From fc5664befb94b912bdaef06286347d1af91a4ec0 Mon Sep 17 00:00:00 2001 From: Craig Colegrove Date: Wed, 21 Jan 2026 15:10:49 -0800 Subject: [PATCH 01/10] Docker workflow opens issue for licensed --- .github/workflows/docker.yaml | 39 +++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index f521782..d0e4653 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -439,3 +439,42 @@ jobs: env: GH_TOKEN: ${{ secrets.WORKFLOW_PAT }} run: gh release edit --tag "${{ github.event.release.tag_name }}" --prerelease=false "${{ github.event.release.name }}" + + open-issue: + needs: [publish, image] + runs-on: ${{ inputs.other_jobs_runs_on }} + # if: needs.image.outputs.prerelease == false + steps: + - name: Populate list of licensed repos + run: | + # List the licensed image names, put into licensed-images.json + gcloud artifacts docker images list \ + us-docker.pkg.dev/ironcore-images/licensed \ + --format=json \ + 2>/dev/null \ + | jq -r '.[].package' \ + | sed 's|.*/||' \ + | sort -u \ + | jq -R . \ + | jq -s . \ + > licensed-images.json + - name: Check if produced image is in licensed repo list + id: check + run: | + IMAGE_NAME=$(echo "${{inputs.image_name}}" | sed 's|.*/||') + if jq -e --arg name "$IMAGE_NAME" '.[] == $name' licensed-images.json > /dev/null; then + echo "Match found". + echo "match=true" >> "$GITHUB_OUTPUT" + fi + - name: Create issue + uses: actions/github-script@v7 + # if: steps.check.outputs.match == 'true' + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + await github.rest.issues.create({ + owner: context.repo.owner, + repo: context.repo.repo, + title: "Deploy v${{ needs.image.outputs.longtag.longest }} to licensed repository", + body: "This issue serves as a reminder to deploy v${{ needs.image.outputs.longtag.longest }} to the licensed repository. If we plan to skip this release, please close this issue." + }) From 495ad6fc514561f1aed37f2e5df4b573330e1ba4 Mon Sep 17 00:00:00 2001 From: Craig Colegrove Date: Wed, 21 Jan 2026 15:23:52 -0800 Subject: [PATCH 02/10] Fix issue with bump version scripts --- .github/bump-version.get.sh | 2 +- .github/bump-version.set.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/bump-version.get.sh b/.github/bump-version.get.sh index 7aca895..aa16c71 100755 --- a/.github/bump-version.get.sh +++ b/.github/bump-version.get.sh @@ -19,7 +19,7 @@ fi # Find the version files in this directory or its descendants, but don't recurse too deep. # This line must be kept in sync with "bump-version.set.sh". # We exclude example directories because they shouldn't always depend on the latest version (it's normally unreleased) -VERSFILES=$(find . -maxdepth 6 ! -path ./.git/\* | grep -v /node_modules/ | grep -v /example*/** | grep -E '.*/(version|Cargo.toml|version.go|package.json|pom.xml|version.sbt|build.gradle.kts)$') +VERSFILES=$(find . -maxdepth 6 ! -path ./.git/\* | grep -v /node_modules/ | grep -v '/example[^/]*' | grep -E '.*/(version|Cargo.toml|version.go|package.json|pom.xml|version.sbt|build.gradle.kts)$') # Do we have at least one? if [ -z "${VERSFILES}" ] ; then diff --git a/.github/bump-version.set.sh b/.github/bump-version.set.sh index cef34c2..74ec908 100755 --- a/.github/bump-version.set.sh +++ b/.github/bump-version.set.sh @@ -33,7 +33,7 @@ fi # Find the version files in this directory or its descendants, but don't recurse too deep. # This line must be kept in sync with "bump-version.get.sh". -VERSFILES=$(find . -maxdepth 6 ! -path ./.git/\* | grep -v /node_modules/ | grep -v **/example*/** | grep -E '.*/(version|Cargo.toml|version.go|package.json|pom.xml|version.sbt|build.gradle.kts)$') +VERSFILES=$(find . -maxdepth 6 ! -path ./.git/\* | grep -v /node_modules/ | grep -v '/example[^/]*' | grep -E '.*/(version|Cargo.toml|version.go|package.json|pom.xml|version.sbt|build.gradle.kts)$') # Edit the version files. for FILE in ${VERSFILES} ; do From 7805bb7fc67e08ddac50f1ad4049058ecb97de2d Mon Sep 17 00:00:00 2001 From: Craig Colegrove Date: Thu, 22 Jan 2026 11:12:21 -0800 Subject: [PATCH 03/10] Fix issue title/body --- .github/workflows/docker.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index d0e4653..25c6d3f 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -475,6 +475,6 @@ jobs: await github.rest.issues.create({ owner: context.repo.owner, repo: context.repo.repo, - title: "Deploy v${{ needs.image.outputs.longtag.longest }} to licensed repository", - body: "This issue serves as a reminder to deploy v${{ needs.image.outputs.longtag.longest }} to the licensed repository. If we plan to skip this release, please close this issue." + title: "Deploy v${{ needs.image.outputs.longtag }} to licensed repository", + body: "This issue serves as a reminder to deploy v${{ needs.image.outputs.longtag }} to the licensed repository. If we plan to skip this release, please close this issue." }) From 7fac4dd5ccffe527757792928b58d4cfc60cc964 Mon Sep 17 00:00:00 2001 From: Craig Colegrove Date: Thu, 22 Jan 2026 11:20:48 -0800 Subject: [PATCH 04/10] Remove comments --- .github/workflows/docker.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 25c6d3f..c866a8a 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -443,7 +443,7 @@ jobs: open-issue: needs: [publish, image] runs-on: ${{ inputs.other_jobs_runs_on }} - # if: needs.image.outputs.prerelease == false + if: needs.image.outputs.prerelease == 'false' steps: - name: Populate list of licensed repos run: | @@ -468,7 +468,7 @@ jobs: fi - name: Create issue uses: actions/github-script@v7 - # if: steps.check.outputs.match == 'true' + if: steps.check.outputs.match == 'true' with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | From baf5f2a0f48447a330e08c0055db22faeaeed0a0 Mon Sep 17 00:00:00 2001 From: Craig Colegrove Date: Fri, 23 Jan 2026 09:51:35 -0800 Subject: [PATCH 05/10] Remove . --- .github/workflows/docker.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index c866a8a..2a2e12e 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -463,7 +463,7 @@ jobs: run: | IMAGE_NAME=$(echo "${{inputs.image_name}}" | sed 's|.*/||') if jq -e --arg name "$IMAGE_NAME" '.[] == $name' licensed-images.json > /dev/null; then - echo "Match found". + echo "Match found" echo "match=true" >> "$GITHUB_OUTPUT" fi - name: Create issue From bd67c5b4eae81182a7cf57817996be8b767c85c4 Mon Sep 17 00:00:00 2001 From: Craig Colegrove Date: Fri, 23 Jan 2026 10:24:04 -0800 Subject: [PATCH 06/10] List gcloud creds --- .github/workflows/docker.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 2a2e12e..7e72bef 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -445,6 +445,8 @@ jobs: runs-on: ${{ inputs.other_jobs_runs_on }} if: needs.image.outputs.prerelease == 'false' steps: + - name: List gcloud credentials + run: gcloud auth list - name: Populate list of licensed repos run: | # List the licensed image names, put into licensed-images.json From 47da3a53464e04e2a5117353425c7f35f27fec01 Mon Sep 17 00:00:00 2001 From: Craig Colegrove Date: Fri, 23 Jan 2026 10:33:03 -0800 Subject: [PATCH 07/10] debugging --- .github/workflows/docker.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 7e72bef..e102630 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -447,6 +447,10 @@ jobs: steps: - name: List gcloud credentials run: gcloud auth list + - run: | + gcloud artifacts docker images list \ + us-docker.pkg.dev/ironcore-images/licensed \ + --format=json - name: Populate list of licensed repos run: | # List the licensed image names, put into licensed-images.json From 6836763a6b171aba90f6b4a78bcb80261d98dcf8 Mon Sep 17 00:00:00 2001 From: Craig Colegrove Date: Fri, 23 Jan 2026 10:43:39 -0800 Subject: [PATCH 08/10] Try to fix auth issues --- .github/workflows/docker.yaml | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index e102630..957c367 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -443,14 +443,21 @@ jobs: open-issue: needs: [publish, image] runs-on: ${{ inputs.other_jobs_runs_on }} + permissions: + contents: read + id-token: write if: needs.image.outputs.prerelease == 'false' steps: + - uses: actions/checkout@v6 + with: + # Either the workflow_dispatch ref, or the prerelease tag, whichever is set. + ref: ${{ github.event.inputs.ref }}${{ github.event.release.tag_name }} + - uses: google-github-actions/auth@v3 + with: + service_account: depot-ci@ironcore-dev-1.iam.gserviceaccount.com + workload_identity_provider: projects/660542197445/locations/global/workloadIdentityPools/github-actions/providers/github-actions - name: List gcloud credentials run: gcloud auth list - - run: | - gcloud artifacts docker images list \ - us-docker.pkg.dev/ironcore-images/licensed \ - --format=json - name: Populate list of licensed repos run: | # List the licensed image names, put into licensed-images.json @@ -464,6 +471,7 @@ jobs: | jq -R . \ | jq -s . \ > licensed-images.json + cat licensed-images.json - name: Check if produced image is in licensed repo list id: check run: | From c3d0b247d30adfc34e96bf0560c18c2d7afc6b6a Mon Sep 17 00:00:00 2001 From: Craig Colegrove Date: Fri, 23 Jan 2026 10:48:55 -0800 Subject: [PATCH 09/10] Remove useless command --- .github/workflows/docker.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 957c367..f8c2c57 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -456,8 +456,6 @@ jobs: with: service_account: depot-ci@ironcore-dev-1.iam.gserviceaccount.com workload_identity_provider: projects/660542197445/locations/global/workloadIdentityPools/github-actions/providers/github-actions - - name: List gcloud credentials - run: gcloud auth list - name: Populate list of licensed repos run: | # List the licensed image names, put into licensed-images.json From 1ac418140959c935f17c2338e06e7d5669c89c43 Mon Sep 17 00:00:00 2001 From: Craig Colegrove Date: Fri, 23 Jan 2026 11:02:53 -0800 Subject: [PATCH 10/10] Fix jq statement --- .github/workflows/docker.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index f8c2c57..8e4424a 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -474,7 +474,7 @@ jobs: id: check run: | IMAGE_NAME=$(echo "${{inputs.image_name}}" | sed 's|.*/||') - if jq -e --arg name "$IMAGE_NAME" '.[] == $name' licensed-images.json > /dev/null; then + if jq -e --arg name "$IMAGE_NAME" 'any(.[]; . == $name)' licensed-images.json > /dev/null; then echo "Match found" echo "match=true" >> "$GITHUB_OUTPUT" fi