From e38315952b459f87896f30a004ab4ea6bfc22922 Mon Sep 17 00:00:00 2001 From: Ryan Beck-Buysse Date: Thu, 25 Aug 2022 13:34:10 -0500 Subject: [PATCH 1/2] Switch repo checks to match "splintercommunity" This is necessary after migrating the repos from the Cargill organization. Signed-off-by: Ryan Beck-Buysse --- .github/workflows/0-6-cron.yaml | 2 +- .github/workflows/merge.yaml | 2 +- .github/workflows/publish-docker-branch.yaml | 12 ++++++------ .github/workflows/publish-release.yaml | 10 +++++----- .github/workflows/splinter-dev.yaml | 6 +++--- .github/workflows/unit-test-splinter.yaml | 4 ++-- 6 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/0-6-cron.yaml b/.github/workflows/0-6-cron.yaml index 202596b2f..63749127b 100644 --- a/.github/workflows/0-6-cron.yaml +++ b/.github/workflows/0-6-cron.yaml @@ -189,7 +189,7 @@ jobs: build_docker: runs-on: ubuntu-18.04 if: >- - github.repository_owner == 'Cargill' + github.repository_owner == 'splintercommunity' steps: - uses: actions/checkout@v2 with: diff --git a/.github/workflows/merge.yaml b/.github/workflows/merge.yaml index d3ccf322b..51f639b2d 100644 --- a/.github/workflows/merge.yaml +++ b/.github/workflows/merge.yaml @@ -84,7 +84,7 @@ jobs: build_docker: runs-on: ubuntu-18.04 if: >- - github.repository_owner == 'Cargill' + github.repository_owner == 'splintercommunity' steps: - uses: actions/checkout@v2 with: diff --git a/.github/workflows/publish-docker-branch.yaml b/.github/workflows/publish-docker-branch.yaml index b07e400cc..c832e92d7 100644 --- a/.github/workflows/publish-docker-branch.yaml +++ b/.github/workflows/publish-docker-branch.yaml @@ -20,7 +20,7 @@ jobs: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'push' && github.event.workflow_run.head_branch == 'main' && - github.repository_owner == 'Cargill' + github.repository_owner == 'splintercommunity' name: Start buildx cluster runs-on: ubuntu-latest outputs: @@ -58,7 +58,7 @@ jobs: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'push' && github.event.workflow_run.head_branch == 'main' && - github.repository_owner == 'Cargill' + github.repository_owner == 'splintercommunity' needs: - start_cluster_main runs-on: ${{ needs.start_cluster_main.outputs.label }} @@ -99,7 +99,7 @@ jobs: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'push' && github.event.workflow_run.head_branch == 'main' && - github.repository_owner == 'Cargill' && + github.repository_owner == 'splintercommunity' && always() name: Stop buildx cluster needs: @@ -131,7 +131,7 @@ jobs: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'push' && github.event.workflow_run.head_branch == 'main' && - github.repository_owner == 'Cargill' + github.repository_owner == 'splintercommunity' name: Start buildx cluster runs-on: ubuntu-latest outputs: @@ -169,7 +169,7 @@ jobs: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'push' && github.event.workflow_run.head_branch == 'main' && - github.repository_owner == 'Cargill' + github.repository_owner == 'splintercommunity' needs: - start_cluster_experimental runs-on: ${{ needs.start_cluster_experimental.outputs.label }} @@ -210,7 +210,7 @@ jobs: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'push' && github.event.workflow_run.head_branch == 'main' && - github.repository_owner == 'Cargill' && + github.repository_owner == 'splintercommunity' && always() name: Stop buildx cluster needs: diff --git a/.github/workflows/publish-release.yaml b/.github/workflows/publish-release.yaml index 4062ccd19..44994ecac 100644 --- a/.github/workflows/publish-release.yaml +++ b/.github/workflows/publish-release.yaml @@ -12,7 +12,7 @@ jobs: unit_test_splinter: if: >- - github.repository_owner == 'Cargill' + github.repository_owner == 'splintercommunity' runs-on: ubuntu-18.04 steps: - uses: actions/checkout@v2 @@ -29,7 +29,7 @@ jobs: run: just ci-test start_cluster: - if: github.repository == 'Cargill/splinter' + if: github.repository == 'splintercommunity/splinter' name: Start buildx cluster runs-on: ubuntu-latest outputs: @@ -76,7 +76,7 @@ jobs: - start_cluster - unit_test_splinter if: >- - github.repository_owner == 'Cargill' + github.repository_owner == 'splintercommunity' runs-on: ${{ needs.start_cluster.outputs.label }} steps: - name: Display envvars @@ -118,7 +118,7 @@ jobs: - start_cluster - publish_docker runs-on: ubuntu-latest - if: ${{ github.repository == 'Cargill/splinter' && always() }} + if: ${{ github.repository == 'splintercommunity/splinter' && always() }} permissions: id-token: write contents: read @@ -149,7 +149,7 @@ jobs: publish_to_crates: needs: unit_test_splinter if: >- - github.repository_owner == 'Cargill' + github.repository_owner == 'splintercommunity' runs-on: ubuntu-18.04 steps: - uses: actions/checkout@v2 diff --git a/.github/workflows/splinter-dev.yaml b/.github/workflows/splinter-dev.yaml index c6487830b..a81514542 100644 --- a/.github/workflows/splinter-dev.yaml +++ b/.github/workflows/splinter-dev.yaml @@ -4,7 +4,7 @@ on: - workflow_dispatch jobs: start_cluster: - if: github.repository == 'Cargill/splinter' + if: github.repository == 'splintercommunity/splinter' name: Start buildx cluster runs-on: ubuntu-latest outputs: @@ -47,7 +47,7 @@ jobs: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} build_splinter_dev: - if: github.repository == 'Cargill/splinter' + if: github.repository == 'splintercommunity/splinter' name: Build splinter-dev needs: start_cluster runs-on: ${{ needs.start_cluster.outputs.label }} @@ -87,7 +87,7 @@ jobs: - start_cluster - build_splinter_dev runs-on: ubuntu-latest - if: ${{ github.repository == 'Cargill/splinter' && always() }} + if: ${{ github.repository == 'splintercommunity/splinter' && always() }} permissions: id-token: write contents: read diff --git a/.github/workflows/unit-test-splinter.yaml b/.github/workflows/unit-test-splinter.yaml index e604a8d32..602352fa0 100644 --- a/.github/workflows/unit-test-splinter.yaml +++ b/.github/workflows/unit-test-splinter.yaml @@ -20,7 +20,7 @@ jobs: run: if ! grep -q -w $GITHUB_ACTOR CODEOWNERS; then (echo "User is not authorized"; exit 1) fi start_cluster: - if: github.repository == 'Cargill/splinter' + if: github.repository == 'splintercommunity/splinter' name: Start buildx cluster needs: check_allowlist runs-on: ubuntu-latest @@ -78,7 +78,7 @@ jobs: - start_cluster - unit_test_splinter runs-on: ubuntu-latest - if: ${{ github.repository == 'Cargill/splinter' && always() }} + if: ${{ github.repository == 'splintercommunity/splinter' && always() }} permissions: id-token: write contents: read From 1d4e8ebb2a6ab0b92b70fc93443864963107aba5 Mon Sep 17 00:00:00 2001 From: Ryan Beck-Buysse Date: Thu, 25 Aug 2022 14:09:32 -0500 Subject: [PATCH 2/2] Switch Docker login actions to use GITHUB_TOKEN This is a more secure/correct way to log into ghcr.io. Signed-off-by: Ryan Beck-Buysse --- .github/workflows/publish-docker-branch.yaml | 8 ++++---- .github/workflows/publish-release.yaml | 4 ++-- .github/workflows/splinter-dev.yaml | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/publish-docker-branch.yaml b/.github/workflows/publish-docker-branch.yaml index c832e92d7..ef4a5049d 100644 --- a/.github/workflows/publish-docker-branch.yaml +++ b/.github/workflows/publish-docker-branch.yaml @@ -70,8 +70,8 @@ jobs: uses: docker/login-action@v1 with: registry: ghcr.io - username: splintercommunity - password: ${{ secrets.SPLINTERCOMMUNITY_GH_PAT }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - uses: actions/checkout@v2 with: @@ -181,8 +181,8 @@ jobs: uses: docker/login-action@v1 with: registry: ghcr.io - username: splintercommunity - password: ${{ secrets.SPLINTERCOMMUNITY_GH_PAT }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - uses: actions/checkout@v2 with: diff --git a/.github/workflows/publish-release.yaml b/.github/workflows/publish-release.yaml index 44994ecac..3938e26df 100644 --- a/.github/workflows/publish-release.yaml +++ b/.github/workflows/publish-release.yaml @@ -86,8 +86,8 @@ jobs: uses: docker/login-action@v1 with: registry: ghcr.io - username: splintercommunity - password: ${{ secrets.SPLINTERCOMMUNITY_GH_PAT }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - uses: actions/checkout@v2 with: diff --git a/.github/workflows/splinter-dev.yaml b/.github/workflows/splinter-dev.yaml index a81514542..a71d001b0 100644 --- a/.github/workflows/splinter-dev.yaml +++ b/.github/workflows/splinter-dev.yaml @@ -59,8 +59,8 @@ jobs: uses: docker/login-action@v1 with: registry: ghcr.io - username: splintercommunity - password: ${{ secrets.SPLINTERCOMMUNITY_GH_PAT }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - uses: actions/checkout@v2 with: