From b1dc5f33ac54bf8a1f4288cf5bc8803ce16c8b3b Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Thu, 15 Aug 2024 13:30:31 +0200 Subject: [PATCH 1/3] ci: drop unused target Signed-off-by: Mark Sagi-Kazar --- .github/workflows/artifacts.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/artifacts.yaml b/.github/workflows/artifacts.yaml index 6956f3b80..738349cd5 100644 --- a/.github/workflows/artifacts.yaml +++ b/.github/workflows/artifacts.yaml @@ -80,7 +80,6 @@ jobs: uses: depot/build-push-action@e7743ee6585d261968c7ae0ef64977ee98c09d74 # v1.13.0 with: context: . - target: ${{ matrix.target }} build-args: | VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }} platforms: linux/amd64,linux/arm64 # The confluent library doesn't support ARMv7 From cca3875b6d70ba53072fc5a355fecc003700fcdb Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Thu, 15 Aug 2024 13:31:02 +0200 Subject: [PATCH 2/3] ci: use ubuntu-latest for container image builds Signed-off-by: Mark Sagi-Kazar --- .github/workflows/artifacts.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/artifacts.yaml b/.github/workflows/artifacts.yaml index 738349cd5..8221fa885 100644 --- a/.github/workflows/artifacts.yaml +++ b/.github/workflows/artifacts.yaml @@ -28,7 +28,7 @@ permissions: jobs: container-image: name: Container image - runs-on: ${{ github.actor == 'dependabot[bot]' && 'ubuntu-latest' || 'ubuntu-latest-large' }} + runs-on: ubuntu-latest permissions: contents: read @@ -124,7 +124,7 @@ jobs: benthos-collector-container-image: name: Benthos Collector Container image - runs-on: ${{ github.actor == 'dependabot[bot]' && 'ubuntu-latest' || 'ubuntu-latest-large' }} + runs-on: ubuntu-latest permissions: contents: read From 6d4c503ac73f824dc2c13c6be90129939f85bc53 Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Thu, 15 Aug 2024 13:37:38 +0200 Subject: [PATCH 3/3] ci: use depot project variable Signed-off-by: Mark Sagi-Kazar --- .github/workflows/artifacts.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/artifacts.yaml b/.github/workflows/artifacts.yaml index 8221fa885..d3bc0bbbe 100644 --- a/.github/workflows/artifacts.yaml +++ b/.github/workflows/artifacts.yaml @@ -87,7 +87,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} push: ${{ inputs.publish }} save: true - project: mx1q1j4nzh + project: ${{ vars.DEPOT_PROJECT }} - name: Set image ref id: image-ref @@ -96,14 +96,14 @@ jobs: - name: Retrieve pull token id: pull-token run: | - PULL_TOKEN="$(depot pull-token --project mx1q1j4nzh)" + PULL_TOKEN="$(depot pull-token --project ${{ vars.DEPOT_PROJECT }})" echo "token=$PULL_TOKEN" >> "$GITHUB_OUTPUT" echo "::add-mask::$PULL_TOKEN" - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 with: - image-ref: registry.depot.dev/mx1q1j4nzh:${{ steps.build.outputs.build-id }} + image-ref: registry.depot.dev/${{ vars.DEPOT_PROJECT }}:${{ steps.build.outputs.build-id }} format: sarif output: trivy-results.sarif env: @@ -184,7 +184,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} push: ${{ inputs.publish }} save: true - project: mx1q1j4nzh + project: ${{ vars.DEPOT_PROJECT }} - name: Set image ref id: image-ref @@ -193,14 +193,14 @@ jobs: - name: Retrieve pull token id: pull-token run: | - PULL_TOKEN="$(depot pull-token --project mx1q1j4nzh)" + PULL_TOKEN="$(depot pull-token --project ${{ vars.DEPOT_PROJECT }})" echo "token=$PULL_TOKEN" >> "$GITHUB_OUTPUT" echo "::add-mask::$PULL_TOKEN" - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 with: - image-ref: registry.depot.dev/mx1q1j4nzh:${{ steps.build.outputs.build-id }} + image-ref: registry.depot.dev/${{ vars.DEPOT_PROJECT }}:${{ steps.build.outputs.build-id }} format: sarif output: trivy-results.sarif env: