feat: add Zarf Flavors to support Iron Bank & upstream images (#63)

Adds zarf flavors for upstream images and IB. Includes refactoring of
zarf packages using composability to cleanup the config and keep things
dry and refactoring of the values files to image flavors specific +
common.

Both flavors deploy successfully on their respective architectures. On
arm64 (or at least darwin arm64) when using the registry1(x86) flavor it
fails at metrics server regarding the istio init container, which seems
to be an issue [emulating x86 on
mac](istio/istio#36762 (comment)).

Author: zachariahmiller

.github/actions/setup/action.yaml

@@ -1,6 +1,16 @@
 # action.yml
 name: "Setup Environment"
 description: "UDS Environment Setup"
+inputs:
+  gh_token:
+    description: 'GITHUB_TOKEN'
+    required: true
+  ib_user:
+    description: 'IRON_BANK_ROBOT_USERNAME'
+    required: true
+  ib_password:
+    description: 'IRON_BANK_ROBOT_PASSWORD'
+    required: true
 
 runs:
   using: "composite"
@@ -27,4 +37,21 @@ runs:
     - name: Install UDS CLI
       shell: bash
       # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
-      run: brew install defenseunicorns/tap/uds@0.5.3
+      run: brew install defenseunicorns/tap/uds@0.6.1
+
+    - name: Login to GHCR
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: dummy
+        password: ${{ inputs.gh_token }}
+
+    # Retries intermittent registry1 login action
+    - uses: Wandalen/wretry.action@v1
+      with:
+        attempt_limit: 3
+        action: docker/login-action@v3
+        with: |
+          registry: registry1.dso.mil
+          username: ${{ inputs.ib_user }}
+          password: ${{ inputs.ib_password }}

.github/workflows/pull-request-conditionals.yaml

@@ -15,9 +15,32 @@ defaults:
   run:
     shell: bash -e -o pipefail {0} # Ensures that scripts fail on error and pipefail is set.
 
+# Abort prior jobs in the same workflow / PR
+concurrency:
+  group: test-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
+  lint-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Use Node.js latest
+        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
+        with:
+          node-version: 20
+      - name: Set up Homebrew
+        uses: Homebrew/actions/setup-homebrew@master
+      - name: Install UDS CLI
+        shell: bash
+        # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
+        run: brew install defenseunicorns/tap/uds@0.6.1
+      - name: Run Formatting Checks
+        run: uds run lint-check
+
   # This job checks if there are changes in specific paths source packages.
   check-paths:
+    needs: lint-check
     runs-on: ubuntu-latest
     name: Select Jobs
     outputs:
@@ -41,7 +64,22 @@ jobs:
     strategy:
       matrix:
         package: ${{ fromJSON(needs.check-paths.outputs.packages) }}
+        flavor: [upstream, registry1]
     uses: ./.github/workflows/test.yaml
     with:
       package: ${{ matrix.package }}
+      flavor: ${{ matrix.flavor }}
+    secrets: inherit # Inherits all secrets from the parent workflow.
+
+  # This job triggers a separate workflow for each flavor core package.
+  run-package-upgrade-test:
+    needs: check-paths
+    name: Schedule
+    strategy:
+      matrix:
+        package: [all]
+        flavor: [upstream, registry1]
+    uses: ./.github/workflows/test-upgrade.yaml
+    with:
+      flavor: ${{ matrix.flavor }}
     secrets: inherit # Inherits all secrets from the parent workflow.