Skip to content

Update prod cache of build materials #8393

Update prod cache of build materials

Update prod cache of build materials #8393

Workflow file for this run

name: Update prod cache of build materials
on:
workflow_dispatch:
# Triggers the workflow every six hours
schedule:
- cron: "0 */6 * * *"
env:
PROJECT: prod-images-c6e5
FQ_SERVICE_ACCOUNT: [email protected]
SOURCE_CACHE_BUCKET: wolfi-sources
permissions:
contents: read
jobs:
update-cache:
runs-on: ubuntu-latest
if: github.repository == 'wolfi-dev/os'
permissions:
contents: read
id-token: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: chainguard-dev/actions/setup-melange@2cadca168a422313df94f6169691a86498ae51b1 # main
- uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7
with:
workload_identity_provider: "projects/618116202522/locations/global/workloadIdentityPools/prod-shared-e350/providers/prod-shared-gha"
service_account: ${{env.FQ_SERVICE_ACCOUNT}}
- uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2
with:
project_id: ${{env.PROJECT}}
- name: 'Update cache of build materials for all packages'
run: |
for cfg in $(ls -1 | grep '.*\.yaml'); do
echo "Updating cache for ${cfg}...";
melange update-cache --cache-dir gs://${{env.SOURCE_CACHE_BUCKET}}/ "${cfg}" || true;
done