Merge pull request #8090 from imjasonh/withdraw-faster

withdraw using 'wolfictl withdraw'

.github/workflows/withdraw-packages.yaml

@@ -28,7 +28,12 @@ jobs:
 
       - uses: actions/checkout@v4
 
-      - uses: chainguard-dev/actions/setup-melange@main
+      - name: "Install wolfictl onto PATH"
+        run: |
+          # Copy wolfictl out of the wolfictl image and onto PATH
+          TMP=$(mktemp -d)
+          docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:833bc07380257f7bdcd499ea386f871d162236c7222511891b74ac8602b592a6 -c "cp /usr/bin/wolfictl /out"
+          echo "$TMP" >> $GITHUB_PATH
 
       - id: auth
         name: 'Authenticate to Google Cloud'
@@ -46,7 +51,14 @@ jobs:
           sudo mkdir -p /etc/apk/keys
           sudo cp ./wolfi-signing.rsa.pub /etc/apk/keys/wolfi-signing.rsa.pub
 
-      - name: 'Delete withdrawn packages'
+      - name: Withdraw from index
+        run: |
+          for arch in x86_64 aarch64; do
+            curl -o APKINDEX.tar.gz.orig https://packages.wolfi.dev/os/$arch/APKINDEX.tar.gz
+            cat APKINDEX.tar.gz.orig | wolfictl withdraw $(grep -v '\#' withdrawn-packages.txt) --signing-key="${{ github.workspace }}/wolfi-signing.rsa" > $arch/APKINDEX.tar.gz
+          done
+
+      - name: Delete withdrawn packages
         run: |
           for arch in x86_64 aarch64; do
             for pkg in $(grep -v '\#' withdrawn-packages.txt); do
@@ -55,19 +67,8 @@ jobs:
             done
           done
 
-      - name: 'Sync public package repository'
-        run: |
-          mkdir "${{ github.workspace }}/packages"
-          gsutil -m rsync -r gs://wolfi-production-registry-destination/os/ "${{ github.workspace }}/packages/"
-          find "${{ github.workspace }}/packages" -print -exec touch \{} \;
-
-      - name: 'Reconcile Wolfi index'
+      - name: Upload modified index
         run: |
           for arch in x86_64 aarch64; do
-            pushd "${{ github.workspace }}/packages/"$arch
-              melange index -o APKINDEX.tar.gz -a $arch *.apk
-              melange sign-index --signing-key="${{ github.workspace }}/wolfi-signing.rsa" APKINDEX.tar.gz
-              gsutil -h "Cache-Control:no-store" cp "${{ github.workspace }}/packages/${arch}/APKINDEX.tar.gz" gs://wolfi-production-registry-destination/os/${arch}/APKINDEX.tar.gz
-              gsutil -h "Cache-Control:no-store" cp "${{ github.workspace }}/packages/${arch}/APKINDEX.json" gs://wolfi-production-registry-destination/os/${arch}/APKINDEX.json
-            popd
+            gsutil cp $arch/APKINDEX.tar.gz gs://wolfi-production-registry-destination/os/$arch/APKINDEX.tar.gz || true
           done