diff --git a/.github/workflows/build-rock.yaml b/.github/workflows/build-rock.yaml deleted file mode 100644 index 3500309..0000000 --- a/.github/workflows/build-rock.yaml +++ /dev/null @@ -1,14 +0,0 @@ -name: Build ROCK - -on: - workflow_dispatch: {} - schedule: - - cron: "0 12 * * 0" - -jobs: - build: - uses: canonical/observability/.github/workflows/build-rock.yaml@main - secrets: inherit - with: - rock-name: cos-alerter - tag-minor: true diff --git a/.github/workflows/push-main.yaml b/.github/workflows/push-main.yaml index 82a99c9..c6dcfdd 100644 --- a/.github/workflows/push-main.yaml +++ b/.github/workflows/push-main.yaml @@ -54,10 +54,3 @@ jobs: custom_tag: "${{ needs.version-check.outputs.new_version }}" tag_prefix: "" default_bump: false - rock: - uses: canonical/observability/.github/workflows/build-rock.yaml@main - needs: python-package - secrets: inherit - with: - rock-name: cos-alerter - tag-minor: true diff --git a/.github/workflows/rock-build.yaml b/.github/workflows/rock-build.yaml new file mode 100644 index 0000000..eb2f460 --- /dev/null +++ b/.github/workflows/rock-build.yaml @@ -0,0 +1,67 @@ +name: Build ROCK + +on: + workflow_dispatch: {} + push: + branches: + - main + schedule: + - cron: "0 12 * * 0" + +jobs: + main: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Setup LXD + uses: canonical/setup-lxd@v0.1.1 + with: + channel: latest/stable + + - name: Install dependencies + run: | + sudo snap install yq + sudo snap install --classic --channel edge rockcraft + + - name: Build ROCK + id: build_rock + run: | + rockcraft pack --verbose + digest=$(skopeo inspect oci-archive:$(realpath ./cos-alerter_*.rock) --format '{{.Digest}}') + echo "digest=${digest#*:}" >> "$GITHUB_OUTPUT" + + - name: Add git tag + uses: mathieudutour/github-tag-action@v6.1 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + custom_tag: "${{ steps.build_rock.outputs.digest }}" + tag_prefix: "" + + - name: Upload ROCK to ghcr.io + run: | + VERSION=$(yq -r '.version' rockcraft.yaml) + sudo skopeo --insecure-policy copy oci-archive:$(realpath ./cos-alerter_*.rock) docker://ghcr.io/canonical/cos-alerter:$VERSION --dest-creds "observability-noctua-bot:${{ secrets.OBSERVABILITY_NOCTUA_TOKEN }}" + sudo skopeo --insecure-policy copy oci-archive:$(realpath ./cos-alerter_*.rock) docker://ghcr.io/canonical/cos-alerter:latest --dest-creds "observability-noctua-bot:${{ secrets.OBSERVABILITY_NOCTUA_TOKEN }}" + MINOR_VERSION=${VERSION%.*} + sudo skopeo --insecure-policy copy oci-archive:$(realpath ./cos-alerter_*.rock) docker://ghcr.io/canonical/cos-alerter:$MINOR_VERSION --dest-creds "observability-noctua-bot:${{ secrets.OBSERVABILITY_NOCTUA_TOKEN }}" + fi + + - name: Install Syft + run: | + curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin + + - name: Create SBOM + run: syft $(realpath ./cos-alerter_*.rock) -o spdx-json=cos-alerter.sbom.json + + - name: Upload SBOM + uses: actions/upload-artifact@v3 + with: + name: cos-alerter-sbom + path: "cos-alerter.sbom.json" + - name: Upload locally built ROCK artifact + uses: actions/upload-artifact@v3 + with: + name: cos-alerter-rock + path: "cos-alerter_*.rock"