Move away from raw github domain to API

Signed-off-by: apostasie <[email protected]>

Author: apostasie

.github/workflows/job-test-dependencies.yml

@@ -49,6 +49,7 @@ jobs:
             args=(--build-arg CONTAINERD_VERSION=${{ inputs.containerd-version }})
           fi
           docker buildx build \
+            --build-arg GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} \
             --cache-to type=gha,compression=zstd,mode=max,scope=test-integration-dependencies-"$arch" \
             --cache-from type=gha,scope=test-integration-dependencies-"$arch" \
             --target build-dependencies "${args[@]}" .

.github/workflows/job-test-in-container.yml

@@ -104,6 +104,7 @@ jobs:
           arch=${{ env.RUNNER_ARCH == 'ARM64' && 'arm64' || 'amd64' }}
           docker buildx create --name with-gha --use
           docker buildx build \
+            --build-arg GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} \
             --output=type=docker \
             --cache-from type=gha,scope=test-integration-dependencies-"$arch" \
             -t "$target" --target "$target" \

.github/workflows/job-test-in-lima.yml

@@ -88,6 +88,7 @@ jobs:
           [ "$TARGET" = "rootless" ] && TARGET=test-integration-rootless || TARGET=test-integration
           docker buildx create --name with-gha --use
           docker buildx build \
+            --build-arg GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} \
             --output=type=docker \
             --cache-from type=gha,scope=test-integration-dependencies-amd64 \
             -t test-integration --target "${TARGET}" \

Dockerfile

@@ -52,6 +52,8 @@ ARG NYDUS_VERSION=v2.3.1
 ARG SOCI_SNAPSHOTTER_VERSION=0.9.0
 ARG KUBO_VERSION=v0.34.1
 
+ARG GITHUB_TOKEN=""
+
 FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.6.1@sha256:923441d7c25f1e2eb5789f82d987693c47b8ed987c4ab3b075d6ed2b5d6779a3 AS xx
 
 
@@ -61,6 +63,7 @@ ENV DEBIAN_FRONTEND=noninteractive
 RUN apt-get update -qq && apt-get install -qq --no-install-recommends \
   make \
   git \
+  jq \
   curl \
   dpkg-dev
 ARG TARGETARCH
@@ -75,6 +78,7 @@ RUN xx-apt-get update -qq && xx-apt-get install -qq --no-install-recommends \
   pkg-config
 RUN git config --global advice.detachedHead false
 ADD hack/git-checkout-tag-with-hash.sh /usr/local/bin/
+ADD hack/scripts/lib.sh /usr/local/bin/http::helper
 
 FROM build-base AS build-containerd
 ARG TARGETARCH
@@ -136,6 +140,7 @@ RUN BINDIR=/out/bin make binaries install
 # We do not set CMD to `go test` here, because it requires systemd
 
 FROM build-base AS build-dependencies
+ARG GITHUB_TOKEN
 ARG TARGETARCH
 ENV GOARCH=${TARGETARCH}
 COPY ./Dockerfile.d/SHA256SUMS.d/ /SHA256SUMS.d
@@ -177,7 +182,7 @@ ARG STARGZ_SNAPSHOTTER_VERSION
 RUN STARGZ_SNAPSHOTTER_VERSION=${STARGZ_SNAPSHOTTER_VERSION%%@*}; \
   fname="stargz-snapshotter-${STARGZ_SNAPSHOTTER_VERSION}-${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.gz" && \
   curl -o "${fname}" -fsSL --proto '=https' --tlsv1.2 "https://github.com/containerd/stargz-snapshotter/releases/download/${STARGZ_SNAPSHOTTER_VERSION}/${fname}" && \
-  curl -o "stargz-snapshotter.service" -fsSL --proto '=https' --tlsv1.2 "https://raw.githubusercontent.com/containerd/stargz-snapshotter/${STARGZ_SNAPSHOTTER_VERSION}/script/config/etc/systemd/system/stargz-snapshotter.service" && \
+  http::helper github::file containerd/stargz-snapshotter script/config/etc/systemd/system/stargz-snapshotter.service "${STARGZ_SNAPSHOTTER_VERSION}" > "stargz-snapshotter.service" && \
   grep "${fname}" "/SHA256SUMS.d/stargz-snapshotter-${STARGZ_SNAPSHOTTER_VERSION}" | sha256sum -c - && \
   grep "stargz-snapshotter.service" "/SHA256SUMS.d/stargz-snapshotter-${STARGZ_SNAPSHOTTER_VERSION}" | sha256sum -c - && \
   tar xzf "${fname}" -C /out/bin && \
@@ -245,6 +250,9 @@ RUN ROOTLESSKIT_VERSION=${ROOTLESSKIT_VERSION%%@*}; \
 ARG GOMODJAIL_VERSION
 COPY --from=build-gomodjail /out/${TARGETARCH:-amd64}/* /out/bin/
 RUN echo "- gomodjail: ${GOMODJAIL_VERSION}" >> /out/share/doc/nerdctl-full/README.md
+ARG CONTAINERIZED_SYSTEMD_VERSION
+RUN http::helper github::file AkihiroSuda/containerized-systemd docker-entrypoint.sh "${CONTAINERIZED_SYSTEMD_VERSION}" > /docker-entrypoint.sh && \
+  chmod +x /docker-entrypoint.sh
 
 RUN echo "" >> /out/share/doc/nerdctl-full/README.md && \
   echo "## License" >> /out/share/doc/nerdctl-full/README.md && \
@@ -281,9 +289,7 @@ RUN apt-get update -qq && apt-get install -qq -y --no-install-recommends \
   iproute2 iptables \
   dbus dbus-user-session systemd systemd-sysv \
   fuse3
-ARG CONTAINERIZED_SYSTEMD_VERSION
-RUN curl -o /docker-entrypoint.sh -fsSL --proto '=https' --tlsv1.2 https://raw.githubusercontent.com/AkihiroSuda/containerized-systemd/${CONTAINERIZED_SYSTEMD_VERSION}/docker-entrypoint.sh && \
-  chmod +x /docker-entrypoint.sh
+COPY --from=build-full /docker-entrypoint.sh /docker-entrypoint.sh
 COPY --from=out-full / /usr/local/
 RUN perl -pi -e 's/multi-user.target/docker-entrypoint.target/g' /usr/local/lib/systemd/system/*.service && \
   systemctl enable containerd buildkit stargz-snapshotter && \

hack/scripts/lib.sh

@@ -226,9 +226,10 @@ github::settoken(){
 }
 
 github::request(){
-  local endpoint="$1"
+  local accept="$1"
+  local endpoint="$2"
   local args=(
-    "Accept: application/vnd.github+json"
+    "Accept: $accept"
     "X-GitHub-Api-Version: 2022-11-28"
   )
 
@@ -237,21 +238,30 @@ github::request(){
   http::get /dev/stdout https://api.github.com/"$endpoint" "${args[@]}"
 }
 
+github::file(){
+  local repo="$1"
+  local path="$2"
+  local ref="${3:-main}"
+  github::request "application/vnd.github.v3.raw" "repos/$repo/contents/$path?ref=$ref"
+}
+
 github::tags::latest(){
   local repo="$1"
-  github::request "repos/$repo/tags" | jq -rc .[0].name
+  github::request "application/vnd.github+json" "repos/$repo/tags" | jq -rc .[0].name
 }
 
 github::releases(){
   local repo="$1"
-  github::request "repos/$repo/releases" |
+  github::request "application/vnd.github+json" "repos/$repo/releases" |
     jq -rc .[]
 }
 
 github::releases::latest(){
   local repo="$1"
-  github::request "repos/$repo/releases/latest" | jq -rc .
+  github::request "application/vnd.github+json" "repos/$repo/releases/latest" | jq -rc .
 }
 
 log::init
 host::require jq tar curl shasum
+
+[[ "${1:-}" != "github"* ]] || "$@"