feat: Initial release updates

.github/actions/e2e/action.yml

@@ -18,12 +18,6 @@ inputs:
   aws-availability-zone:
     description: The AWS Availability Zone to use
     required: true
-  ghcr-username:
-    description: The Github container registry username to use
-    required: true
-  ghcr-password:
-    description: The Github container registry password to use
-    required: true
   registry1-username:
     description: The Registry1 container registry password to use
     required: true
@@ -92,7 +86,7 @@ runs:
       run: echo "tf_version=$(grep 'terraform ' .tool-versions)" >> $GITHUB_OUTPUT
 
     - name: Configure AWS Credentials for Commercial
-      uses: aws-actions/configure-aws-credentials@v2
+      uses: aws-actions/configure-aws-credentials@v4
       with:
         role-to-assume: ${{ inputs.role-to-assume }}
         role-session-name: ${{ github.event.client_payload.pull_request.head.sha || github.sha }}
@@ -107,8 +101,6 @@ runs:
         AWS_DEFAULT_REGION: us-east-2
         REGISTRY1_USERNAME: ${{ inputs.registry1-username }}
         REGISTRY1_PASSWORD: ${{ inputs.registry1-password }}
-        GHCR_USERNAME: ${{ inputs.ghcr-username }}
-        GHCR_PASSWORD: ${{ inputs.ghcr-password }}
         REPO_URL: https://github.com/${{ github.repository }}.git
         GIT_BRANCH: ${{ github.event.client_payload.pull_request.head.ref || github.ref_name }}
       run: |

.github/workflows/publish.yml → .github/workflows/publish-dev-deps.yml

@@ -1,22 +1,24 @@
-name: build-and-publish
+name: build-and-publish-dev-deps
 
 concurrency:
     cancel-in-progress: true
-    group: build-and-publish
+    group: build-and-publish-dev-deps
 
 on:
   push:
     branches: [ "main" ]
-  workflow_dispatch:
-  schedule:
-    - cron: '0 0 * * *'
 
 jobs:
   build-and-publish-package:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.PAT }}
+          repository: ${{ github.repository }}
+          ref: ${{ github.ref_name }}
 
       - name: Init zarf cache
         uses: actions/cache@v3
@@ -38,10 +40,10 @@ jobs:
         uses: supplypike/setup-bin@v3
         with:
           # renovate: zarf-uri datasource=github-tags depName=defenseunicorns/zarf
-          uri: 'https://github.com/defenseunicorns/zarf/releases/download/v0.29.1/zarf_v0.29.1_Linux_amd64'
+          uri: 'https://github.com/defenseunicorns/zarf/releases/download/v0.31.2/zarf_v0.31.2_Linux_amd64'
           name: 'zarf'
           # renovate: datasource=github-tags depName=defenseunicorns/zarf versioning=semver
-          version: 'v0.29.1'
+          version: 'v0.31.2'
 
       - name: Login to GHCR
         uses: docker/login-action@v2
@@ -50,25 +52,8 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Login to registry1
-        uses: docker/login-action@v2
-        with:
-          registry: registry1.dso.mil
-          username: ${{ secrets.REGISTRY1_USERNAME }}
-          password: ${{ secrets.REGISTRY1_PASSWORD }}
-
       ####
       # Build and publish dependency packages to use in a dev UDS Bundle
       ####
-
       - name: Build and publish dev-dependency gitlab runner rbac package
         run: cd utils/pkg-deps/rbac && zarf package create --confirm --no-progress --output oci://ghcr.io/defenseunicorns/uds-capability/gitlab-runner/dev-dependency
-
-      ####
-      # Build and publish capability package and skeleton
-      ####
-      - name: Build and publish gitlab runner package
-        run: zarf package create --confirm --no-progress --output oci://ghcr.io/defenseunicorns/uds-capability
-
-      - name: Publish gitlab runner skeleton
-        run: zarf package publish . oci://ghcr.io/defenseunicorns/uds-capability

.github/workflows/publish-package.yml

@@ -0,0 +1,80 @@
+name: Publish Zarf Package
+
+on:
+  workflow_call:
+
+permissions:
+  contents: read
+  packages: write
+  id-token: write
+
+jobs:
+  build-and-publish-package:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.PAT }}
+          repository: ${{ github.repository }}
+          ref: ${{ github.ref_name }}
+
+      - name: Login to Registry1
+        uses: docker/login-action@v3
+        with:
+          registry: registry1.dso.mil
+          username: ${{ secrets.REGISTRY1_USERNAME }}
+          password: ${{ secrets.REGISTRY1_PASSWORD }}
+
+      - name: Init zarf cache
+        uses: actions/cache@v3
+        with:
+          path: "~/.zarf-cache"
+          key: zarf-cache
+
+      - name: Free GH runner build space
+        run: |
+          df -h
+          sudo rm -rf /usr/share/dotnet
+          sudo rm -rf /usr/local/lib/android
+          sudo rm -rf /opt/ghc
+          sudo rm -rf /opt/hostedtoolcache/CodeQL
+          sudo docker image prune --all --force
+          df -h
+
+      - name: Install zarf
+        uses: supplypike/setup-bin@v3
+        with:
+          # renovate: zarf-uri datasource=github-tags depName=defenseunicorns/zarf
+          uri: 'https://github.com/defenseunicorns/zarf/releases/download/v0.31.2/zarf_v0.31.2_Linux_amd64'
+          name: 'zarf'
+          # renovate: datasource=github-tags depName=defenseunicorns/zarf versioning=semver
+          version: 'v0.31.2'
+
+      - name: Build gitlab-runner package
+        run: zarf package create --confirm --no-progress
+
+      - name: Run E2E Tests
+        uses: ./.github/actions/e2e
+        with:
+          token: ${{ secrets.PAT }}
+          role-to-assume: ${{ secrets.AWS_COMMERCIAL_ROLE_TO_ASSUME }}
+          region: ${{ vars.AWS_REGION }}
+          github-context: "test / e2e (${{github.event_name}})"
+          aws-availability-zone: ${{ vars.AWS_AVAILABILITY_ZONE }}
+          registry1-username: ${{ secrets.REGISTRY1_USERNAME }}
+          registry1-password: ${{ secrets.REGISTRY1_PASSWORD }}
+
+      - name: Login to GHCR
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and publish gitlab runner package
+        run: zarf package publish zarf-package-gitlab-runner-amd64-*.tar.zst oci://ghcr.io/defenseunicorns/uds-capability --no-progress
+
+      - name: Publish gitlab runner skeleton
+        run: zarf package publish . oci://ghcr.io/defenseunicorns/uds-capability

.github/workflows/tag-test-and-release.yml

@@ -0,0 +1,56 @@
+name: Tag, Test and Publish UDS Capability
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+  packages: write
+  id-token: write
+
+jobs:
+  tag-new-version:
+    permissions: write-all
+    runs-on: ubuntu-latest
+    outputs:
+      release_created: ${{ steps.release-flag.outputs.release_created }}
+    steps:
+      - name: Create Release Tag
+        id: tag
+        uses: google-github-actions/release-please-action@v3
+        with:
+          command: manifest # use configs in release-please-config.json
+      - id: release-flag
+        run: echo "release_created=${{ steps.tag.outputs.release_created || false }}" >> $GITHUB_OUTPUT
+
+  # Testing non release pushes to main
+  test-uds-capability:
+    runs-on: ubuntu-latest
+    needs: tag-new-version
+    if: ${{ needs.tag-new-version.outputs.release_created == 'false'}}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.PAT }}
+          repository: ${{ github.repository }}
+          ref: ${{ github.ref_name }}
+      - name: Run E2E Tests
+        uses: ./.github/actions/e2e
+        with:
+          token: ${{ secrets.PAT }}
+          role-to-assume: ${{ secrets.AWS_COMMERCIAL_ROLE_TO_ASSUME }}
+          region: ${{ vars.AWS_REGION }}
+          github-context: "test / e2e (${{github.event_name}})"
+          aws-availability-zone: ${{ vars.AWS_AVAILABILITY_ZONE }}
+          registry1-username: ${{ secrets.REGISTRY1_USERNAME }}
+          registry1-password: ${{ secrets.REGISTRY1_PASSWORD }}
+
+  # Testing and publishing release pushes to main
+  test-and-publish-uds-capability:
+    needs: tag-new-version
+    if: ${{ needs.tag-new-version.outputs.release_created == 'true'}}
+    uses: ./.github/workflows/publish-package.yml
+    secrets: inherit

.github/workflows/test-command.yml

@@ -5,9 +5,6 @@ name: test
 on:
   repository_dispatch:
     types: [test-command]
-  push:
-    branches:
-      - main
 
 permissions:
   id-token: write
@@ -28,7 +25,7 @@ jobs:
       run-e2e: ${{ steps.parse.outputs.run-e2e }}
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           token: ${{ secrets.PAT }}
           repository: ${{ github.event.client_payload.pull_request.head.repo.full_name || github.repository }}
@@ -43,7 +40,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           token: ${{ secrets.PAT }}
           repository: ${{ github.event.client_payload.pull_request.head.repo.full_name || github.repository }}
@@ -60,7 +57,7 @@ jobs:
     if: needs.parse.outputs.run-ping == 'true'
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           token: ${{ secrets.PAT }}
           repository: ${{ github.event.client_payload.pull_request.head.repo.full_name || github.repository }}
@@ -77,7 +74,7 @@ jobs:
     if: needs.parse.outputs.run-e2e == 'true'
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           token: ${{ secrets.PAT }}
           repository: ${{ github.event.client_payload.pull_request.head.repo.full_name || github.repository }}
@@ -90,7 +87,5 @@ jobs:
           region: ${{ vars.AWS_REGION }}
           github-context: "test / e2e (${{github.event_name}})"
           aws-availability-zone: ${{ vars.AWS_AVAILABILITY_ZONE }}
-          ghcr-username: ${{ github.actor }}
-          ghcr-password: ${{ secrets.GITHUB_TOKEN }}
           registry1-username: ${{ secrets.REGISTRY1_USERNAME }}
           registry1-password: ${{ secrets.REGISTRY1_PASSWORD }}

.release-please-manifest.json

@@ -0,0 +1,3 @@
+{
+    ".": "0.1.0"
+}

Makefile

@@ -1,14 +1,14 @@
 # The version of Zarf to use. To keep this repo as portable as possible the Zarf binary will be downloaded and added to
 # the build folder.
 # renovate: datasource=github-tags depName=defenseunicorns/zarf
-ZARF_VERSION := v0.30.1
+ZARF_VERSION := v0.31.2
 
 # The version of the build harness container to use
 BUILD_HARNESS_REPO := ghcr.io/defenseunicorns/build-harness/build-harness
 # renovate: datasource=docker depName=ghcr.io/defenseunicorns/build-harness/build-harness
-BUILD_HARNESS_VERSION := 1.10.2
+BUILD_HARNESS_VERSION := 1.14.2
 # renovate: datasource=docker depName=ghcr.io/defenseunicorns/packages/dubbd-k3d extractVersion=^(?<version>\d+\.\d+\.\d+)
-DUBBD_K3D_VERSION := 0.12.1
+DUBBD_K3D_VERSION := 0.13.0
 
 # Figure out which Zarf binary we should use based on the operating system we are on
 ZARF_BIN := zarf
@@ -89,8 +89,6 @@ test: ## Run all automated tests. Requires access to an AWS account. Costs money
 	-e GIT_BRANCH \
 	-e REGISTRY1_USERNAME \
 	-e REGISTRY1_PASSWORD \
-	-e GHCR_USERNAME \
-	-e GHCR_PASSWORD \
 	-e AWS_REGION \
 	-e AWS_DEFAULT_REGION \
 	-e AWS_ACCESS_KEY_ID \
@@ -157,7 +155,7 @@ build/zarf-init: | build ## Download the init package
 	if [ -f build/zarf-init-amd64-$(ZARF_VERSION).tar.zst ] ; then exit 0; fi && \
 	echo "Downloading zarf-init-amd64-$(ZARF_VERSION).tar.zst" && \
 	curl -sL https://github.com/defenseunicorns/zarf/releases/download/$(ZARF_VERSION)/zarf-init-amd64-$(ZARF_VERSION).tar.zst -o build/zarf-init-amd64-$(ZARF_VERSION).tar.zst
-	
+
 .PHONY: build/dubbd-k3d
 build/dubbd-k3d: | build/zarf ## Download dubbd k3d oci package
 	if [ -f build/zarf-package-dubbd-k3d-amd64-$(DUBBD_K3D_VERSION).tar.zst ] ; then exit 0; fi && \

README.md

@@ -80,35 +80,30 @@ export REGISTRY1_USERNAME="YOUR-USERNAME-HERE"
 export REGISTRY1_TOKEN="YOUR-TOKEN-HERE"
 echo $REGISTRY1_TOKEN | build/zarf tools registry login registry1.dso.mil --username $REGISTRY1_USERNAME --password-stdin
 
-# ghcr.io (To access oci packages needed)
-export GH_USERNAME="YOUR-USERNAME-HERE"
-export GH_TOKEN="YOUR-TOKEN-HERE"
-echo $GH_TOKEN | build/zarf tools registry login ghcr.io --username $GH_USERNAME --password-stdin
-
 set -o history
 ```
 
-### Deploy Everything
+### Build and Deploy Everything via Makefile and local package
 
 ```bash
-# This will destroy and create a compatible k3d cluster then it will run make build/all and make deploy/all. Follow the breadcrumbs in the Makefile to see what and how its doing it.
-make cluster/full
+# This will run make build/all, make cluster/reset, and make deploy/all. Follow the breadcrumbs in the Makefile to see what and how its doing it.
+make all
 ```
 
-## Import Zarf Skeleton
-
-Below is an example of how to import this projects zarf skeleton into your zarf.yaml. The [uds-package-sofware-factory](https://github.com/defenseunicorns/uds-package-software-factory.git) does this with a subset of the uds-capability projects.
+## Declare This Package In Your UDS Bundle
+Below is an example of how to use this projects zarf package in your UDS Bundle
 
 ```yaml
-components:
-  - name: values
-    required: true
-    files:
-      - source: <path-to-the-values-you-want-to-use>
-        target: values-gitlab-runner.yaml
+kind: UDSBundle
+metadata:
+  name: example-bundle
+  description: An Example UDS Bundle
+  version: 0.0.1
+  architecture: amd64
+
+zarf-packages:
+  # Gitlab Runner
   - name: gitlab-runner
-    required: true
-    import:
-      name: gitlab-runner
-      url: oci://ghcr.io/defenseunicorns/uds-capability/gitlab-runner:0.0.4-skeleton
-```
+    repository: ghcr.io/defenseunicorns/uds-capability/gitlab-runner
+    ref: x.x.x
+```