-
Notifications
You must be signed in to change notification settings - Fork 278
50 lines (39 loc) · 1.56 KB
/
update-cache.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
name: Update prod cache of build materials
on:
workflow_dispatch:
# Triggers the workflow every six hours
schedule:
- cron: "0 */6 * * *"
env:
PROJECT: prod-images-c6e5
FQ_SERVICE_ACCOUNT: [email protected]
SOURCE_CACHE_BUCKET: wolfi-sources
permissions:
contents: read
jobs:
update-cache:
runs-on: ubuntu-latest
if: github.repository == 'wolfi-dev/os'
permissions:
contents: read
id-token: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: chainguard-dev/actions/setup-melange@2cadca168a422313df94f6169691a86498ae51b1 # main
- uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6
with:
workload_identity_provider: "projects/618116202522/locations/global/workloadIdentityPools/prod-shared-e350/providers/prod-shared-gha"
service_account: ${{env.FQ_SERVICE_ACCOUNT}}
- uses: google-github-actions/setup-gcloud@f0990588f1e5b5af6827153b93673613abdc6ec7 # v2.1.1
with:
project_id: ${{env.PROJECT}}
- name: 'Update cache of build materials for all packages'
run: |
for cfg in $(ls -1 | grep '.*\.yaml'); do
echo "Updating cache for ${cfg}...";
melange update-cache --cache-dir gs://${{env.SOURCE_CACHE_BUCKET}}/ "${cfg}" || true;
done