From 25c44ccd10c7b1d66e66822c476d0419850f8aad Mon Sep 17 00:00:00 2001 From: Matt Moore Date: Thu, 6 Jul 2023 15:33:49 -0700 Subject: [PATCH] Try installing wolfictl from the latest SDK container instead Bump the `ko` epoch to test things. Signed-off-by: Matt Moore --- .github/workflows/ci-build.yaml | 14 ++++++++++---- .github/workflows/push-production.yaml | 9 +++++++-- ko.yaml | 2 +- 3 files changed, 18 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index ceb356e1401..562abe889c9 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -7,8 +7,6 @@ on: branches: - gh-readonly-queue/main/** -env: - WOLFICTL: "docker run -t --rm --entrypoint=wolfictl ghcr.io/wolfi-dev/sdk:latest@sha256:fd8c71214f6455c75ec44ae99eb9f7ffc85f260ccce69d4367eb2e5d568facd9 wolfictl" jobs: changes: name: Determine packages to test building @@ -25,6 +23,13 @@ jobs: with: files: ./*.yaml + - name: "Install wolfictl onto PATH" + run: | + # Copy wolfictl out of the wolfictl image and onto PATH + TMP=$(mktemp -d) + docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:fd8c71214f6455c75ec44ae99eb9f7ffc85f260ccce69d4367eb2e5d568facd9 -c "cp /usr/bin/wolfictl /out" + echo "$TMP" >> $GITHUB_PATH + # Assuming that we have a list of changed files such as `foo.yaml` and `bar.yaml`, this # strips the list down into `foo` and `bar`. - name: Build package list @@ -32,11 +37,12 @@ jobs: run: | printf "packages=" >> $GITHUB_OUTPUT - make list | while read pkg; do + wolfictl text -t name > packages-list + while read pkg; do for file in ${{ steps.changes.outputs.all_changed_files }}; do [ "${file%.yaml}" = "$pkg" ] && printf "%s " ${file%.yaml} >> $GITHUB_OUTPUT done - done + done < packages-list printf "\n" >> $GITHUB_OUTPUT diff --git a/.github/workflows/push-production.yaml b/.github/workflows/push-production.yaml index 74d72c886a0..b6e9d06eb35 100644 --- a/.github/workflows/push-production.yaml +++ b/.github/workflows/push-production.yaml @@ -10,8 +10,6 @@ on: concurrency: group: x86-${{ github.ref }} -env: - WOLFICTL: "docker run -t --rm --entrypoint=wolfictl ghcr.io/wolfi-dev/sdk:latest@sha256:fd8c71214f6455c75ec44ae99eb9f7ffc85f260ccce69d4367eb2e5d568facd9 wolfictl" jobs: build: name: Build OS packages @@ -66,6 +64,13 @@ jobs: gsutil -m rsync -r gs://wolfi-production-registry-destination/os/x86_64/ "${{ github.workspace }}/packages/x86_64/" find "${{ github.workspace }}/packages" -print -exec touch \{} \; + - name: "Install wolfictl onto PATH" + run: | + # Copy wolfictl out of the wolfictl image and onto PATH + TMP=$(mktemp -d) + docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:fd8c71214f6455c75ec44ae99eb9f7ffc85f260ccce69d4367eb2e5d568facd9 -c "cp /usr/bin/wolfictl /out" + echo "$TMP" >> $GITHUB_PATH + - name: 'Build Wolfi' run: | make MELANGE="sudo -E melange" MELANGE_DIR=/usr/share/melange KEY=wolfi-signing.rsa REPO="${{ github.workspace }}/packages" -j1 diff --git a/ko.yaml b/ko.yaml index f3e2002c7eb..c2d4829ed08 100644 --- a/ko.yaml +++ b/ko.yaml @@ -1,7 +1,7 @@ package: name: ko version: 0.14.1 # When bumping the version check if the GHSA mitigations below can be removed. - epoch: 0 + epoch: 1 description: Simple, fast container image builder for Go applications. copyright: - license: Apache-2.0