From 5b8ce46a277923a93115a7584d22ae6e666da0e6 Mon Sep 17 00:00:00 2001 From: chengjingtao Date: Thu, 16 Apr 2026 09:39:22 +0000 Subject: [PATCH 1/6] chore: configure renovate for dagger base images MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add renovate.json with org-level preset extension and a custom regex manager matching `// renovate:` annotations in .dagger/*.go, so base images referenced via Dagger's From("...") calls become trackable. Annotate the two final-image-base From calls in publishimage.go without changing the current alpine:latest value — the actual pin is applied in a follow-up commit. Co-Authored-By: Claude Opus 4.6 (1M context) --- .dagger/publishimage.go | 2 ++ renovate.json | 17 +++++++++++++++++ 2 files changed, 19 insertions(+) create mode 100644 renovate.json diff --git a/.dagger/publishimage.go b/.dagger/publishimage.go index 84e07ceec..29bd6b3b6 100644 --- a/.dagger/publishimage.go +++ b/.dagger/publishimage.go @@ -107,6 +107,7 @@ func (m *HarborCli) PublishImage( } ctr := dag.Container(dagger.ContainerOpts{Platform: dagger.Platform(os + "/" + arch)}). + // renovate: datasource=docker depName=alpine From("alpine:latest"). WithWorkdir("/"). WithFile("/harbor", builder.File("./harbor")). @@ -130,6 +131,7 @@ func (m *HarborCli) PublishImage( filepath := fmt.Sprintf("bin/harbor-cli_%s_linux_%s", m.AppVersion, arch) ctr := dag.Container(dagger.ContainerOpts{Platform: dagger.Platform("linux/" + arch)}). + // renovate: datasource=docker depName=alpine From("alpine:latest"). WithWorkdir("/"). WithFile("/harbor", buildDir.File(filepath)). diff --git a/renovate.json b/renovate.json new file mode 100644 index 000000000..4ab299051 --- /dev/null +++ b/renovate.json @@ -0,0 +1,17 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": ["github>AlaudaDevops/renovate-config:base"], + "baseBranches": ["/^alauda-v.*/"], + "postUpdateOptions": ["gomodTidy"], + "assignees": ["chengjingtao"], + "customManagers": [ + { + "customType": "regex", + "managerFilePatterns": ["/^\\.dagger\\/.*\\.go$/"], + "matchStrings": [ + "\\/\\/\\s*renovate:\\s*datasource=(?[a-zA-Z0-9-._]+?)\\s+depName=(?[^\\s]+?)(?:\\s+packageName=(?[^\\s]+?))?(?:\\s+versioning=(?[^\\s]+?))?\\s*\\n[^\"\\n]*\"[^:\"]+:(?[^\"]+)\"" + ], + "description": "Update images in .dagger/*.go annotated with // renovate: ..." + } + ] +} From 2fbf8b264d2527162a84d202cfa1b866821b8519 Mon Sep 17 00:00:00 2001 From: chengjingtao Date: Thu, 16 Apr 2026 09:41:01 +0000 Subject: [PATCH 2/6] chore: pin alpine to 3.23 and bump Go to 1.26.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Pin the final harbor-cli image base from alpine:latest to alpine:3.23 in both PublishImage build paths. Renovate will track future updates via the // renovate: annotation added in the previous commit. Bump `go` directive in go.mod to 1.26.2 and in .dagger/go.mod to 1.26.2. The root go.mod change also propagates to m.GoVersion, so every From("golang:"+m.GoVersion+"-alpine") call in .dagger/*.go will pull golang:1.26.2-alpine on the next Dagger run — no per-file pinning needed. Co-Authored-By: Claude Opus 4.6 (1M context) --- .dagger/go.mod | 2 +- .dagger/publishimage.go | 4 ++-- go.mod | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.dagger/go.mod b/.dagger/go.mod index b5044a395..0ee373296 100644 --- a/.dagger/go.mod +++ b/.dagger/go.mod @@ -1,6 +1,6 @@ module dagger/harbor-cli -go 1.25.0 +go 1.26.2 replace go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc => go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.14.0 diff --git a/.dagger/publishimage.go b/.dagger/publishimage.go index 29bd6b3b6..1c896178c 100644 --- a/.dagger/publishimage.go +++ b/.dagger/publishimage.go @@ -108,7 +108,7 @@ func (m *HarborCli) PublishImage( ctr := dag.Container(dagger.ContainerOpts{Platform: dagger.Platform(os + "/" + arch)}). // renovate: datasource=docker depName=alpine - From("alpine:latest"). + From("alpine:3.23"). WithWorkdir("/"). WithFile("/harbor", builder.File("./harbor")). WithExec([]string{"ls", "-al"}). @@ -132,7 +132,7 @@ func (m *HarborCli) PublishImage( ctr := dag.Container(dagger.ContainerOpts{Platform: dagger.Platform("linux/" + arch)}). // renovate: datasource=docker depName=alpine - From("alpine:latest"). + From("alpine:3.23"). WithWorkdir("/"). WithFile("/harbor", buildDir.File(filepath)). WithExec([]string{"ls", "-al"}). diff --git a/go.mod b/go.mod index c8ec66bdb..f92aad1fb 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/goharbor/harbor-cli -go 1.24.8 +go 1.26.2 require ( github.com/atotto/clipboard v0.1.4 From 34f0fb8638cef2d7c61bae3955162d538022a0f0 Mon Sep 17 00:00:00 2001 From: chengjingtao Date: Thu, 16 Apr 2026 10:17:14 +0000 Subject: [PATCH 3/6] ci: trigger workflows after fork Actions enablement From 1c73535abadfc88ebffa41fbcf97db2932cfdf81 Mon Sep 17 00:00:00 2001 From: chengjingtao Date: Thu, 16 Apr 2026 22:16:52 +0000 Subject: [PATCH 4/6] ci: add alauda auto-tag and release workflows MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add GitHub Actions workflows to automate alauda release publishing: - alauda-auto-tag.yml: auto-creates vX.Y.Z-alauda-N tags on push to alauda-v* branches - release-alauda.yml: builds and publishes GitHub Release via Dagger (build → archive → checksum → publish-release) Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/alauda-auto-tag.yml | 79 +++++++++++++++++++++++++++ .github/workflows/release-alauda.yml | 58 ++++++++++++++++++++ 2 files changed, 137 insertions(+) create mode 100644 .github/workflows/alauda-auto-tag.yml create mode 100644 .github/workflows/release-alauda.yml diff --git a/.github/workflows/alauda-auto-tag.yml b/.github/workflows/alauda-auto-tag.yml new file mode 100644 index 000000000..c29fcea2d --- /dev/null +++ b/.github/workflows/alauda-auto-tag.yml @@ -0,0 +1,79 @@ +name: Auto Tag for Alauda + +on: + push: + branches: + - 'alauda-v*' + +permissions: + contents: write + +jobs: + tag: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up Git + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + + - name: Extract version and tag prefix + id: extract + run: | + BRANCH_NAME="${GITHUB_REF#refs/heads/}" + echo "Branch: $BRANCH_NAME" + + PREFIX="${BRANCH_NAME%%-*}" # alauda + BASE_VERSION="${BRANCH_NAME#${PREFIX}-}" # v0.0.18 + + VERSION_NO_V="${BASE_VERSION#v}" # 0.0.18 + MAJOR=$(echo "$VERSION_NO_V" | cut -d. -f1) + MINOR=$(echo "$VERSION_NO_V" | cut -d. -f2) + PATCH=$(echo "$VERSION_NO_V" | cut -d. -f3) + + NEXT_PATCH=$((PATCH + 1)) + NEXT_VERSION="v${MAJOR}.${MINOR}.${NEXT_PATCH}" # v0.0.19 + + TAG_PREFIX="${NEXT_VERSION}-${PREFIX}" # v0.0.19-alauda + echo "TAG_PREFIX=$TAG_PREFIX" + + echo "tag_prefix=$TAG_PREFIX" >> $GITHUB_OUTPUT + + - name: Find latest tag with this prefix + id: latest + run: | + TAG_PREFIX="${{ steps.extract.outputs.tag_prefix }}" + echo "Looking for tags with prefix: $TAG_PREFIX" + + EXISTING_TAGS=$(git tag --list "${TAG_PREFIX}-*" | sort -V) + echo "Existing tags: $EXISTING_TAGS" + + MAX_INDEX=-1 + for tag in $EXISTING_TAGS; do + NUM=${tag##*-} + if [[ "$NUM" =~ ^[0-9]+$ && "$NUM" -gt "$MAX_INDEX" ]]; then + MAX_INDEX=$NUM + fi + done + + NEW_INDEX=$((MAX_INDEX + 1)) + NEW_TAG="${TAG_PREFIX}-${NEW_INDEX}" + + echo "new_tag=$NEW_TAG" >> $GITHUB_OUTPUT + + - name: Create and push new tag + run: | + NEW_TAG="${{ steps.latest.outputs.new_tag }}" + echo "Creating tag: $NEW_TAG" + git tag "$NEW_TAG" + git push origin "$NEW_TAG" + + release: + name: Release Alauda + needs: [tag] + uses: ./.github/workflows/release-alauda.yml diff --git a/.github/workflows/release-alauda.yml b/.github/workflows/release-alauda.yml new file mode 100644 index 000000000..f5e6cf669 --- /dev/null +++ b/.github/workflows/release-alauda.yml @@ -0,0 +1,58 @@ +name: Release Alauda + +on: + push: + tags: + - "v*-alauda-*" + workflow_call: + workflow_dispatch: + +permissions: + contents: write + +jobs: + release: + name: alauda-release + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Dagger Version + id: dagger_version + uses: sagikazarmark/dagger-version-action@v0.0.1 + + - name: Create Build Dir + run: mkdir -p dist + + - name: Build Binaries + uses: dagger/dagger-for-github@v7 + with: + version: ${{ steps.dagger_version.outputs.version }} + verb: call + args: "build --build-dir=./dist export --path=./dist" + + - name: Archive Binaries + uses: dagger/dagger-for-github@v7 + with: + version: ${{ steps.dagger_version.outputs.version }} + verb: call + args: "archive --build-dir=./dist export --path=./dist" + + - name: Create Checksum + uses: dagger/dagger-for-github@v7 + with: + version: ${{ steps.dagger_version.outputs.version }} + verb: call + args: "checksum --build-dir=./dist export --path=./dist" + + - name: Publish Release + uses: dagger/dagger-for-github@v7 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + version: ${{ steps.dagger_version.outputs.version }} + verb: call + args: "publish-release --build-dir=./dist --token=env://GITHUB_TOKEN" From 8e9a9050d49e83022e5bdfec99777f7fe04a7b46 Mon Sep 17 00:00:00 2001 From: chengjingtao Date: Thu, 16 Apr 2026 22:29:35 +0000 Subject: [PATCH 5/6] ci: exclude alauda tags from default workflow publish-release The default.yaml tag trigger `v*.*.*` also matches alauda tags like `v0.0.19-alauda-0`, which would cause the upstream publish-release job to run alongside release-alauda.yml. The upstream job requires secrets (REGISTRY_PASSWORD etc.) not configured in the fork, causing failures. Add `!contains(github.ref, '-alauda-')` guard to all publish-release step conditions so alauda tags are handled exclusively by release-alauda.yml. Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/default.yaml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/default.yaml b/.github/workflows/default.yaml index 2605d5015..1a0cc1927 100644 --- a/.github/workflows/default.yaml +++ b/.github/workflows/default.yaml @@ -278,12 +278,12 @@ jobs: id-token: write runs-on: ubuntu-latest if: | - (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || + (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-alauda-')) || (github.event_name == 'workflow_dispatch') steps: - name: Checkout repo if: | - (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || + (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-alauda-')) || (github.event_name == 'workflow_dispatch') uses: actions/checkout@v4 with: @@ -292,13 +292,13 @@ jobs: - name: Create Build Dir if: | - (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || + (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-alauda-')) || (github.event_name == 'workflow_dispatch') run: mkdir -p dist - name: Building Binaries if: | - (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || + (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-alauda-')) || (github.event_name == 'workflow_dispatch') uses: dagger/dagger-for-github@v7 with: @@ -308,7 +308,7 @@ jobs: - name: Archiving Binaries if: | - (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || + (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-alauda-')) || (github.event_name == 'workflow_dispatch') uses: dagger/dagger-for-github@v7 with: @@ -318,7 +318,7 @@ jobs: - name: Building SBOM if: | - (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || + (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-alauda-')) || (github.event_name == 'workflow_dispatch') uses: dagger/dagger-for-github@v7 with: @@ -328,7 +328,7 @@ jobs: - name: NFPM Build (deb/rpm) if: | - (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || + (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-alauda-')) || (github.event_name == 'workflow_dispatch') uses: dagger/dagger-for-github@v7 with: @@ -338,7 +338,7 @@ jobs: - name: APK Build (.apk) if: | - (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || + (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-alauda-')) || (github.event_name == 'workflow_dispatch') uses: dagger/dagger-for-github@v7 with: @@ -348,7 +348,7 @@ jobs: - name: Creating Checksum if: | - (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || + (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-alauda-')) || (github.event_name == 'workflow_dispatch') uses: dagger/dagger-for-github@v7 with: @@ -358,7 +358,7 @@ jobs: - name: Publish Release if: | - (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || + (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-alauda-')) || (github.event_name == 'workflow_dispatch') uses: dagger/dagger-for-github@v7 env: @@ -370,7 +370,7 @@ jobs: - name: Apt Build if: | - (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || + (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-alauda-')) || (github.event_name == 'workflow_dispatch') uses: dagger/dagger-for-github@v7 env: @@ -382,7 +382,7 @@ jobs: - name: Upload Build Artifact if: | - (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || + (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-alauda-')) || (github.event_name == 'workflow_dispatch') uses: actions/upload-artifact@v4 with: @@ -391,7 +391,7 @@ jobs: - name: Publish and Sign Tagged Image if: | - (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || + (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-alauda-')) || (github.event_name == 'workflow_dispatch') uses: ./.github/actions/publish-and-sign with: From 684ac6b357fc4623b867d301bca44157c19ad0b2 Mon Sep 17 00:00:00 2001 From: chengjingtao Date: Thu, 16 Apr 2026 22:33:19 +0000 Subject: [PATCH 6/6] chore: revert publishimage.go and remove dagger custom manager The goal is publishing CLI binaries via GitHub Release, not container images. publishimage.go is unrelated to that pipeline, so revert the alpine pin and renovate annotations to keep it identical to upstream. Remove the now-targetless customManagers section from renovate.json. Renovate still manages go.mod dependencies via the org-level preset. Co-Authored-By: Claude Opus 4.6 (1M context) --- .dagger/publishimage.go | 6 ++---- renovate.json | 12 +----------- 2 files changed, 3 insertions(+), 15 deletions(-) diff --git a/.dagger/publishimage.go b/.dagger/publishimage.go index 1c896178c..84e07ceec 100644 --- a/.dagger/publishimage.go +++ b/.dagger/publishimage.go @@ -107,8 +107,7 @@ func (m *HarborCli) PublishImage( } ctr := dag.Container(dagger.ContainerOpts{Platform: dagger.Platform(os + "/" + arch)}). - // renovate: datasource=docker depName=alpine - From("alpine:3.23"). + From("alpine:latest"). WithWorkdir("/"). WithFile("/harbor", builder.File("./harbor")). WithExec([]string{"ls", "-al"}). @@ -131,8 +130,7 @@ func (m *HarborCli) PublishImage( filepath := fmt.Sprintf("bin/harbor-cli_%s_linux_%s", m.AppVersion, arch) ctr := dag.Container(dagger.ContainerOpts{Platform: dagger.Platform("linux/" + arch)}). - // renovate: datasource=docker depName=alpine - From("alpine:3.23"). + From("alpine:latest"). WithWorkdir("/"). WithFile("/harbor", buildDir.File(filepath)). WithExec([]string{"ls", "-al"}). diff --git a/renovate.json b/renovate.json index 4ab299051..3be18a7b5 100644 --- a/renovate.json +++ b/renovate.json @@ -3,15 +3,5 @@ "extends": ["github>AlaudaDevops/renovate-config:base"], "baseBranches": ["/^alauda-v.*/"], "postUpdateOptions": ["gomodTidy"], - "assignees": ["chengjingtao"], - "customManagers": [ - { - "customType": "regex", - "managerFilePatterns": ["/^\\.dagger\\/.*\\.go$/"], - "matchStrings": [ - "\\/\\/\\s*renovate:\\s*datasource=(?[a-zA-Z0-9-._]+?)\\s+depName=(?[^\\s]+?)(?:\\s+packageName=(?[^\\s]+?))?(?:\\s+versioning=(?[^\\s]+?))?\\s*\\n[^\"\\n]*\"[^:\"]+:(?[^\"]+)\"" - ], - "description": "Update images in .dagger/*.go annotated with // renovate: ..." - } - ] + "assignees": ["chengjingtao"] }