Skip to content

Commit

Permalink
feat(ci): replaced GHCR_PR_TOKEN with GITHUB_TOKEN (#635)
Browse files Browse the repository at this point in the history
* replaced GHCR_PR_TOKEN with GITHUB_TOKEN

* Added permissions

* removed extra space
  • Loading branch information
aali309 authored Oct 3, 2023
1 parent 5373bbc commit bbe5d48
Show file tree
Hide file tree
Showing 5 changed files with 27 additions and 15 deletions.
5 changes: 4 additions & 1 deletion .github/workflows/dependent-issues.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,14 +12,17 @@ on:
- edited
- reopened
- synchronize

# Schedule a daily check. Used in referencing cross-repository
# issues or pull requests
schedule:
- cron: '0 0 * * *'

jobs:
check:
permissions:
issues: write
pull-requests: write
statuses: write
runs-on: ubuntu-latest
steps:
- uses: z0al/dependent-issues@v1
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/release-drafter.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,9 @@ on:

jobs:
update_release_draft:
permissions:
contents: write
pull-requests: write
runs-on: ubuntu-latest
steps:
# Drafts your next Release notes as Pull Requests are merged into "main"
Expand Down
4 changes: 4 additions & 0 deletions .github/workflows/semantic-pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,10 @@ on:

jobs:
main:
permissions:
pull-requests: read
statuses: write

runs-on: ubuntu-latest
steps:
- uses: amannn/action-semantic-pull-request@v3.4.0
Expand Down
10 changes: 6 additions & 4 deletions .github/workflows/test-ci-command.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
pull-requests: write
if: github.repository_owner == 'cryostatio' && github.event.issue.pull_request && startsWith(github.event.comment.body, '/build_test')
steps:
- name: Fail if needs-triage label applied
- name: Fail if needs-triage label applied
if: ${{ contains(github.event.issue.labels.*.name, 'needs-triage') }}
run: exit 1
- name: Show warning if permission is denied
Expand All @@ -43,14 +43,14 @@ jobs:
repo,
comment_id: context.payload.comment.id,
content: "+1",
});
});
checkout-branch:
checkout-branch:
runs-on: ubuntu-latest
needs: [check-before-test]
permissions:
pull-requests: read
outputs:
outputs:
PR_head_ref: ${{ fromJSON(steps.comment-branch.outputs.result).ref }}
PR_num: ${{ fromJSON(steps.comment-branch.outputs.result).num }}
PR_repo: ${{ fromJSON(steps.comment-branch.outputs.result).repo }}
Expand Down Expand Up @@ -86,6 +86,8 @@ jobs:
run-test-jobs:
uses: ./.github/workflows/test-ci-reusable.yml
needs: [get-test-image-tag, checkout-branch]
permissions:
packages: write
with:
repository: ${{ needs.checkout-branch.outputs.PR_repo }}
ref: ${{ needs.checkout-branch.outputs.PR_head_ref }}
Expand Down
20 changes: 10 additions & 10 deletions .github/workflows/test-ci-reusable.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,16 @@ on:
workflow_call:
inputs:
tag:
required: true
required: true
type: string
repository:
required: false
type: string
ref:
required: false
required: false
type: string

env:
env:
OPENSUSE_UNOFFICIAL_LIBCONTAINERS_KEY_URL: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_22.04/Release.key"
OPENSUSE_UNOFFICIAL_LIBCONTAINERS_SOURCE_URL: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_22.04"

Expand All @@ -27,7 +27,7 @@ jobs:
with:
owner: ${{ github.repository_owner }}
name: ${{ matrix.image }}
token: ${{ secrets.GHCR_PR_TOKEN }}
token: ${{ secrets.GITHUB_TOKEN }}
ignore-missing-package: true
tag-regex: ${{ inputs.tag }}
tagged-keep-latest: 0
Expand Down Expand Up @@ -80,7 +80,7 @@ jobs:
tags: ${{ inputs.tag }}
registry: ghcr.io/${{ github.repository_owner }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GHCR_PR_TOKEN }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build operator image for test
run: |
OPERATOR_IMG=ghcr.io/${{ github.repository_owner }}/cryostat-operator:${{ inputs.tag }} \
Expand All @@ -94,7 +94,7 @@ jobs:
tags: ${{ inputs.tag }}
registry: ghcr.io/${{ github.repository_owner }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GHCR_PR_TOKEN }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build bundle image for test
run: |
yq -i '.spec.template.spec.imagePullSecrets = [{"name": "registry-key"}]' config/manager/manager.yaml
Expand All @@ -109,7 +109,7 @@ jobs:
tags: ${{ inputs.tag }}
registry: ghcr.io/${{ github.repository_owner }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GHCR_PR_TOKEN }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Kind cluster
run: |
kind create cluster --config=".github/kind-config.yaml" -n ci-${{ github.run_id }}
Expand All @@ -124,14 +124,14 @@ jobs:
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GHCR_PR_TOKEN }}
password: ${{ secrets.GITHUB_TOKEN }}
auth_file_path: $HOME/.docker/config.json
- name: Run scorecard tests
run: |
SCORECARD_REGISTRY_SERVER="ghcr.io" \
SCORECARD_REGISTRY_USERNAME="${{ github.repository_owner }}" \
SCORECARD_REGISTRY_PASSWORD="${{ secrets.GHCR_PR_TOKEN }}" \
SCORECARD_REGISTRY_PASSWORD="${{ secrets.GITHUB_TOKEN }}" \
BUNDLE_IMG="${{ steps.push-bundle-to-ghcr.outputs.registry-path }}" \
make test-scorecard
- name: Clean up Kind cluster
- name: Clean up Kind cluster
run: kind delete cluster -n ci-${{ github.run_id }}

0 comments on commit bbe5d48

Please sign in to comment.