chore(deps): update sigstore support dependencies (#28)

* chore(deps): update sigstore support dependencies | datasource | package | from | to | | ----------- | -------------------------- | ------ | ------ | | github-tags | actions/checkout | v4.2.1 | v4.2.2 | | github-tags | defenseunicorns/uds-common | v1.1.2 | v1.2.2 | * add zarf yaml override * add certs deps * fix certs * add job name selector * update job deletion --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Wayne Starr <me@racer159.com>
defenseunicorns · Oct 29, 2024 · 49bca2c · 49bca2c
1 parent e175c32
commit 49bca2c
Show file tree

Hide file tree

Showing 10 changed files with 31 additions and 19 deletions.
diff --git a/.github/workflows/ci-docs-shim.yaml b/.github/workflows/ci-docs-shim.yaml
@@ -18,7 +18,7 @@ jobs:
       matrix:
         type: [install, upgrade]
         flavor: [upstream, unicorn]
-    uses: defenseunicorns/uds-common/.github/workflows/callable-ci-docs-shim.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2
+    uses: defenseunicorns/uds-common/.github/workflows/callable-ci-docs-shim.yaml@d59b1c601730bfa7ab76439643242358e529603e # v1.2.2
     with:
       flavor: ${{ matrix.flavor }}
       type: ${{ matrix.type }}

diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml
@@ -15,4 +15,4 @@ permissions:
 
 jobs:
   validate:
-    uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2
+    uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@d59b1c601730bfa7ab76439643242358e529603e # v1.2.2
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
@@ -15,5 +15,5 @@ permissions:
 
 jobs:
   validate:
-    uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2
+    uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@d59b1c601730bfa7ab76439643242358e529603e # v1.2.2
     secrets: inherit
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -41,7 +41,7 @@ jobs:
         exclude:
           - flavor: registry1
             architecture: arm64
-    uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2
+    uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@d59b1c601730bfa7ab76439643242358e529603e # v1.2.2
     with:
       flavor: ${{ matrix.flavor }}
       runsOn: ${{ matrix.architecture == 'arm64' && 'uds-swf-ubuntu-arm64-4-core' || 'ubuntu-latest' }}

diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml
@@ -32,5 +32,5 @@ jobs:
       security-events: write
       # Used to receive a badge.
       id-token: write
-    uses: defenseunicorns/uds-common/.github/workflows/callable-scorecard.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2
+    uses: defenseunicorns/uds-common/.github/workflows/callable-scorecard.yaml@d59b1c601730bfa7ab76439643242358e529603e # v1.2.2
     secrets: inherit
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -41,11 +41,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: test-flavor
-        uses: defenseunicorns/uds-common/.github/actions/test-flavor@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2
+        uses: defenseunicorns/uds-common/.github/actions/test-flavor@d59b1c601730bfa7ab76439643242358e529603e # v1.2.2
         id: test-flavor
+        with:
+          check-flavor-zarf-yaml: src/ctlog/zarf.yaml
     outputs:
       upgrade-flavors: ${{ steps.test-flavor.outputs.upgrade-flavors }}
 
@@ -56,7 +58,7 @@ jobs:
       matrix:
         type: [install, upgrade]
         flavor: [upstream, unicorn]
-    uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2
+    uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@d59b1c601730bfa7ab76439643242358e529603e # v1.2.2
     with:
       upgrade-flavors: ${{ needs.check-flavor.outputs.upgrade-flavors }}
       flavor: ${{ matrix.flavor }}

diff --git a/src/ctlog/common/zarf.yaml b/src/ctlog/common/zarf.yaml
@@ -23,6 +23,10 @@ components:
           - ../values/values.yaml
     actions:
       onDeploy:
+        before:
+          # delete the old jobs so that an upgrade will work
+          - cmd: ./zarf tools kubectl delete jobs -n ctlog-system ctlog-createctconfig || true
+          - cmd: ./zarf tools kubectl delete jobs -n ctlog-system ctlog-createtree || true
         after:
           - description: Validate CtLog Package
             maxTotalSeconds: 300

diff --git a/src/rekor/common/zarf.yaml b/src/rekor/common/zarf.yaml
@@ -23,6 +23,9 @@ components:
           - ../values/values.yaml
     actions:
       onDeploy:
+        before:
+          # delete the old job so that an upgrade will work
+          - cmd: ./zarf tools kubectl delete jobs -n rekor-system rekor-createtree || true
         after:
           - description: Validate Rekor Package
             maxTotalSeconds: 300

diff --git a/tasks.yaml b/tasks.yaml
@@ -4,16 +4,16 @@
 includes:
   - dependencies: ./tasks/dependencies.yaml
   - test: ./tasks/test.yaml
-  - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.1.2/tasks/create.yaml
-  - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.1.2/tasks/publish.yaml
-  - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.1.2/tasks/lint.yaml
-  - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.1.2/tasks/pull.yaml
-  - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.1.2/tasks/deploy.yaml
-  - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.1.2/tasks/setup.yaml
-  - actions: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.1.2/tasks/actions.yaml
-  - badge: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.1.2/tasks/badge.yaml
-  - upgrade: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.1.2/tasks/upgrade.yaml
-  - compliance: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.1.2/tasks/compliance.yaml
+  - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.2.2/tasks/create.yaml
+  - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.2.2/tasks/publish.yaml
+  - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.2.2/tasks/lint.yaml
+  - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.2.2/tasks/pull.yaml
+  - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.2.2/tasks/deploy.yaml
+  - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.2.2/tasks/setup.yaml
+  - actions: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.2.2/tasks/actions.yaml
+  - badge: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.2.2/tasks/badge.yaml
+  - upgrade: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.2.2/tasks/upgrade.yaml
+  - compliance: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.2.2/tasks/compliance.yaml
 
 tasks:
   - name: default
@@ -74,6 +74,7 @@ tasks:
   - name: test-install
     description: Test the health of a Sigstore deployment
     actions:
+      - task: dependencies:certs
       - task: create-dev-package
       - task: setup:k3d-test-cluster
       - task: create-deploy-test-bundle
@@ -82,6 +83,7 @@ tasks:
   - name: test-upgrade
     description: Test an upgrade from the latest released package to the current branch
     actions:
+      - task: dependencies:certs
       - task: upgrade:create-latest-tag-bundle
         with:
           dep_commands: ./uds run dependencies:create
@@ -99,6 +101,8 @@ tasks:
       - task: actions:determine-arch
       - task: create:package
 
+      - task: dependencies:certs
+        if: ${{ or (ne .variables.FLAVOR "upstream") (ne .variables.ARCH "arm64") }}
       - task: setup:k3d-test-cluster
         if: ${{ or (ne .variables.FLAVOR "upstream") (ne .variables.ARCH "arm64") }}
       - task: create-deploy-test-bundle

diff --git a/tasks/dependencies.yaml b/tasks/dependencies.yaml
@@ -12,7 +12,6 @@ tasks:
         default: ${UDS_ARCH}
     actions:
       - cmd: ./uds zarf package create src/dev-openbao/ --confirm --no-progress --architecture=${{ .inputs.architecture }} --skip-sbom ${{ .inputs.options }}
-      - task: certs
 
   - name: certs
     description: Create the certificates needed to initialize Fulcio / TSA