Merge pull request #1 from heroku/malax/update-from-jvm

Add GHA workflows from buildpacks-jvm

Author: Malax

.github/dependabot.yml

@@ -0,0 +1,8 @@
+version: 2
+updates:
+  - package-ecosystem: "bundler"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "skip changelog"

.github/scripts/release-workflow-package-push.sh

@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# This script is an integral part of the release workflow: .github/workflows/release.yml
+# It requires the following environment variables to function correctly:
+#
+# REQUESTED_BUILDPACK_ID - The ID of the buildpack to package and push to the container registry.
+
+while IFS="" read -r -d "" buildpack_toml_path; do
+	buildpack_id="$(yj -t <"${buildpack_toml_path}" | jq -r .buildpack.id)"
+	buildpack_version="$(yj -t <"${buildpack_toml_path}" | jq -r .buildpack.version)"
+	buildpack_docker_repository="$(yj -t <"${buildpack_toml_path}" | jq -r .metadata.release.docker.repository)"
+	buildpack_path=$(dirname "${buildpack_toml_path}")
+
+	if [[ $buildpack_id == "${REQUESTED_BUILDPACK_ID}" ]]; then
+		cnb_shim_tarball_url="https://github.com/heroku/cnb-shim/releases/download/v0.3/cnb-shim-v0.3.tgz"
+		cnb_shim_tarball_sha256="109cfc01953cb04e69c82eec1c45c7c800bd57d2fd0eef030c37d8fc37a1cb4d"
+		local_cnb_shim_tarball=$(mktemp)
+
+		v2_buildpack_tarball_url="$(yj -t <"${buildpack_toml_path}" | jq -r ".metadata.shim.tarball // empty")"
+		v2_buildpack_tarball_sha256="$(yj -t <"${buildpack_toml_path}" | jq -r ".metadata.shim.sha256 // empty")"
+		local_v2_buildpack_tarball=$(mktemp)
+
+		# If the buildpack has a V2 buildpack tarball in its metadata it's supposed to be a shimmed buildpack.
+		# We download the shim and the V2 buildpack to the buildpack directory, turning it into a CNB. This
+		# transformation is transparent for the code that follows after it.
+		if [[ -n "${v2_buildpack_tarball_url:-}" ]]; then
+			curl --retry 3 --location "${cnb_shim_tarball_url}" --output "${local_cnb_shim_tarball}"
+			curl --retry 3 --location "${v2_buildpack_tarball_url}" --output "${local_v2_buildpack_tarball}"
+
+			if ! echo "${cnb_shim_tarball_sha256} ${local_cnb_shim_tarball}" | sha256sum --check --status; then
+				echo "Checksum verification of cnb_shim failed!"
+				exit 1
+			fi
+
+			if ! echo "${v2_buildpack_tarball_sha256} ${local_v2_buildpack_tarball}" | sha256sum --check --status; then
+				echo "Checksum verification of V2 buildpack tarball failed!"
+				exit 1
+			fi
+
+			mkdir -p "${buildpack_path}/target"
+			tar -xzmf "${local_cnb_shim_tarball}" -C "${buildpack_path}"
+			tar -xzmf "${local_v2_buildpack_tarball}" -C "${buildpack_path}/target"
+		fi
+
+		image_name="${buildpack_docker_repository}:${buildpack_version}"
+		pack package-buildpack --config "${buildpack_path}/package.toml" --publish "${image_name}"
+
+		echo "::set-output name=id::${buildpack_id}"
+		echo "::set-output name=version::${buildpack_version}"
+		echo "::set-output name=path::${buildpack_path}"
+		echo "::set-output name=address::${buildpack_docker_repository}@$(crane digest "${image_name}")"
+		exit 0
+	fi
+done < <(find . -name buildpack.toml -print0)
+
+echo "Could not find requested buildpack with id ${REQUESTED_BUILDPACK_ID}!"
+exit 1

.github/workflows/release.yml

@@ -0,0 +1,54 @@
+name: Release Buildpack
+on:
+  workflow_dispatch:
+    inputs:
+      requested_buildpack_id:
+        description: "Buildpack ID"
+        required: true
+
+jobs:
+  release:
+    name: Release ${{ github.event.inputs.requested_buildpack_id }}
+    runs-on: ubuntu-20.04 # ubuntu-latest currently resolves to 18.04 which does not have aws-cli 2.x yet
+    env:
+      REQUESTED_BUILDPACK_ID: ${{ github.event.inputs.requested_buildpack_id }}
+    steps:
+      - id: checkout
+        name: "Checkout code"
+        uses: actions/checkout@v2
+      - id: setup-pack
+        name: "Setup pack"
+        uses: buildpacks/github-actions/[email protected]
+      - id: login
+        name: "Login to public ECR"
+        uses: docker/login-action@v1
+        with:
+          registry: public.ecr.aws
+          username: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        env:
+          AWS_REGION: us-east-1
+      - id: package
+        name: "Package buildpack and publish to container registry"
+        run: ./.github/scripts/release-workflow-package-push.sh
+        shell: bash
+      - id: add-registry-entry
+        name: "Request Registry Entry"
+        uses: docker://ghcr.io/buildpacks/actions/registry/request-add-entry:4.0.0
+        with:
+          token: ${{ secrets.PUBLIC_REPO_TOKEN }}
+          id: ${{ steps.package.outputs.id }}
+          version: ${{ steps.package.outputs.version }}
+          address: ${{ steps.package.outputs.address }}
+      - id: create_release
+        name: Create Release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ steps.package.outputs.id }}_${{ steps.package.outputs.version }}
+          release_name: ${{ steps.package.outputs.id }} ${{ steps.package.outputs.version }}
+          body: |
+            Find the changelog here: [CHANGELOG](${{ steps.package.outputs.path }}/CHANGELOG.md)
+          draft: false
+          prerelease: false