Docker Login Improvements

Previously the Docker Login step in many of the workflows was executed
regardless of whether it was necessary.  This would have been find except that
the required secrets were not available in PRs from forks.  This change
removes the Docker Login steps from where it is not necessary and puts a guard
on its execution in workflows that are run as part of PRs.

Signed-off-by: Ben Hale <bhale@vmware.com>

.github/workflows/create-package.yml

@@ -9,7 +9,8 @@ jobs:
         runs-on:
             - ubuntu-latest
         steps:
-            - name: Docker login gcr.io
+            - if: ${{ github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork }}
+              name: Docker login gcr.io
               uses: docker/login-action@v1
               with:
                 password: ${{ secrets.JAVA_GCLOUD_SERVICE_ACCOUNT_KEY }}

.github/workflows/minimal-labels.yml

@@ -1,6 +1,6 @@
 name: Minimal Labels
 "on":
-    pull_request_target:
+    pull_request:
         types:
             - synchronize
             - reopened

.github/workflows/tests.yml

@@ -1,6 +1,6 @@
 name: Tests
 "on":
-    pull_request_target: {}
+    pull_request: {}
     push:
         branches:
             - main
@@ -10,7 +10,8 @@ jobs:
         runs-on:
             - ubuntu-latest
         steps:
-            - name: Docker login gcr.io
+            - if: ${{ github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork }}
+              name: Docker login gcr.io
               uses: docker/login-action@v1
               with:
                 password: ${{ secrets.JAVA_GCLOUD_SERVICE_ACCOUNT_KEY }}

.github/workflows/update-draft-release.yml

@@ -13,12 +13,6 @@ jobs:
               uses: release-drafter/release-drafter@v5
               env:
                 GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-            - name: Docker login gcr.io
-              uses: docker/login-action@v1
-              with:
-                password: ${{ secrets.JAVA_GCLOUD_SERVICE_ACCOUNT_KEY }}
-                registry: gcr.io
-                username: _json_key
             - uses: actions/checkout@v2
             - name: Install yj
               run: |
@@ -45,31 +39,55 @@ jobs:
 
                 set -euo pipefail
 
-                PAYLOAD=$(yj -tj < buildpack.toml | jq '{ primary: . }')
+                PAYLOAD="{}"
+
+                if [[ -e buildpack.toml ]]; then
+                  PAYLOAD=$(jq -n -r \
+                    --argjson PAYLOAD "${PAYLOAD}" \
+                    --argjson BUILDPACK "$(yj -tj < buildpack.toml)" \
+                      '$PAYLOAD | .primary = $BUILDPACK')
+                fi
+
+                if [[ -e builder.toml ]]; then
+                  PAYLOAD=$(jq -n -r \
+                    --argjson PAYLOAD "${PAYLOAD}" \
+                    --argjson BUILDER "$(yj -tj < builder.toml)" \
+                      '$PAYLOAD | .primary = $BUILDER')
+
+                  for BUILDPACK in $(
+                    jq -n -r \
+                      --argjson PAYLOAD "${PAYLOAD}" \
+                      '$PAYLOAD.primary.buildpacks[].image'
+                  ); do
+                    crane export "${BUILDPACK}" - | tar xf - --absolute-names  --strip-components 1 --wildcards "/cnb/buildpacks/*/*/buildpack.toml"
+                  done
+                fi
 
                 if [[ -e package.toml ]]; then
                   for PACKAGE in $(yj -t < package.toml | jq -r '.dependencies[].image'); do
-                    PAYLOAD=$(jq -n -r \
-                      --argjson PAYLOAD "${PAYLOAD}" \
-                      --argjson BUILDPACK "$(crane export "${PACKAGE}" - \
-                        | tar xOf - --absolute-names --wildcards "/cnb/buildpacks/*/*/buildpack.toml" \
-                        | yj -tj)" \
-                      '$PAYLOAD | .buildpacks += [ $BUILDPACK ]')
+                    crane export "${PACKAGE}" - | tar xf - --absolute-names  --strip-components 1 --wildcards "/cnb/buildpacks/*/*/buildpack.toml"
                   done
                 fi
 
+                while IFS= read -r -d '' FILE; do
+                  PAYLOAD=$(jq -n -r \
+                    --argjson PAYLOAD "${PAYLOAD}" \
+                    --argjson BUILDPACK "$(yj -tj < "${FILE}")" \
+                    '$PAYLOAD | .buildpacks += [ $BUILDPACK ]')
+                done < <(find buildpacks -name buildpack.toml -print0)
+
                 jq -n -r \
                   --argjson PAYLOAD "${PAYLOAD}" \
                   --arg RELEASE_NAME "${RELEASE_NAME}" \
-                  '"\($PAYLOAD.primary.buildpack.name) \($RELEASE_NAME)"' \
+                  '( select($PAYLOAD.primary.buildpack.name) | "\($PAYLOAD.primary.buildpack.name) \($RELEASE_NAME)" ) // "\($RELEASE_NAME)"' \
                   > "${HOME}"/name
 
                 jq -n -r \
                   --argjson PAYLOAD "${PAYLOAD}" \
                   --arg RELEASE_BODY "${RELEASE_BODY}" \
                   '
                 def id(b):
-                  "**ID**: `\(b.buildpack.id)`"
+                  select(b.buildpack.id) | "**ID**: `\(b.buildpack.id)`"
                 ;
 
                 def included_buildpackages(b): [
@@ -98,7 +116,7 @@ jobs:
                   "#### Dependencies:",
                   "Name | Version | SHA256",
                   ":--- | :------ | :-----",
-                  ( d | sort_by(.name | ascii_downcase) | map("\(.name) | `\(.version)` | `\(.sha256)`")),
+                  ( d | sort_by(.name // .id | ascii_downcase) | map("\(.name // .id) | `\(.version)` | `\(.sha256)`")),
                   ""
                 ];
 
@@ -109,7 +127,7 @@ jobs:
                   ( o | map([
                     "ID | Version | Optional",
                     ":- | :------ | :-------",
-                    ( .group | map([ "`\(.id)` | `\(.version)`", ( select(.optional) | "| `\(.optional)`" ) ] | join(" ")) ),
+                    ( .group | map([ "`\(.id)` | ", (select(.version) | "`\(.version)`"), ( select(.optional) | "| `\(.optional)`" ) ] | join(" ")) ),
                     ""
                   ])),
                   "</details>",