From 2cc0316c2809464e57a33c703415a401a314be15 Mon Sep 17 00:00:00 2001 From: codyshoffner Date: Mon, 4 May 2026 16:00:55 -0500 Subject: [PATCH 1/8] chore: update images to cgr --- zarf.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/zarf.yaml b/zarf.yaml index b874dc9..9836943 100644 --- a/zarf.yaml +++ b/zarf.yaml @@ -86,10 +86,10 @@ components: valuesFiles: - ./values/unicorn-config-values.yaml images: - - quay.io/rfcurated/zalando/postgres-operator:1.15-jammy-scratch-fips-rfcurated + - cgr.dev/defenseunicorns.com/postgres-operator:1.15.1 - quay.io/rfcurated/zalando/postgres-operator/logical-backup:1.15-jammy-scratch-fips-rfcurated - - quay.io/rfcurated/zalando/pgbouncer:32-jammy-rfcurated + - cgr.dev/defenseunicorns.com/pgbouncer:1.25.1 # Docker image that provides PostgreSQL and Patroni bundled together for PostgreSQL HA - - quay.io/rfcurated/zalando/spilo-17:4.0-p3-jammy-fips-rfcurated + - cgr.dev/defenseunicorns.com/spilo-17:4.1.2 # Container image that provides the postgres-exporter sidecar to create a metrics endpoint - - quay.io/rfcurated/prometheuscommunity/postgres-exporter:0.19.1-jammy-scratch-bnt-fips-rfcurated + - cgr.dev/defenseunicorns.com/prometheus-postgres-exporter:0.19.1 From 8bffa8e7fd972f4e119672ac6d2f4604e8c4e106 Mon Sep 17 00:00:00 2001 From: codyshoffner Date: Tue, 5 May 2026 09:43:58 -0500 Subject: [PATCH 2/8] testing for cgr creds --- .github/workflows/auto-update.yaml | 2 +- .github/workflows/commitlint.yaml | 2 +- .github/workflows/lint.yaml | 2 +- .github/workflows/release.yaml | 2 +- .github/workflows/scan.yaml | 2 +- .github/workflows/scorecard.yaml | 2 +- .github/workflows/test.yaml | 4 ++-- tasks.yaml | 18 +++++++++--------- 8 files changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/auto-update.yaml b/.github/workflows/auto-update.yaml index f53bd21..8f1c230 100644 --- a/.github/workflows/auto-update.yaml +++ b/.github/workflows/auto-update.yaml @@ -20,5 +20,5 @@ concurrency: jobs: auto-update: - uses: defenseunicorns/uds-common/.github/workflows/callable-auto-update.yaml@ca1b4cfb1cee43c7b3d15461e53fd873660de821 # v1.24.7 + uses: defenseunicorns/uds-common/.github/workflows/callable-auto-update.yaml@update-cgr-creds # testing secrets: inherit # Inherits all secrets from the parent workflow. diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml index a491bcd..68bc747 100644 --- a/.github/workflows/commitlint.yaml +++ b/.github/workflows/commitlint.yaml @@ -15,4 +15,4 @@ permissions: jobs: validate: - uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@ca1b4cfb1cee43c7b3d15461e53fd873660de821 # v1.24.7 + uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@update-cgr-creds # testing diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 9e7274c..06b23b4 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -15,5 +15,5 @@ permissions: jobs: validate: - uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@ca1b4cfb1cee43c7b3d15461e53fd873660de821 # v1.24.7 + uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@update-cgr-creds # testing secrets: inherit diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2435d8c..21686e2 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -27,7 +27,7 @@ jobs: exclude: - flavor: registry1 architecture: arm64 - uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@ca1b4cfb1cee43c7b3d15461e53fd873660de821 # v1.24.7 + uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@update-cgr-creds # testing with: flavor: ${{ matrix.flavor }} options: --set BASE_REPO="ghcr.io/uds-packages" diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml index 708103e..2224c6d 100644 --- a/.github/workflows/scan.yaml +++ b/.github/workflows/scan.yaml @@ -18,5 +18,5 @@ jobs: packages: read # Allows reading the content of the repository's packages. id-token: write # Allows authentication to Chainguard via OIDC. pull-requests: write # Allows writing the scan results comment to the pull request. - uses: defenseunicorns/uds-common/.github/workflows/callable-scan.yaml@ca1b4cfb1cee43c7b3d15461e53fd873660de821 # v1.24.7 + uses: defenseunicorns/uds-common/.github/workflows/callable-scan.yaml@update-cgr-creds # testing secrets: inherit # Inherits all secrets from the parent workflow. diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 128e5e5..a200d18 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -32,5 +32,5 @@ jobs: security-events: write # Used to receive a badge. id-token: write - uses: defenseunicorns/uds-common/.github/workflows/callable-scorecard.yaml@ca1b4cfb1cee43c7b3d15461e53fd873660de821 # v1.24.7 + uses: defenseunicorns/uds-common/.github/workflows/callable-scorecard.yaml@update-cgr-creds # testing secrets: inherit diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index fb90937..9679354 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -29,7 +29,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: test-flavor - uses: defenseunicorns/uds-common/.github/actions/test-flavor@ca1b4cfb1cee43c7b3d15461e53fd873660de821 # v1.24.7 + uses: defenseunicorns/uds-common/.github/actions/test-flavor@update-cgr-creds # testing id: test-flavor outputs: upgrade-flavors: ${{ steps.test-flavor.outputs.upgrade-flavors }} @@ -41,7 +41,7 @@ jobs: matrix: type: [install, upgrade] flavor: [upstream, registry1, unicorn] - uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@ca1b4cfb1cee43c7b3d15461e53fd873660de821 # v1.24.7 + uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@update-cgr-creds # testing with: options: --set BASE_REPO="ghcr.io/uds-packages" upgrade-flavors: ${{ needs.check-flavor.outputs.upgrade-flavors }} diff --git a/tasks.yaml b/tasks.yaml index 7d702ad..d859c91 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -3,15 +3,15 @@ includes: - test: ./tasks/test.yaml - - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.24.7/tasks/create.yaml - - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.24.7/tasks/publish.yaml - - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.24.7/tasks/lint.yaml - - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.24.7/tasks/pull.yaml - - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.24.7/tasks/deploy.yaml - - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.24.7/tasks/setup.yaml - - actions: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.24.7/tasks/actions.yaml - - badge: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.24.7/tasks/badge.yaml - - upgrade: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.24.7/tasks/upgrade.yaml + - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/update-cgr-creds/tasks/create.yaml + - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/update-cgr-creds/tasks/publish.yaml + - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/update-cgr-creds/tasks/lint.yaml + - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/update-cgr-creds/tasks/pull.yaml + - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/update-cgr-creds/tasks/deploy.yaml + - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/update-cgr-creds/tasks/setup.yaml + - actions: https://raw.githubusercontent.com/defenseunicorns/uds-common/update-cgr-creds/tasks/actions.yaml + - badge: https://raw.githubusercontent.com/defenseunicorns/uds-common/update-cgr-creds/tasks/badge.yaml + - upgrade: https://raw.githubusercontent.com/defenseunicorns/uds-common/update-cgr-creds/tasks/upgrade.yaml tasks: - name: default From 59447b8b411d136341bfeeb194df8d1bfc1fa2fa Mon Sep 17 00:00:00 2001 From: codyshoffner Date: Tue, 5 May 2026 10:25:14 -0500 Subject: [PATCH 3/8] testing for cgr creds --- tasks.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks.yaml b/tasks.yaml index d859c91..a74034d 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -20,7 +20,7 @@ tasks: - task: create-dev-package - task: setup:k3d-test-cluster - task: create-deploy-test-bundle - +# - name: create-dev-package description: Create the Postgres Operator package actions: From 86016504e395d9f914254ea6199c52a66779339e Mon Sep 17 00:00:00 2001 From: codyshoffner Date: Tue, 5 May 2026 10:28:50 -0500 Subject: [PATCH 4/8] testing for cgr creds --- tasks.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks.yaml b/tasks.yaml index a74034d..ac36e3f 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -20,7 +20,7 @@ tasks: - task: create-dev-package - task: setup:k3d-test-cluster - task: create-deploy-test-bundle -# + - name: create-dev-package description: Create the Postgres Operator package actions: @@ -42,7 +42,7 @@ tasks: - task: create:test-bundle - task: deploy:test-bundle -# CI will execute the following (via uds-common/.github/workflows/callable-[test|publish].yaml) so they need to be here with these names + # CI will execute the following (via uds-common/.github/workflows/callable-[test|publish].yaml) so they need to be here with these names - name: test-install description: Test the health of a Postgres Operator deployment From bf632c9bab0a311ee377ff3d949b658097a5cdb4 Mon Sep 17 00:00:00 2001 From: codyshoffner Date: Tue, 5 May 2026 10:36:22 -0500 Subject: [PATCH 5/8] testing for cgr creds --- tasks.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks.yaml b/tasks.yaml index ac36e3f..ccce037 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -20,7 +20,7 @@ tasks: - task: create-dev-package - task: setup:k3d-test-cluster - task: create-deploy-test-bundle - +# - name: create-dev-package description: Create the Postgres Operator package actions: From 83ae96f4641d6e97f4b84992401a5bd81c30f70d Mon Sep 17 00:00:00 2001 From: codyshoffner Date: Tue, 5 May 2026 10:43:12 -0500 Subject: [PATCH 6/8] testing for cgr creds --- .github/workflows/auto-update.yaml | 38 +++++----- .github/workflows/chainguard.yaml | 25 +++++++ .github/workflows/commitlint.yaml | 28 +++---- .github/workflows/lint.yaml | 30 ++++---- .github/workflows/release.yaml | 64 ++++++++-------- .github/workflows/scan.yaml | 38 +++++----- .github/workflows/scorecard.yaml | 66 ++++++++--------- .github/workflows/test.yaml | 114 ++++++++++++++--------------- 8 files changed, 214 insertions(+), 189 deletions(-) create mode 100644 .github/workflows/chainguard.yaml diff --git a/.github/workflows/auto-update.yaml b/.github/workflows/auto-update.yaml index 8f1c230..6c92069 100644 --- a/.github/workflows/auto-update.yaml +++ b/.github/workflows/auto-update.yaml @@ -1,24 +1,24 @@ -# Copyright 2024 Defense Unicorns -# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial +# # Copyright 2024 Defense Unicorns +# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -name: Auto Update +# name: Auto Update -on: - schedule: - - cron: 0 14 * * * # daily at 8 AM Central (CST = UTC−6) +# on: +# schedule: +# - cron: 0 14 * * * # daily at 8 AM Central (CST = UTC−6) -# Permissions for the GITHUB_TOKEN used by the workflow. -permissions: - contents: write # Allows writing content to the repository. - packages: read # Allows reading the content of the repository's packages. - pull-requests: write # Allows creating or updating pull requests. +# # Permissions for the GITHUB_TOKEN used by the workflow. +# permissions: +# contents: write # Allows writing content to the repository. +# packages: read # Allows reading the content of the repository's packages. +# pull-requests: write # Allows creating or updating pull requests. -# Abort prior jobs in the same workflow / PR -concurrency: - group: auto-update-${{ github.ref }} - cancel-in-progress: true +# # Abort prior jobs in the same workflow / PR +# concurrency: +# group: auto-update-${{ github.ref }} +# cancel-in-progress: true -jobs: - auto-update: - uses: defenseunicorns/uds-common/.github/workflows/callable-auto-update.yaml@update-cgr-creds # testing - secrets: inherit # Inherits all secrets from the parent workflow. +# jobs: +# auto-update: +# uses: defenseunicorns/uds-common/.github/workflows/callable-auto-update.yaml@update-cgr-creds # testing +# secrets: inherit # Inherits all secrets from the parent workflow. diff --git a/.github/workflows/chainguard.yaml b/.github/workflows/chainguard.yaml new file mode 100644 index 0000000..c550c88 --- /dev/null +++ b/.github/workflows/chainguard.yaml @@ -0,0 +1,25 @@ +# Copyright 2024-2026 Defense Unicorns +# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial + +name: Test Chainguard Login + +on: + workflow_dispatch: + pull_request: + types: [opened, reopened, synchronize] + +permissions: + contents: read + id-token: write + +jobs: + chainguard-login: + runs-on: ubuntu-latest + steps: + - name: Login to Chainguard + uses: chainguard-dev/setup-chainctl@2cddd35a2f120d9973e58094dc6878c93cf58c28 # v0.5.1 + with: + identity: ${{ secrets.CHAINGUARD_IDENTITY }} + + # - name: Pull a cgr.dev image to verify auth + # run: docker pull cgr.dev/chainguard/static:latest diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml index 68bc747..f001927 100644 --- a/.github/workflows/commitlint.yaml +++ b/.github/workflows/commitlint.yaml @@ -1,18 +1,18 @@ -# Copyright 2024 Defense Unicorns -# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial +# # Copyright 2024 Defense Unicorns +# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -name: PR Title Check +# name: PR Title Check -on: - pull_request: - branches: [main] - types: [milestoned, opened, edited, synchronize] +# on: +# pull_request: +# branches: [main] +# types: [milestoned, opened, edited, synchronize] -# Permissions for the GITHUB_TOKEN used by the workflow. -permissions: - contents: read # Allows reading the content of the repository. - pull-requests: read # Allows reading pull requests +# # Permissions for the GITHUB_TOKEN used by the workflow. +# permissions: +# contents: read # Allows reading the content of the repository. +# pull-requests: read # Allows reading pull requests -jobs: - validate: - uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@update-cgr-creds # testing +# jobs: +# validate: +# uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@update-cgr-creds # testing diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 06b23b4..48731ba 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -1,19 +1,19 @@ -# Copyright 2024 Defense Unicorns -# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial +# # Copyright 2024 Defense Unicorns +# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -name: Lint +# name: Lint -on: - # This workflow is triggered on pull requests to the main branch. - pull_request: - # milestoned is added here as a way to retrigger workflows that are stuck or otherwise didn't run correctly - types: [milestoned, opened, reopened, synchronize] +# on: +# # This workflow is triggered on pull requests to the main branch. +# pull_request: +# # milestoned is added here as a way to retrigger workflows that are stuck or otherwise didn't run correctly +# types: [milestoned, opened, reopened, synchronize] -# Permissions for the GITHUB_TOKEN used by the workflow. -permissions: - contents: read # Allows reading the content of the repository. +# # Permissions for the GITHUB_TOKEN used by the workflow. +# permissions: +# contents: read # Allows reading the content of the repository. -jobs: - validate: - uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@update-cgr-creds # testing - secrets: inherit +# jobs: +# validate: +# uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@update-cgr-creds # testing +# secrets: inherit diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 21686e2..4a0861b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,36 +1,36 @@ -# Copyright 2024 Defense Unicorns -# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial +# # Copyright 2024 Defense Unicorns +# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -name: Release +# name: Release -on: - push: - branches: - - main +# on: +# push: +# branches: +# - main -# Permissions for the GITHUB_TOKEN used by the workflow. -permissions: - contents: read # Allows reading the content of the repository. - packages: read # Allows reading the content of the repository's packages. - id-token: write +# # Permissions for the GITHUB_TOKEN used by the workflow. +# permissions: +# contents: read # Allows reading the content of the repository. +# packages: read # Allows reading the content of the repository's packages. +# id-token: write -jobs: - publish: - permissions: - contents: write # Allows reading the content of the repository. - packages: write # Allows reading the content of the repository's packages. - id-token: write - strategy: - matrix: - flavor: [upstream, registry1, unicorn] - architecture: [amd64, arm64] - exclude: - - flavor: registry1 - architecture: arm64 - uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@update-cgr-creds # testing - with: - flavor: ${{ matrix.flavor }} - options: --set BASE_REPO="ghcr.io/uds-packages" - runsOn: ${{ matrix.architecture == 'arm64' && 'appstore-4-core-arm64' || 'appstore-4-core-amd64' }} - uds-releaser: true - secrets: inherit # Inherits all secrets from the parent workflow. +# jobs: +# publish: +# permissions: +# contents: write # Allows reading the content of the repository. +# packages: write # Allows reading the content of the repository's packages. +# id-token: write +# strategy: +# matrix: +# flavor: [upstream, registry1, unicorn] +# architecture: [amd64, arm64] +# exclude: +# - flavor: registry1 +# architecture: arm64 +# uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@update-cgr-creds # testing +# with: +# flavor: ${{ matrix.flavor }} +# options: --set BASE_REPO="ghcr.io/uds-packages" +# runsOn: ${{ matrix.architecture == 'arm64' && 'appstore-4-core-arm64' || 'appstore-4-core-amd64' }} +# uds-releaser: true +# secrets: inherit # Inherits all secrets from the parent workflow. diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml index 2224c6d..090051a 100644 --- a/.github/workflows/scan.yaml +++ b/.github/workflows/scan.yaml @@ -1,22 +1,22 @@ -# Copyright 2024 Defense Unicorns -# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial +# # Copyright 2024 Defense Unicorns +# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -name: Scan +# name: Scan -on: - # This workflow is triggered on pull requests to the main branch. - pull_request: - paths: - - zarf.yaml - - releaser.yaml - - .release-please-manifest.json +# on: +# # This workflow is triggered on pull requests to the main branch. +# pull_request: +# paths: +# - zarf.yaml +# - releaser.yaml +# - .release-please-manifest.json -jobs: - scan: - permissions: - contents: read # Allows reading the content of the repository. - packages: read # Allows reading the content of the repository's packages. - id-token: write # Allows authentication to Chainguard via OIDC. - pull-requests: write # Allows writing the scan results comment to the pull request. - uses: defenseunicorns/uds-common/.github/workflows/callable-scan.yaml@update-cgr-creds # testing - secrets: inherit # Inherits all secrets from the parent workflow. +# jobs: +# scan: +# permissions: +# contents: read # Allows reading the content of the repository. +# packages: read # Allows reading the content of the repository's packages. +# id-token: write # Allows authentication to Chainguard via OIDC. +# pull-requests: write # Allows writing the scan results comment to the pull request. +# uses: defenseunicorns/uds-common/.github/workflows/callable-scan.yaml@update-cgr-creds # testing +# secrets: inherit # Inherits all secrets from the parent workflow. diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index a200d18..06e9b24 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -1,36 +1,36 @@ -# Copyright 2024 Defense Unicorns -# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial +# # Copyright 2024 Defense Unicorns +# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -name: Scorecards supply-chain security -on: - # Only the default branch is supported. - branch_protection_rule: - schedule: - - cron: '30 1 * * 6' - push: - branches: ["main"] +# name: Scorecards supply-chain security +# on: +# # Only the default branch is supported. +# branch_protection_rule: +# schedule: +# - cron: '30 1 * * 6' +# push: +# branches: ["main"] -# Declare default permissions as read only. -permissions: read-all +# # Declare default permissions as read only. +# permissions: read-all -jobs: - validate: - permissions: - actions: read - attestations: read - checks: read - contents: read - deployments: read - discussions: read - issues: read - packages: read - pages: read - pull-requests: read - repository-projects: read - statuses: read - # Needed to upload the results to code-scanning dashboard. - security-events: write - # Used to receive a badge. - id-token: write - uses: defenseunicorns/uds-common/.github/workflows/callable-scorecard.yaml@update-cgr-creds # testing - secrets: inherit +# jobs: +# validate: +# permissions: +# actions: read +# attestations: read +# checks: read +# contents: read +# deployments: read +# discussions: read +# issues: read +# packages: read +# pages: read +# pull-requests: read +# repository-projects: read +# statuses: read +# # Needed to upload the results to code-scanning dashboard. +# security-events: write +# # Used to receive a badge. +# id-token: write +# uses: defenseunicorns/uds-common/.github/workflows/callable-scorecard.yaml@update-cgr-creds # testing +# secrets: inherit diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 9679354..64f3a97 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,67 +1,67 @@ -# Copyright 2024 Defense Unicorns -# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial +# # Copyright 2024 Defense Unicorns +# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -name: Test +# name: Test -on: - # This workflow is triggered on pull requests to the main branch. - pull_request: - # milestoned is added here as a way to retrigger workflows that are stuck or otherwise didn't run correctly - types: [milestoned, opened, reopened, synchronize] +# on: +# # This workflow is triggered on pull requests to the main branch. +# pull_request: +# # milestoned is added here as a way to retrigger workflows that are stuck or otherwise didn't run correctly +# types: [milestoned, opened, reopened, synchronize] -# Permissions for the GITHUB_TOKEN used by the workflow. -permissions: - contents: read # Allows reading the content of the repository. - packages: read # Allows reading the content of the repository's packages. - id-token: write - pull-requests: read +# # Permissions for the GITHUB_TOKEN used by the workflow. +# permissions: +# contents: read # Allows reading the content of the repository. +# packages: read # Allows reading the content of the repository's packages. +# id-token: write +# pull-requests: read -# Abort prior jobs in the same workflow / PR -concurrency: - group: test-${{ github.ref }} - cancel-in-progress: true +# # Abort prior jobs in the same workflow / PR +# concurrency: +# group: test-${{ github.ref }} +# cancel-in-progress: true -jobs: - check-flavor: - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 +# jobs: +# check-flavor: +# runs-on: ubuntu-latest +# steps: +# - name: Checkout repository +# uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - name: test-flavor - uses: defenseunicorns/uds-common/.github/actions/test-flavor@update-cgr-creds # testing - id: test-flavor - outputs: - upgrade-flavors: ${{ steps.test-flavor.outputs.upgrade-flavors }} +# - name: test-flavor +# uses: defenseunicorns/uds-common/.github/actions/test-flavor@update-cgr-creds # testing +# id: test-flavor +# outputs: +# upgrade-flavors: ${{ steps.test-flavor.outputs.upgrade-flavors }} - validate: - needs: check-flavor - strategy: - fail-fast: true - matrix: - type: [install, upgrade] - flavor: [upstream, registry1, unicorn] - uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@update-cgr-creds # testing - with: - options: --set BASE_REPO="ghcr.io/uds-packages" - upgrade-flavors: ${{ needs.check-flavor.outputs.upgrade-flavors }} - flavor: ${{ matrix.flavor }} - type: ${{ matrix.type }} - runsOn: appstore-4-core-amd64 - secrets: inherit # Inherits all secrets from the parent workflow. +# validate: +# needs: check-flavor +# strategy: +# fail-fast: true +# matrix: +# type: [install, upgrade] +# flavor: [upstream, registry1, unicorn] +# uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@update-cgr-creds # testing +# with: +# options: --set BASE_REPO="ghcr.io/uds-packages" +# upgrade-flavors: ${{ needs.check-flavor.outputs.upgrade-flavors }} +# flavor: ${{ matrix.flavor }} +# type: ${{ matrix.type }} +# runsOn: appstore-4-core-amd64 +# secrets: inherit # Inherits all secrets from the parent workflow. - verify-test: - runs-on: ubuntu-latest - needs: validate - if: always() - steps: - - name: Check validate result - run: | - echo "validate result: ${{ needs.validate.result }}" +# verify-test: +# runs-on: ubuntu-latest +# needs: validate +# if: always() +# steps: +# - name: Check validate result +# run: | +# echo "validate result: ${{ needs.validate.result }}" - if [ "${{ needs.validate.result }}" != "success" ]; then - echo "One or more tests failed." - exit 1 - fi +# if [ "${{ needs.validate.result }}" != "success" ]; then +# echo "One or more tests failed." +# exit 1 +# fi - echo "All tests passed successfully!" +# echo "All tests passed successfully!" From ca60bd5dc430cb0c81df973455b7821a9d94084c Mon Sep 17 00:00:00 2001 From: codyshoffner Date: Tue, 5 May 2026 11:15:03 -0500 Subject: [PATCH 7/8] testing for cgr creds --- .github/workflows/auto-update.yaml | 38 +++++----- .github/workflows/commitlint.yaml | 28 +++---- .github/workflows/lint.yaml | 30 ++++---- .github/workflows/release.yaml | 64 ++++++++-------- .github/workflows/scan.yaml | 38 +++++----- .github/workflows/test.yaml | 114 ++++++++++++++--------------- 6 files changed, 156 insertions(+), 156 deletions(-) diff --git a/.github/workflows/auto-update.yaml b/.github/workflows/auto-update.yaml index 6c92069..8f1c230 100644 --- a/.github/workflows/auto-update.yaml +++ b/.github/workflows/auto-update.yaml @@ -1,24 +1,24 @@ -# # Copyright 2024 Defense Unicorns -# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial +# Copyright 2024 Defense Unicorns +# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -# name: Auto Update +name: Auto Update -# on: -# schedule: -# - cron: 0 14 * * * # daily at 8 AM Central (CST = UTC−6) +on: + schedule: + - cron: 0 14 * * * # daily at 8 AM Central (CST = UTC−6) -# # Permissions for the GITHUB_TOKEN used by the workflow. -# permissions: -# contents: write # Allows writing content to the repository. -# packages: read # Allows reading the content of the repository's packages. -# pull-requests: write # Allows creating or updating pull requests. +# Permissions for the GITHUB_TOKEN used by the workflow. +permissions: + contents: write # Allows writing content to the repository. + packages: read # Allows reading the content of the repository's packages. + pull-requests: write # Allows creating or updating pull requests. -# # Abort prior jobs in the same workflow / PR -# concurrency: -# group: auto-update-${{ github.ref }} -# cancel-in-progress: true +# Abort prior jobs in the same workflow / PR +concurrency: + group: auto-update-${{ github.ref }} + cancel-in-progress: true -# jobs: -# auto-update: -# uses: defenseunicorns/uds-common/.github/workflows/callable-auto-update.yaml@update-cgr-creds # testing -# secrets: inherit # Inherits all secrets from the parent workflow. +jobs: + auto-update: + uses: defenseunicorns/uds-common/.github/workflows/callable-auto-update.yaml@update-cgr-creds # testing + secrets: inherit # Inherits all secrets from the parent workflow. diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml index f001927..68bc747 100644 --- a/.github/workflows/commitlint.yaml +++ b/.github/workflows/commitlint.yaml @@ -1,18 +1,18 @@ -# # Copyright 2024 Defense Unicorns -# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial +# Copyright 2024 Defense Unicorns +# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -# name: PR Title Check +name: PR Title Check -# on: -# pull_request: -# branches: [main] -# types: [milestoned, opened, edited, synchronize] +on: + pull_request: + branches: [main] + types: [milestoned, opened, edited, synchronize] -# # Permissions for the GITHUB_TOKEN used by the workflow. -# permissions: -# contents: read # Allows reading the content of the repository. -# pull-requests: read # Allows reading pull requests +# Permissions for the GITHUB_TOKEN used by the workflow. +permissions: + contents: read # Allows reading the content of the repository. + pull-requests: read # Allows reading pull requests -# jobs: -# validate: -# uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@update-cgr-creds # testing +jobs: + validate: + uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@update-cgr-creds # testing diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 48731ba..06b23b4 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -1,19 +1,19 @@ -# # Copyright 2024 Defense Unicorns -# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial +# Copyright 2024 Defense Unicorns +# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -# name: Lint +name: Lint -# on: -# # This workflow is triggered on pull requests to the main branch. -# pull_request: -# # milestoned is added here as a way to retrigger workflows that are stuck or otherwise didn't run correctly -# types: [milestoned, opened, reopened, synchronize] +on: + # This workflow is triggered on pull requests to the main branch. + pull_request: + # milestoned is added here as a way to retrigger workflows that are stuck or otherwise didn't run correctly + types: [milestoned, opened, reopened, synchronize] -# # Permissions for the GITHUB_TOKEN used by the workflow. -# permissions: -# contents: read # Allows reading the content of the repository. +# Permissions for the GITHUB_TOKEN used by the workflow. +permissions: + contents: read # Allows reading the content of the repository. -# jobs: -# validate: -# uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@update-cgr-creds # testing -# secrets: inherit +jobs: + validate: + uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@update-cgr-creds # testing + secrets: inherit diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 4a0861b..21686e2 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,36 +1,36 @@ -# # Copyright 2024 Defense Unicorns -# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial +# Copyright 2024 Defense Unicorns +# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -# name: Release +name: Release -# on: -# push: -# branches: -# - main +on: + push: + branches: + - main -# # Permissions for the GITHUB_TOKEN used by the workflow. -# permissions: -# contents: read # Allows reading the content of the repository. -# packages: read # Allows reading the content of the repository's packages. -# id-token: write +# Permissions for the GITHUB_TOKEN used by the workflow. +permissions: + contents: read # Allows reading the content of the repository. + packages: read # Allows reading the content of the repository's packages. + id-token: write -# jobs: -# publish: -# permissions: -# contents: write # Allows reading the content of the repository. -# packages: write # Allows reading the content of the repository's packages. -# id-token: write -# strategy: -# matrix: -# flavor: [upstream, registry1, unicorn] -# architecture: [amd64, arm64] -# exclude: -# - flavor: registry1 -# architecture: arm64 -# uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@update-cgr-creds # testing -# with: -# flavor: ${{ matrix.flavor }} -# options: --set BASE_REPO="ghcr.io/uds-packages" -# runsOn: ${{ matrix.architecture == 'arm64' && 'appstore-4-core-arm64' || 'appstore-4-core-amd64' }} -# uds-releaser: true -# secrets: inherit # Inherits all secrets from the parent workflow. +jobs: + publish: + permissions: + contents: write # Allows reading the content of the repository. + packages: write # Allows reading the content of the repository's packages. + id-token: write + strategy: + matrix: + flavor: [upstream, registry1, unicorn] + architecture: [amd64, arm64] + exclude: + - flavor: registry1 + architecture: arm64 + uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@update-cgr-creds # testing + with: + flavor: ${{ matrix.flavor }} + options: --set BASE_REPO="ghcr.io/uds-packages" + runsOn: ${{ matrix.architecture == 'arm64' && 'appstore-4-core-arm64' || 'appstore-4-core-amd64' }} + uds-releaser: true + secrets: inherit # Inherits all secrets from the parent workflow. diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml index 090051a..2224c6d 100644 --- a/.github/workflows/scan.yaml +++ b/.github/workflows/scan.yaml @@ -1,22 +1,22 @@ -# # Copyright 2024 Defense Unicorns -# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial +# Copyright 2024 Defense Unicorns +# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -# name: Scan +name: Scan -# on: -# # This workflow is triggered on pull requests to the main branch. -# pull_request: -# paths: -# - zarf.yaml -# - releaser.yaml -# - .release-please-manifest.json +on: + # This workflow is triggered on pull requests to the main branch. + pull_request: + paths: + - zarf.yaml + - releaser.yaml + - .release-please-manifest.json -# jobs: -# scan: -# permissions: -# contents: read # Allows reading the content of the repository. -# packages: read # Allows reading the content of the repository's packages. -# id-token: write # Allows authentication to Chainguard via OIDC. -# pull-requests: write # Allows writing the scan results comment to the pull request. -# uses: defenseunicorns/uds-common/.github/workflows/callable-scan.yaml@update-cgr-creds # testing -# secrets: inherit # Inherits all secrets from the parent workflow. +jobs: + scan: + permissions: + contents: read # Allows reading the content of the repository. + packages: read # Allows reading the content of the repository's packages. + id-token: write # Allows authentication to Chainguard via OIDC. + pull-requests: write # Allows writing the scan results comment to the pull request. + uses: defenseunicorns/uds-common/.github/workflows/callable-scan.yaml@update-cgr-creds # testing + secrets: inherit # Inherits all secrets from the parent workflow. diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 64f3a97..9679354 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,67 +1,67 @@ -# # Copyright 2024 Defense Unicorns -# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial +# Copyright 2024 Defense Unicorns +# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -# name: Test +name: Test -# on: -# # This workflow is triggered on pull requests to the main branch. -# pull_request: -# # milestoned is added here as a way to retrigger workflows that are stuck or otherwise didn't run correctly -# types: [milestoned, opened, reopened, synchronize] +on: + # This workflow is triggered on pull requests to the main branch. + pull_request: + # milestoned is added here as a way to retrigger workflows that are stuck or otherwise didn't run correctly + types: [milestoned, opened, reopened, synchronize] -# # Permissions for the GITHUB_TOKEN used by the workflow. -# permissions: -# contents: read # Allows reading the content of the repository. -# packages: read # Allows reading the content of the repository's packages. -# id-token: write -# pull-requests: read +# Permissions for the GITHUB_TOKEN used by the workflow. +permissions: + contents: read # Allows reading the content of the repository. + packages: read # Allows reading the content of the repository's packages. + id-token: write + pull-requests: read -# # Abort prior jobs in the same workflow / PR -# concurrency: -# group: test-${{ github.ref }} -# cancel-in-progress: true +# Abort prior jobs in the same workflow / PR +concurrency: + group: test-${{ github.ref }} + cancel-in-progress: true -# jobs: -# check-flavor: -# runs-on: ubuntu-latest -# steps: -# - name: Checkout repository -# uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 +jobs: + check-flavor: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 -# - name: test-flavor -# uses: defenseunicorns/uds-common/.github/actions/test-flavor@update-cgr-creds # testing -# id: test-flavor -# outputs: -# upgrade-flavors: ${{ steps.test-flavor.outputs.upgrade-flavors }} + - name: test-flavor + uses: defenseunicorns/uds-common/.github/actions/test-flavor@update-cgr-creds # testing + id: test-flavor + outputs: + upgrade-flavors: ${{ steps.test-flavor.outputs.upgrade-flavors }} -# validate: -# needs: check-flavor -# strategy: -# fail-fast: true -# matrix: -# type: [install, upgrade] -# flavor: [upstream, registry1, unicorn] -# uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@update-cgr-creds # testing -# with: -# options: --set BASE_REPO="ghcr.io/uds-packages" -# upgrade-flavors: ${{ needs.check-flavor.outputs.upgrade-flavors }} -# flavor: ${{ matrix.flavor }} -# type: ${{ matrix.type }} -# runsOn: appstore-4-core-amd64 -# secrets: inherit # Inherits all secrets from the parent workflow. + validate: + needs: check-flavor + strategy: + fail-fast: true + matrix: + type: [install, upgrade] + flavor: [upstream, registry1, unicorn] + uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@update-cgr-creds # testing + with: + options: --set BASE_REPO="ghcr.io/uds-packages" + upgrade-flavors: ${{ needs.check-flavor.outputs.upgrade-flavors }} + flavor: ${{ matrix.flavor }} + type: ${{ matrix.type }} + runsOn: appstore-4-core-amd64 + secrets: inherit # Inherits all secrets from the parent workflow. -# verify-test: -# runs-on: ubuntu-latest -# needs: validate -# if: always() -# steps: -# - name: Check validate result -# run: | -# echo "validate result: ${{ needs.validate.result }}" + verify-test: + runs-on: ubuntu-latest + needs: validate + if: always() + steps: + - name: Check validate result + run: | + echo "validate result: ${{ needs.validate.result }}" -# if [ "${{ needs.validate.result }}" != "success" ]; then -# echo "One or more tests failed." -# exit 1 -# fi + if [ "${{ needs.validate.result }}" != "success" ]; then + echo "One or more tests failed." + exit 1 + fi -# echo "All tests passed successfully!" + echo "All tests passed successfully!" From b6ccc671ef6a95beed3710fd42471fd3228105b6 Mon Sep 17 00:00:00 2001 From: codyshoffner Date: Tue, 5 May 2026 11:28:29 -0500 Subject: [PATCH 8/8] testing for cgr creds --- .github/workflows/auto-update.yaml | 2 +- .github/workflows/commitlint.yaml | 2 +- .github/workflows/lint.yaml | 2 +- .github/workflows/release.yaml | 2 +- .github/workflows/scan.yaml | 2 +- .github/workflows/scorecard.yaml | 2 +- .github/workflows/test.yaml | 4 ++-- tasks.yaml | 18 +++++++++--------- 8 files changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/auto-update.yaml b/.github/workflows/auto-update.yaml index 8f1c230..959d9bd 100644 --- a/.github/workflows/auto-update.yaml +++ b/.github/workflows/auto-update.yaml @@ -20,5 +20,5 @@ concurrency: jobs: auto-update: - uses: defenseunicorns/uds-common/.github/workflows/callable-auto-update.yaml@update-cgr-creds # testing + uses: defenseunicorns/uds-common/.github/workflows/callable-auto-update.yaml@chainguard-creds # testing secrets: inherit # Inherits all secrets from the parent workflow. diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml index 68bc747..6b0caf7 100644 --- a/.github/workflows/commitlint.yaml +++ b/.github/workflows/commitlint.yaml @@ -15,4 +15,4 @@ permissions: jobs: validate: - uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@update-cgr-creds # testing + uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@chainguard-creds # testing diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 06b23b4..266bd8b 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -15,5 +15,5 @@ permissions: jobs: validate: - uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@update-cgr-creds # testing + uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@chainguard-creds # testing secrets: inherit diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 21686e2..b3ea8dc 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -27,7 +27,7 @@ jobs: exclude: - flavor: registry1 architecture: arm64 - uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@update-cgr-creds # testing + uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@chainguard-creds # testing with: flavor: ${{ matrix.flavor }} options: --set BASE_REPO="ghcr.io/uds-packages" diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml index 2224c6d..1ded191 100644 --- a/.github/workflows/scan.yaml +++ b/.github/workflows/scan.yaml @@ -18,5 +18,5 @@ jobs: packages: read # Allows reading the content of the repository's packages. id-token: write # Allows authentication to Chainguard via OIDC. pull-requests: write # Allows writing the scan results comment to the pull request. - uses: defenseunicorns/uds-common/.github/workflows/callable-scan.yaml@update-cgr-creds # testing + uses: defenseunicorns/uds-common/.github/workflows/callable-scan.yaml@chainguard-creds # testing secrets: inherit # Inherits all secrets from the parent workflow. diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 06e9b24..073bec1 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -32,5 +32,5 @@ # security-events: write # # Used to receive a badge. # id-token: write -# uses: defenseunicorns/uds-common/.github/workflows/callable-scorecard.yaml@update-cgr-creds # testing +# uses: defenseunicorns/uds-common/.github/workflows/callable-scorecard.yaml@chainguard-creds # testing # secrets: inherit diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 9679354..0c82818 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -29,7 +29,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: test-flavor - uses: defenseunicorns/uds-common/.github/actions/test-flavor@update-cgr-creds # testing + uses: defenseunicorns/uds-common/.github/actions/test-flavor@chainguard-creds # testing id: test-flavor outputs: upgrade-flavors: ${{ steps.test-flavor.outputs.upgrade-flavors }} @@ -41,7 +41,7 @@ jobs: matrix: type: [install, upgrade] flavor: [upstream, registry1, unicorn] - uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@update-cgr-creds # testing + uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@chainguard-creds # testing with: options: --set BASE_REPO="ghcr.io/uds-packages" upgrade-flavors: ${{ needs.check-flavor.outputs.upgrade-flavors }} diff --git a/tasks.yaml b/tasks.yaml index ccce037..713d5bf 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -3,15 +3,15 @@ includes: - test: ./tasks/test.yaml - - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/update-cgr-creds/tasks/create.yaml - - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/update-cgr-creds/tasks/publish.yaml - - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/update-cgr-creds/tasks/lint.yaml - - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/update-cgr-creds/tasks/pull.yaml - - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/update-cgr-creds/tasks/deploy.yaml - - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/update-cgr-creds/tasks/setup.yaml - - actions: https://raw.githubusercontent.com/defenseunicorns/uds-common/update-cgr-creds/tasks/actions.yaml - - badge: https://raw.githubusercontent.com/defenseunicorns/uds-common/update-cgr-creds/tasks/badge.yaml - - upgrade: https://raw.githubusercontent.com/defenseunicorns/uds-common/update-cgr-creds/tasks/upgrade.yaml + - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/chainguard-creds/tasks/create.yaml + - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/chainguard-creds/tasks/publish.yaml + - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/chainguard-creds/tasks/lint.yaml + - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/chainguard-creds/tasks/pull.yaml + - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/chainguard-creds/tasks/deploy.yaml + - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/chainguard-creds/tasks/setup.yaml + - actions: https://raw.githubusercontent.com/defenseunicorns/uds-common/chainguard-creds/tasks/actions.yaml + - badge: https://raw.githubusercontent.com/defenseunicorns/uds-common/chainguard-creds/tasks/badge.yaml + - upgrade: https://raw.githubusercontent.com/defenseunicorns/uds-common/chainguard-creds/tasks/upgrade.yaml tasks: - name: default