ci: fix generate release config

hoverkraft-tech · Jan 14, 2025 · c43ab4f · c43ab4f
1 parent 969ed1d
commit c43ab4f
Show file tree

Hide file tree

Showing 6 changed files with 27 additions and 6 deletions.
diff --git a/.github/release-config.template.yml b/.github/release-config.template.yml
@@ -9,4 +9,4 @@ include-paths:
   - images/{{image}}/*
   - .github/actions/should-build-image/*
   - .github/workflows/__shared-ci.yml
-  - .github/workflows/__shared-get-available-images-matrix.yml
+  - .github/workflows/__shared-get-available-images-matrix.yml
diff --git a/.github/workflows/__shared-ci.yml b/.github/workflows/__shared-ci.yml
@@ -11,6 +11,15 @@ on:
         description: "Password or GitHub token (packages:read and packages:write scopes) used to log against the OCI registry."
         required: true
 
+permissions:
+  contents: read
+  issues: read
+  packages: write
+  pull-requests: read
+  statuses: write
+  # FIXME: This is a workaround for having workflow actions. See https://github.com/orgs/community/discussions/38659
+  id-token: write
+
 jobs:
   checks:
     # FIXME: the new version of the linter fails with a lot of errors if upgraded

diff --git a/.github/workflows/generate-release-config.yml b/.github/workflows/generate-release-config.yml
@@ -32,7 +32,7 @@ jobs:
 
       - uses: actions/upload-artifact@v4
         with:
-          name: changed-files
+          name: changed-files-${{ matrix.image }}
           path: ./.github/release-config/${{ matrix.image }}-release-config.yml
 
   publish-actions-readme:
@@ -48,7 +48,8 @@ jobs:
 
       - uses: actions/download-artifact@v4
         with:
-          name: changed-files
+          pattern: changed-files-*
+          merge-multiple: true
           path: ./.github/release-config/
 
       - uses: tibdex/github-app-token@v1

diff --git a/.github/workflows/pull-request-ci.yml b/.github/workflows/pull-request-ci.yml
@@ -4,6 +4,17 @@ on:
   pull_request:
     branches: [main]
 
+# jscpd:ignore-start
+permissions:
+  contents: read
+  issues: read
+  packages: write
+  pull-requests: read
+  statuses: write
+  # FIXME: This is a workaround for having workflow actions. See https://github.com/orgs/community/discussions/38659
+  id-token: write
+# jscpd:ignore-end
+
 jobs:
   ci:
     name: Continuous Integration
@@ -51,7 +62,7 @@ jobs:
               core.setOutput('comment-body','No images have been built.');
             }
 
-      - uses: hoverkraft-tech/ci-github-common/actions/create-or-update-comment@0.4.3
+      - uses: hoverkraft-tech/ci-github-common/actions/create-or-update-comment@0.15.0
         with:
           title: "Images have been built :sparkles: !"
           body: |

diff --git a/images/ci-helm/Dockerfile b/images/ci-helm/Dockerfile
@@ -1,7 +1,7 @@
 ARG version=v3.12.0
 FROM quay.io/helmpack/chart-testing:${version}
 
-LABEL org.opencontainers.image.source = "https://github.com/hoverkraft-tech/docker-base-images"
+LABEL org.opencontainers.image.source="https://github.com/hoverkraft-tech/docker-base-images"
 
 # we can probably ignore warning about versions of such packages
 # hadolint ignore=DL3018

diff --git a/images/mydumper/Dockerfile b/images/mydumper/Dockerfile
@@ -1,6 +1,6 @@
 FROM ubuntu:jammy
 
-LABEL org.opencontainers.image.source = "https://github.com/hoverkraft-tech/docker-base-images"
+LABEL org.opencontainers.image.source="https://github.com/hoverkraft-tech/docker-base-images"
 
 ENV DEBIAN_FRONTEND=noninteractive \
     TZ=UTC \