Add a helper script for testing GitHub Actions on forked repositories

.github/workflows/delivery-docker.yml

@@ -16,8 +16,9 @@ on:
  default: false
 
 env:
+ REGISTRY_NAME: 'index.docker.io'
+ USER_NAME: 'buildpacksio'
  IMG_NAME: 'pack'
- USERNAME: 'buildpacksio'
 
 jobs:
  deliver-docker:
@@ -52,7 +53,7 @@ jobs:
  with:
  ref: v${{ steps.version.outputs.result }}
  - name: Determine App Name
- run: 'echo "IMG_NAME=${{ env.USERNAME }}/${{ env.IMG_NAME }}" >> $GITHUB_ENV'
+ run: 'echo "IMG_NAME=${{ env.REGISTRY_NAME }}/${{ env.USER_NAME }}/${{ env.IMG_NAME }}" >> $GITHUB_ENV'
  - name: Login to Dockerhub
  uses: docker/login-action@v3
  with:

DEVELOPMENT.md

@@ -26,6 +26,29 @@ Alternatively, you can use Gitpod to run pre-configured dev environment in the c
 
 * Symlinks - Some of our tests attempt to create symlinks. On Windows, this requires the [permission to be provided](https://stackoverflow.com/a/24353758).
 
+### Testing GitHub actions on forks
+
+The pack release process involves chaining a series of GitHub actions together, such as:
+* The "build" workflow, which creates:
+ * .tgz files containing the pack binaries and shasums for the .tgz files
+ * a draft release with the above artifacts
+* The "delivery-docker" workflow, which builds and pushes OCI images containing the pack binary
+* The "benchmark" workflow, which runs performance checks for each commit and uploads reports to GitHub Pages
+
+It can be rather cumbersome to test changes to these workflows, as they are heavily intertwined. Thus, we recommend forking the buildpacks/pack repository on GitHub and running through the entire release process end-to-end.
+
+For the fork, it is necessary to complete the following preparations:
+
+* Add the following secrets:
+ * `DOCKER_PASSWORD` for the delivery-docker workflow, if not using ghcr.io
+ * `DOCKER_USERNAME` for the delivery-docker workflow, if not using ghcr.io
+ * `DEPLOY_KEY` for the release-merge workflow, as a SSH private key for repository access
+* Enable the issues feature on the repository and create `status/triage` and `type/bug` labels for the check-latest-release workflow
+* Create a branch named `gh-pages` for uploading benchmark reports for the benchmark workflow
+
+The `tools/test-fork.sh` script can be used to update the source code to reflect the state of the fork and disable workflows that should not run on the fork repository.
+It can be invoked like so: `./tools/test-fork.sh <registry repo name>`
+
 ## Tasks
 
 ### Building

tools/test-fork.sh

@@ -0,0 +1,77 @@
+#!/usr/bin/env bash
+
+readonly wfdir=".github/workflows"
+
+# $1 - registry repo name
+
+echo "Parse registry: $1"
+firstPart=$(echo "$1" | cut -d/ -f1)
+secondPart=$(echo "$1" | cut -d/ -f2)
+thirdPart=$(echo "$1" | cut -d/ -f3)
+
+registry=""
+username=""
+reponame=""
+if [[ -z $thirdPart ]]; then # assume Docker Hub
+ registry="index.docker.io"
+ username=$firstPart
+ reponame=$secondPart
+else
+ registry=$firstPart
+ username=$secondPart
+ reponame=$thirdPart
+fi
+
+echo "Using registry $registry and username $username"
+if [[ $reponame != "pack" ]]; then
+ echo "Repo name must be 'pack'"
+ exit 1
+fi
+
+echo "Disabling workflows that should not run on the forked repository"
+disable=(
+ delivery-archlinux-git.yml
+ delivery-archlinux.yml
+ delivery-chocolatey.yml
+ delivery-homebrew.yml
+ delivery-release-dispatch.yml
+ delivery-ubuntu.yml
+ privileged-pr-process.yml
+)
+for d in "${disable[@]}"; do
+ if [ -e "$wfdir/$d" ]; then
+ mv "$wfdir/$d" "$wfdir/$d.disabled"
+ fi
+done
+
+echo "Removing upstream maintainers from the benchmark alert CC"
+sed -i '' "/alert-comment-cc-users:/d" $wfdir/benchmark.yml
+
+echo "Removing the architectures that require self-hosted runner from the build strategies."
+sed -i '' "/config: \[.*\]/ s/windows-lcow, //g" $wfdir/build.yml
+sed -i '' "/- config: windows-lcow/,+4d" $wfdir/build.yml
+
+echo "Replacing the registry account with owned one (assumes DOCKER_PASSWORD and DOCKER_USERNAME have been added to GitHub secrets, if not using ghcr.io)"
+sed -i '' "s/buildpacksio\/pack/$registry\/$username\/$reponame/g" $wfdir/check-latest-release.yml
+sed -i '' "/REPO_NAME: 'index.docker.io'/ s/index.docker.io/$registry/g" $wfdir/delivery-docker.yml
+sed -i '' "/USER_NAME: 'buildpacksio'/ s/buildpacksio/$username/g" $wfdir/delivery-docker.yml
+
+if [[ $registry != "index.docker.io" ]]; then
+ echo "Updating login action to specify the registry"
+ sed -i '' "s/username: \${{ secrets.DOCKER_USERNAME }}/registry: $registry\n username: $username/g" $wfdir/delivery-docker.yml
+fi
+
+if [[ $registry == *"ghcr.io"* ]]; then
+ echo "Updating login action to use GitHub token for ghcr.io"
+ sed -i '' "s/secrets.DOCKER_PASSWORD/secrets.GITHUB_TOKEN/g" $wfdir/delivery-docker.yml
+
+ echo "Adding workflow permissions to push images to ghcr.io"
+ LF=$'\n'
+ sed -i '' "/runs-on: ubuntu-latest/ a\\
+ permissions:\\
+ contents: read\\
+ packages: write\\
+ attestations: write\\
+ id-token: write${LF}" $wfdir/delivery-docker.yml
+ LF=""
+fi