From 647c1de7f34a5a2d4f034af003c3e73c95fc677c Mon Sep 17 00:00:00 2001
From: Tomasz Cichoszewski <tomasz.cichoszewski@h2o.ai>
Date: Wed, 28 Aug 2024 15:56:04 +0200
Subject: [PATCH] temp build only mesa and push

---
 .github/workflows/build.yaml         | 19 ++++++++++++-------
 .github/workflows/push-packages.yaml | 22 +++++++++++++---------
 2 files changed, 25 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index b28abb4331..5c2ed65dea 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -1,6 +1,11 @@
 name: Build
 
-on: [pull_request]
+# TODO: tmp comment
+#on: [pull_request]
+on:
+  push:
+    branches:
+      - nosuchbranch
 
 jobs:
   build-packages:
@@ -13,10 +18,10 @@ jobs:
       # TODO: if new packages list grows, automation of listing packages would be handy
       - name: Build packages specific to this repo
         run: |
-          docker run --privileged --rm -v $(pwd):/work cgr.dev/chainguard/melange build --arch=x86_64 poppler.yaml
-          docker run --privileged --rm -v $(pwd)/packages:/work/packages -v $(pwd)/font-liberation1.yaml:/work/font-liberation1.yaml cgr.dev/chainguard/melange build --arch=x86_64 font-liberation1.yaml
-          docker run --privileged --rm -v $(pwd)/packages:/work/packages -v $(pwd)/libspatialindex.yaml:/work/libspatialindex.yaml cgr.dev/chainguard/melange build --arch=x86_64 libspatialindex.yaml
-          docker run --privileged --rm -v $(pwd)/packages:/work/packages -v $(pwd)/mesa22.yaml:/work/mesa22.yaml cgr.dev/chainguard/melange build --arch=x86_64 mesa22.yaml
-          docker run --privileged --rm -v $(pwd)/packages:/work/packages -v $(pwd)/libjpeg-turbo2.yaml:/work/libjpeg-turbo2.yaml cgr.dev/chainguard/melange build --arch=x86_64 libjpeg-turbo2.yaml
-          docker run --privileged --rm -v $(pwd)/packages:/work/packages -v $(pwd)/tesseract52.yaml:/work/tesseract52.yaml cgr.dev/chainguard/melange build --arch=x86_64 tesseract52.yaml
+#          docker run --privileged --rm -v $(pwd):/work cgr.dev/chainguard/melange build --arch=x86_64 poppler.yaml
+#          docker run --privileged --rm -v $(pwd)/packages:/work/packages -v $(pwd)/font-liberation1.yaml:/work/font-liberation1.yaml cgr.dev/chainguard/melange build --arch=x86_64 font-liberation1.yaml
+#          docker run --privileged --rm -v $(pwd)/packages:/work/packages -v $(pwd)/libspatialindex.yaml:/work/libspatialindex.yaml cgr.dev/chainguard/melange build --arch=x86_64 libspatialindex.yaml
+#          docker run --privileged --rm -v $(pwd)/packages:/work/packages -v $(pwd)/mesa22.yaml:/work/mesa22.yaml cgr.dev/chainguard/melange build --arch=x86_64 mesa22.yaml
+#          docker run --privileged --rm -v $(pwd)/packages:/work/packages -v $(pwd)/libjpeg-turbo2.yaml:/work/libjpeg-turbo2.yaml cgr.dev/chainguard/melange build --arch=x86_64 libjpeg-turbo2.yaml
+#          docker run --privileged --rm -v $(pwd)/packages:/work/packages -v $(pwd)/tesseract52.yaml:/work/tesseract52.yaml cgr.dev/chainguard/melange build --arch=x86_64 tesseract52.yaml
           docker run --privileged --rm -v $(pwd)/packages:/work/packages -v $(pwd)/mesa.yaml:/work/mesa.yaml cgr.dev/chainguard/melange build --arch=x86_64 mesa.yaml
diff --git a/.github/workflows/push-packages.yaml b/.github/workflows/push-packages.yaml
index 4404857cc4..bf59839d51 100644
--- a/.github/workflows/push-packages.yaml
+++ b/.github/workflows/push-packages.yaml
@@ -1,10 +1,15 @@
 name: Push packages
 
 on:
+  pull_request:
   push:
     branches:
       - main
 
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   build-packages:
     runs-on: ubuntu-latest
@@ -21,19 +26,18 @@ jobs:
       # TODO: if new packages list grows, automation of listing packages would be handy
       - name: Build signed packages specific to this repo
         run: |
-          docker run --privileged --rm -v $(pwd):/work cgr.dev/chainguard/melange build --signing-key melange.rsa --arch=x86_64 poppler.yaml
-          docker run --privileged --rm -v $(pwd)/packages:/work/packages -v $(pwd)/font-liberation1.yaml:/work/font-liberation1.yaml -v $(pwd)/melange.rsa:/work/melange.rsa cgr.dev/chainguard/melange build --signing-key melange.rsa --arch=x86_64 font-liberation1.yaml      
-          docker run --privileged --rm -v $(pwd)/packages:/work/packages -v $(pwd)/libspatialindex.yaml:/work/libspatialindex.yaml -v $(pwd)/melange.rsa:/work/melange.rsa cgr.dev/chainguard/melange build --signing-key melange.rsa --arch=x86_64 libspatialindex.yaml      
-          docker run --privileged --rm -v $(pwd)/packages:/work/packages -v $(pwd)/mesa22.yaml:/work/mesa22.yaml -v $(pwd)/melange.rsa:/work/melange.rsa cgr.dev/chainguard/melange build --signing-key melange.rsa --arch=x86_64 mesa22.yaml      
-          docker run --privileged --rm -v $(pwd)/packages:/work/packages -v $(pwd)/libjpeg-turbo2.yaml:/work/libjpeg-turbo2.yaml -v $(pwd)/melange.rsa:/work/melange.rsa cgr.dev/chainguard/melange build --signing-key melange.rsa --arch=x86_64 libjpeg-turbo2.yaml      
-          docker run --privileged --rm -v $(pwd)/packages:/work/packages -v $(pwd)/tesseract52.yaml:/work/tesseract52.yaml -v $(pwd)/melange.rsa:/work/melange.rsa cgr.dev/chainguard/melange build --signing-key melange.rsa --arch=x86_64 tesseract52.yaml      
+#          docker run --privileged --rm -v $(pwd):/work cgr.dev/chainguard/melange build --signing-key melange.rsa --arch=x86_64 poppler.yaml
+#          docker run --privileged --rm -v $(pwd)/packages:/work/packages -v $(pwd)/font-liberation1.yaml:/work/font-liberation1.yaml -v $(pwd)/melange.rsa:/work/melange.rsa cgr.dev/chainguard/melange build --signing-key melange.rsa --arch=x86_64 font-liberation1.yaml
+#          docker run --privileged --rm -v $(pwd)/packages:/work/packages -v $(pwd)/libspatialindex.yaml:/work/libspatialindex.yaml -v $(pwd)/melange.rsa:/work/melange.rsa cgr.dev/chainguard/melange build --signing-key melange.rsa --arch=x86_64 libspatialindex.yaml
+#          docker run --privileged --rm -v $(pwd)/packages:/work/packages -v $(pwd)/mesa22.yaml:/work/mesa22.yaml -v $(pwd)/melange.rsa:/work/melange.rsa cgr.dev/chainguard/melange build --signing-key melange.rsa --arch=x86_64 mesa22.yaml
+#          docker run --privileged --rm -v $(pwd)/packages:/work/packages -v $(pwd)/libjpeg-turbo2.yaml:/work/libjpeg-turbo2.yaml -v $(pwd)/melange.rsa:/work/melange.rsa cgr.dev/chainguard/melange build --signing-key melange.rsa --arch=x86_64 libjpeg-turbo2.yaml
+#          docker run --privileged --rm -v $(pwd)/packages:/work/packages -v $(pwd)/tesseract52.yaml:/work/tesseract52.yaml -v $(pwd)/melange.rsa:/work/melange.rsa cgr.dev/chainguard/melange build --signing-key melange.rsa --arch=x86_64 tesseract52.yaml
           docker run --privileged --rm -v $(pwd)/packages:/work/packages -v $(pwd)/mesa.yaml:/work/mesa.yaml -v $(pwd)/melange.rsa:/work/melange.rsa cgr.dev/chainguard/melange build --signing-key melange.rsa --arch=x86_64 mesa.yaml      
 
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v3
+        uses: aws-actions/configure-aws-credentials@v4
         with:
-          aws-access-key-id: ${{ secrets.AWS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          role-to-assume: arn:aws:iam::524466471676:role/GitHub-OIDC-Role
           aws-region: us-east-1
 
       - name: Upload index to s3