mve next (do not merge)

.github/workflows/ci.yml

@@ -41,12 +41,12 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Install Forge
-        uses: input-output-hk/catalyst-forge/actions/install@master
+        uses: input-output-hk/catalyst-forge/actions/install@mve-next
         if: ${{ inputs.forge_version != 'local' }}
         with:
           version: ${{ inputs.forge_version }}
       - name: Install Local Forge
-        uses: input-output-hk/catalyst-forge/actions/install-local@master
+        uses: input-output-hk/catalyst-forge/actions/install-local@mve-next
         if: ${{ inputs.forge_version == 'local' }}
         with:
           earthly_token: ${{ secrets.earthly_token }}
@@ -61,14 +61,14 @@ jobs:
             echo "skip=false" >> $GITHUB_OUTPUT
           fi
       - name: Setup CI
-        uses: input-output-hk/catalyst-forge/actions/setup@master
+        uses: input-output-hk/catalyst-forge/actions/setup@mve-next
         with:
           skip_docker: 'true'
           skip_github: 'true'
           skip_earthly: ${{ steps.local.outputs.skip }}
       - name: Discovery
         id: discovery
-        uses: input-output-hk/catalyst-forge/actions/discovery@master
+        uses: input-output-hk/catalyst-forge/actions/discovery@mve-next
         with:
           filters: |
             ${{ env.FORGE_REGEX_CHECK }}
@@ -79,67 +79,68 @@ jobs:
             ${{ env.FORGE_REGEX_RELEASE }}
             ${{ env.FORGE_REGEX_PUBLISH }}
 
-  check:
-    uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@master
-    needs: [discover]
-    if: (fromJson(needs.discover.outputs.earthfiles)['^check(-.*)?$'] != null) && !failure() && !cancelled()
-    with:
-      earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^check(-.*)?$']) }}
-      forge_version: ${{ inputs.forge_version }}
-      local: ${{ inputs.local }}
-      verbosity: ${{ inputs.verbosity }}
-    secrets:
-      earthly_token: ${{ secrets.earthly_token }}
+  # check:
+  #   uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@mve-next
+  #   needs: [discover]
+  #   if: (fromJson(needs.discover.outputs.earthfiles)['^check(-.*)?$'] != null) && !failure() && !cancelled()
+  #   with:
+  #     earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^check(-.*)?$']) }}
+  #     forge_version: ${{ inputs.forge_version }}
+  #     local: ${{ inputs.local }}
+  #     verbosity: ${{ inputs.verbosity }}
+  #   secrets:
+  #     earthly_token: ${{ secrets.earthly_token }}
 
-  build:
-    uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@master
-    needs: [discover, check]
-    if: (fromJson(needs.discover.outputs.earthfiles)['^build(-.*)?$'] != null) && !failure() && !cancelled()
-    with:
-      earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^build(-.*)?$']) }}
-      forge_version: ${{ inputs.forge_version }}
-      local: ${{ inputs.local }}
-      verbosity: ${{ inputs.verbosity }}
-    secrets:
-      earthly_token: ${{ secrets.earthly_token }}
+  # build:
+  #   uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@mve-next
+  #   needs: [discover, check]
+  #   if: (fromJson(needs.discover.outputs.earthfiles)['^build(-.*)?$'] != null) && !failure() && !cancelled()
+  #   with:
+  #     earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^build(-.*)?$']) }}
+  #     forge_version: ${{ inputs.forge_version }}
+  #     local: ${{ inputs.local }}
+  #     verbosity: ${{ inputs.verbosity }}
+  #   secrets:
+  #     earthly_token: ${{ secrets.earthly_token }}
 
-  package:
-    uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@master
-    needs: [discover, check, build]
-    if: (fromJson(needs.discover.outputs.earthfiles)['^package(-.*)?$'] != null) && !failure() && !cancelled()
-    with:
-      earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^package(-.*)?$']) }}
-      forge_version: ${{ inputs.forge_version }}
-      local: ${{ inputs.local }}
-      verbosity: ${{ inputs.verbosity }}
-    secrets:
-      earthly_token: ${{ secrets.earthly_token }}
+  # package:
+  #   uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@mve-next
+  #   needs: [discover, check, build]
+  #   if: (fromJson(needs.discover.outputs.earthfiles)['^package(-.*)?$'] != null) && !failure() && !cancelled()
+  #   with:
+  #     earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^package(-.*)?$']) }}
+  #     forge_version: ${{ inputs.forge_version }}
+  #     local: ${{ inputs.local }}
+  #     verbosity: ${{ inputs.verbosity }}
+  #   secrets:
+  #     earthly_token: ${{ secrets.earthly_token }}
 
-  test:
-    uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@master
-    needs: [discover, check, build, package]
-    if: (fromJson(needs.discover.outputs.earthfiles)['^test(-.*)?$'] != null) && !failure() && !cancelled()
-    with:
-      earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^test(-.*)?$']) }}
-      forge_version: ${{ inputs.forge_version }}
-      local: ${{ inputs.local }}
-      verbosity: ${{ inputs.verbosity }}
-    secrets:
-      earthly_token: ${{ secrets.earthly_token }}
+  # test:
+  #   uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@mve-next
+  #   needs: [discover, check, build, package]
+  #   if: (fromJson(needs.discover.outputs.earthfiles)['^test(-.*)?$'] != null) && !failure() && !cancelled()
+  #   with:
+  #     earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^test(-.*)?$']) }}
+  #     forge_version: ${{ inputs.forge_version }}
+  #     local: ${{ inputs.local }}
+  #     verbosity: ${{ inputs.verbosity }}
+  #   secrets:
+  #     earthly_token: ${{ secrets.earthly_token }}
 
-  docs:
-    uses: input-output-hk/catalyst-forge/.github/workflows/docs.yml@master
-    needs: [discover, check, build, test]
-    if: (fromJson(needs.discover.outputs.earthfiles)['^docs(-.*)?$'] != null) && !failure() && !cancelled()
-    with:
-      earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^docs(-.*)?$']) }}
-      forge_version: ${{ inputs.forge_version }}
-    secrets:
-      earthly_token: ${{ secrets.earthly_token }}
+  # docs:
+  #   uses: input-output-hk/catalyst-forge/.github/workflows/docs.yml@mve-next
+  #   needs: [discover, check, build, test]
+  #   if: (fromJson(needs.discover.outputs.earthfiles)['^docs(-.*)?$'] != null) && !failure() && !cancelled()
+  #   with:
+  #     earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^docs(-.*)?$']) }}
+  #     forge_version: ${{ inputs.forge_version }}
+  #   secrets:
+  #     earthly_token: ${{ secrets.earthly_token }}
 
   release:
-    uses: input-output-hk/catalyst-forge/.github/workflows/release.yml@master
-    needs: [discover, check, build, test]
+    uses: input-output-hk/catalyst-forge/.github/workflows/release.yml@mve-next
+    #needs: [discover, check, build, test]
+    needs: [discover]
     if: (fromJson(needs.discover.outputs.releases)[0] != null) && !failure() && !cancelled()
     with:
       releases: ${{ needs.discover.outputs.releases }}
@@ -149,20 +150,21 @@ jobs:
     secrets:
       earthly_token: ${{ secrets.earthly_token }}
 
-  deploy:
-    uses: input-output-hk/catalyst-forge/.github/workflows/deploy.yml@master
-    needs: [discover, check, build, test, release]
-    if: (fromJson(needs.discover.outputs.deployments)[0] != null) && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) && !failure() && !cancelled()
-    with:
-      deployments: ${{ needs.discover.outputs.deployments }}
-      forge_version: ${{ inputs.forge_version }}
-      local: ${{ inputs.local }}
-      verbosity: ${{ inputs.verbosity }}
-    secrets:
-      earthly_token: ${{ secrets.earthly_token }}
+  # deploy:
+  #   uses: input-output-hk/catalyst-forge/.github/workflows/deploy.yml@mve-next
+  #   needs: [discover, check, build, test, release]
+  #   if: (fromJson(needs.discover.outputs.deployments)[0] != null) && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) && !failure() && !cancelled()
+  #   with:
+  #     deployments: ${{ needs.discover.outputs.deployments }}
+  #     forge_version: ${{ inputs.forge_version }}
+  #     local: ${{ inputs.local }}
+  #     verbosity: ${{ inputs.verbosity }}
+  #   secrets:
+  #     earthly_token: ${{ secrets.earthly_token }}
 
   final:
-    needs: [check, build, package, test, release]
+    #needs: [check, build, package, test, release]
+    needs: [discover]
     if: (!failure() && !cancelled())
     runs-on: ubuntu-latest
     steps:

foundry/api/blueprint.cue

@@ -16,8 +16,9 @@ project: {
 	deployment: {
 		environment: "dev"
 		modules: main: {
+			namespace: string | *"default" @env(name="ARGOCD_APP_NAMESPACE",type="string")
 			container: "foundry-api-deployment"
-			version:   "0.1.0"
+			version:   "0.1.1"
 			values: {
 				environment: name: "dev"
 				server: image: {
@@ -29,8 +30,9 @@ project: {
 	release: {
 		docker: {
 			on: {
-				merge: {}
-				tag: {}
+				//merge: {}
+				//tag: {}
+				always: {}
 			}
 			config: {
 				tag: _ @forge(name="GIT_COMMIT_HASH")

tools/argocd/Earthfile

@@ -3,7 +3,7 @@ VERSION 0.8
 timoni:
     FROM golang:1.23.0
 
-    ARG TIMONI_VERSION=v0.22.1
+    ARG TIMONI_VERSION=v0.17.0
 
     WORKDIR /work
 
@@ -20,7 +20,8 @@ docker:
     ARG TARGETARCH
     ARG USERPLATFORM
 
-    RUN useradd -m argocd
+    RUN apt-get update && apt-get install -y ca-certificates amazon-ecr-credential-helper
+    RUN useradd -m -u 999 argocd
 
     USER argocd
     WORKDIR /home/argocd
@@ -36,7 +37,8 @@ docker:
     RUN mkdir -p cmp-server/config
     COPY plugin.yml cmp-server/config/plugin.yaml
 
+    COPY init.sh /home/argocd/init.sh
+    RUN chmod +x /home/argocd/init.sh
+
     ENTRYPOINT [ "/var/run/argocd/argocd-cmp-server" ]
     SAVE IMAGE ${container}:${tag}
-
-

tools/argocd/init.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+set -o xtrace
+
+ACCOUNT_ID=$(echo "${AWS_ROLE_ARN}" | cut -d':' -f5)
+mkdir -p /home/argocd/.docker
+cat >/home/argocd/.docker/config.json <<EOF
+{
+    "credHelpers": {
+        "${ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com": "ecr-login"
+    }
+}
+EOF