Merge pull request #169 from felddy/improvement/v4-artifacts

Support version 4 of the GitHub Actions artifacts

.github/workflows/_build.yml

@@ -46,7 +46,7 @@ jobs:
       - metadata
     uses: ./.github/workflows/docker-build-image.yml
     with:
-      artifact_name: ${{ needs.config.outputs.image_archive_artifact_name }}
+      artifact_name: ${{ needs.config.outputs.image_artifact_name_stem }}-${{ needs.config.outputs.test_platform }}
       cache_from_scopes: ${{ needs.config.outputs.test_platform }}
       cache_to_scope: ${{ needs.config.outputs.test_platform }}
       image_archive_name_stem: ${{ needs.config.outputs.test_platform }}
@@ -61,11 +61,11 @@ jobs:
     uses: ./.github/workflows/docker-pytest-image.yml
     with:
       data_artifact_name: ${{ needs.config.outputs.data_artifact_name }}
-      image_artifact_name: ${{ needs.config.outputs.image_archive_artifact_name }}
+      image_artifact_name: ${{ needs.build-image-for-testing.outputs.artifact_name }}
       image_archive_name: ${{ needs.build-image-for-testing.outputs.image_archive_name }}
 
   build-each-platform:
-    name: "Build platform"
+    name: "Build platforms"
     needs:
       - config
       - lint
@@ -79,7 +79,7 @@ jobs:
           - platform: ${{ needs.config.outputs.test_platform }}
     uses: ./.github/workflows/docker-build-image.yml
     with:
-      artifact_name: ${{ needs.config.outputs.image_archive_artifact_name }}
+      artifact_name: ${{ needs.config.outputs.image_artifact_name_stem }}-${{ matrix.platform }}
       cache_from_scopes: ${{ matrix.platform }}
       cache_to_scope: ${{ matrix.platform }}
       image_labels: ${{ needs.metadata.outputs.image_labels }}
@@ -93,9 +93,13 @@ jobs:
       - config
     permissions:
       contents: write
+    strategy:
+      matrix:
+        platform: ${{ fromJson(needs.config.outputs.platforms_json) }}
     uses: ./.github/workflows/sbom-artifact.yml
     with:
-      image_artifact_name: ${{ needs.config.outputs.image_archive_artifact_name }}
+      image_artifact_name: ${{ needs.config.outputs.image_artifact_name_stem }}-${{ matrix.platform }}
+      sbom_artifact_name: ${{ needs.config.outputs.sbom_artifact_name_stem }}-${{ matrix.platform }}
 
   docker-secrets:
     name: "Docker secrets"
@@ -131,7 +135,7 @@ jobs:
       packages: write
     uses: ./.github/workflows/docker-multi-arch-push.yml
     with:
-      artifact_name: ${{ needs.config.outputs.image_archive_artifact_name }}
+      artifact_name_pattern: ${{ needs.config.outputs.image_artifact_name_stem }}-*
       image_tags: ${{ needs.metadata.outputs.image_tags }}
     secrets:
       docker_password: ${{ secrets.DOCKER_PASSWORD }}

.github/workflows/_config.yml

@@ -13,9 +13,9 @@ on:
       data_artifact_name:
         description: "The name of the test data artifact"
         value: test-output
-      image_archive_artifact_name:
-        description: "The name of the image archives artifact"
-        value: image-archives
+      image_artifact_name_stem:
+        description: "The stem name for image artifacts"
+        value: image-archive
       image_name:
         description: "The Docker image name"
         value: felddy/reusable-workflow
@@ -25,6 +25,9 @@ on:
       platforms_json:
         description: "The platforms to build (JSON)"
         value: ${{ jobs.csv-to-json.outputs.json }}
+      sbom_artifact_name_stem:
+        description: "The stem name for sbom artifacts"
+        value: sbom
       test_platform:
         description: "The platform to use for testing"
         value: linux/amd64

.github/workflows/_scorecards.yml

@@ -71,7 +71,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32  # tag=v3.1.3
+        uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6  # tag=v4.2.0
         with:
           name: SARIF file
           path: results.sarif

.github/workflows/docker-build-image.yml

@@ -23,7 +23,7 @@ on:
       # Optional inputs
       artifact_name:
         default: ""
-        description: "Upload the image archive as an artifact if specified"
+        description: "Upload the image archive as an artifact if specified (name will be cleaned)"
         required: false
         type: string
       artifact_retention_days:
@@ -103,6 +103,9 @@ on:
         required: false
         type: string
     outputs:
+      artifact_name:
+        description: "The cleaned name of the artifact (if any)"
+        value: ${{ jobs.build-image.outputs.artifact_name }}
       image_archive_name:
         description: "The name of the image archive"
         value: ${{ jobs.build-image.outputs.image_archive_name }}
@@ -149,6 +152,7 @@ jobs:
     name: "Build image"
     runs-on: ubuntu-latest
     outputs:
+      artifact_name: ${{ steps.clean.outputs.artifact_name }}
       image_archive_name: ${{ steps.check_image_archive_key.outputs.file_name }}
     steps:
       - name: Harden Runner
@@ -202,6 +206,8 @@ jobs:
       - name: Clean variables
         id: clean
         run: |
+          # Replace illegal characters in artifact name
+          echo artifact_name=$(echo "${{ inputs.artifact_name }}" | sed -e 's/[^a-zA-Z0-9._-]/_/g') >> $GITHUB_OUTPUT
           # Replace illegal characters in cache from scope list
           echo cache_from_scopes=$(echo "${{ inputs.cache_from_scopes }}" | sed -e 's/[^a-zA-Z0-9.,_-]/_/g') >> $GITHUB_OUTPUT
           # Replace illegal characters in cache to scope
@@ -323,9 +329,9 @@ jobs:
           ${{ env.OUTPUT_ARTIFACT_WORK_DIR }}/${{ steps.clean.outputs.image_archive_name_stem }}.tar
 
       - name: Upload artifacts
-        if: ${{ (inputs.push == false) && (inputs.artifact_name != '') }}
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32  # tag=v3.1.3
+        if: ${{ (inputs.push == false) && (steps.clean.outputs.artifact_name != '') }}
+        uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6  # tag=v4.2.0
         with:
-          name: ${{ inputs.artifact_name }}
+          name: ${{ steps.clean.outputs.artifact_name }}
           path: ${{ env.OUTPUT_ARTIFACT_WORK_DIR }}/${{ steps.check_image_archive_key.outputs.file_name }}
           retention-days: ${{ inputs.artifact_retention_days }}

.github/workflows/docker-multi-arch-push.yml

@@ -8,8 +8,8 @@ on:
   workflow_call:
     inputs:
       # Required inputs
-      artifact_name:
-        description: "Artifact containing the image archives"
+      artifact_name_pattern:
+        description: "Pattern to match artifacts containing the image archives"
         required: true
         type: string
       image_tags:
@@ -75,11 +75,12 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Download Docker images artifact
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a  # tag=v3.0.2
+      - name: Download Docker image artifacts
+        uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935  # tag=v4.1.1
         with:
-          name: ${{ inputs.artifact_name }}
+          merge-multiple: true
           path: ${{ env.ARTIFACT_WORK_DIR }}
+          pattern: ${{ inputs.artifact_name_pattern }}
 
       - name: Start local registry
         run: |

.github/workflows/docker-pytest-image.yml

@@ -126,7 +126,7 @@ jobs:
           pip install --upgrade --requirement requirements-test.txt
 
       - name: Download Docker image artifact
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a  # tag=v3.0.2
+        uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935  # tag=v4.1.1
         with:
           name: ${{ inputs.image_artifact_name }}
           path: ${{ env.ARTIFACT_WORK_DIR }}
@@ -175,15 +175,15 @@ jobs:
 
       - name: Upload unencrypted data artifacts
         if: ( success() || failure() ) && steps.check_data_archive_key.outputs.do_encryption == 'false'
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32  # tag=v3.1.3
+        uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6  # tag=v4.2.0
         with:
           name: ${{ inputs.data_artifact_name }}
           path: data.tar.gz
           retention-days: ${{ inputs.data_artifact_retention_days }}
 
       - name: Upload encrypted data artifacts
         if: ( success() || failure() ) && steps.check_data_archive_key.outputs.do_encryption == 'true'
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32  # tag=v3.1.3
+        uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6  # tag=v4.2.0
         with:
           name: ${{ inputs.data_artifact_name }}
           path: data.tar.7z

.github/workflows/sbom-artifact.yml

@@ -10,7 +10,7 @@ on:
     inputs:
       # Required inputs
       image_artifact_name:
-        description: "The name of the artifact containing the image archives"
+        description: "The name of the artifact containing the image archives (will be cleaned)"
         required: true
         type: string
       # Optional inputs
@@ -21,11 +21,11 @@ on:
         type: number
       sbom_artifact_name:
         default: "sboms"
-        description: "The name of the artifact to store the SBOMs"
+        description: "The name of the artifact to store the SBOMs (will be cleaned)"
         required: false
         type: string
       syft_version:
-        default: "v0.76.0"
+        default: "v0.101.0"
         description: "The version of syft to use"
         required: false
         type: string
@@ -65,6 +65,10 @@ jobs:
           echo repository=$(echo "${{ github.repository }}" | sed -e 's/[^a-zA-Z0-9._-]/_/g') >> $GITHUB_OUTPUT
           # Replace illegal characters in ref_name
           echo ref_name=$(echo "${{ github.ref_name }}" | sed -e 's/[^a-zA-Z0-9._-]/_/g') >> $GITHUB_OUTPUT
+          # Replace illegal characters in image_artifact_name
+          echo image_artifact_name=$(echo "${{ inputs.image_artifact_name }}" | sed -e 's/[^a-zA-Z0-9._-]/_/g') >> $GITHUB_OUTPUT
+          # Replace illegal characters in sbom_artifact_name
+          echo sbom_artifact_name=$(echo "${{ inputs.sbom_artifact_name }}" | sed -e 's/[^a-zA-Z0-9._-]/_/g') >> $GITHUB_OUTPUT
 
       - name: Calculate file variables
         # If this is a release, the version will be the clean ref_name.  Otherwise it will be the short SHA.
@@ -77,9 +81,9 @@ jobs:
           fi
 
       - name: Download images artifact
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a  # tag=v3.0.2
+        uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935  # tag=v4.1.1
         with:
-          name: ${{ inputs.image_artifact_name }}
+          name: ${{ steps.clean.outputs.image_artifact_name }}
 
       - name: Generate SBOMs
         run: |
@@ -92,9 +96,9 @@ jobs:
           done
 
       - name: Upload SBOMs as artifact
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32  # tag=v3.1.3
+        uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6  # tag=v4.2.0
         with:
-          name: ${{ inputs.sbom_artifact_name }}
+          name: ${{ steps.clean.outputs.sbom_artifact_name }}
           path: ${{ env.OUTPUT_ARTIFACT_WORK_DIR }}
           retention-days: ${{ inputs.artifact_retention_days }}
 

README.md

@@ -1,8 +1,8 @@
 # reusable-workflows #
 
-[![GitHub Build Status](https://github.com/felddy/reusable-workflows/workflows/build/badge.svg)](https://github.com/felddy/reusable-workflows/actions)
+[![Build](https://github.com/felddy/reusable-workflows/actions/workflows/_build.yml/badge.svg)](https://github.com/felddy/reusable-workflows/actions/workflows/_build.yml)
 
-This repository contains reusable GitHub Actions workflows that can be
+This repository contains reusable GitHub Actions workflows for use in other repositories.
 
 ## Contributing ##