Skip to content

chore(deps): update dependency chainguard-dev/melange to v0.13.4 #7392

chore(deps): update dependency chainguard-dev/melange to v0.13.4

chore(deps): update dependency chainguard-dev/melange to v0.13.4 #7392

Workflow file for this run

name: Check
on:
pull_request:
types:
- opened
- synchronize
paths:
- tools/**
- .github/workflows/*
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
collect:
name: Collect tools
permissions:
pull-requests: read
runs-on: ubuntu-24.04
outputs:
tools: ${{ steps.collect.outputs.tools }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install uniget
uses: uniget-org/uniget-action@v1
with:
prefix: helper
tools: gojq regclient
- name: Collect
id: collect
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR: ${{ github.event.pull_request.number }}
run: |
set -o errexit -o pipefail
echo "### This is PR ${PR}"
TOOLS="$(
gh api --paginate "repos/${GITHUB_REPOSITORY}/pulls/${PR}/files" \
| helper/usr/local/bin/jq --raw-output '.[] | select(.status != "removed") | .filename' \
| grep -E '^tools/[^/]+/' \
| cut -d/ -f2 \
| uniq \
| xargs echo
)"
echo "### Got TOOLS=${TOOLS}."
TOOLS_JSON="$(
echo -n "${TOOLS}" \
| tr ' ' '\n' \
| helper/usr/local/bin/jq --raw-input '.' \
| helper/usr/local/bin/jq --slurp --compact-output '.'
)"
echo " JSON: ${TOOLS_JSON}"
TOOLS_JSON_LEN="$(
echo -n "${TOOLS_JSON}" \
| jq 'length'
)"
echo " TOOLS_JSON_LEN=${TOOLS_JSON_LEN}"
if test "${TOOLS_JSON_LEN}" -ge 256; then
echo "### Too many tools to process: ${TOOLS_JSON_LEN}."
echo "### Fallback to last commit"
TOOLS="$(
git log -1 --pretty=format: --name-only --diff-filter=d \
| grep ^tools/ \
| cut -d/ -f2 \
| sort \
| uniq \
| xargs echo
)"
echo "### Got tools=${TOOLS}."
if test -z "${TOOLS}"; then
echo "### No tools to process."
TOOLS_JSON="[]"
TOOLS_JSON_LEN=0
else
TOOLS_JSON="$(
echo -n "${TOOLS}" \
| tr ' ' '\n' \
| helper/usr/local/bin/jq --raw-input '.' \
| helper/usr/local/bin/jq --slurp --compact-output '.'
)"
echo " JSON: ${TOOLS_JSON}"
TOOLS_JSON_LEN="$(
echo -n "${TOOLS_JSON}" \
| jq 'length'
)"
echo " TOOLS_JSON_LEN=${TOOLS_JSON_LEN}"
fi
fi
echo "tools=${TOOLS_JSON}" >>"${GITHUB_OUTPUT}"
echo "tools_len=${TOOLS_JSON_LEN}" >>"${GITHUB_OUTPUT}"
build:
name: Build container image
needs:
- collect
strategy:
fail-fast: false
matrix:
tool: ${{ fromJSON(needs.collect.outputs.tools) }}
permissions:
packages: write
runs-on: ubuntu-24.04
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install uniget
uses: uniget-org/uniget-action@v1
with:
prefix: helper
tools: gojq regclient
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: uniget-bot
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build container image
run: |
echo "### Building ${{ matrix.tool }}"
make ${{ matrix.tool }}--push
- name: Store logs
uses: actions/upload-artifact@v4
if: always()
with:
name: ${{ matrix.tool }}-build.log.zip
path: "**/build.log"
success:
name: Build container images successfully
needs:
- build
runs-on: ubuntu-24.04
steps:
- run: |
true
visibility:
name: Check visibility
needs:
- collect
- build
strategy:
fail-fast: false
matrix:
tool: ${{ fromJSON(needs.collect.outputs.tools) }}
uses: ./.github/workflows/check-visibility.yml
with:
name: ${{ matrix.tool }}
collect_versions:
name: Collect versions for tools
needs:
- collect
runs-on: ubuntu-24.04
outputs:
tools_with_version: ${{ steps.extract_versions.outputs.tools_with_version }}
env:
tools: ${{ needs.collect.outputs.tools }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install uniget
uses: uniget-org/uniget-action@v1
with:
prefix: helper
tools: yq gojq
- name: Extract versions
id: extract_versions
run: |
echo "Processing tools: ${tools}."
tools_with_version=""
TOOLS_RAW="$(
echo "${tools}" \
| helper/usr/local/bin/jq --raw-output '.[]'
)"
for TOOL in ${TOOLS_RAW}; do
echo "${TOOL}"
VERSION="$( helper/usr/local/bin/yq '.version' "tools/${TOOL}/manifest.yaml" )"
echo "${VERSION}"
tools_with_version="${tools_with_version}${TOOL}:${VERSION} "
done
echo "tools_with_version=${tools_with_version}."
tools_with_version_json="$(
echo -n "${tools_with_version}" \
| tr ' ' '\n' \
| helper/usr/local/bin/jq --raw-input '.' \
| helper/usr/local/bin/jq --slurp --compact-output '.'
)"
echo "JSON: ${tools_with_version_json}"
echo "tools_with_version=${tools_with_version_json}" >>"${GITHUB_OUTPUT}"
scan:
name: Scan container images
needs:
- collect_versions
- success
permissions:
security-events: write
pull-requests: write
packages: read
strategy:
fail-fast: false
matrix:
tool_with_version: ${{ fromJSON(needs.collect_versions.outputs.tools_with_version) }}
uses: ./.github/workflows/scan.yml
with:
name_and_version: ${{ matrix.tool_with_version }}
secrets:
DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
test:
name: Test version extraction
needs:
- collect_versions
- success
runs-on: ubuntu-24.04
strategy:
fail-fast: false
matrix:
tool_with_version: ${{ fromJSON(needs.collect_versions.outputs.tools_with_version) }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install uniget
uses: uniget-org/uniget-action@v1
with:
prefix: helper
- name: Test version extraction
run: |
TOOL_WITH_VERSION="${{ matrix.tool_with_version }}"
TOOL="$( echo "${TOOL_WITH_VERSION}" | cut -d: -f1 )"
VERSION="$( echo "${TOOL_WITH_VERSION}" | cut -d: -f2 )"
export TOOL
export VERSION
bash scripts/test.sh