diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index f4a417e..a305abd 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -156,8 +156,8 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} target: prod - cache-from: type=gha - cache-to: type=gha,mode=max + cache-from: type=inline + cache-to: type=inline,mode=max - name: Scan frontend image for vulnerabilities uses: anchore/scan-action@v5 @@ -182,7 +182,7 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} target: prod - cache-from: type=gha + cache-from: type=inline - name: Create git tag if: github.event_name == 'push' && github.ref == 'refs/heads/main' @@ -248,8 +248,8 @@ jobs: labels: ${{ steps.meta.outputs.labels }} build-args: | APT_CACHE_BUST=${{ github.run_id }} - cache-from: type=gha - cache-to: type=gha,mode=max + cache-from: type=inline + cache-to: type=inline,mode=max - name: Scan receiptwitness image for vulnerabilities uses: anchore/scan-action@v5 @@ -276,7 +276,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} build-args: | APT_CACHE_BUST=${{ github.run_id }} - cache-from: type=gha + cache-from: type=inline build-and-push-api: runs-on: ubuntu-latest @@ -336,8 +336,8 @@ jobs: labels: ${{ steps.meta.outputs.labels }} build-args: | APT_CACHE_BUST=${{ github.run_id }} - cache-from: type=gha - cache-to: type=gha,mode=max + cache-from: type=inline + cache-to: type=inline,mode=max - name: Scan api image for vulnerabilities uses: anchore/scan-action@v5 @@ -364,7 +364,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} build-args: | APT_CACHE_BUST=${{ github.run_id }} - cache-from: type=gha + cache-from: type=inline build-and-push-auth: runs-on: ubuntu-latest @@ -424,8 +424,8 @@ jobs: labels: ${{ steps.meta.outputs.labels }} build-args: | APT_CACHE_BUST=${{ github.run_id }} - cache-from: type=gha - cache-to: type=gha,mode=max + cache-from: type=inline + cache-to: type=inline,mode=max - name: Scan auth image for vulnerabilities uses: anchore/scan-action@v5 @@ -452,7 +452,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} build-args: | APT_CACHE_BUST=${{ github.run_id }} - cache-from: type=gha + cache-from: type=inline deploy-dev: runs-on: ubuntu-latest @@ -463,7 +463,7 @@ jobs: uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 with: repository: cartsnitch/infra - token: ${{ secrets.REGISTRY_TOKEN }} + token: ${{ secrets.CI_GITEA_TOKEN }} ref: main path: infra @@ -471,7 +471,16 @@ jobs: uses: azure/setup-kubectl@v4 - name: Install kustomize - uses: imranismail/setup-kustomize@v2 + # imranismail/setup-kustomize@v2 calls the Gitea API to record + # telemetry under the "kubernetes-sigs" user, which doesn't exist + # on this Gitea instance. Install the binary directly instead. + run: | + set -euo pipefail + version="5.4.3" + url="https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv${version}/kustomize_v${version}_linux_amd64.tar.gz" + curl -fsSL --retry 3 "$url" | tar -xz -C /tmp kustomize + sudo install -m 0755 /tmp/kustomize /usr/local/bin/kustomize + kustomize version - name: Determine image tag for frontend id: frontend_tag @@ -553,7 +562,7 @@ jobs: uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 with: repository: cartsnitch/infra - token: ${{ secrets.REGISTRY_TOKEN }} + token: ${{ secrets.CI_GITEA_TOKEN }} ref: main path: infra @@ -561,7 +570,16 @@ jobs: uses: azure/setup-kubectl@v4 - name: Install kustomize - uses: imranismail/setup-kustomize@v2 + # imranismail/setup-kustomize@v2 calls the Gitea API to record + # telemetry under the "kubernetes-sigs" user, which doesn't exist + # on this Gitea instance. Install the binary directly instead. + run: | + set -euo pipefail + version="5.4.3" + url="https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv${version}/kustomize_v${version}_linux_amd64.tar.gz" + curl -fsSL --retry 3 "$url" | tar -xz -C /tmp kustomize + sudo install -m 0755 /tmp/kustomize /usr/local/bin/kustomize + kustomize version - name: Determine image tag for frontend id: frontend_tag