Skip to content

Commit

Permalink
Disable the dual upload for now. (#24174)
Browse files Browse the repository at this point in the history 
Signed-off-by: Matt Moore <[email protected]>
  • Loading branch information
@mattmoor
mattmoor authored Jul 17, 2024
1 parent b75d1e3 commit cea678d
Showing 1 changed file with 86 additions and 86 deletions.
172 changes: 86 additions & 86 deletions .github/workflows/build.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -351,92 +351,92 @@ jobs:
"./packages/${arch}/APKINDEX.json" "gs://wolfi-production-registry-destination/os/${arch}/"
done
upload-packages-to-cgr:
runs-on: ubuntu-latest
needs: build

# Always run this job for https://github.com/wolfi-dev/os/issues/8698
if: ${{ always() }}

permissions:
id-token: write
contents: read

steps:
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit

- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: 'Trust the github workspace'
run: |
# This is to avoid fatal errors about "dubious ownership" because we are
# running inside of a container action with the workspace mounted in.
git config --global --add safe.directory "$(pwd)"
- name: 'Download x86_64 package archives'
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
path: /tmp/artifacts/
name: packages-x86_64

- name: 'Download aarch64 package archives'
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
path: /tmp/artifacts/
name: packages-aarch64

- name: 'Unpack the package archives'
run: |
for arch in "aarch64" "x86_64"; do
mkdir -p ./packages/${arch}
# Consolidate with the built artifacts
tar xvf /tmp/artifacts/packages-${arch}.tar.gz
done
# use public chainguard provider.
- uses: chainguard-dev/setup-chainctl@fc62b08dfd3179dd694b50f672bc371f878fbd1e # v0.2.1
with:
# Managed here:
# https://github.com/chainguard-dev/mono/blob/main/env/chainguard-images/iac/wolfi-os-pusher.tf
identity: "720909c9f5279097d847ad02a2f24ba8f59de36a/6a26f2970f880c31"

- name: 'Upload packages to apk.cgr.dev'
run: |
set -ex
# Populate the token here, since chainctl auth token
# doesn't support all of the options we need.
chainctl auth login --audience apk.cgr.dev \
--identity "720909c9f5279097d847ad02a2f24ba8f59de36a/6a26f2970f880c31"
tok=$(chainctl auth token --audience apk.cgr.dev)
echo "::add-mask::${tok}"
for arch in "aarch64" "x86_64"; do
# Only attempt to upload when *.apk's exist
apks=$(ls ./packages/${arch}/*.apk 2>/dev/null || true)
if [ -n "$apks" ]; then
for apk in ${apks}; do
package="$(basename ${apk})"
# Check if package already exists in apk.cgr.dev
code=$(curl -s -o /dev/null --head -w "%{http_code}" --user "user:${tok}" "https://apk.cgr.dev/chainguard/${arch}/${package}")
if [ $code == "303" ]; then
echo "Package already exists: ${package}"
continue
elif [ $code != "404" ]; then
echo "Unexpected response code: $code"
exit 1
fi
curl --fail -X POST \
--user "user:${tok}" \
--data-binary "@${apk}" \
"https://apk.cgr.dev/chainguard/${arch}/${package}"
done
fi
done
# upload-packages-to-cgr:
# runs-on: ubuntu-latest
# needs: build

# # Always run this job for https://github.com/wolfi-dev/os/issues/8698
# if: ${{ always() }}

# permissions:
# id-token: write
# contents: read

# steps:
# - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
# with:
# egress-policy: audit

# - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

# - name: 'Trust the github workspace'
# run: |
# # This is to avoid fatal errors about "dubious ownership" because we are
# # running inside of a container action with the workspace mounted in.
# git config --global --add safe.directory "$(pwd)"

# - name: 'Download x86_64 package archives'
# uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
# with:
# path: /tmp/artifacts/
# name: packages-x86_64

# - name: 'Download aarch64 package archives'
# uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
# with:
# path: /tmp/artifacts/
# name: packages-aarch64

# - name: 'Unpack the package archives'
# run: |
# for arch in "aarch64" "x86_64"; do
# mkdir -p ./packages/${arch}

# # Consolidate with the built artifacts
# tar xvf /tmp/artifacts/packages-${arch}.tar.gz
# done

# # use public chainguard provider.
# - uses: chainguard-dev/setup-chainctl@fc62b08dfd3179dd694b50f672bc371f878fbd1e # v0.2.1
# with:
# # Managed here:
# # https://github.com/chainguard-dev/mono/blob/main/env/chainguard-images/iac/wolfi-os-pusher.tf
# identity: "720909c9f5279097d847ad02a2f24ba8f59de36a/6a26f2970f880c31"

# - name: 'Upload packages to apk.cgr.dev'
# run: |
# set -ex
# # Populate the token here, since chainctl auth token
# # doesn't support all of the options we need.
# chainctl auth login --audience apk.cgr.dev \
# --identity "720909c9f5279097d847ad02a2f24ba8f59de36a/6a26f2970f880c31"
# tok=$(chainctl auth token --audience apk.cgr.dev)
# echo "::add-mask::${tok}"

# for arch in "aarch64" "x86_64"; do
# # Only attempt to upload when *.apk's exist
# apks=$(ls ./packages/${arch}/*.apk 2>/dev/null || true)
# if [ -n "$apks" ]; then
# for apk in ${apks}; do
# package="$(basename ${apk})"

# # Check if package already exists in apk.cgr.dev
# code=$(curl -s -o /dev/null --head -w "%{http_code}" --user "user:${tok}" "https://apk.cgr.dev/chainguard/${arch}/${package}")
# if [ $code == "303" ]; then
# echo "Package already exists: ${package}"
# continue
# elif [ $code != "404" ]; then
# echo "Unexpected response code: $code"
# exit 1
# fi

# curl --fail -X POST \
# --user "user:${tok}" \
# --data-binary "@${apk}" \
# "https://apk.cgr.dev/chainguard/${arch}/${package}"
# done
# fi
# done

postrun:
name: Notify Slack
Expand Down

0 comments on commit cea678d

Please sign in to comment.