add soci & ecr-cred-helper conf & update workflow

Swapnanil-Gupta · Swapnanil-Gupta · commit a336c975e96b · 2026-01-16T23:09:30.000Z
Signed-off-by: Swapnanil Gupta &lt;swpnlg@amazon.com&gt;
diff --git a/.github/workflows/update-dependencies.yaml b/.github/workflows/update-dependencies.yaml
@@ -16,6 +16,8 @@ on:
       - .github/workflows/update-dependencies.yaml
       - .github/workflows/update-linux-dependencies.yaml
       - .github/workflows/update-qemu.yaml
+      - .github/workflows/update-ecr-cred-helper.yaml
+      - .github/workflows/update-soci.yaml
       - bin/update-lima-bundles.sh
       - bin/update-container-runtime-full-archive.sh
       - bin/update-linux-dependencies.sh
@@ -144,3 +146,19 @@ jobs:
       pull-requests: write
 
     uses: ./.github/workflows/update-qemu.yaml
+
+  update-ecr-cred-helper:
+    # Add permissions needed to create a PR
+    permissions:
+      contents: write
+      pull-requests: write
+    
+    uses: ./.github/workflows/update-ecr-cred-helper.yaml
+  
+  update-soci:
+    # Add permissions needed to create a PR
+    permissions:
+      contents: write
+      pull-requests: write
+
+    uses: ./.github/workflows/update-soci.yaml
diff --git a/.github/workflows/update-ecr-cred-helper.yaml b/.github/workflows/update-ecr-cred-helper.yaml
@@ -0,0 +1,69 @@
+name: update-ecr-cred-helper
+
+on:
+  workflow_call:
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  update-ecr-cred-helper-and-create-pr:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+      
+      - name: Get latest ECR Cred Helper Version
+        id: version
+        run: |
+          latest_tag="$(\
+            curl -sL --fail "https://api.github.com/repos/awslabs/amazon-ecr-credential-helper/releases/latest" | \
+            grep '"tag_name":' | \
+            head -1 | \
+            cut -d'"' -f4 \
+          )"
+          echo "tag=$latest_tag" >> $GITHUB_OUTPUT
+          echo "Latest tag is ${latest_tag}"
+
+      - name: Update .conf file
+        run: |
+          latest_tag="${{ steps.version.outputs.tag }}"
+          AMD64_DIGEST=$(curl -sL --fail "https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/${latest_tag#v}/linux-amd64/docker-credential-ecr-login.sha256" | awk '{print $1}')
+          ARM64_DIGEST=$(curl -sL --fail "https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/${latest_tag#v}/linux-arm64/docker-credential-ecr-login.sha256" | awk '{print $1}')
+          
+          cat > deps/ecr-cred-helper.conf << EOF
+          VERSION=${latest_tag#v}
+          AMD64_DIGEST=sha256:${AMD64_DIGEST}
+          ARM64_DIGEST=sha256:${ARM64_DIGEST}
+          EOF
+
+      - name: Check for changes
+        id: changes
+        run: |
+          if git diff --quiet deps/ecr-cred-helper.conf; then
+            echo "changed=false" >> $GITHUB_OUTPUT
+            echo "No changes detected in dependencies"
+            exit 0
+          else
+            echo "changed=true" >> $GITHUB_OUTPUT
+            echo "Changes detected in dependencies:"
+            git diff deps/ecr-cred-helper.conf
+          fi
+
+      - name: Create or update PR
+        if: github.event_name != 'pull_request' && steps.changes.outputs.changed == 'true'
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          signoff: true
+          commit-message: 'chore: update ecr-cred-helper'
+          title: 'chore: update ecr-cred-helper'
+          body: |
+            This PR updates ecr-cred-helper to the latest version
+            This is an automated update created by the dependency update workflow. Review the changes before approving.
+          branch: update-ecr-cred-helper
+          delete-branch: true
diff --git a/.github/workflows/update-soci.yaml b/.github/workflows/update-soci.yaml
@@ -0,0 +1,69 @@
+name: update-soci
+
+on:
+  workflow_call:
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  update-soci-and-create-pr:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+      
+      - name: Get latest ECR Cred Helper Version
+        id: version
+        run: |
+          latest_tag="$(\
+            curl -sL --fail "https://api.github.com/repos/awslabs/soci-snapshotter/releases/latest" | \
+            grep '"tag_name":' | \
+            head -1 | \
+            cut -d'"' -f4 \
+          )"
+          echo "tag=$latest_tag" >> $GITHUB_OUTPUT
+          echo "Latest tag is ${latest_tag}"
+
+      - name: Update .conf file
+        run: |
+          latest_tag="${{ steps.version.outputs.tag }}"
+          AMD64_DIGEST=$(curl -sL --fail "https://github.com/awslabs/soci-snapshotter/releases/download/${latest_tag}/soci-snapshotter-${latest_tag#v}-linux-amd64.tar.gz.sha256sum" | awk '{print $1}')
+          ARM64_DIGEST=$(curl -sL --fail "https://github.com/awslabs/soci-snapshotter/releases/download/${latest_tag}/soci-snapshotter-${latest_tag#v}-linux-arm64.tar.gz.sha256sum" | awk '{print $1}')
+          
+          cat > deps/soci.conf << EOF
+          VERSION=${latest_tag#v}
+          AMD64_SHA256_DIGEST=${AMD64_DIGEST}
+          ARM64_SHA256_DIGEST=${ARM64_DIGEST}
+          EOF
+
+      - name: Check for changes
+        id: changes
+        run: |
+          if git diff --quiet deps/soci.conf; then
+            echo "changed=false" >> $GITHUB_OUTPUT
+            echo "No changes detected in dependencies"
+            exit 0
+          else
+            echo "changed=true" >> $GITHUB_OUTPUT
+            echo "Changes detected in dependencies:"
+            git diff deps/soci.conf
+          fi
+
+      - name: Create or update PR
+        if: github.event_name != 'pull_request' && steps.changes.outputs.changed == 'true'
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          signoff: true
+          commit-message: 'chore: update SOCI Snapshotter'
+          title: 'chore: update SOCI Snapshotter'
+          body: |
+            This PR updates SOCI Snapshotter to the latest version
+            This is an automated update created by the dependency update workflow. Review the changes before approving.
+          branch: update-soci
+          delete-branch: true
diff --git a/deps/ecr-cred-helper.conf b/deps/ecr-cred-helper.conf
@@ -0,0 +1,3 @@
+VERSION=0.9.0
+AMD64_DIGEST=sha256:dd6bd933e439ddb33b9f005ad5575705a243d4e1e3d286b6c82928bcb70e949a
+ARM64_DIGEST=sha256:76aa3bb223d4e64dd4456376334273f27830c8d818efe278ab6ea81cb0844420
diff --git a/deps/soci.conf b/deps/soci.conf
@@ -0,0 +1,3 @@
+VERSION=0.11.1
+AMD64_SHA256_DIGEST=52d72692880150f974a48dbfa44bff01f1a3ba97815658cc16f835e5e7f96d49
+ARM64_SHA256_DIGEST=da055b182000dbac3e916a8c731cbc0d7a204791311260c94d960a1160d25b3e

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+VERSION=0.9.0`
	`2`	`+AMD64_DIGEST=sha256:dd6bd933e439ddb33b9f005ad5575705a243d4e1e3d286b6c82928bcb70e949a`
	`3`	`+ARM64_DIGEST=sha256:76aa3bb223d4e64dd4456376334273f27830c8d818efe278ab6ea81cb0844420`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+VERSION=0.11.1`
	`2`	`+AMD64_SHA256_DIGEST=52d72692880150f974a48dbfa44bff01f1a3ba97815658cc16f835e5e7f96d49`
	`3`	`+ARM64_SHA256_DIGEST=da055b182000dbac3e916a8c731cbc0d7a204791311260c94d960a1160d25b3e`