Merge branch 'main' into Support-docker-uri-for-lifecycle

.github/workflows/build.yml

@@ -23,7 +23,8 @@ jobs:
         config: [macos, linux, windows-lcow, windows-wcow]
         include:
           - config: macos
-            os: macos
+            # since macos-14 the latest runner is arm64
+            os: macos-arm64
             runner: macos-latest
             no_docker: "true"
             pack_bin: pack
@@ -170,8 +171,9 @@ jobs:
           - name: linux-arm64
             goarch: arm64
             goos: linux
-          - name: macos-arm64
-            goarch: arm64
+          - name: macos
+            # since macos-14 default runner is arm, we need to build for intel architecture later
+            goarch: amd64
             goos: darwin
           - name: linux-s390x
             goarch: s390x

.github/workflows/check-latest-release.yml

@@ -70,7 +70,7 @@ jobs:
           fi
       - name: Scan latest release image
         id: scan-image
-        uses: anchore/scan-action@v3
+        uses: anchore/scan-action@v4
         with:
           image: buildpacksio/pack:${{ steps.read-go.outputs.latest-release-version }}
       - name: Create issue if needed

.github/workflows/delivery-archlinux.yml

@@ -11,64 +11,6 @@ on:
         required: true
 
 jobs:
-  pack-cli:
-    runs-on: ubuntu-latest
-    env:
-      PACKAGE_NAME: pack-cli
-    steps:
-      - uses: actions/checkout@v4
-      - name: Determine version
-        uses: actions/github-script@v7
-        id: version
-        with:
-          result-encoding: string
-          script: |
-            let payload = context.payload;
-            let tag = (payload.release && payload.release.tag_name) || (payload.inputs && payload.inputs.tag_name);
-            if (!tag) {
-              throw "ERROR: unable to determine tag"
-            }
-            return tag.replace(/^v/, '');
-      - name: Set PACK_VERSION
-        run: echo "PACK_VERSION=${{ steps.version.outputs.result }}" >> $GITHUB_ENV
-        shell: bash
-      - name: Setup working dir
-        run: |
-          mkdir -p ${{ env.PACKAGE_NAME }}
-          cp .github/workflows/delivery/archlinux/${{ env.PACKAGE_NAME }}/PKGBUILD ${{ env.PACKAGE_NAME }}/PKGBUILD
-      - name: Metadata
-        id: metadata
-        run: |
-          url=https://github.com/buildpacks/pack/archive/v${{ env.PACK_VERSION }}.tar.gz
-          filename=pack-${{ env.PACK_VERSION }}.tgz
-          fullpath=`pwd`/$filename
-
-          curl -sSL "$url" -o "$fullpath"
-          sha512=$(sha512sum "$fullpath" | awk '{ print $1 }')
-          echo "url=$url" >> $GITHUB_OUTPUT
-          echo "sha512=$sha512" >> $GITHUB_OUTPUT
-      - name: Fill PKGBUILD
-        uses: cschleiden/replace-tokens@v1
-        with:
-          files: ${{ env.PACKAGE_NAME }}/PKGBUILD
-          tokenPrefix: '{{'
-          tokenSuffix: '}}'
-        env:
-          PACK_VERSION: ${{ env.PACK_VERSION }}
-          SRC_TGZ_URL: ${{ steps.metadata.outputs.url }}
-          SRC_TGZ_SHA: ${{ steps.metadata.outputs.sha512 }}
-      - name: Print PKGBUILD
-        run: cat ${{ env.PACKAGE_NAME }}/PKGBUILD
-      - name: Test
-        uses: docker://archlinux:latest
-        with:
-          entrypoint: .github/workflows/delivery/archlinux/test-install-package.sh
-      - name: Publish
-        uses: docker://archlinux:latest
-        env:
-          AUR_KEY: ${{ secrets.AUR_KEY }}
-        with:
-          entrypoint: .github/workflows/delivery/archlinux/publish-package.sh
   pack-cli-bin:
     runs-on: ubuntu-latest
     env:

.github/workflows/delivery-docker.yml

@@ -16,8 +16,9 @@ on:
         default: false
 
 env:
+  REGISTRY_NAME: 'index.docker.io'
+  USER_NAME: 'buildpacksio'
   IMG_NAME: 'pack'
-  USERNAME: 'buildpacksio'
 
 jobs:
   deliver-docker:
@@ -52,15 +53,15 @@ jobs:
         with:
           ref: v${{ steps.version.outputs.result }}
       - name: Determine App Name
-        run: 'echo "IMG_NAME=${{ env.USERNAME }}/${{ env.IMG_NAME }}" >> $GITHUB_ENV'
+        run: 'echo "IMG_NAME=${{ env.REGISTRY_NAME }}/${{ env.USER_NAME }}/${{ env.IMG_NAME }}" >> $GITHUB_ENV'
       - name: Login to Dockerhub
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
       - uses: docker/setup-qemu-action@v3
       - uses: docker/setup-buildx-action@v3
-      - uses: buildpacks/github-actions/setup-tools@v5.5.4
+      - uses: buildpacks/github-actions/setup-tools@v5.7.4
       - name: Buildx Build/Publish
         run: |
           docker buildx build . \
@@ -73,8 +74,8 @@ jobs:
       - name: Tag Image as Base
         if: ${{ (github.event.release != '' || github.event.inputs.tag_latest) && matrix.config == 'base' }}
         run: |
-          crane copy ${{ env.IMG_NAME }}:${{ steps.version.outputs.result }} ${{ env.IMG_NAME }}:base
+          crane copy ${{ env.IMG_NAME }}:${{ steps.version.outputs.result }}${{ matrix.suffix }} ${{ env.IMG_NAME }}:base
       - name: Tag Image as Latest
         if: ${{ (github.event.release != '' || github.event.inputs.tag_latest) && matrix.config != 'base' }}
         run: |
-          crane copy ${{ env.IMG_NAME }}:${{ steps.version.outputs.result }} ${{ env.IMG_NAME }}:latest
+          crane copy ${{ env.IMG_NAME }}:${{ steps.version.outputs.result }}${{ matrix.suffix }} ${{ env.IMG_NAME }}:latest

.github/workflows/delivery-ubuntu.yml

@@ -20,7 +20,7 @@ jobs:
       strategy:
         fail-fast: false
         matrix:
-          target: [bionic, focal, jammy, lunar, noble]
+          target: [bionic, focal, jammy, noble]
       runs-on: ubuntu-20.04
       steps:
           - name: Checkout code
@@ -103,18 +103,6 @@ jobs:
               GPG_PUBLIC_KEY: ${{ secrets.GPG_PUBLIC_KEY }}
               PACKAGE_VERSION: ${{ steps.version.outputs.result }}
 
-          - name: Deliver lunar
-            if: matrix.target == 'lunar'
-            uses: docker://ubuntu:lunar
-            with:
-              entrypoint: .github/workflows/delivery/ubuntu/deliver.sh
-            env:
-              DEBIAN_FRONTEND: "noninteractive"
-              GO_DEP_PACKAGE_NAME: golang
-              GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
-              GPG_PUBLIC_KEY: ${{ secrets.GPG_PUBLIC_KEY }}
-              PACKAGE_VERSION: ${{ steps.version.outputs.result }}
-
           - name: Deliver noble
             if: matrix.target == 'noble'
             uses: docker://ubuntu:noble

.github/workflows/delivery/archlinux/README.md

@@ -1,8 +1,8 @@
 # Arch Linux
 
-There are 3 maintained packages:
+There are two maintained packages by us and one official archlinux package:
 
-- [pack-cli](https://aur.archlinux.org/packages/pack-cli/): The latest release of `pack`, compiled from source.
+- [pack-cli](https://archlinux.org/packages/extra/x86_64/pack-cli/): Official Archlinux package in the 'Extra' repo.
 - [pack-cli-bin](https://aur.archlinux.org/packages/pack-cli-bin/): The latest release of `pack`, precompiled.
 - [pack-cli-git](https://aur.archlinux.org/packages/pack-cli-git/): An unreleased version of `pack`, compiled from source of the `main` branch.
 

DEVELOPMENT.md

@@ -26,6 +26,29 @@ Alternatively, you can use Gitpod to run pre-configured dev environment in the c
 
 * Symlinks - Some of our tests attempt to create symlinks. On Windows, this requires the [permission to be provided](https://stackoverflow.com/a/24353758).
 
+### Testing GitHub actions on forks
+
+The pack release process involves chaining a series of GitHub actions together, such as:
+* The "build" workflow, which creates:
+    * .tgz files containing the pack binaries and shasums for the .tgz files
+    * a draft release with the above artifacts
+* The "delivery-docker" workflow, which builds and pushes OCI images containing the pack binary
+* The "benchmark" workflow, which runs performance checks for each commit and uploads reports to GitHub Pages
+
+It can be rather cumbersome to test changes to these workflows, as they are heavily intertwined. Thus, we recommend forking the buildpacks/pack repository on GitHub and running through the entire release process end-to-end.
+
+For the fork, it is necessary to complete the following preparations:
+
+* Add the following secrets:
+    * `DOCKER_PASSWORD` for the delivery-docker workflow, if not using ghcr.io
+    * `DOCKER_USERNAME` for the delivery-docker workflow, if not using ghcr.io
+    * `DEPLOY_KEY` for the release-merge workflow, as a SSH private key for repository access
+* Enable the issues feature on the repository and create `status/triage` and `type/bug` labels for the check-latest-release workflow
+* Create a branch named `gh-pages` for uploading benchmark reports for the benchmark workflow
+
+The `tools/test-fork.sh` script can be used to update the source code to reflect the state of the fork and disable workflows that should not run on the fork repository.
+It can be invoked like so: `./tools/test-fork.sh <registry repo name>`
+
 ## Tasks
 
 ### Building

Dockerfile

@@ -1,6 +1,6 @@
 ARG base_image=gcr.io/distroless/static
 
-FROM golang:1.20 as builder
+FROM golang:1.22 as builder
 ARG pack_version
 ENV PACK_VERSION=$pack_version
 WORKDIR /app