From f9dc1b79aada4c11bab0048dc52f5bd16939f9da Mon Sep 17 00:00:00 2001
From: Josh Minor <josh.minor@arm.com>
Date: Tue, 8 Nov 2022 14:44:18 -0600
Subject: [PATCH 1/2] Use common yaml for builds

Signed-off-by: Josh Minor <josh.minor@arm.com>
---
 .github/workflows/docker-buildx.yml           | 106 ------------------
 .github/workflows/helm.yml                    |  46 --------
 .../workflows/smarter-org-docker-buildx.yml   |  21 ++++
 .github/workflows/smarter-org-helm.yml        |  11 ++
 4 files changed, 32 insertions(+), 152 deletions(-)
 delete mode 100644 .github/workflows/docker-buildx.yml
 delete mode 100644 .github/workflows/helm.yml
 create mode 100644 .github/workflows/smarter-org-docker-buildx.yml
 create mode 100644 .github/workflows/smarter-org-helm.yml

diff --git a/.github/workflows/docker-buildx.yml b/.github/workflows/docker-buildx.yml
deleted file mode 100644
index 0c3c1f1..0000000
--- a/.github/workflows/docker-buildx.yml
+++ /dev/null
@@ -1,106 +0,0 @@
-name: Docker Image BuildX CI and Publish
-
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-
-on:
-  schedule:
-    - cron: '19 16 * * *'
-  push:
-    branches: [ "main" ]
-    # Publish semver tags as releases.
-    tags: [ 'v*.*.*' ]
-  pull_request:
-    branches: [ "main" ]
-  workflow_dispatch:
-  
-env:
-  # Use docker.io for Docker Hub if empty
-  REGISTRY: ghcr.io
-  # github.repository as <account>/<repo>
-  IMAGE_NAME: ${{ github.repository }}
-
-jobs:
-  build:
-
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-      # This is used to complete the identity challenge
-      # with sigstore/fulcio when running outside of PRs.
-      id-token: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-
-      # Install the cosign tool except on PR
-      # https://github.com/sigstore/cosign-installer
-      - name: Install cosign
-        if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0
-        with:
-          cosign-release: 'v1.13.1'
-
-      -
-        # Add support for more platforms with QEMU (optional)
-        # https://github.com/docker/setup-qemu-action
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      # Login against a Docker registry except on PR
-      # https://github.com/docker/login-action
-      - name: Log into registry ${{ env.REGISTRY }}
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      # Extract metadata (tags, labels) for Docker
-      # https://github.com/docker/metadata-action
-      - name: Extract Docker metadata
-        id: meta
-        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
-        with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- 
-      # Workaround: https://github.com/docker/build-push-action/issues/461
-      - name: Setup Docker buildx
-        uses: docker/setup-buildx-action@v2.2.1
-        with:
-          platforms: linux/amd64,linux/arm64
-          #platforms: linux/amd64,linux/arm64,linux/arm/v7
-      # Build and push Docker image with Buildx (don't push on PR)
-      # https://github.com/docker/build-push-action
-      - name: Build and push Docker image
-        id: build-and-push
-        uses: docker/build-push-action@v3
-        with:
-          platforms: linux/amd64,linux/arm64
-          #platforms: linux/amd64,linux/arm64,linux/arm/v7
-          context: .
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-      #- name: Build
-      #  run: |
-      #    docker build --platform "linux/amd64,linux/arm64" --push . --file Dockerfile --tag ${{ steps.meta.outputs.tags }} --tag ${{ steps.meta.outputs.labels }} # will run buil
-
-      # Sign the resulting Docker image digest except on PRs.
-      # This will only write to the public Rekor transparency log when the Docker
-      # repository is public to avoid leaking data.  If you would like to publish
-      # transparency data even for private images, pass --force to cosign below.
-      # https://github.com/sigstore/cosign
-      - name: Sign the published Docker image
-        if: ${{ github.event_name != 'pull_request' }}
-        env:
-          COSIGN_EXPERIMENTAL: "true"
-        # This step uses the identity token to provision an ephemeral certificate
-        # against the sigstore community Fulcio instance.
-        run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }}
diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml
deleted file mode 100644
index 519e947..0000000
--- a/.github/workflows/helm.yml
+++ /dev/null
@@ -1,46 +0,0 @@
-# release.yaml
-name: Release Charts
-
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  release:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-
-      - name: Configure Git
-        run: |
-          git config user.name "$GITHUB_ACTOR"
-          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
-
-      # Optional step if GPG signing is used
-      - name: Prepare GPG key
-        run: |
-          gpg_dir=.cr-gpg
-          mkdir "$gpg_dir"
-          keyring="$gpg_dir/secring.gpg"
-          base64 -d <<< "$GPG_KEYRING_BASE64" > "$keyring"
-          passphrase_file="$gpg_dir/passphrase"
-          echo "$GPG_PASSPHRASE" > "$passphrase_file"
-          echo "CR_PASSPHRASE_FILE=$passphrase_file" >> "$GITHUB_ENV"
-          echo "CR_KEYRING=$keyring" >> "$GITHUB_ENV"
-          echo "sign: true" > cr.yaml
-          echo "key: Smarter Project" >> cr.yaml
-        env:
-          GPG_KEYRING_BASE64: "${{ secrets.GPG_KEYRING_BASE64 }}"
-          GPG_PASSPHRASE: "${{ secrets.GPG_PASSPHRASE }}"
-
-      - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.4.1
-        with:
-          config: cr.yaml
-        env:
-          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-
diff --git a/.github/workflows/smarter-org-docker-buildx.yml b/.github/workflows/smarter-org-docker-buildx.yml
new file mode 100644
index 0000000..bd7c2d3
--- /dev/null
+++ b/.github/workflows/smarter-org-docker-buildx.yml
@@ -0,0 +1,21 @@
+name: Docker Image BuildX CI and Publish
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+on:
+  schedule:
+    - cron: "19 16 * * *"
+  push:
+    branches: ["main"]
+    # Publish semver tags as releases.
+    tags: ["v*.*.*"]
+  pull_request:
+    branches: ["main"]
+  workflow_dispatch:
+
+jobs:
+  build:
+    uses: smarter-project/reusable-workflows/.github/workflows/smarter-org-docker-buildx.yml@9927568ab57568aff1bf848e625686522261fb06
diff --git a/.github/workflows/smarter-org-helm.yml b/.github/workflows/smarter-org-helm.yml
new file mode 100644
index 0000000..60e4732
--- /dev/null
+++ b/.github/workflows/smarter-org-helm.yml
@@ -0,0 +1,11 @@
+# release.yaml
+name: Release Charts
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  release:
+    uses: smarter-project/reusable-workflows/.github/workflows/smarter-org-helm.yml@9927568ab57568aff1bf848e625686522261fb06

From 9764ac98fca48532b0ad81e220de2aeb76cc82e4 Mon Sep 17 00:00:00 2001
From: Josh Minor <josh.minor@arm.com>
Date: Tue, 8 Nov 2022 16:33:30 -0600
Subject: [PATCH 2/2] Use main as tags for reuse action

Signed-off-by: Josh Minor <josh.minor@arm.com>
---
 .github/workflows/smarter-org-docker-buildx.yml | 2 +-
 .github/workflows/smarter-org-helm.yml          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/smarter-org-docker-buildx.yml b/.github/workflows/smarter-org-docker-buildx.yml
index bd7c2d3..ea4e75d 100644
--- a/.github/workflows/smarter-org-docker-buildx.yml
+++ b/.github/workflows/smarter-org-docker-buildx.yml
@@ -18,4 +18,4 @@ on:
 
 jobs:
   build:
-    uses: smarter-project/reusable-workflows/.github/workflows/smarter-org-docker-buildx.yml@9927568ab57568aff1bf848e625686522261fb06
+    uses: smarter-project/reusable-workflows/.github/workflows/smarter-org-docker-buildx.yml@main
diff --git a/.github/workflows/smarter-org-helm.yml b/.github/workflows/smarter-org-helm.yml
index 60e4732..61a3735 100644
--- a/.github/workflows/smarter-org-helm.yml
+++ b/.github/workflows/smarter-org-helm.yml
@@ -8,4 +8,4 @@ on:
 
 jobs:
   release:
-    uses: smarter-project/reusable-workflows/.github/workflows/smarter-org-helm.yml@9927568ab57568aff1bf848e625686522261fb06
+    uses: smarter-project/reusable-workflows/.github/workflows/smarter-org-helm.yml@main