paketo-buildpacks · dmikusa · Oct 17, 2025 · Mar 31, 2025 · Apr 10, 2025 · May 2, 2025
@@ -10,7 +10,7 @@ jobs:
   download:
     name: Download PR Artifact
     if: ${{ github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success' }}
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     outputs:
       pr-author: ${{ steps.pr-data.outputs.author }}
       pr-number: ${{ steps.pr-data.outputs.number }}
@@ -32,7 +32,7 @@ jobs:
     name: Approve Bot PRs
     needs: download
     if: ${{ needs.download.outputs.pr-author == 'paketo-bot' || needs.download.outputs.pr-author == 'dependabot[bot]' }}
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
     - name: Check Commit Verification
       id: unverified-commits
@@ -52,7 +52,7 @@ jobs:
 
     - name: Checkout
       if: steps.human-commits.outputs.human_commits == 'false' && steps.unverified-commits.outputs.unverified_commits == 'false'
-      uses: actions/checkout@v3
+      uses: actions/checkout@v5
 
     - name: Approve
       if: steps.human-commits.outputs.human_commits == 'false' && steps.unverified-commits.outputs.unverified_commits == 'false'

@@ -6,12 +6,12 @@ on:
   pull_request:
     branches: [ main ]
   schedule:
-  - cron: '34 5 * * *' # daily at 5:34am UTC
+  - cron: '34 5 * * *'  # daily at 5:34am UTC
 
 jobs:
   analyze:
     name: Analyze
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
 
     strategy:
       fail-fast: false
@@ -21,15 +21,15 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v5
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v4
       with:
         languages: ${{ matrix.language }}
 
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v4
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v4
@@ -0,0 +1,106 @@
+name: 'Compile Dependency on Target - Reusable Workflow'
+
+description: |
+  Compiles Dependency on given target, os, and arch
+
+on:
+  workflow_call:
+    inputs:
+      version:
+        description: 'dependency version'
+        required: true
+        type: string
+      target:
+        description: 'dependency OS target variant'
+        required: true
+        type: string
+      os:
+        description: 'platform OS (e.g., linux)'
+        required: true
+        type: string
+      arch:
+        description: 'platform architecture (e.g., amd64)'
+        required: true
+        type: string
+      shouldCompile:
+        description: 'whether to compile the dependency'
+        required: true
+        type: boolean
+      shouldTest:
+        description: 'whether to test the dependency after compilation'
+        required: true
+        type: boolean
+      uploadArtifactName:
+        description: 'name of the artifact to upload'
+        required: true
+        type: string
+
+jobs:
+  compile:
+    # Speed up compilation by using runners that match os and arch when they are set, otherwise fall back to emulation.
+    runs-on: ${{ (inputs.os == 'linux' && inputs.arch == 'arm64') && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }}
+
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v5
+
+    - name: Enable experimental features for Docker daemon and CLI
+      run: |
+        echo '{"experimental": true}' | sudo tee /etc/docker/daemon.json
+        sudo systemctl restart docker
+        mkdir -p ~/.docker
+        echo '{"experimental": "enabled"}' | sudo tee ~/.docker/config.json
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Setup before compilation
+      id: compile-setup
+      run: |
+        echo "outputdir=$(mktemp -d)" >> "$GITHUB_OUTPUT"
+
+    - name: docker build
+      id: docker-build
+      env:
+        SKIP_LOGIN: true
+      if: ${{ inputs.shouldCompile == true || inputs.shouldCompile == 'true' }}
+      uses: actions-hub/docker/cli@master
+      with:
+        args: "build ${{ (inputs.os != '' && inputs.arch != '') && format('--platform {0}/{1}', inputs.os, inputs.arch) || '' }} -t compilation -f dependency/actions/compile/${{ inputs.target }}.Dockerfile dependency/actions/compile"
+
+    - name: docker run
+      id: docker-run
+      uses: actions-hub/docker/cli@master
+      env:
+        SKIP_LOGIN: true
+      if: ${{ inputs.shouldCompile == true || inputs.shouldCompile == 'true' }}
+      with:
+        args: "run ${{ (inputs.os != '' && inputs.arch != '') && format('--platform {0}/{1}', inputs.os, inputs.arch) || '' }} -v ${{ steps.compile-setup.outputs.outputdir }}:/home compilation --outputDir /home --target ${{ inputs.target }} --version ${{ inputs.version }} ${{ inputs.os != '' && format('--os {0}', inputs.os) || '' }} ${{ inputs.arch != '' && format('--arch {0}', inputs.arch) || '' }}"
+
+    - name: Print contents of output dir
+      shell: bash
+      run: ls -lah ${{ steps.compile-setup.outputs.outputdir }}
+
+    - name: Test Dependency
+      working-directory: dependency
+      if: ${{ (inputs.shouldCompile == true || inputs.shouldCompile == 'true') && (inputs.shouldTest == true || inputs.shouldTest == 'true') }}
+      run: |
+        #!/usr/bin/env bash
+        set -euo pipefail
+        shopt -s inherit_errexit
+
+        make test \
+          version="${{ inputs.version }}" \
+          tarballPath="${{ steps.compile-setup.outputs.outputdir }}/*.tgz" \
+          os="${{ inputs.os }}" \
+          arch="${{ inputs.arch }}"
+
+    - name: Upload compiled artifact
+      uses: actions/upload-artifact@v4
+      if: ${{ inputs.shouldCompile == true || inputs.shouldCompile == 'true' }}
+      with:
+        name: '${{ inputs.uploadArtifactName }}'
+        path: '${{ steps.compile-setup.outputs.outputdir }}/*'
@@ -17,16 +17,16 @@ concurrency: release
 jobs:
   unit:
     name: Unit Tests
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     outputs:
       builders: ${{ steps.builders.outputs.builders }}
     steps:
+    - name: Checkout
+      uses: actions/checkout@v5
     - name: Setup Go
-      uses: actions/setup-go@v3
+      uses: actions/setup-go@v6
       with:
-        go-version: 'stable'
-    - name: Checkout
-      uses: actions/checkout@v3
+        go-version-file: go.mod
     - name: Run Unit Tests
       run: ./scripts/unit.sh
     - name: Get builders from integration.json
@@ -39,39 +39,45 @@ jobs:
 
   integration:
     name: Integration Tests
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     needs: unit
     strategy:
       matrix:
         builder: ${{ fromJSON(needs.unit.outputs.builders) }}
       fail-fast: false  # don't cancel all test jobs when one fails
     steps:
+    - name: Checkout
+      uses: actions/checkout@v5
     - name: Setup Go
-      uses: actions/setup-go@v3
+      uses: actions/setup-go@v6
       with:
-        go-version: 'stable'
-    - name: Checkout
-      uses: actions/checkout@v3
+        go-version-file: go.mod
     - name: Run Integration Tests
       run: ./scripts/integration.sh --builder ${{ matrix.builder }} --token ${{ github.token }}
       env:
         TMPDIR: "${{ runner.temp }}"
 
   release:
     name: Release
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     needs: integration
-    steps:
-    - name: Setup Go
-      uses: actions/setup-go@v3
-      with:
-        go-version: 'stable'
+    services:
+      registry:
+        image: registry:3
+        ports:
+          - 5000:5000
 
+    steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v5
       with:
         fetch-tags: true
 
+    - name: Setup Go
+      uses: actions/setup-go@v6
+      with:
+        go-version-file: go.mod
+
     - name: Reset Draft Release
       id: reset
       uses: paketo-buildpacks/github-config/actions/release/reset-draft@main
@@ -110,13 +116,86 @@ jobs:
           echo "buildpack_type=buildpack" >> "$GITHUB_OUTPUT"
         fi
 
+    - name: Get buildpack path
+      id: get_buildpack_path
+      run: |
+
+        if [ -f "build/buildpackage.cnb" ]; then
+          echo "path=build/buildpackage.cnb" >> "$GITHUB_OUTPUT"
+        else
+          echo "path=build/buildpackage-linux-amd64.cnb" >> "$GITHUB_OUTPUT"
+        fi
+
     - name: Create Release Notes
       id: create-release-notes
       uses: paketo-buildpacks/github-config/actions/release/notes@main
       with:
         repo: ${{ github.repository }}
         token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
         buildpack_type: ${{ steps.get_buildpack_type.outputs.buildpack_type }}
+        buildpackage_path: ${{ steps.get_buildpack_path.outputs.path }}
+
+    - name: Get Image Digest
+      id: image_digest
+      run: |
+        image_name="localhost:5000/npm-install:latest"
+
+        ./scripts/publish.sh \
+          --buildpack-type ${{ steps.get_buildpack_type.outputs.buildpack_type }} \
+          --image-ref $image_name
+
+        echo "digest=$(sudo skopeo inspect "docker://${image_name}" --tls-verify=false | jq -r .Digest)" >> "$GITHUB_OUTPUT"
+
+    - name: Set Correct Image Digest on the Release notes
+      run: |
+          printf '${{ steps.create-release-notes.outputs.release_body }}' \
+            | sed -E \
+              "s/\*\*Digest:\*\* \`sha256:[a-f0-9]{64}\`/\*\*Digest:\*\* \`${{ steps.image_digest.outputs.digest }}\`/" \
+              > ./release_notes
+
+          printf '${{ steps.image_digest.outputs.digest }}' > ./index-digest.sha256
+
+    - name: Create release assets
+      id: create_release_assets
+      run: |
+        release_assets=$(jq -n --arg repo_name "${{ github.event.repository.name }}" --arg tag "${{ steps.tag.outputs.tag }}" '
+        [
+          {
+            "path": "build/buildpack.tgz",
+            "name": ($repo_name + "-" + $tag + ".tgz"),
+            "content_type": "application/gzip"
+          },
+          {
+            "path": "./index-digest.sha256",
+            "name": ($repo_name + "-" + $tag + "-" + "index-digest.sha256"),
+            "content_type": "text/plain"
+          }
+        ]')
+
+        for filepath in build/*.cnb; do
+          filename=$(basename "$filepath")
+          asset_name=""
+          if [[ "$filename" == "buildpackage-linux-amd64.cnb" ]]; then
+            asset_name="${{ github.event.repository.name }}-${{ steps.tag.outputs.tag }}.cnb"
+          elif [[ "$filename" == "buildpackage.cnb" ]]; then
+            asset_name="${{ github.event.repository.name }}-${{ steps.tag.outputs.tag }}.cnb"
+          else
+            formatted_filename="${filename#buildpackage-}"
+            asset_name="${{ github.event.repository.name }}-${{ steps.tag.outputs.tag }}-${formatted_filename}"
+          fi
+
+          release_assets=$(echo "$release_assets" | jq --arg asset_name "${asset_name}" --arg filepath "$filepath" '
+          . + [
+            {
+              "path": $filepath,
+              "name": $asset_name,
+              "content_type": "application/gzip"
+            }
+          ]')
+        done
+
+        release_assets=$(jq -c <<< "$release_assets" )
+        printf "release_assets=%s\n" "${release_assets}" >> "$GITHUB_OUTPUT"
 
     - name: Create Release
       uses: paketo-buildpacks/github-config/actions/release/create@main
@@ -126,25 +205,13 @@ jobs:
         tag_name: v${{ steps.tag.outputs.tag }}
         target_commitish: ${{ github.sha }}
         name: v${{ steps.tag.outputs.tag }}
-        body: ${{ steps.create-release-notes.outputs.release_body }}
+        body_filepath: "./release_notes"
         draft: true
-        assets: |
-          [
-            {
-              "path": "build/buildpack.tgz",
-              "name": "${{ github.event.repository.name }}-${{ steps.tag.outputs.tag }}.tgz",
-              "content_type": "application/gzip"
-            },
-            {
-              "path": "build/buildpackage.cnb",
-              "name": "${{ github.event.repository.name }}-${{ steps.tag.outputs.tag }}.cnb",
-              "content_type": "application/gzip"
-            }
-          ]
+        assets: ${{ steps.create_release_assets.outputs.release_assets }}
 
   failure:
     name: Alert on Failure
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     needs: [ unit, integration, release ]
     if: ${{ always() && needs.unit.result == 'failure' || needs.integration.result == 'failure' || needs.release.result == 'failure' }}
     steps:

@@ -15,10 +15,10 @@ concurrency: pr_labels_${{ github.event.number }}
 jobs:
   autolabel:
     name: Ensure Minimal Semver Labels
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
     - name: Check Minimal Semver Labels
-      uses: mheap/github-action-required-labels@v3
+      uses: mheap/github-action-required-labels@v5
       with:
         count: 1
         labels: semver:major, semver:minor, semver:patch