diff --git a/.github/workflow/docker.yml b/.github/workflow/docker.yml deleted file mode 100644 index 4653fb7..0000000 --- a/.github/workflow/docker.yml +++ /dev/null @@ -1,197 +0,0 @@ -# Example modified from https://docs.github.com/en/actions/publishing-packages/publishing-docker-images -name: Create and publish a Docker image - -# Configures this workflow to run every time a change is pushed to selected tags and branches -on: - pull_request: - branches: - - main - push: - branches: - - main - tags: - - v** - -# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds. -env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} - -# This job is configured to run on the latest available version of Ubuntu. -jobs: - build-and-push-image: - runs-on: ubuntu-latest - # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job. - permissions: - contents: read - packages: write - outputs: - commit_hash: ${{ steps.get_commit_hash.outputs.commit_hash }} - sha256: ${{ steps.calculate_checksum.outputs.sha256 }} - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - # Uses the `docker/login-action` action to log in to the Container registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here. - - name: Log in to the Container registry - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.PAT_TOKEN }} - # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels. - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. - # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository. - # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. - - name: Build and push Docker image - uses: docker/build-push-action@v5 - with: - context: . - push: true - platforms: linux/amd64,linux/arm64 - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - name: Build connector definition - run: | - set -e pipefail - export DOCKER_IMAGE=$(echo "$DOCKER_METADATA_OUTPUT_JSON" | jq -r '.tags[0]') - make build - working-directory: ./connector-definition - - name: Build connector definition - run: | - set -e pipefail - export DOCKER_IMAGE=$(echo "$DOCKER_METADATA_OUTPUT_JSON" | jq -r '.tags[0]') - make build - working-directory: ./connector-definition - - uses: actions/upload-artifact@v4 - with: - name: connector-definition.tgz - path: ./connector-definition/dist/connector-definition.tgz - compression-level: 0 # Already compressed - - - name: Calculate SHA256 checksum - id: calculate_checksum - run: | - SHA256=$(sha256sum ./connector-definition/dist/connector-definition.tgz | awk '{ print $1 }') - echo "sha256=$SHA256" >> $GITHUB_OUTPUT - - - name: Get commit hash - id: get_commit_hash - run: | - COMMIT_HASH=$(git rev-parse HEAD) - echo "commit_hash=$COMMIT_HASH" >> $GITHUB_OUTPUT - - release-connector: - name: Release connector - runs-on: ubuntu-latest - needs: build-and-push-image - if: ${{ startsWith(github.ref, 'refs/tags/v') }} - steps: - - uses: actions/checkout@v4 - - uses: actions/download-artifact@v4 - with: - name: connector-definition.tgz - path: ./connector-definition/dist - - name: Get version from tag - id: get-version - run: | - echo "tagged_version=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT - shell: bash - - uses: mindsers/changelog-reader-action@v2 - id: changelog-reader - with: - version: ${{ steps.get-version.outputs.tagged_version }} - path: ./CHANGELOG.md - - uses: softprops/action-gh-release@v1 - with: - draft: false - tag_name: v${{ steps.get-version.outputs.tagged_version }} - body: ${{ steps.changelog-reader.outputs.changes }} - files: | - ./connector-definition/dist/connector-definition.tgz - fail_on_unmatched_files: true - - name: Update ndc-hub - env: - REGISTRY_NAME: hasura - CONNECTOR_NAME: singlestore - COMMIT_HASH: ${{ needs.build-and-push-image.outputs.commit_hash }} - SHA256: ${{ needs.build-and-push-image.outputs.sha256 }} - GH_TOKEN: ${{ secrets.PAT_TOKEN }} - run: | - # Clone ndc-hub repository - git clone https://github.com/hasura/ndc-hub.git - cd ndc-hub - - # Create a new branch - NEW_BRANCH="update-${{ env.CONNECTOR_NAME }}-connector-v${{ steps.get-version.outputs.tagged_version }}" - git checkout -b $NEW_BRANCH - - # Create releases directory if it doesn't exist - mkdir -p registry/${{ env.REGISTRY_NAME }}/${{ env.CONNECTOR_NAME }}/releases/v${{ steps.get-version.outputs.tagged_version }} - - cd registry/${{ env.REGISTRY_NAME }}/${{ env.CONNECTOR_NAME }} - - # Create connector-packaging.json - cat << EOF > releases/v${{ steps.get-version.outputs.tagged_version }}/connector-packaging.json - { - "version": "${{ steps.get-version.outputs.tagged_version }}", - "uri": "https://github.com/${{ github.repository }}/releases/download/v${{ steps.get-version.outputs.tagged_version }}/connector-definition.tgz", - "checksum": { - "type": "sha256", - "value": "$SHA256" - }, - "source": { - "hash": "$COMMIT_HASH" - } - } - EOF - - # Update metadata.json to remove 'packages' field if it exists and update 'latest_version' - jq --arg version_tag "v${{ steps.get-version.outputs.tagged_version }}" \ - --arg commit_hash "$COMMIT_HASH" \ - 'if has("packages") then del(.packages) else . end | - .overview.latest_version = $version_tag | - if has("source_code") then - .source_code.version += [{ - "tag": $version_tag, - "hash": $commit_hash, - "is_verified": false - }] - else - . + {"source_code": {"version": [{ - "tag": $version_tag, - "hash": $commit_hash, - "is_verified": false - }]}} - end' \ - metadata.json > tmp.json && mv tmp.json metadata.json - - cp ../../../../README.md ./README.md - - # Commit changes - git config user.name "GitHub Action" - git config user.email "action@github.com" - git add metadata.json README.md releases - git commit -m "Update ${{ env.CONNECTOR_NAME }} connector metadata to version ${{ steps.get-version.outputs.tagged_version }}" - - # Push changes - git push https://${{ secrets.PAT_TOKEN }}@github.com/hasura/ndc-hub.git HEAD:update-${{ env.CONNECTOR_NAME }}-connector-v${{ steps.get-version.outputs.tagged_version }} - - - # Create PR using GitHub CLI - cd ../.. - gh pr create --repo hasura/ndc-hub \ - --base main \ - --head $NEW_BRANCH \ - --title "Update ${{ env.CONNECTOR_NAME }} connector to v${{ steps.get-version.outputs.tagged_version }}" \ - --body "This PR updates the ${{ env.CONNECTOR_NAME }} connector metadata to version ${{ steps.get-version.outputs.tagged_version }}." diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 4653fb7..86802e9 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -25,6 +25,8 @@ jobs: permissions: contents: read packages: write + attestations: write + id-token: write outputs: commit_hash: ${{ steps.get_commit_hash.outputs.commit_hash }} sha256: ${{ steps.calculate_checksum.outputs.sha256 }} @@ -43,7 +45,7 @@ jobs: with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} - password: ${{ secrets.PAT_TOKEN }} + password: ${{ secrets.GITHUB_TOKEN }} # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels. - name: Extract metadata (tags, labels) for Docker id: meta