ci: use uds task instead of GH action for registry login (#162)

## Description Due to intermittent login issues that fail CI workflow runs, we would benefit from being able to retry logins with some delay between retries. This would move from using the GH Actions docker/login-action to a uds run task for registry logins. ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [ ] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request ) followed --------- Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com>

ci: use uds task instead of GH action for registry login (#162)
c8135ffa · Palassis · GitHub · 2f0a1a77 · c8135ffa · c8135ffa
Unverified Commit c8135ffa authored 1 year ago by Palassis Committed by GitHub 1 year ago
--- a/.github/actions/setup/action.yaml
+++ b/.github/actions/setup/action.yaml
@@ -31,17 +31,3 @@ runs:
      shell: bash
      # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
      run: brew install defenseunicorns/tap/uds@0.9.0
-
-    - name: Login to GHCR
-      uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
-      with:
-        registry: ghcr.io
-        username: dummy
-        password: ${{ inputs.gh_token }}
-
-    - name: Login to registry1
-      uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
-      with:
-        registry: registry1.dso.mil
-        username: ${{ inputs.ib_user }}
-        password: ${{ inputs.ib_password }}
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -49,10 +49,12 @@ jobs:

      - name: Environment setup
        uses: ./.github/actions/setup
-        with:
-          gh_token: ${{ secrets.GITHUB_TOKEN }}
-          ib_user: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
-          ib_password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
+
+      - name: Login to GHCR
+        run: uds run registry-login --set REGISTRY=ghcr.io --set REGISTRY_USERNAME=dummy --set REGISTRY_PASSWORD=${{ secrets.GITHUB_TOKEN }} --set REGISTRY_RETRY_INTERVAL=90
+
+      - name: Login to registry1
+        run: uds run registry-login --set REGISTRY=registry1.dso.mil --set REGISTRY_USERNAME=${{ secrets.IRON_BANK_ROBOT_USERNAME }} --set REGISTRY_PASSWORD=${{ secrets.IRON_BANK_ROBOT_PASSWORD }} --set REGISTRY_RETRY_INTERVAL=90

      - name: Test a single source package
        if: ${{ inputs.package != 'all' && inputs.test_type == 'install' }}

--- a/renovate.json
+++ b/renovate.json
@@ -33,10 +33,9 @@
      "extractVersionTemplate": "^v(?<version>.*)$"
    },
    {
-      "fileMatch": ["\\.*\\.ya?ml$", "^\\.vscode/settings\\.json$"],
+      "fileMatch": ["\\.*\\.ya?ml$"],
      "matchStrings": [
-        "# renovate: datasource=github-tags depName=(?<depName>[^ ]+) versioning=(?<versioning>.*?)( extractVersion=(?<extractVersion>.*?))?\n.*?(version:|ref:) (?<currentValue>.*)",
-        "\/\/ renovate: datasource=github-tags depName=(?<depName>[^ ]+) versioning=(?<versioning>.*?)( extractVersion=(?<extractVersion>.*?))?\n.*?(https:\/\/raw.githubusercontent.com\/defenseunicorns\/zarf\/)(?<currentValue>[^\\s]+)\/"
+        "# renovate: datasource=github-tags depName=(?<depName>[^ ]+) versioning=(?<versioning>.*?)( extractVersion=(?<extractVersion>.*?))?\n.*?(version:|ref:) (?<currentValue>.*)"
      ],
      "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}",
      "datasourceTemplate": "github-tags"
@@ -44,14 +43,21 @@
    },
    {
      "depNameTemplate": "defenseunicorns/uds-cli",
-      "fileMatch": ["\\.*\\.ya?ml$", "^\\.vscode/settings\\.json$"],
+      "fileMatch": ["\\.*\\.ya?ml$"],
      "matchStrings": [
-        "# renovate: datasource=github-tags depName=(?<depName>[^ ]+) versioning=(?<versioning>[^\n]+)\n.*?uds@(?<currentValue>.*)",
-        "\/\/ renovate: datasource=github-tags depName=(?<depName>[^ ]+) versioning=(?<versioning>.*?)( extractVersion=(?<extractVersion>.*?))?\n.*?(https:\/\/raw.githubusercontent.com\/defenseunicorns\/uds-cli\/v)(?<currentValue>[^\\s]+)\/"
+        "# renovate: datasource=github-tags depName=(?<depName>[^ ]+) versioning=(?<versioning>[^\n]+)\n.*?uds@(?<currentValue>.*)"
      ],
      "datasourceTemplate": "github-tags",
      "extractVersionTemplate": "^v(?<version>.*)$"
    },
+    {
+      "fileMatch": ["^tasks.ya?ml$", "^tasks/.*\\.ya?ml$", "^\\.vscode/settings\\.json$"],
+      "matchStrings": [
+         "https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\/]+\\/[^\\/]+)\\/(?<currentValue>[^\\/]+)"
+      ],
+      "versioningTemplate": "semver-coerced",
+      "datasourceTemplate": "github-tags"
+    },
    {
      "fileMatch": ["\\.*\\.ya?ml$"],
      "matchStrings": [

--- a/tasks.yaml
+++ b/tasks.yaml
@@ -10,6 +10,7 @@ includes:
  - deploy: ./tasks/deploy.yaml
  - test: ./tasks/test.yaml
  - lint: ./tasks/lint.yaml
+  - common-setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.2.0/tasks/setup.yaml
 tasks:
  - name: dev-setup
    actions:
@@ -35,6 +36,15 @@ tasks:
    actions:
      - task: setup:k3d-test-cluster

+  - name: registry-login
+    actions:
+      - task: common-setup:registry-login
+        with:
+          registry: ${REGISTRY}
+          registryUsername: ${REGISTRY_USERNAME}
+          registryPassword: ${REGISTRY_PASSWORD}
+          registryRetryInterval: ${REGISTRY_RETRY_INTERVAL}
+
  - name: create-single-package
    actions:
      - task: create:single-package