diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml deleted file mode 100644 index 467326c..0000000 --- a/.github/workflows/build.yaml +++ /dev/null @@ -1,26 +0,0 @@ -name: Build ROCK - -on: - pull_request: - workflow_call: - -jobs: - build: - runs-on: ubuntu-latest - timeout-minutes: 15 - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - name: Setup LXD - uses: canonical/setup-lxd@main - - name: Install dependencies - run: | - sudo snap install yq - sudo snap install rockcraft --classic --edge - - name: Build ROCK - run: rockcraft pack - - name: Upload locally built ROCK artifact - uses: actions/upload-artifact@v3 - with: - name: postgresql-rock - path: charmed-postgresql_*_amd64.rock diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..21f084b --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,27 @@ +# Copyright 2024 Canonical Ltd. +# See LICENSE file for licensing details. +name: Tests + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +on: + pull_request: + +jobs: + lint: + name: Lint + runs-on: ubuntu-latest + timeout-minutes: 5 + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Install tox + run: pipx install tox + - name: Run linters + run: tox run -e lint + + build: + name: Build rock + uses: canonical/data-platform-workflows/.github/workflows/build_rock.yaml@v12.5.0 diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml deleted file mode 100644 index 7472fbd..0000000 --- a/.github/workflows/lint.yaml +++ /dev/null @@ -1,22 +0,0 @@ -name: Lint - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -on: - pull_request: - workflow_call: - workflow_dispatch: - -jobs: - lint: - runs-on: ubuntu-latest - timeout-minutes: 5 - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - name: Install tox - run: python3 -m pip install tox - - name: YAML Lint - run: tox -e lint diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml deleted file mode 100644 index 9cfbbe7..0000000 --- a/.github/workflows/publish.yaml +++ /dev/null @@ -1,49 +0,0 @@ -name: Publish ROCK -on: - push: - branches: - - '[0-9][0-9]-[0-9][0-9].[0-9][0-9]' - workflow_dispatch: - -jobs: - sbom: - uses: ./.github/workflows/sbom.yaml - publish: - needs: sbom - runs-on: ubuntu-latest - timeout-minutes: 5 - permissions: - packages: write - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - name: Setup Docker - run: | - sudo snap install docker - sudo addgroup --system docker; sudo adduser $USER docker - newgrp docker - sudo snap disable docker; sudo snap enable docker - - name: Install skopeo - run: | - sudo snap install --devmode --channel edge skopeo - - name: Install yq - run: | - sudo snap install yq - - uses: actions/download-artifact@v3 - with: - name: postgresql-rock - - name: Login to GitHub Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ secrets.GHCR_USER }} - password: ${{ secrets.GHCR_TOKEN }} - - name: Import and push to GHCR - run: | - version=$(yq '(.version|split("-"))[0]' rockcraft.yaml) - base=$(yq '(.base|split("@"))[1]' rockcraft.yaml) - tag=${version}-${base}_edge - sudo skopeo --insecure-policy copy \ - oci-archive:charmed-postgresql_${version}_amd64.rock \ - docker-daemon:ghcr.io/canonical/charmed-postgresql:${tag} - docker push ghcr.io/canonical/charmed-postgresql:${tag} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..e1d4275 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,61 @@ +# Copyright 2024 Canonical Ltd. +# See LICENSE file for licensing details. +name: Release to GitHub Container Registry + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +on: + push: + branches: + - 14-22.04 + +jobs: + build: + name: Build rock + uses: canonical/data-platform-workflows/.github/workflows/build_rock.yaml@v12.5.0 + + release: + name: Release rock + needs: + - build + uses: canonical/data-platform-workflows/.github/workflows/release_rock.yaml@v12.5.0 + with: + artifact-prefix: ${{ needs.build.outputs.artifact-prefix }} + permissions: + packages: write # Needed to publish to GitHub Container Registry + + sbom: + name: Generate Software Bill of Materials + needs: + - build + # Run after release so that rock cannot be (maliciously) modified between build & release + - release + runs-on: ubuntu-latest + timeout-minutes: 5 + steps: + - name: Install Syft + run: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin + - name: Download rock package(s) + uses: actions/download-artifact@v4 + with: + pattern: ${{ needs.build.outputs.artifact-prefix }}-* + merge-multiple: true + - name: Generate SBOM(s) + shell: python + run: | + import pathlib + import subprocess + + for rock_file in pathlib.Path(".").glob("*.rock"): + subprocess.run( + ["syft", rock_file.name, "--output", f"spdx-json={rock_file.name}.spdx.json"], + check=True, + ) + - name: Upload SBOM(s) + uses: actions/upload-artifact@v4 + with: + name: sbom-${{ needs.build.outputs.artifact-prefix }} + path: '*.spdx.json' + if-no-files-found: error diff --git a/.github/workflows/sbom.yaml b/.github/workflows/sbom.yaml deleted file mode 100644 index 24791fa..0000000 --- a/.github/workflows/sbom.yaml +++ /dev/null @@ -1,32 +0,0 @@ -name: Generate SBOM -on: - workflow_call: - -jobs: - build: - uses: ./.github/workflows/build.yaml - sbom: - needs: build - runs-on: ubuntu-latest - timeout-minutes: 5 - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - name: Install Syft - run: | - curl -sSfL https://raw.githubusercontent.com/anchore/syft/4fc17edd146af34ab06f5b0443ef8ddac3aaf076/install.sh | sh -s -- -b /usr/local/bin - - name: Set version - run: | - version=$(yq '(.version|split("-"))[0]' rockcraft.yaml) - base=$(yq '(.base|split(":"))[1]' rockcraft.yaml) - echo "version=${version}" >> "$GITHUB_ENV" - - uses: actions/download-artifact@v3 - with: - name: postgresql-rock - - name: Create SBOM - run: syft charmed-postgresql_${{env.version}}_amd64.rock -o spdx-json=charmed-postgresql_${{env.version}}_amd64.rock.spdx.json - - name: Upload SBOM - uses: actions/upload-artifact@v3 - with: - path: "charmed-postgresql_${{env.version}}_amd64.rock.spdx.json" - name: charmed-postgresql_${{env.version}}_amd64.rock.spdx.json diff --git a/.github/workflows/sync_issue_to_jira.yaml b/.github/workflows/sync_issue_to_jira.yaml index 9a13798..e7dd61a 100644 --- a/.github/workflows/sync_issue_to_jira.yaml +++ b/.github/workflows/sync_issue_to_jira.yaml @@ -9,7 +9,7 @@ on: jobs: sync: name: Sync GitHub issue to Jira - uses: canonical/data-platform-workflows/.github/workflows/sync_issue_to_jira.yaml@v2 + uses: canonical/data-platform-workflows/.github/workflows/sync_issue_to_jira.yaml@v12 with: jira-base-url: https://warthogs.atlassian.net jira-project-key: DPE diff --git a/rockcraft.yaml b/rockcraft.yaml index 0eb2bbd..7e10850 100644 --- a/rockcraft.yaml +++ b/rockcraft.yaml @@ -10,6 +10,7 @@ description: | license: Apache-2.0 platforms: amd64: + arm64: parts: postgresql-snap: