Revert "Harden CI workflows (#1730)" (#1731)

Author: anisurrahman75

.github/.kodiak.toml

@@ -15,4 +15,4 @@ strip_html_comments = true # default: false
 always = true # default: false
 
 [approve]
-auto_approve_usernames = ["tamalsaha", "1gtm", "1gtm-app[bot]"]
+auto_approve_usernames = ["1gtm", "tamalsaha"]

.github/workflows/cherry-pick.yml

@@ -10,20 +10,25 @@ jobs:
     runs-on: ubuntu-24.04
 
     steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - uses: actions/checkout@v1
 
       - name: Prepare git
         env:
-          GITHUB_USER: ${{ github.actor }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_USER: 1gtm
+          GITHUB_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }}
         run: |
           git config --global user.name "${GITHUB_USER}"
           git config --global user.email "${GITHUB_USER}@appscode.com"
           git remote set-url origin https://${GITHUB_USER}:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git
 
+      - name: Install GitHub CLI
+        run: |
+          curl -fsSL https://github.com/github/hub/raw/master/script/get | bash -s 2.14.1
+          sudo mv bin/hub /usr/local/bin
+
       - name: Update release branches
         env:
-          GITHUB_USER: ${{ github.actor }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_USER: 1gtm
+          GITHUB_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }}
         run: |
           ./hack/scripts/cherry-pick.sh

.github/workflows/ci.yml

@@ -14,38 +14,36 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Set up Go 1.25
-        uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0
+        uses: actions/setup-go@v5
         with:
           go-version: '1.25'
         id: go
 
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - uses: actions/checkout@v4
 
       - name: Set up QEMU
         id: qemu
-        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
+        uses: docker/setup-qemu-action@v3
         with:
           cache-image: false
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+        uses: docker/setup-buildx-action@v3
 
       - name: Prepare Host
         run: |
+          sudo apt-get -qq update || true
+          sudo apt-get install -y bzr
 
       - name: Run checks
         run: |
           make ci
 
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
-        with:
-          registry: ghcr.io
-          username: 1gtm
-          password: ${{ secrets.LGTM_GITHUB_TOKEN }}
-
       - name: Build
         env:
           REGISTRY: ghcr.io/appscodeci
+          DOCKER_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }}
+          USERNAME: 1gtm
         run: |
+          docker login ghcr.io --username ${USERNAME} --password ${DOCKER_TOKEN}
           make push

.github/workflows/release-tracker.yml

@@ -6,25 +6,31 @@ on:
 
 jobs:
   build:
-    if: github.event.pull_request.merged == true
     runs-on: ubuntu-24.04
 
     steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - uses: actions/checkout@v4
 
-      - name: Generate LGTM App token
-        id: lgtm-app-token
-        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
-        with:
-          client-id: ${{ secrets.LGTM_APP_CLIENT_ID }}
-          private-key: ${{ secrets.LGTM_APP_PRIVATE_KEY }}
-          owner: ${{ github.repository_owner }}
-          repositories: CHANGELOG
-          permission-pull-requests: write
+      - name: Prepare git
+        env:
+          GITHUB_USER: 1gtm
+          GITHUB_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }}
+        run: |
+          git config --global user.name "${GITHUB_USER}"
+          git config --global user.email "${GITHUB_USER}@appscode.com"
+          git remote set-url origin https://${GITHUB_USER}:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git
+
+      - name: Install GitHub CLI
+        run: |
+          curl -fsSL https://github.com/github/hub/raw/master/script/get | bash -s 2.14.1
+          sudo mv bin/hub /usr/local/bin
 
       - name: Update release tracker
+        if: |
+          github.event.action == 'closed' &&
+          github.event.pull_request.merged == true
         env:
-          GITHUB_USER: ${{ github.actor }}
-          GITHUB_TOKEN: ${{ steps.lgtm-app-token.outputs.token }}
+          GITHUB_USER: 1gtm
+          GITHUB_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }}
         run: |
           ./hack/scripts/update-release-tracker.sh

.github/workflows/release.yml

@@ -9,13 +9,14 @@ jobs:
   build:
     name: Build
     runs-on: ubuntu-24.04
-    permissions:
-      contents: write
     steps:
       - name: Check out code into the Go module directory
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
-        with:
-          fetch-depth: 0
+        uses: actions/checkout@v1
+
+      - name: Install GitHub CLI
+        run: |
+          curl -fsSL https://github.com/github/hub/raw/master/script/get | bash -s 2.14.1
+          sudo mv bin/hub /usr/local/bin
 
       - name: Print version info
         id: semver
@@ -24,23 +25,19 @@ jobs:
 
       - name: Set up QEMU
         id: qemu
-        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
+        uses: docker/setup-qemu-action@v3
         with:
           cache-image: false
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
-
-      - name: Log in to the GitHub Container registry
-        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
-        with:
-          registry: ghcr.io
-          username: 1gtm
-          password: ${{ secrets.LGTM_GITHUB_TOKEN }}
+        uses: docker/setup-buildx-action@v3
 
       - name: Publish to GitHub Container Registry
         env:
           REGISTRY: ghcr.io/stashed
+          DOCKER_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }}
+          USERNAME: 1gtm
           APPSCODE_ENV: prod
         run: |
+          docker login ghcr.io --username ${USERNAME} --password ${DOCKER_TOKEN}
           make release

Makefile

@@ -25,7 +25,7 @@ REGISTRY ?= stashed
 
 # This version-strategy uses git tags to set the version string
 git_branch       := $(shell git rev-parse --abbrev-ref HEAD)
-git_tag          := $(shell git describe --tags --exact-match --abbrev=0 2>/dev/null || echo "")
+git_tag          := $(shell git describe --exact-match --abbrev=0 2>/dev/null || echo "")
 commit_hash      := $(shell git rev-parse --verify HEAD)
 commit_timestamp := $(shell date --date="@$$(git show -s --format=%ct)" --utc +%FT%T)
 

hack/scripts/cherry-pick.sh

@@ -37,10 +37,10 @@ while IFS=/ read -r -u9 repo branch; do
     git checkout -b $pr_branch
     git cherry-pick --strategy=recursive -X theirs $GITHUB_SHA
     git push -u origin HEAD -f
-    gh pr create \
+    hub pull-request \
         --base $branch \
-        --label automerge \
-        --title "[cherry-pick] $(git show -s --format=%s)" \
-        --body "$(git show -s --format=%b | sed --expression='/\/cherry-pick/d')" || true
+        --labels automerge \
+        --message "[cherry-pick] $(git show -s --format=%s)" \
+        --message "$(git show -s --format=%b | sed --expression='/\/cherry-pick/d')" || true
     sleep 15
 done 9< <(git branch -r | grep release)

hack/scripts/update-release-tracker.sh

@@ -69,4 +69,4 @@ case $GITHUB_BASE_REF in
         ;;
 esac
 
-gh api "$api_url" -f body="$msg"
+hub api "$api_url" -f body="$msg"