ci(bump automation): bump ubi9 for ironbank (elastic#112298)

### What Enable updatecli [policies](https://www.updatecli.io/blog/shareable-policies) to bump the Ironbank versions automatically, then elastic#111743 won't be manually created but when a new ubit9 version is released and available in the Ironbank system. Those policies can be found at [elastic/oblt-updatecli-policies@main/updatecli/policies/](https://github.com/elastic/oblt-updatecli-policies/tree/main/updatecli/policies/?rgh-link-date=2024-08-28T16%3A30%3A04Z) (NOTE: This is a private repository only accessible by Elastic employees) #### How to test this PR locally 1. `gh pr checkout 112298` 2. Install [updatecli](https://www.updatecli.io/docs/prologue/installation/) 3. Login to [ghcr.io](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-to-the-container-registry) 4. Diff (dry-run) ```bash $ GITHUB_TOKEN=$(gh auth token) updatecli compose diff --experimental ``` 5. Create Pull Request if new changes ```bash $ GITHUB_REPOSITORY=elastic/elasticsearch \ GITHUB_ACTOR=v1v \ GITHUB_TOKEN=$(gh auth token) \ updatecli compose apply --experimental ```
piergm · Sep 12, 2024 · 6d18607 · 6d18607
1 parent 0bed668
commit 6d18607
Show file tree

Hide file tree

Showing 5 changed files with 68 additions and 0 deletions.
diff --git a/.github/updatecli/values.d/ironbank.yml b/.github/updatecli/values.d/ironbank.yml
@@ -0,0 +1,3 @@
+config:
+  - path: distribution/docker/src/docker/iron_bank
+    dockerfile: ../Dockerfile
diff --git a/.github/updatecli/values.d/scm.yml b/.github/updatecli/values.d/scm.yml
@@ -0,0 +1,10 @@
+scm:
+  enabled: true
+  owner: elastic
+  repository: elasticsearch
+  branch: main
+  commitusingapi: true
+  # begin updatecli-compose policy values
+  user: elasticmachine
+  email: [email protected]
+  # end updatecli-compose policy values
diff --git a/.github/updatecli/values.d/updatecli-compose.yml b/.github/updatecli/values.d/updatecli-compose.yml
@@ -0,0 +1,3 @@
+spec:
+  files:
+    - "updatecli-compose.yaml"
diff --git a/.github/workflows/updatecli-compose.yml b/.github/workflows/updatecli-compose.yml
@@ -0,0 +1,38 @@
+---
+name: updatecli-compose
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 6 * * *'
+
+permissions:
+  contents: read
+
+jobs:
+  compose:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      packages: read
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: elastic/oblt-actions/updatecli/run@v1
+        with:
+          command: --experimental compose diff
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: elastic/oblt-actions/updatecli/run@v1
+        with:
+          command: --experimental compose apply
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/updatecli-compose.yaml b/updatecli-compose.yaml
@@ -0,0 +1,14 @@
+# Config file for `updatecli compose ...`.
+# https://www.updatecli.io/docs/core/compose/
+policies:
+  - name: Handle ironbank bumps
+    policy: ghcr.io/elastic/oblt-updatecli-policies/ironbank/templates:0.3.0@sha256:b0c841d8fb294e6b58359462afbc83070dca375ac5dd0c5216c8926872a98bb1
+    values:
+      - .github/updatecli/values.d/scm.yml
+      - .github/updatecli/values.d/ironbank.yml
+
+  - name: Update Updatecli policies
+    policy: ghcr.io/updatecli/policies/autodiscovery/updatecli:0.4.0@sha256:254367f5b1454fd6032b88b314450cd3b6d5e8d5b6c953eb242a6464105eb869
+    values:
+      - .github/updatecli/values.d/scm.yml
+      - .github/updatecli/values.d/updatecli-compose.yml