Merge pull request #65961 from javacruft/restore/zig-deps #2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Restore packages | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - "restored-packages.txt" | |
| # Don't restore during builds, to prevent out of sync signatures. | |
| concurrency: build | |
| permissions: | |
| contents: read | |
| jobs: | |
| restore: | |
| if: github.repository == 'wolfi-dev/os' | |
| name: Restore packages | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| # use public chainguard provider. | |
| - uses: chainguard-dev/setup-chainctl@f4ed65b781b048c44d4f033ae854c025c5531c19 # v0.3.2 | |
| with: | |
| # Managed here: | |
| # https://github.com/chainguard-dev/mono/blob/main/env/chainguard-images/iac/wolfi-os-pusher.tf | |
| identity: "720909c9f5279097d847ad02a2f24ba8f59de36a/6a26f2970f880c31" | |
| - name: 'Restore packages on apk.cgr.dev' | |
| run: | | |
| set -e | |
| # Transform text file into JSON for bulk restoration, ignoring empty lines and comments and trimming whitespace | |
| jq -R -n '{apks: [inputs | select(length > 0 and startswith("#") | not) | gsub("^\\s+|\\s+$"; "") | select(length > 0)]}' restored-packages.txt > restored-packages.json | |
| for arch in "aarch64" "x86_64"; do | |
| curl -X POST -H "Content-Type: application/json" \ | |
| --user "user:$(chainctl auth token --audience apk.cgr.dev)" \ | |
| --data @restored-packages.json \ | |
| "https://apk.cgr.dev/chainguard/${arch}/restore" || true | |
| done | |
| - uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.2.1 | |
| if: failure() | |
| env: | |
| SLACK_ICON: http://github.com/chainguard-dev.png?size=48 | |
| SLACK_USERNAME: guardian | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
| SLACK_CHANNEL: chainguard-images-alerts | |
| SLACK_COLOR: '#8E1600' | |
| MSG_MINIMAL: 'true' | |
| SLACK_TITLE: '[restore-packages] failure: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}' | |
| SLACK_MESSAGE: | | |
| https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} |