From 103eac905679334e5daa50110bcfe7fd17697a03 Mon Sep 17 00:00:00 2001 From: "A.J. Stein" Date: Sun, 21 Dec 2025 01:19:44 -0500 Subject: [PATCH 01/11] Add Dockerfiles for CI-based pre-built zip and full inline build --- Dockerfile.ci | 21 +++++++++++++++++++++ Dockerfile.local | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+) create mode 100644 Dockerfile.ci create mode 100644 Dockerfile.local diff --git a/Dockerfile.ci b/Dockerfile.ci new file mode 100644 index 000000000..922d04186 --- /dev/null +++ b/Dockerfile.ci @@ -0,0 +1,21 @@ +# syntax=docker/dockerfile:1 +ARG BUILDER_IMAGE=maven:3.9.9-eclipse-temurin-17 +ARG RUNNER_IMAGE=eclipse-temurin:17 + +FROM ${BUILDER_IMAGE} AS builder +RUN apt-get update && apt-get install -y unzip +COPY ./target/*metaschema-cli.zip /tmp/metaschema-cli.zip +WORKDIR /tmp +RUN unzip /tmp/metaschema-cli.zip -d /opt/metaschema-cli +RUN chmod +x /opt/metaschema-cli/bin/metaschema-cli + +FROM ${RUNNER_IMAGE} AS runner +COPY --from=builder /opt/metaschema-cli /opt/metaschema-cli +RUN groupadd -r oscalcli && \ + useradd -r -g oscalcli -s /bin/false oscalcli && \ + chown -R oscalcli:oscalcli /opt/metaschema-cli && \ + mkdir -p /app +WORKDIR /app +USER oscalcli +RUN /opt/metaschema-cli/bin/metaschema-cli --version +ENTRYPOINT [ "/opt/metaschema-cli/bin/metaschema-cli" ] diff --git a/Dockerfile.local b/Dockerfile.local new file mode 100644 index 000000000..8e3e24dca --- /dev/null +++ b/Dockerfile.local @@ -0,0 +1,48 @@ +# syntax=docker/dockerfile:1 +ARG BUILDER_IMAGE=maven:3.9.9-eclipse-temurin-17 +ARG RUNNER_IMAGE=eclipse-temurin:17 + +FROM ${BUILDER_IMAGE} AS builder +ARG BUILDER_JDK_VENDOR=temurin +ARG BUILDER_JDK_MAJOR_VERSION=17 +ARG BUILDER_JDK_HOME_PATH=/opt/java/openjdk +ADD . /usr/local/src +WORKDIR /usr/local/src +RUN apt-get update && apt-get install -y unzip +RUN < /root/.m2/toolchains.xml << XMLEOF + + + + jdk + + ${BUILDER_JDK_VENDOR} + ${BUILDER_JDK_MAJOR_VERSION} + + + ${BUILDER_JDK_HOME_PATH} + + + +XMLEOF +EOF +RUN mvn -B -e -Prelease package +RUN find /usr/local/src/target \ + -iname '*metaschema-cli.zip' \ + -exec cp {} /tmp/metaschema-cli.zip \; +RUN mkdir -p /opt/metaschema-cli +RUN unzip /tmp/metaschema-cli.zip -d /opt/metaschema-cli +RUN chmod +x /opt/metaschema-cli/bin/metaschema-cli + +FROM ${RUNNER_IMAGE} AS runner +COPY --from=builder /opt/metaschema-cli /opt/metaschema-cli +RUN groupadd -r oscalcli && \ + useradd -r -g oscalcli -s /bin/false oscalcli && \ + chown -R oscalcli:oscalcli /opt/metaschema-cli && \ + mkdir -p /app +WORKDIR /app +USER oscalcli +RUN /opt/metaschema-cli/bin/metaschema-cli --version +ENTRYPOINT [ "/opt/metaschema-cli/bin/metaschema-cli" ] + From 102010be47b536d59423f933e8ab633aa9df41ce Mon Sep 17 00:00:00 2001 From: "A.J. Stein" Date: Sun, 21 Dec 2025 01:21:34 -0500 Subject: [PATCH 02/11] Add container build workflow before piping into build one --- .github/workflows/container.yml | 92 +++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 .github/workflows/container.yml diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml new file mode 100644 index 000000000..8c898601f --- /dev/null +++ b/.github/workflows/container.yml @@ -0,0 +1,92 @@ +name: Build and Publish Container +on: + workflow_call: + inputs: + push: + description: 'Whether to push the container image to the registry' + required: false + default: false + type: boolean +env: + REGISTRY: ghcr.io + IMAGE_NAME: metaschema-framework/metaschema-cli + # Docs: github.com/docker/metadata-action/?tab=readme-ov-file#typesha + DOCKER_METADATA_PR_HEAD_SHA: true + # https://github.com/docker/metadata-action?tab=readme-ov-file#annotations + DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index +jobs: + build-container: + name: Build Image + runs-on: ubuntu-24.04 + permissions: + contents: read + packages: write + attestations: write + id-token: write + steps: + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 + with: + submodules: recursive + filter: tree:0 + - name: Download build zip + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 + with: + name: build_zip + path: ./target + - name: Container image QEMU setup for cross-arch builds + id: image_setup_qemu + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf + - name: Container image buildx setup for cross-arch builds + id: image_setup_buildx + uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db + with: + platforms: linux/amd64,linux/arm64/v8 + - name: Container image login + id: image_login + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Container image metadata and tag generation + id: image_metadata + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 + with: + images: + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=sha,prefix=,suffix=,format=long + type=ref,event=branch + type=ref,event=tag + type=ref,event=pr + flavor: | + latest=${{ github.ref == 'refs/heads/main' }} + annotations: | + maintainers="Metaschema Community Admin " + org.opencontainers.image.authors="Metaschema Community Admin " + org.opencontainers.image.documentation="https://metaschema.dev" + org.opencontainers.image.source="https://github.com/metaschema-framework/metaschema-java" + org.opencontainers.image.vendor="Metaschema Community" + org.opencontainers.image.title="metaschema-cli" + org.opencontainers.image.description="Metaschema-powered CLI tool" + org.opencontainers.image.licenses="CC0-1.0" + - if: inputs.push + name: Container image registry push + id: image_registry_push + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + with: + context: . + file: ./Dockerfile.ci + push: true + tags: ${{ steps.image_metadata.outputs.tags }} + labels: ${{ steps.image_metadata.outputs.labels }} + platforms: linux/amd64,linux/arm64/v8 + cache-from: type=gha + cache-to: type=gha,mode=max + - if: inputs.push + name: Container image push attestations + uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.image_registry_push.outputs.digest }} + push-to-registry: true From d68433b1972e67c2060f826ebde6abf8355b0924 Mon Sep 17 00:00:00 2001 From: "A.J. Stein" Date: Sun, 21 Dec 2025 01:34:16 -0500 Subject: [PATCH 03/11] Bring it altogether, plumb into build workflow --- .github/workflows/build.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5946cc299..f9cb6c8f7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -105,6 +105,22 @@ jobs: uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 with: upload: ${{ env.UPLOAD_CODEQL }} + - name: Upload build zip archive + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f + with: + name: build_zip + path: ./target/*metaschema-cli.zip + build-container: + name: Container + permissions: + contents: read + packages: write + attestations: write + id-token: write + needs: build-code + uses: ./.github/workflows/container.yml + with: + push: true build-website: name: Website runs-on: ubuntu-24.04 From 1c2d2965070ae208c347a03004048e46ade536bd Mon Sep 17 00:00:00 2001 From: "A.J. Stein" Date: Sun, 21 Dec 2025 01:51:45 -0500 Subject: [PATCH 04/11] Adjust paths for CLI package target subdir, not top-level dir --- .github/workflows/build.yml | 2 +- .github/workflows/container.yml | 2 +- Dockerfile.ci | 2 +- Dockerfile.local | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f9cb6c8f7..4ee1b0e22 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -109,7 +109,7 @@ jobs: uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f with: name: build_zip - path: ./target/*metaschema-cli.zip + path: ./metaschema-cli/target/*metaschema-cli.zip build-container: name: Container permissions: diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 8c898601f..1b9a564b0 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -32,7 +32,7 @@ jobs: uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 with: name: build_zip - path: ./target + path: ./metaschema-cli/target - name: Container image QEMU setup for cross-arch builds id: image_setup_qemu uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf diff --git a/Dockerfile.ci b/Dockerfile.ci index 922d04186..e1328df45 100644 --- a/Dockerfile.ci +++ b/Dockerfile.ci @@ -4,7 +4,7 @@ ARG RUNNER_IMAGE=eclipse-temurin:17 FROM ${BUILDER_IMAGE} AS builder RUN apt-get update && apt-get install -y unzip -COPY ./target/*metaschema-cli.zip /tmp/metaschema-cli.zip +COPY ./metaschema-cli/target/*metaschema-cli.zip /tmp/metaschema-cli.zip WORKDIR /tmp RUN unzip /tmp/metaschema-cli.zip -d /opt/metaschema-cli RUN chmod +x /opt/metaschema-cli/bin/metaschema-cli diff --git a/Dockerfile.local b/Dockerfile.local index 8e3e24dca..a90525998 100644 --- a/Dockerfile.local +++ b/Dockerfile.local @@ -28,7 +28,7 @@ cat > /root/.m2/toolchains.xml << XMLEOF XMLEOF EOF RUN mvn -B -e -Prelease package -RUN find /usr/local/src/target \ +RUN find /usr/local/src/metaschema-cli/target \ -iname '*metaschema-cli.zip' \ -exec cp {} /tmp/metaschema-cli.zip \; RUN mkdir -p /opt/metaschema-cli From 93c1c4edee73006fdd02fa03a88740966efc0d86 Mon Sep 17 00:00:00 2001 From: "A.J. Stein" Date: Sun, 21 Dec 2025 20:58:38 -0500 Subject: [PATCH 05/11] Add docs for CLI install methods, docker and all --- README.md | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/README.md b/README.md index 3213be39f..95aca2754 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,65 @@ git clone --recurse-submodules https://github.com/metaschema-framework/metaschem mvn install ``` +## Installing the CLI tool + +The maintainers provide developers of Metaschema-enabled tools a CLI tool from this repository to dynamically validate Metaschema models themselves, content based on developer-provided models, and format conversion for models and content between supported data formats (e.g. JSON, XML, and YAML). There are multiple ways to install this CLI tool. + +1. Build the project locally with Maven. +1. Download a developer snapshot from the Metaschema Framework repository for pre-release builds. +1. Download the official releases from the official Maven Central. +1. Download an OCI-conformant container image from the [GitHub Container Registry (ghcr.io)](https://ghcr.io) for use with `docker`, `podman`, Kubernetes, or other container orchestration platforms. + +### Build the project locally with Maven + +To build the project locally, follow the [instructions above](#building) that explain how to build and install project packages, including the CLI, with Maven (`mvn`). + +### Download pre-built snapshot release + +To download, unzip, and install a pre-built snapshot release (a developer build that is not an official release), please visit [the GitHub `metaschema-framework/maven2` repository](https://github.com/metaschema-framework/maven2/tree/main/dev/metaschema/java/metaschema-cli/) to download a `.bz2`, `.gz`, or `.zip` archive. + +```sh +# Download the zip archive to /tmp +cd /tmp +curl -L -O https://github.com/metaschema-framework/maven2/raw/refs/heads/main/dev/metaschema/java/metaschema-cli/3.0.0.M1-SNAPSHOT/metaschema-cli-3.0.0.M1-20251213.151427-29-metaschema-cli.zip +# Extract zip archive to /opt/metaschema-cli +# You might need sudo for permission to write files to this path +sudo unzip "/tmp/*metaschema-cli.zip" -d /opt/metaschema-cli +# Now add this installation directory to the path +export PATH="${PATH}:/opt/metaschema-cli" +# Run the CLI to test it is properly installed +metaschema-cli --version +``` + +### Download a pre-built official release from Maven Central + +You can also use Maven to download a pre-built official release from Maven Central using the Maven (`mvn`) CLI tool, unzipping the archive, and then adding that directory to your path. + +```sh +# Download the zip archive of the latest release to /tmp +mvn \ + org.apache.maven.plugins:maven-dependency-plugin:LATEST:copy \ + -DoutputDirectory=/tmp \ + -DremoteRepositories=https://repo1.maven.org/maven2 \ + -Dartifact=dev.metaschema.java:metaschema-cli:LATEST:zip:metaschema-cli +# Extract zip archive to /opt/metaschema-cli +# You might need sudo for permission to write files to this path +sudo unzip "/tmp/*metaschema-cli.zip" -d /opt/metaschema-cli +# Now add this installation directory to the path +export PATH="${PATH}:/opt/metaschema-cli" +# Run the CLI to test it is properly installed +metaschema-cli --version +``` + +### Download container image + +You can also download pre-release and official release versions of the CLI as an OCI-conformant image with `docker`, `podman`, or other tools. + +```sh +docker pull ghcr.io/metaschema-framework/metaschema-cli:latest +docker run -it ghcr.io/metaschema-framework/metaschema-cli:latest --version +``` + ## Relationship to prior work The contents of this repository is based on work from the [Metaschema Java repository](https://github.com/usnistgov/metaschema-java/) maintained by the National Institute of Standards and Technology (NIST), the [contents of which have been dedicated in the worldwide public domain](https://github.com/usnistgov/metaschema-java/blob/1a496e4bcf905add6b00a77a762ed3cc31bf77e6/LICENSE.md) using the [CC0 1.0 Universal](https://creativecommons.org/publicdomain/zero/1.0/) public domain dedication. This repository builds on this prior work, maintaining the [CCO license](https://github.com/metaschema-framework/metaschema-java/blob/main/LICENSE.md) on any new works in this repository. From 75a1f816f475d56dd371527d643b070541a87a89 Mon Sep 17 00:00:00 2001 From: "A.J. Stein" Date: Wed, 24 Dec 2025 13:06:32 -0500 Subject: [PATCH 06/11] Address @coderabbitai feedback, remove excess workflow job perms We do not really need id-token, so I will remove given feedback and research --- .github/workflows/build.yml | 1 - .github/workflows/container.yml | 1 - 2 files changed, 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4ee1b0e22..0de3fd1bd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -116,7 +116,6 @@ jobs: contents: read packages: write attestations: write - id-token: write needs: build-code uses: ./.github/workflows/container.yml with: diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 1b9a564b0..37d61538c 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -22,7 +22,6 @@ jobs: contents: read packages: write attestations: write - id-token: write steps: - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 with: From 45c5ad5d623df4ca0a6f6d042e20983ebc6462d8 Mon Sep 17 00:00:00 2001 From: "A.J. Stein" Date: Wed, 24 Dec 2025 13:07:48 -0500 Subject: [PATCH 07/11] Correct OCI image user oscalcli->metaschema --- Dockerfile.ci | 8 ++++---- Dockerfile.local | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Dockerfile.ci b/Dockerfile.ci index e1328df45..9c25b6ff4 100644 --- a/Dockerfile.ci +++ b/Dockerfile.ci @@ -11,11 +11,11 @@ RUN chmod +x /opt/metaschema-cli/bin/metaschema-cli FROM ${RUNNER_IMAGE} AS runner COPY --from=builder /opt/metaschema-cli /opt/metaschema-cli -RUN groupadd -r oscalcli && \ - useradd -r -g oscalcli -s /bin/false oscalcli && \ - chown -R oscalcli:oscalcli /opt/metaschema-cli && \ +RUN groupadd -r metaschema && \ + useradd -r -g metaschema -s /bin/false metaschema && \ + chown -R metaschema:metaschema /opt/metaschema-cli && \ mkdir -p /app WORKDIR /app -USER oscalcli +USER metaschema RUN /opt/metaschema-cli/bin/metaschema-cli --version ENTRYPOINT [ "/opt/metaschema-cli/bin/metaschema-cli" ] diff --git a/Dockerfile.local b/Dockerfile.local index a90525998..2157b776d 100644 --- a/Dockerfile.local +++ b/Dockerfile.local @@ -37,12 +37,12 @@ RUN chmod +x /opt/metaschema-cli/bin/metaschema-cli FROM ${RUNNER_IMAGE} AS runner COPY --from=builder /opt/metaschema-cli /opt/metaschema-cli -RUN groupadd -r oscalcli && \ - useradd -r -g oscalcli -s /bin/false oscalcli && \ - chown -R oscalcli:oscalcli /opt/metaschema-cli && \ +RUN groupadd -r metaschema && \ + useradd -r -g metaschema -s /bin/false metaschema && \ + chown -R metaschema:metaschema /opt/metaschema-cli && \ mkdir -p /app WORKDIR /app -USER oscalcli +USER metaschema RUN /opt/metaschema-cli/bin/metaschema-cli --version ENTRYPOINT [ "/opt/metaschema-cli/bin/metaschema-cli" ] From f8f607f4df5998103d2753408e2825bbf842ac24 Mon Sep 17 00:00:00 2001 From: "A.J. Stein" Date: Wed, 24 Dec 2025 13:31:36 -0500 Subject: [PATCH 08/11] Align README docs and OCI image build commands per @coderabbitai feedback --- Dockerfile.ci | 3 ++- Dockerfile.local | 5 +++-- README.md | 7 +++++-- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/Dockerfile.ci b/Dockerfile.ci index 9c25b6ff4..a20ad4659 100644 --- a/Dockerfile.ci +++ b/Dockerfile.ci @@ -14,7 +14,8 @@ COPY --from=builder /opt/metaschema-cli /opt/metaschema-cli RUN groupadd -r metaschema && \ useradd -r -g metaschema -s /bin/false metaschema && \ chown -R metaschema:metaschema /opt/metaschema-cli && \ - mkdir -p /app + mkdir -p /app && \ + chown metaschema:metaschema /app WORKDIR /app USER metaschema RUN /opt/metaschema-cli/bin/metaschema-cli --version diff --git a/Dockerfile.local b/Dockerfile.local index 2157b776d..c8465d98b 100644 --- a/Dockerfile.local +++ b/Dockerfile.local @@ -32,7 +32,7 @@ RUN find /usr/local/src/metaschema-cli/target \ -iname '*metaschema-cli.zip' \ -exec cp {} /tmp/metaschema-cli.zip \; RUN mkdir -p /opt/metaschema-cli -RUN unzip /tmp/metaschema-cli.zip -d /opt/metaschema-cli +RUN unzip /tmp/metaschema-cli-*-metaschema-cli.zip -d /opt/metaschema-cli RUN chmod +x /opt/metaschema-cli/bin/metaschema-cli FROM ${RUNNER_IMAGE} AS runner @@ -40,7 +40,8 @@ COPY --from=builder /opt/metaschema-cli /opt/metaschema-cli RUN groupadd -r metaschema && \ useradd -r -g metaschema -s /bin/false metaschema && \ chown -R metaschema:metaschema /opt/metaschema-cli && \ - mkdir -p /app + mkdir -p /app && \ + chown metaschema:metaschema /app WORKDIR /app USER metaschema RUN /opt/metaschema-cli/bin/metaschema-cli --version diff --git a/README.md b/README.md index 95aca2754..7df3bc1f1 100644 --- a/README.md +++ b/README.md @@ -61,12 +61,15 @@ To build the project locally, follow the [instructions above](#building) that ex To download, unzip, and install a pre-built snapshot release (a developer build that is not an official release), please visit [the GitHub `metaschema-framework/maven2` repository](https://github.com/metaschema-framework/maven2/tree/main/dev/metaschema/java/metaschema-cli/) to download a `.bz2`, `.gz`, or `.zip` archive. ```sh +# Visit https://github.com/metaschema-framework/maven2/commits/main/dev/metaschema/java/metaschema-cli +# Adjust the value for CURRENT_SNAPSHOT_PATH for most recently committed artifact by folder and file name. +export CURRENT_SNAPSHOT_PATH="3.0.0.M1-SNAPSHOT/metaschema-cli-3.0.0.M1-20251213.151427-29-metaschema-cli.zip" # Download the zip archive to /tmp cd /tmp -curl -L -O https://github.com/metaschema-framework/maven2/raw/refs/heads/main/dev/metaschema/java/metaschema-cli/3.0.0.M1-SNAPSHOT/metaschema-cli-3.0.0.M1-20251213.151427-29-metaschema-cli.zip +curl -L -O "https://github.com/metaschema-framework/maven2/raw/refs/heads/main/dev/metaschema/java/metaschema-cli/${CURRENT_SNAPSHOT_PATH}" # Extract zip archive to /opt/metaschema-cli # You might need sudo for permission to write files to this path -sudo unzip "/tmp/*metaschema-cli.zip" -d /opt/metaschema-cli +sudo unzip /tmp/metaschema-cli-*-metaschema-cli.zip -d /opt/metaschema-cli # Now add this installation directory to the path export PATH="${PATH}:/opt/metaschema-cli" # Run the CLI to test it is properly installed From 404d7298ce2a1a10c7bba2c97a851fc75efa4dea Mon Sep 17 00:00:00 2001 From: "A.J. Stein" Date: Wed, 24 Dec 2025 13:34:44 -0500 Subject: [PATCH 09/11] Revert "Address @coderabbitai feedback, remove excess workflow job perms" This reverts commit 0e19a6cbd4a69a675adb7eee355093d0f92113a4. --- .github/workflows/build.yml | 1 + .github/workflows/container.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0de3fd1bd..4ee1b0e22 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -116,6 +116,7 @@ jobs: contents: read packages: write attestations: write + id-token: write needs: build-code uses: ./.github/workflows/container.yml with: diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 37d61538c..1b9a564b0 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -22,6 +22,7 @@ jobs: contents: read packages: write attestations: write + id-token: write steps: - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 with: From 70ba8eb6f2a335ea1b13a802a54fbea5a096af80 Mon Sep 17 00:00:00 2001 From: "A.J. Stein" Date: Wed, 24 Dec 2025 14:03:33 -0500 Subject: [PATCH 10/11] Yet more path tuning recs from @coderabbitai --- Dockerfile.ci | 2 +- Dockerfile.local | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile.ci b/Dockerfile.ci index a20ad4659..a498f19ae 100644 --- a/Dockerfile.ci +++ b/Dockerfile.ci @@ -6,7 +6,7 @@ FROM ${BUILDER_IMAGE} AS builder RUN apt-get update && apt-get install -y unzip COPY ./metaschema-cli/target/*metaschema-cli.zip /tmp/metaschema-cli.zip WORKDIR /tmp -RUN unzip /tmp/metaschema-cli.zip -d /opt/metaschema-cli +RUN unzip /tmp/metaschema-cli-*-metaschema-cli.zip -d /opt/metaschema-cli RUN chmod +x /opt/metaschema-cli/bin/metaschema-cli FROM ${RUNNER_IMAGE} AS runner diff --git a/Dockerfile.local b/Dockerfile.local index c8465d98b..07a788a89 100644 --- a/Dockerfile.local +++ b/Dockerfile.local @@ -29,7 +29,7 @@ XMLEOF EOF RUN mvn -B -e -Prelease package RUN find /usr/local/src/metaschema-cli/target \ - -iname '*metaschema-cli.zip' \ + -iname 'metaschema-cli-*metaschema-cli.zip' \ -exec cp {} /tmp/metaschema-cli.zip \; RUN mkdir -p /opt/metaschema-cli RUN unzip /tmp/metaschema-cli-*-metaschema-cli.zip -d /opt/metaschema-cli From bad2c00afc926a63da69d4eebed8d184b8f30f05 Mon Sep 17 00:00:00 2001 From: "A.J. Stein" Date: Thu, 25 Dec 2025 11:41:34 -0500 Subject: [PATCH 11/11] Don't overgeneralize glob, correct bad tmp file subs --- Dockerfile.ci | 2 +- Dockerfile.local | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile.ci b/Dockerfile.ci index a498f19ae..a20ad4659 100644 --- a/Dockerfile.ci +++ b/Dockerfile.ci @@ -6,7 +6,7 @@ FROM ${BUILDER_IMAGE} AS builder RUN apt-get update && apt-get install -y unzip COPY ./metaschema-cli/target/*metaschema-cli.zip /tmp/metaschema-cli.zip WORKDIR /tmp -RUN unzip /tmp/metaschema-cli-*-metaschema-cli.zip -d /opt/metaschema-cli +RUN unzip /tmp/metaschema-cli.zip -d /opt/metaschema-cli RUN chmod +x /opt/metaschema-cli/bin/metaschema-cli FROM ${RUNNER_IMAGE} AS runner diff --git a/Dockerfile.local b/Dockerfile.local index 07a788a89..a2d7d0f37 100644 --- a/Dockerfile.local +++ b/Dockerfile.local @@ -32,7 +32,7 @@ RUN find /usr/local/src/metaschema-cli/target \ -iname 'metaschema-cli-*metaschema-cli.zip' \ -exec cp {} /tmp/metaschema-cli.zip \; RUN mkdir -p /opt/metaschema-cli -RUN unzip /tmp/metaschema-cli-*-metaschema-cli.zip -d /opt/metaschema-cli +RUN unzip /tmp/metaschema-cli.zip -d /opt/metaschema-cli RUN chmod +x /opt/metaschema-cli/bin/metaschema-cli FROM ${RUNNER_IMAGE} AS runner