Skip to content

Paketo Buildpack for Encrypt-at-Rest 4.8.4 #45

Paketo Buildpack for Encrypt-at-Rest 4.8.4

Paketo Buildpack for Encrypt-at-Rest 4.8.4 #45

name: Create Package
"on":
release:
types:
- published
jobs:
create-package:
name: Create Package
runs-on:
- ubuntu-latest
steps:
- name: Docker login gcr.io
if: ${{ (github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork) && (github.actor != 'dependabot[bot]') }}
uses: docker/login-action@v3
with:
password: ${{ secrets.GCR_PUSH_BOT_JSON_KEY }}
registry: gcr.io
username: _json_key
- name: Docker login docker.io
if: ${{ (github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork) && (github.actor != 'dependabot[bot]') }}
uses: docker/login-action@v3
with:
password: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_PASSWORD }}
registry: docker.io
username: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_USERNAME }}
- uses: actions/setup-go@v5
with:
go-version: "1.23"
- name: Install create-package
run: |
#!/usr/bin/env bash
set -euo pipefail
go install -ldflags="-s -w" github.com/paketo-buildpacks/libpak/cmd/create-package@latest
- uses: buildpacks/github-actions/setup-tools@v5.7.2
with:
crane-version: 0.19.1
yj-version: 5.1.0
- uses: buildpacks/github-actions/setup-pack@v5.7.2
with:
pack-version: 0.34.2
- name: Enable pack Experimental
if: ${{ false }}
run: |
#!/usr/bin/env bash
set -euo pipefail
echo "Enabling pack experimental features"
mkdir -p "${HOME}"/.pack
echo "experimental = true" >> "${HOME}"/.pack/config.toml
- uses: actions/checkout@v4
- if: ${{ false }}
uses: actions/cache@v4
with:
key: ${{ runner.os }}-go-${{ hashFiles('**/buildpack.toml', '**/package.toml') }}
path: |-
${{ env.HOME }}/.pack
${{ env.HOME }}/carton-cache
restore-keys: ${{ runner.os }}-go-
- name: Compute Version
id: version
run: |
#!/usr/bin/env bash
set -euo pipefail
if [[ ${GITHUB_REF:-} != "refs/"* ]]; then
echo "GITHUB_REF set to [${GITHUB_REF:-}], but that is unexpected. It should start with 'refs/*'"
exit 255
fi
if [[ ${GITHUB_REF} =~ refs/tags/v([0-9]+\.[0-9]+\.[0-9]+) ]]; then
VERSION=${BASH_REMATCH[1]}
MAJOR_VERSION="$(echo "${VERSION}" | awk -F '.' '{print $1 }')"
MINOR_VERSION="$(echo "${VERSION}" | awk -F '.' '{print $1 "." $2 }')"
echo "version-major=${MAJOR_VERSION}" >> "$GITHUB_OUTPUT"
echo "version-minor=${MINOR_VERSION}" >> "$GITHUB_OUTPUT"
elif [[ ${GITHUB_REF} =~ refs/heads/(.+) ]]; then
VERSION=${BASH_REMATCH[1]}
else
VERSION=$(git rev-parse --short HEAD)
fi
echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
echo "Selected ${VERSION} from
* ref: ${GITHUB_REF}
* sha: ${GITHUB_SHA}
"
- name: Create Package
run: |
#!/usr/bin/env bash
set -euo pipefail
# With Go 1.20, we need to set this so that we produce statically compiled binaries
#
# Starting with Go 1.20, Go will produce binaries that are dynamically linked against libc
# which can cause compatibility issues. The compiler links against libc on the build system
# but that may be newer than on the stacks we support.
export CGO_ENABLED=0
if [[ "${INCLUDE_DEPENDENCIES}" == "true" ]]; then
create-package \
--source "${SOURCE_PATH:-.}" \
--cache-location "${HOME}"/carton-cache \
--destination "${HOME}"/buildpack \
--include-dependencies \
--version "${VERSION}"
else
create-package \
--source "${SOURCE_PATH:-.}" \
--destination "${HOME}"/buildpack \
--version "${VERSION}"
fi
PACKAGE_FILE="${SOURCE_PATH:-.}/package.toml"
if [ -f "${PACKAGE_FILE}" ]; then
cp "${PACKAGE_FILE}" "${HOME}/buildpack/package.toml"
printf '[buildpack]\nuri = "%s"\n\n[platform]\nos = "%s"\n' "${HOME}/buildpack" "${OS}" >> "${HOME}/buildpack/package.toml"
fi
env:
INCLUDE_DEPENDENCIES: "false"
OS: linux
SOURCE_PATH: ""
VERSION: ${{ steps.version.outputs.version }}
- name: Package Buildpack
id: package
run: |-
#!/usr/bin/env bash
set -euo pipefail
COMPILED_BUILDPACK="${HOME}/buildpack"
# create-package puts the buildpack here, we need to run from that directory
# for component buildpacks so that pack doesn't need a package.toml
cd "${COMPILED_BUILDPACK}"
CONFIG=""
if [ -f "${COMPILED_BUILDPACK}/package.toml" ]; then
CONFIG="--config ${COMPILED_BUILDPACK}/package.toml"
fi
PACKAGE_LIST=($PACKAGES)
# Extract first repo (Docker Hub) as the main to package & register
PACKAGE=${PACKAGE_LIST[0]}
if [[ "${PUBLISH:-x}" == "true" ]]; then
pack -v buildpack package \
"${PACKAGE}:${VERSION}" ${CONFIG} \
--publish
if [[ -n ${VERSION_MINOR:-} && -n ${VERSION_MAJOR:-} ]]; then
crane tag "${PACKAGE}:${VERSION}" "${VERSION_MINOR}"
crane tag "${PACKAGE}:${VERSION}" "${VERSION_MAJOR}"
fi
crane tag "${PACKAGE}:${VERSION}" latest
echo "digest=$(crane digest "${PACKAGE}:${VERSION}")" >> "$GITHUB_OUTPUT"
# copy to other repositories specified
for P in "${PACKAGE_LIST[@]}"
do
if [ "$P" != "$PACKAGE" ]; then
crane copy "${PACKAGE}:${VERSION}" "${P}:${VERSION}"
if [[ -n ${VERSION_MINOR:-} && -n ${VERSION_MAJOR:-} ]]; then
crane tag "${P}:${VERSION}" "${VERSION_MINOR}"
crane tag "${P}:${VERSION}" "${VERSION_MAJOR}"
fi
crane tag "${P}:${VERSION}" latest
fi
done
else
pack -v buildpack package \
"${PACKAGE}:${VERSION}" ${CONFIG} \
--format "${FORMAT}" $([ -n "$TTL_SH_PUBLISH" ] && [ "$TTL_SH_PUBLISH" = "true" ] && echo "--publish")
fi
env:
PACKAGES: docker.io/paketobuildpacks/encrypt-at-rest gcr.io/paketo-buildpacks/encrypt-at-rest
PUBLISH: "true"
VERSION: ${{ steps.version.outputs.version }}
VERSION_MAJOR: ${{ steps.version.outputs.version-major }}
VERSION_MINOR: ${{ steps.version.outputs.version-minor }}
- name: Update release with digest
run: |
#!/usr/bin/env bash
set -euo pipefail
PAYLOAD=$(cat "${GITHUB_EVENT_PATH}")
RELEASE_ID=$(jq -n -r --argjson PAYLOAD "${PAYLOAD}" '$PAYLOAD.release.id')
RELEASE_TAG_NAME=$(jq -n -r --argjson PAYLOAD "${PAYLOAD}" '$PAYLOAD.release.tag_name')
RELEASE_NAME=$(jq -n -r --argjson PAYLOAD "${PAYLOAD}" '$PAYLOAD.release.name')
RELEASE_BODY=$(jq -n -r --argjson PAYLOAD "${PAYLOAD}" '$PAYLOAD.release.body')
gh api \
--method PATCH \
"/repos/:owner/:repo/releases/${RELEASE_ID}" \
--field "tag_name=${RELEASE_TAG_NAME}" \
--field "name=${RELEASE_NAME}" \
--field "body=${RELEASE_BODY//<!-- DIGEST PLACEHOLDER -->/\`${DIGEST}\`}"
env:
DIGEST: ${{ steps.package.outputs.digest }}
GITHUB_TOKEN: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
- if: ${{ true }}
uses: docker://ghcr.io/buildpacks/actions/registry/request-add-entry:5.7.2
with:
address: docker.io/paketobuildpacks/encrypt-at-rest@${{ steps.package.outputs.digest }}
id: paketo-buildpacks/encrypt-at-rest
token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
version: ${{ steps.version.outputs.version }}