Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci(bump automation): bump ubi9 for ironbank #191660

Merged
merged 7 commits into from
Oct 10, 2024
Merged
Show file tree
Hide file tree
Changes from 4 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .github/updatecli/values.d/ironbank.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
config:
- path: src/dev/build/tasks/os_packages/docker_generator/templates/ironbank
11 changes: 11 additions & 0 deletions .github/updatecli/values.d/scm.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
scm:
enabled: true
owner: elastic
repository: kibana
branch: main
commitusingapi: true
# begin updatecli-compose policy values
user: kibanamachine
email: [email protected]
# end updatecli-compose policy values

3 changes: 3 additions & 0 deletions .github/updatecli/values.d/updatecli-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
spec:
files:
- "updatecli-compose.yaml"
38 changes: 38 additions & 0 deletions .github/workflows/updatecli-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
---
name: updatecli-compose

on:
workflow_dispatch:
schedule:
- cron: '0 6 * * *'

permissions:
contents: read

jobs:
compose:
runs-on: ubuntu-latest
permissions:
contents: write
packages: read
pull-requests: write
steps:
- uses: actions/checkout@v4

- uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: ghcr.io
username: ${{ github.actor }}
Copy link
Contributor

@Ikuni17 Ikuni17 Sep 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be a bot instead? It seems that actor is not well defined, and would run in the context of an employee with their privlages, which doesn't seem to be ideal.

Copy link
Member Author

@v1v v1v Sep 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interesting. The official docs explained how to use this docker login with the GITHUB_TOKEN:

Maybe the issue with github.actor is not the case for this specific use case. We have used this approach so far without any issues, for instance, see the below build for the same kind of code in a different GitHub repository:

I can see my username, but the following steps do what's expected (download the containers and so on ):

image

Likely, GitHub does something special with the login, and it's not honoured but the GITHUB_TOKEN.

So far I think we are safe.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the links. I think you're correct that the actor is not honored and the GITHUB_TOKEN takes precedence. It's just a bit strange.

password: ${{ secrets.GITHUB_TOKEN }}

- uses: elastic/oblt-actions/updatecli/run@v1
with:
command: --experimental compose diff
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- uses: elastic/oblt-actions/updatecli/run@v1
with:
command: --experimental compose apply
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
14 changes: 14 additions & 0 deletions updatecli-compose.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# Config file for `updatecli compose ...`.
# https://www.updatecli.io/docs/core/compose/
policies:
- name: Handle ironbank bumps
policy: ghcr.io/elastic/oblt-updatecli-policies/ironbank/templates:0.3.0@sha256:b0c841d8fb294e6b58359462afbc83070dca375ac5dd0c5216c8926872a98bb1
values:
- .github/updatecli/values.d/scm.yml
- .github/updatecli/values.d/ironbank.yml

- name: Update Updatecli policies
policy: ghcr.io/updatecli/policies/autodiscovery/updatecli:0.4.0@sha256:254367f5b1454fd6032b88b314450cd3b6d5e8d5b6c953eb242a6464105eb869
values:
- .github/updatecli/values.d/scm.yml
- .github/updatecli/values.d/updatecli-compose.yml