_RUN; then - skopeo copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag} + ${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag} fi for tag in "${ADDITIONAL_TAGS[@]}"; do if [ -z "${tag}" ]; then @@ -204,7 +209,7 @@ if $PUBLISH_DOS; then additional_tag=${TARGET_REGISTRY}/${TARGET_NAP_DOS_IMAGE_PREFIX}:${tag}${postfix} echo " Pushing image NAP DOS ${additional_tag}..." if ! $DRY_RUN; then - skopeo copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag} + ${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag} fi done fi @@ -218,12 +223,12 @@ if $PUBLISH_WAF_DOS; then image=${SOURCE_REGISTRY}/${SOURCE_NAP_WAF_DOS_IMAGE_PREFIX}:${SOURCE_TAG}${postfix} echo "Processing image ${image}" new_tag=${TARGET_REGISTRY}/${TARGET_NAP_WAF_DOS_IMAGE_PREFIX}:${TARGET_TAG}${postfix} - if $IS_IMMUTABLE && skopeo --override-os linux --override-arch amd64 inspect docker://${new_tag} > /dev/null 2>&1; then + if $IS_IMMUTABLE && ${SKOPEO_BIN} --override-os linux --override-arch amd64 inspect docker://${new_tag} > /dev/null 2>&1; then echo " ECR is immutable & tag ${new_tag} already exists, skipping." else echo " Pushing image NAP WAF/DOS ${new_tag}..." if ! $DRY_RUN; then - skopeo copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag} + ${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag} fi for tag in "${ADDITIONAL_TAGS[@]}"; do if [ -z "${tag}" ]; then @@ -232,7 +237,7 @@ if $PUBLISH_WAF_DOS; then additional_tag=${TARGET_REGISTRY}/${TARGET_NAP_WAF_DOS_IMAGE_PREFIX}:${tag}${postfix} echo " Pushing image NAP WAF/DOS ${additional_tag}..." if ! $DRY_RUN; then - skopeo copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag} + ${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag} fi done fi diff --git a/.github/workflows/oss-release.yml b/.github/workflows/oss-release.yml index 2c18d818fc..6822e3a586 100644 --- a/.github/workflows/oss-release.yml +++ b/.github/workflows/oss-release.yml @@ -94,9 +94,6 @@ jobs: username: oauth2accesstoken password: ${{ steps.gcr-auth.outputs.access_token }} - - name: Install latest skopeo - uses: ./.github/actions/install-skopeo - - name: Publish OSS images run: | export CONFIG_PATH=.github/config/config-oss-gcr-release @@ -147,9 +144,6 @@ jobs: with: registry: public.ecr.aws - - name: Install latest skopeo - uses: ./.github/actions/install-skopeo - - name: Publish images run: | export CONFIG_PATH=.github/config/config-oss-ecr @@ -195,9 +189,6 @@ jobs: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - - name: Install latest skopeo - uses: ./.github/actions/install-skopeo - - name: Publish images run: | export CONFIG_PATH=.github/config/config-oss-dockerhub @@ -244,9 +235,6 @@ jobs: username: ${{ secrets.QUAY_USERNAME }} password: ${{ secrets.QUAY_ROBOT_TOKEN }} - - name: Install latest skopeo - uses: ./.github/actions/install-skopeo - - name: Publish images run: | export CONFIG_PATH=.github/config/config-oss-quay @@ -294,9 +282,6 @@ jobs: username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Install latest skopeo - uses: ./.github/actions/install-skopeo - - name: Publish images run: | export CONFIG_PATH=.github/config/config-oss-github diff --git a/.github/workflows/plus-release.yml b/.github/workflows/plus-release.yml index 7a4f14c527..f1399c75f8 100644 --- a/.github/workflows/plus-release.yml +++ b/.github/workflows/plus-release.yml @@ -94,9 +94,6 @@ jobs: username: oauth2accesstoken password: ${{ steps.gcr-auth.outputs.access_token }} - - name: Install latest skopeo - uses: ./.github/actions/install-skopeo - - name: Publish Plus images run: | export CONFIG_PATH=.github/config/config-plus-gcr-release @@ -151,9 +148,6 @@ jobs: username: ${{ steps.idtoken.outputs.id_token }} password: ${{ github.actor }} - - name: Install latest skopeo - uses: ./.github/actions/install-skopeo - - name: Publish images run: | export CONFIG_PATH=.github/config/config-plus-nginx @@ -194,9 +188,6 @@ jobs: workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY_MKTPL }} service_account: ${{ secrets.GCR_SERVICE_ACCOUNT_MKTPL }} - - name: Install latest skopeo - uses: ./.github/actions/install-skopeo - - name: Publish Plus images run: | export CONFIG_PATH=.github/config/config-plus-gcr-public @@ -249,9 +240,6 @@ jobs: with: registry: 709825985650.dkr.ecr.us-east-1.amazonaws.com - - name: Install latest skopeo - uses: ./.github/actions/install-skopeo - - name: Publish images run: | export CONFIG_PATH=.github/config/config-plus-ecr @@ -295,9 +283,6 @@ jobs: username: ${{ secrets.AZ_MKTPL_ID }} password: ${{ secrets.AZ_MKTPL_SECRET }} - - name: Install latest skopeo - uses: ./.github/actions/install-skopeo - - name: Publish images run: | export CONFIG_PATH=.github/config/config-plus-azure diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 16bbd4b7d9..d41d21ecd5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -456,7 +456,7 @@ jobs: # runs-on: ubuntu-22.04 # needs: [variables, binaries, release-oss, release-plus] # permissions: - # contents: read s + # contents: read # actions: read # strategy: # fail-fast: false diff --git a/.github/workflows/retag-images.yml b/.github/workflows/retag-images.yml index 0d90e2045e..fefb9fc358 100644 --- a/.github/workflows/retag-images.yml +++ b/.github/workflows/retag-images.yml @@ -57,9 +57,6 @@ jobs: username: oauth2accesstoken password: ${{ steps.gcr-auth.outputs.access_token }} - - name: Install latest skopeo - uses: ./.github/actions/install-skopeo - - name: Retag images run: | export CONFIG_PATH=.github/config/config-gcr-retag diff --git a/tests/Dockerfile b/tests/Dockerfile index 1f497954d9..c8cf24f6ec 100644 --- a/tests/Dockerfile +++ b/tests/Dockerfile @@ -2,6 +2,9 @@ # this is here so we can grab the latest version of kind and have dependabot keep it up to date FROM kindest/node:v1.30.0@sha256:047357ac0cfea04663786a612ba1eaba9702bef25227a794b52890dd8bcd692e +# this is here so we can grab the latest version of skopeo and have dependabot keep it up to date +FROM quay.io/skopeo/stable:v1.15.1@sha256:981737142fd7ac5315561fc1e39d42203b6efa97ddd2870bde0204b791574efa + FROM python:3.12@sha256:00389e020fe42a6c74a8f091ce9b28324422d084efdff26eabe93bc4ae9a110b RUN apt-get update \