diff --git a/.github/workflows/catalogs.yml b/.github/workflows/catalogs.yml index 6ffecd6c..f5a61769 100644 --- a/.github/workflows/catalogs.yml +++ b/.github/workflows/catalogs.yml @@ -19,6 +19,7 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 with: path: postgres-containers + token: ${{ secrets.REPO_GHA_PAT }} - name: Checkout artifacts uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 @@ -41,6 +42,14 @@ jobs: run: | python postgres-containers/.github/catalogs_generator.py --output-dir artifacts/image-catalogs/ + # TODO: remove this step once system images are EOL + - name: Update legacy catalogs + run: | + cp artifacts/image-catalogs/catalog-system-bullseye.yaml postgres-containers/Debian/ClusterImageCatalog-bullseye.yaml + cp artifacts/image-catalogs/catalog-system-bookworm.yaml postgres-containers/Debian/ClusterImageCatalog-bookworm.yaml + yq -i '.metadata.name = "postgresql"' postgres-containers/Debian/ClusterImageCatalog-bullseye.yaml + yq -i '.metadata.name = "postgresql"' postgres-containers/Debian/ClusterImageCatalog-bookworm.yaml + - name: Diff working-directory: artifacts run: | @@ -56,3 +65,40 @@ jobs: author_name: CloudNativePG Automated Updates author_email: noreply@cnpg.com message: 'chore: update imageCatalogs' + + # TODO: remove this step once system images are EOL + - name: Temporarily disable "include administrators" branch protection + if: ${{ always() && github.ref == 'refs/heads/main' }} + id: disable_include_admins + uses: benjefferies/branch-protection-bot@af281f37de86139d1c7a27b91176b5dc1c2c827c # v1.1.2 + with: + access_token: ${{ secrets.REPO_GHA_PAT }} + branch: main + enforce_admins: false + + # TODO: remove this step once system images are EOL + - name: Legacy diff + working-directory: postgres-containers + run: | + git add -A . + git status + git diff --staged + + # TODO: remove this step once system images are EOL + - uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9 + if: ${{ github.ref == 'refs/heads/main' }} + with: + cwd: 'postgres-containers' + add: 'Debian/*.yaml' + author_name: CloudNativePG Automated Updates + author_email: noreply@cnpg.com + message: 'chore: update imageCatalogs' + + # TODO: remove this step once system images are EOL + - name: Enable "include administrators" branch protection + uses: benjefferies/branch-protection-bot@af281f37de86139d1c7a27b91176b5dc1c2c827c # v1.1.2 + if: ${{ always() && github.ref == 'refs/heads/main' }} + with: + access_token: ${{ secrets.REPO_GHA_PAT }} + branch: main + enforce_admins: ${{ steps.disable_include_admins.outputs.initial_status }} diff --git a/README.md b/README.md index d7a7ff3c..45d4e634 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ > In response, the CloudNativePG project has completed the transition to the > new `bake`-based build process for all `system` images. We now build directly > on top of the official Debian slim images, fully detaching from the official -> Postgres image. Additional changes are planned as part of epic #287. +> Postgres image. --- @@ -169,6 +169,19 @@ tags: tag formats that explicitly include both the **image type** and the **distribution version** (e.g. `16.10-minimal-trixie`). +## Image Catalogs + +CloudNativePG publishes `ClusterImageCatalog` manifests for CloudNativePG in +the [`artifacts` repository](https://github.com/cloudnative-pg/artifacts/tree/main/image-catalogs), +with one catalog available for each supported combination of image type and +operating system version. + +**IMPORTANT:** If you are still relying on the legacy +[`ClusterImageCatalog-bullseye.yaml`](Debian/ClusterImageCatalog-bullseye.yaml) +and [`ClusterImageCatalog-bookworm.yaml`](Debian/ClusterImageCatalog-bookworm.yaml) +manifests, please migrate to the new catalogs as soon as possible. These legacy +manifests are deprecated and will be removed along with the `system` image. + ## Build Attestations CNPG PostgreSQL Container Images are built with the following attestations to