chore: improve workflows to create release

closes #1
closes #6

.github/updatecli/dependencies.yaml

@@ -0,0 +1,35 @@
+sources:
+  awscli:
+    kind: dockerimage
+    spec:
+      image: amazon/aws-cli
+      architecture: linux/amd64
+      versionFilter:
+        kind: semver
+  kubectl:
+    kind: dockerimage
+    spec:
+      image: alpine/k8s
+      architecture: linux/amd64
+      versionFilter:
+        kind: semver
+conditions: {}
+targets:
+  update-awscli-tag:
+    name: "Update the value of ARG AWSCLI_VERSION in the Dockerfile"
+    sourceid: awscli
+    kind: dockerfile
+    spec:
+      file: Dockerfile
+      instruction:
+        keyword: "ARG"
+        matcher: "AWSCLI_VERSION"
+  update-kubectl-tag:
+    name: "Update the value of ARG KUBECTL_VERSION in the Dockerfile"
+    sourceid: kubectl
+    kind: dockerfile
+    spec:
+      file: Dockerfile
+      instruction:
+        keyword: "ARG"
+        matcher: "KUBECTL_VERSION"

.github/workflows/check-changes.yaml

@@ -0,0 +1,123 @@
+name: Check ecr-token new release
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  check-and-release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Get current tag
+        id: current_release
+        run: |
+          # awscli_release
+          awscli_current_release=$(grep "ARG AWSCLI_VERSION" Dockerfile | cut -d '=' -f 2)
+          echo "awscli_current_release=$awscli_current_release" >> $GITHUB_OUTPUT
+
+          # kubectl_release
+          kubectl_current_release=$(grep "ARG KUBECTL_VERSION" Dockerfile | cut -d '=' -f 2)
+          echo "kubectl_current_release=$kubectl_current_release" >> $GITHUB_OUTPUT
+
+      - name: Install updatecli
+        uses: updatecli/updatecli-action@v2
+
+      - name: Update dependencies
+        env:
+          GITHUB_TOKEN: ${{ secrets.PAT_GITHUB }}
+        run: |
+          updatecli apply --config .github/updatecli/dependencies.yaml --commit=false
+
+      - name: Get latest tag
+        id: latest_release
+        run: |
+          # awscli_release
+          awscli_latest_release=$(grep "ARG AWSCLI_VERSION" Dockerfile | cut -d '=' -f 2)
+          echo "awscli_latest_release=$awscli_latest_release" >> $GITHUB_OUTPUT
+
+          # kubectl_release
+          kubectl_latest_release=$(grep "ARG KUBECTL_VERSION" Dockerfile | cut -d '=' -f 2)
+          echo "kubectl_latest_release=$kubectl_latest_release" >> $GITHUB_OUTPUT
+
+          # complete_tag
+          echo "complete_release=aws$awscli_latest_release-kubectl$kubectl_latest_release" >> $GITHUB_OUTPUT
+
+      - name: Check if exists changes
+        id: check_changes
+        env:
+          awscli_current_release: ${{ steps.current_release.outputs.awscli_current_release }}
+          awscli_latest_release: ${{ steps.latest_release.outputs.awscli_latest_release }}
+          kubectl_current_release: ${{ steps.current_release.outputs.kubectl_current_release }}
+          kubectl_latest_release: ${{ steps.latest_release.outputs.kubectl_latest_release }}
+        run: |
+          # awscli
+          if [ "$awscli_current_release" != "$awscli_latest_release" ]; then
+              body+="AWS CLI version:\n"
+              body+="  - :information_source: Current: \`$awscli_current_release\`\n"
+              body+="  - :up: Upgrade: \`$awscli_latest_release\`\n"
+              body+="  - Changelog: https://github.com/aws/aws-cli/releases/tag/$awscli_latest_release\n\n"
+
+              echo "release_changed=true" >> $GITHUB_OUTPUT
+          fi
+
+          # kubectl
+          if [ "$kubectl_current_release" != "$kubectl_latest_release" ]; then
+              body+="Kubectl version:\n"
+              body+="  - :information_source: Current: \`$kubectl_current_release\`\n"
+              body+="  - :up: Upgrade: \`$kubectl_latest_release\`\n"
+              body+="  - Changelog: https://github.com/kubernetes/kubectl/releases/tag/v$kubectl_latest_release\n\n"
+
+              echo "release_changed=true" >> $GITHUB_OUTPUT
+          fi
+
+          echo -e "$body" > pr-output.log
+
+      - name: "Build and push Docker image"
+        uses: docker/build-push-action@v6
+        if: steps.check_changes.outputs.release_changed == 'true'
+        with:
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
+          context: .
+          platforms: linux/amd64
+          push: false
+          tags: ecr-token
+
+      - name: Show changes
+        if: steps.check_changes.outputs.release_changed == 'true'
+        run: |
+          # install dive
+          mkdir dive && cd dive
+          wget https://github.com/wagoodman/dive/releases/download/v${{ vars.DIVE_VERSION }}/dive_${{ vars.DIVE_VERSION }}_linux_amd64.tar.gz
+          tar xzvf dive_${{ vars.DIVE_VERSION }}_linux_amd64.tar.gz
+          cd ..
+
+          # dive
+          echo -e "\n## Dive output\n" >> pr-output.log
+          ./dive/dive -t ecr-token-${{ env.GITHUB_JOB }} >> pr-output.log
+
+      - name: Create PR changes
+        if: steps.check_changes.outputs.release_changed == 'true'
+        uses: peter-evans/create-pull-request@v6
+        with:
+          token: ${{ secrets.PAT_GITHUB }}
+          commit-message: "feat: new ecr-token version ${{ steps.latest_release.outputs.complete_release }}"
+          signoff: false
+          branch: feat/upgrade-ecr-token-${{ steps.latest_release.outputs.complete_release }}
+          delete-branch: true
+          title: '[ecr-token] new release: ${{ steps.latest_release.outputs.complete_release }}'
+          body-path: pr-output.log
+          labels: |
+            auto-pr-bump-version

.github/workflows/release.yaml

@@ -1,67 +1,138 @@
+name: Create ECR Token release
+
 env:
-  USER: devopsiaci
-  REPO: ecr-token
+  DOCKERHUB_USER: devopsiaci
+  DOCKERHUB_REPO: ecr-token
+  GHCR_REGISTRY: ghcr.io
+  GHCR_REPO: ${{ github.repository }}
 
 on:
+  workflow_dispatch:
   push:
     branches:
       - main
+    paths:
+      - Dockerfile
 
 jobs:
   release:
     name: Create tag release
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        kubectl_version:
-        - 1.19.16
-        - 1.20.15
-        - 1.21.13
-        - 1.22.13
-        - 1.22.15
-        - 1.23.10
-        - 1.23.12
-        - 1.23.13
-        - 1.23.14
-        - 1.23.15
-        - 1.23.16
-        - 1.24.10
-        - 1.24.4
-        - 1.24.6
-        - 1.24.7
-        - 1.24.8
-        - 1.24.9
-        - 1.25.0
-        - 1.25.2
-        - 1.25.3
-        - 1.25.4
-        - 1.25.5
-        - 1.25.6
-        - 1.26.0
-        - 1.26.1
+
+    permissions:
+      contents: write
+      packages: write
+      id-token: write
+      attestations: write
+
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Read tags from Dockerfile
+        id: current_tag
+        run: |
+          # awscli_tag
+          awscli_current_tag=$(grep "ARG AWSCLI_VERSION" Dockerfile | cut -d '=' -f 2)
+          echo "awscli_current_tag=$awscli_current_tag" >> $GITHUB_OUTPUT
+
+          # kubectl_tag
+          kubectl_current_tag=$(grep "ARG KUBECTL_VERSION" Dockerfile | cut -d '=' -f 2)
+          echo "kubectl_current_tag=$kubectl_current_tag" >> $GITHUB_OUTPUT
 
-      - name: Log in to Docker Hub
+          # complete tag
+          echo "complete_tag=aws$awscli_current_tag-kubectl$kubectl_current_tag" >> $GITHUB_OUTPUT
+
+      - name: "Set Docker metadata"
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.DOCKERHUB_USER }}/${{ env.DOCKERHUB_REPO }}
+            ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_REPO }}
+          labels: |
+            org.opencontainers.image.maintainer=ialejandro
+            org.opencontainers.image.title=ECR Token
+            org.opencontainers.image.description=ECR Token to authenticate with AWS ECR
+            org.opencontainers.image.vendor=DevOps IA
+          tags: |
+            type=raw,value=${{ steps.current_tag.outputs.complete_tag }}
+            type=sha,enable=false
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Cache Docker layers
+        uses: actions/cache@v4
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+      - name: "[DOCKERHUB] Log in to Docker Hub"
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
-      - name: Build and push Docker image
+      - name: "[GHCR] Log in to the Container registry"
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.GHCR_REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: "Build and push Docker image"
+        id: push
         uses: docker/build-push-action@v6
         with:
+          build-args: OPENJDK_VERSION=${{ matrix.jdk_version }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
           context: .
-          push: true
+          labels: ${{ steps.meta.outputs.labels }}
           platforms: linux/amd64
-          build-args: |
-            KUBECTL_VERSION=${{ matrix.kubectl_version }}
-          tags: ${{ env.USER }}/${{ env.REPO }}:kubectl-${{ matrix.kubectl_version }},${{ env.USER }}/${{ env.REPO }}:${{ matrix.kubectl_version }}
+          push: true
+          sbom: true
+          tags: ${{ steps.meta.outputs.tags }}
 
-      - name: Update Docker registry description
+      - name: "Update README.md default version"
+        run: |
+          # replace default version
+          sed -i "s/\* aws-cli: .*/* aws-cli: \`${{ steps.current_tag.outputs.awscli_current_tag }}\`/" README.md
+          sed -i "s/\* kubectl: .*/* kubectl: \`${{ steps.current_tag.outputs.kubectl_current_tag }}\`/" README.md
+
+          # push changes
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+          git config --global user.name "github-actions[bot]"
+          git add README.md
+          git commit -m "chore: update README.md [skip ci]" || true
+          git push -f origin HEAD:main
+
+      - name: "[DOCKERHUB] Update Docker registry description"
         uses: peter-evans/dockerhub-description@v4
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
-          repository: ${{ env.USER }}/${{ env.REPO }}
+          repository: ${{ env.DOCKERHUB_USER }}/${{ env.DOCKERHUB_REPO }}
+
+      - name: "[GHCR] Generate artifact"
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_REPO }}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true
+
+      - # Temp fix
+        # https://github.com/docker/build-push-action/issues/252
+        # https://github.com/moby/buildkit/issues/1896
+        name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache

.gitignore

@@ -0,0 +1,3 @@
+pr-output.log
+dive
+dive/*

CONTRIBUTING.md

@@ -1 +1,41 @@
-TODO
+# How to contribute to ECR Token
+
+This document provides guidelines for contributing to the *Cruise Control* project.
+
+## How can I contribute?
+
+### Did you find a bug?
+
+* **Ensure the bug has not already been reported** by searching on GitHub under [Issues](https://github.com/devops-ia/ecr-token/issues).
+* If you cannot find an open issue addressing the problem, [open a new one](https://github.com/devops-ia/ecr-token/issues/new). Include a **title and clear description**, as much relevant information as possible, and a **code sample** or an **executable test case** demonstrating the unexpected behavior.
+* Use the relevant bug report templates to create the issue, if available.
+
+### Do you intend to add a new feature or change an existing one?
+
+* Please discuss first ([open an issue](https://github.com/devops-ia/ecr-token/issues)) before starting any significant pull request (e.g., implementing features, refactoring code) to avoid spending time on something that might not be merged.
+* Adhere to the project's coding conventions (indentation, accurate comments, etc.) and any other requirements (such as test coverage, documentation).
+
+## Styleguides
+
+### YAML Styleguide
+
+All YAML files must adhere to the following style guide:
+
+* Indentation: Use 2 spaces for indentation.
+* No trailing spaces.
+* Use hyphens for list items.
+* Use camelCase for key names.
+* Ensure there are no syntax errors.
+
+Additional rules:
+
+* Always use double quotes for strings.
+* Keep lines to a maximum of 80 characters.
+* Ensure proper alignment of nested elements.
+
+### Git Commit Messages
+
+* Use the present tense ("Add feature" not "Added feature").
+* Use the imperative mood ("Move cursor to..." not "Moves cursor to...").
+* Limit the first line to 72 characters or less.
+* Reference issues and pull requests liberally after the first line.