github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-15 08:02:31 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #11334 from kata-containers/remove-inherit-secrets

Browse Source 
workflows: Replace secrets: inherit
This commit is contained in:
Steve Horsman 2025-06-06 16:41:13 +01:00 committed by GitHub
commit 31a8944da1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
23 changed files with 249 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.github/workflows/build-kata-static-tarball-amd64.yaml vendored
View File

@ -20,6 +20,9 @@ on:
required: false required: false
type: string type: string
default: "" default: ""
secrets:
QUAY_DEPLOYER_PASSWORD:
required: false
permissions: permissions:
contents: read contents: read
@ -74,7 +77,7 @@ jobs:
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with: with:
registry: quay.io registry: quay.io
username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} username: ${{ vars.QUAY_DEPLOYER_USERNAME }}
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
- uses: actions/checkout@v4 - uses: actions/checkout@v4
@ -172,7 +175,7 @@ jobs:
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with: with:
registry: quay.io registry: quay.io
username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} username: ${{ vars.QUAY_DEPLOYER_USERNAME }}
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
- uses: actions/checkout@v4 - uses: actions/checkout@v4
@ -262,7 +265,7 @@ jobs:
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with: with:
registry: quay.io registry: quay.io
username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} username: ${{ vars.QUAY_DEPLOYER_USERNAME }}
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
- uses: actions/checkout@v4 - uses: actions/checkout@v4

9
.github/workflows/build-kata-static-tarball-arm64.yaml vendored
View File

@ -20,6 +20,9 @@ on:
required: false required: false
type: string type: string
default: "" default: ""
secrets:
QUAY_DEPLOYER_PASSWORD:
required: false
permissions: permissions:
contents: read contents: read
@ -55,7 +58,7 @@ jobs:
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with: with:
registry: quay.io registry: quay.io
username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} username: ${{ vars.QUAY_DEPLOYER_USERNAME }}
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
- uses: actions/checkout@v4 - uses: actions/checkout@v4
@ -148,7 +151,7 @@ jobs:
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with: with:
registry: quay.io registry: quay.io
username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} username: ${{ vars.QUAY_DEPLOYER_USERNAME }}
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
- uses: actions/checkout@v4 - uses: actions/checkout@v4
@ -234,7 +237,7 @@ jobs:
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with: with:
registry: quay.io registry: quay.io
username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} username: ${{ vars.QUAY_DEPLOYER_USERNAME }}
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
- uses: actions/checkout@v4 - uses: actions/checkout@v4

9
.github/workflows/build-kata-static-tarball-ppc64le.yaml vendored
View File

@ -20,6 +20,9 @@ on:
required: false required: false
type: string type: string
default: "" default: ""
secrets:
QUAY_DEPLOYER_PASSWORD:
required: true
permissions: permissions:
contents: read contents: read
@ -45,7 +48,7 @@ jobs:
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with: with:
registry: quay.io registry: quay.io
username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} username: ${{ vars.QUAY_DEPLOYER_USERNAME }}
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
- uses: actions/checkout@v4 - uses: actions/checkout@v4
@ -101,7 +104,7 @@ jobs:
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with: with:
registry: quay.io registry: quay.io
username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} username: ${{ vars.QUAY_DEPLOYER_USERNAME }}
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
- uses: actions/checkout@v4 - uses: actions/checkout@v4
@ -173,7 +176,7 @@ jobs:
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with: with:
registry: quay.io registry: quay.io
username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} username: ${{ vars.QUAY_DEPLOYER_USERNAME }}
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
- uses: actions/checkout@v4 - uses: actions/checkout@v4

5
.github/workflows/build-kata-static-tarball-riscv64.yaml vendored
View File

@ -20,6 +20,9 @@ on:
required: false required: false
type: string type: string
default: "" default: ""
secrets:
QUAY_DEPLOYER_PASSWORD:
required: true
permissions: permissions:
contents: read contents: read
@ -43,7 +46,7 @@ jobs:
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with: with:
registry: quay.io registry: quay.io
username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} username: ${{ vars.QUAY_DEPLOYER_USERNAME }}
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
- uses: actions/checkout@v4 - uses: actions/checkout@v4

12
.github/workflows/build-kata-static-tarball-s390x.yaml vendored
View File

@ -20,6 +20,12 @@ on:
required: false required: false
type: string type: string
default: "" default: ""
secrets:
CI_HKD_PATH:
required: true
QUAY_DEPLOYER_PASSWORD:
required: true
permissions: permissions:
contents: read contents: read
@ -50,7 +56,7 @@ jobs:
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with: with:
registry: quay.io registry: quay.io
username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} username: ${{ vars.QUAY_DEPLOYER_USERNAME }}
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
- uses: actions/checkout@v4 - uses: actions/checkout@v4
@ -131,7 +137,7 @@ jobs:
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with: with:
registry: quay.io registry: quay.io
username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} username: ${{ vars.QUAY_DEPLOYER_USERNAME }}
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
- uses: actions/checkout@v4 - uses: actions/checkout@v4
@ -253,7 +259,7 @@ jobs:
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with: with:
registry: quay.io registry: quay.io
username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} username: ${{ vars.QUAY_DEPLOYER_USERNAME }}
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
- uses: actions/checkout@v4 - uses: actions/checkout@v4

8
.github/workflows/ci-coco-stability.yaml vendored
View File

@ -24,4 +24,10 @@ jobs:
pr-number: "weekly" pr-number: "weekly"
tag: ${{ github.sha }}-weekly tag: ${{ github.sha }}-weekly
target-branch: ${{ github.ref_name }} target-branch: ${{ github.ref_name }}
secrets: inherit secrets:
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
AZ_APPID: ${{ secrets.AZ_APPID }}
AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }}
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}

11
.github/workflows/ci-devel.yaml vendored
View File

@ -18,7 +18,16 @@ jobs:
pr-number: "dev" pr-number: "dev"
tag: ${{ github.sha }}-dev tag: ${{ github.sha }}-dev
target-branch: ${{ github.ref_name }} target-branch: ${{ github.ref_name }}
secrets: inherit
secrets:
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
AZ_APPID: ${{ secrets.AZ_APPID }}
AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }}
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
ITA_KEY: ${{ secrets.ITA_KEY }}
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
build-checks: build-checks:
uses: ./.github/workflows/build-checks.yaml uses: ./.github/workflows/build-checks.yaml

10
.github/workflows/ci-nightly.yaml vendored
View File

@ -23,4 +23,12 @@ jobs:
pr-number: "nightly" pr-number: "nightly"
tag: ${{ github.sha }}-nightly tag: ${{ github.sha }}-nightly
target-branch: ${{ github.ref_name }} target-branch: ${{ github.ref_name }}
secrets: inherit secrets:
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
AZ_APPID: ${{ secrets.AZ_APPID }}
AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }}
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
ITA_KEY: ${{ secrets.ITA_KEY }}
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}

10
.github/workflows/ci-on-push.yaml vendored
View File

@ -44,4 +44,12 @@ jobs:
tag: ${{ github.event.pull_request.number }}-${{ github.event.pull_request.head.sha }} tag: ${{ github.event.pull_request.number }}-${{ github.event.pull_request.head.sha }}
target-branch: ${{ github.event.pull_request.base.ref }} target-branch: ${{ github.event.pull_request.base.ref }}
skip-test: ${{ needs.skipper.outputs.skip_test }} skip-test: ${{ needs.skipper.outputs.skip_test }}
secrets: inherit secrets:
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
AZ_APPID: ${{ secrets.AZ_APPID }}
AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }}
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
ITA_KEY: ${{ secrets.ITA_KEY }}
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}

24
.github/workflows/ci-weekly.yaml vendored
View File

@ -15,6 +15,20 @@ on:
required: false required: false
type: string type: string
default: "" default: ""
secrets:
AUTHENTICATED_IMAGE_PASSWORD:
required: true
AZ_APPID:
required: true
AZ_PASSWORD:
required: true
AZ_TENANT_ID:
required: true
AZ_SUBSCRIPTION_ID:
required: true
QUAY_DEPLOYER_PASSWORD:
required: true
permissions: permissions:
contents: read contents: read
@ -47,7 +61,8 @@ jobs:
target-branch: ${{ inputs.target-branch }} target-branch: ${{ inputs.target-branch }}
runner: ubuntu-22.04 runner: ubuntu-22.04
arch: amd64 arch: amd64
secrets: inherit secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
build-and-publish-tee-confidential-unencrypted-image: build-and-publish-tee-confidential-unencrypted-image:
permissions: permissions:
@ -100,4 +115,9 @@ jobs:
pr-number: ${{ inputs.pr-number }} pr-number: ${{ inputs.pr-number }}
target-branch: ${{ inputs.target-branch }} target-branch: ${{ inputs.target-branch }}
tarball-suffix: -${{ inputs.tag }} tarball-suffix: -${{ inputs.tag }}
secrets: inherit secrets:
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
AZ_APPID: ${{ secrets.AZ_APPID }}
AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }}
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}

57
.github/workflows/ci.yaml vendored
View File

@ -19,6 +19,24 @@ on:
required: false required: false
type: string type: string
default: no default: no
secrets:
AUTHENTICATED_IMAGE_PASSWORD:
required: true
AZ_APPID:
required: true
AZ_PASSWORD:
required: true
AZ_TENANT_ID:
required: true
AZ_SUBSCRIPTION_ID:
required: true
CI_HKD_PATH:
required: true
ITA_KEY:
required: true
QUAY_DEPLOYER_PASSWORD:
required: true
permissions: permissions:
contents: read contents: read
@ -51,7 +69,8 @@ jobs:
target-branch: ${{ inputs.target-branch }} target-branch: ${{ inputs.target-branch }}
runner: ubuntu-22.04 runner: ubuntu-22.04
arch: amd64 arch: amd64
secrets: inherit secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
build-kata-static-tarball-arm64: build-kata-static-tarball-arm64:
permissions: permissions:
@ -80,7 +99,8 @@ jobs:
target-branch: ${{ inputs.target-branch }} target-branch: ${{ inputs.target-branch }}
runner: ubuntu-22.04-arm runner: ubuntu-22.04-arm
arch: arm64 arch: arm64
secrets: inherit secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
build-kata-static-tarball-s390x: build-kata-static-tarball-s390x:
permissions: permissions:
@ -93,7 +113,9 @@ jobs:
tarball-suffix: -${{ inputs.tag }} tarball-suffix: -${{ inputs.tag }}
commit-hash: ${{ inputs.commit-hash }} commit-hash: ${{ inputs.commit-hash }}
target-branch: ${{ inputs.target-branch }} target-branch: ${{ inputs.target-branch }}
secrets: inherit secrets:
CI_HKD_PATH: ${{ secrets.ci_hkd_path }}
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
build-kata-static-tarball-ppc64le: build-kata-static-tarball-ppc64le:
permissions: permissions:
@ -104,6 +126,8 @@ jobs:
tarball-suffix: -${{ inputs.tag }} tarball-suffix: -${{ inputs.tag }}
commit-hash: ${{ inputs.commit-hash }} commit-hash: ${{ inputs.commit-hash }}
target-branch: ${{ inputs.target-branch }} target-branch: ${{ inputs.target-branch }}
secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
build-kata-static-tarball-riscv64: build-kata-static-tarball-riscv64:
permissions: permissions:
@ -116,7 +140,8 @@ jobs:
tarball-suffix: -${{ inputs.tag }} tarball-suffix: -${{ inputs.tag }}
commit-hash: ${{ inputs.commit-hash }} commit-hash: ${{ inputs.commit-hash }}
target-branch: ${{ inputs.target-branch }} target-branch: ${{ inputs.target-branch }}
secrets: inherit secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
publish-kata-deploy-payload-s390x: publish-kata-deploy-payload-s390x:
needs: build-kata-static-tarball-s390x needs: build-kata-static-tarball-s390x
@ -133,7 +158,8 @@ jobs:
target-branch: ${{ inputs.target-branch }} target-branch: ${{ inputs.target-branch }}
runner: s390x runner: s390x
arch: s390x arch: s390x
secrets: inherit secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
publish-kata-deploy-payload-ppc64le: publish-kata-deploy-payload-ppc64le:
needs: build-kata-static-tarball-ppc64le needs: build-kata-static-tarball-ppc64le
@ -150,7 +176,8 @@ jobs:
target-branch: ${{ inputs.target-branch }} target-branch: ${{ inputs.target-branch }}
runner: ppc64le runner: ppc64le
arch: ppc64le arch: ppc64le
secrets: inherit secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
build-and-publish-tee-confidential-unencrypted-image: build-and-publish-tee-confidential-unencrypted-image:
permissions: permissions:
@ -266,7 +293,11 @@ jobs:
commit-hash: ${{ inputs.commit-hash }} commit-hash: ${{ inputs.commit-hash }}
pr-number: ${{ inputs.pr-number }} pr-number: ${{ inputs.pr-number }}
target-branch: ${{ inputs.target-branch }} target-branch: ${{ inputs.target-branch }}
secrets: inherit secrets:
AZ_APPID: ${{ secrets.AZ_APPID }}
AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }}
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
run-k8s-tests-on-amd64: run-k8s-tests-on-amd64:
if: ${{ inputs.skip-test != 'yes' }} if: ${{ inputs.skip-test != 'yes' }}
@ -279,7 +310,6 @@ jobs:
commit-hash: ${{ inputs.commit-hash }} commit-hash: ${{ inputs.commit-hash }}
pr-number: ${{ inputs.pr-number }} pr-number: ${{ inputs.pr-number }}
target-branch: ${{ inputs.target-branch }} target-branch: ${{ inputs.target-branch }}
secrets: inherit
run-k8s-tests-on-arm64: run-k8s-tests-on-arm64:
if: ${{ inputs.skip-test != 'yes' }} if: ${{ inputs.skip-test != 'yes' }}
@ -308,7 +338,13 @@ jobs:
commit-hash: ${{ inputs.commit-hash }} commit-hash: ${{ inputs.commit-hash }}
pr-number: ${{ inputs.pr-number }} pr-number: ${{ inputs.pr-number }}
target-branch: ${{ inputs.target-branch }} target-branch: ${{ inputs.target-branch }}
secrets: inherit secrets:
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
AZ_APPID: ${{ secrets.AZ_APPID }}
AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }}
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
ITA_KEY: ${{ secrets.ITA_KEY }}
run-k8s-tests-on-zvsi: run-k8s-tests-on-zvsi:
if: ${{ inputs.skip-test != 'yes' }} if: ${{ inputs.skip-test != 'yes' }}
@ -321,7 +357,8 @@ jobs:
commit-hash: ${{ inputs.commit-hash }} commit-hash: ${{ inputs.commit-hash }}
pr-number: ${{ inputs.pr-number }} pr-number: ${{ inputs.pr-number }}
target-branch: ${{ inputs.target-branch }} target-branch: ${{ inputs.target-branch }}
secrets: inherit secrets:
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
run-k8s-tests-on-ppc64le: run-k8s-tests-on-ppc64le:
if: ${{ inputs.skip-test != 'yes' }} if: ${{ inputs.skip-test != 'yes' }}

27
.github/workflows/payload-after-push.yaml vendored
View File

@ -23,7 +23,8 @@ jobs:
commit-hash: ${{ github.sha }} commit-hash: ${{ github.sha }}
push-to-registry: yes push-to-registry: yes
target-branch: ${{ github.ref_name }} target-branch: ${{ github.ref_name }}
secrets: inherit secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
build-assets-arm64: build-assets-arm64:
permissions: permissions:
@ -36,7 +37,8 @@ jobs:
commit-hash: ${{ github.sha }} commit-hash: ${{ github.sha }}
push-to-registry: yes push-to-registry: yes
target-branch: ${{ github.ref_name }} target-branch: ${{ github.ref_name }}
secrets: inherit secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
build-assets-s390x: build-assets-s390x:
permissions: permissions:
@ -49,7 +51,9 @@ jobs:
commit-hash: ${{ github.sha }} commit-hash: ${{ github.sha }}
push-to-registry: yes push-to-registry: yes
target-branch: ${{ github.ref_name }} target-branch: ${{ github.ref_name }}
secrets: inherit secrets:
CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
build-assets-ppc64le: build-assets-ppc64le:
permissions: permissions:
@ -60,7 +64,8 @@ jobs:
commit-hash: ${{ github.sha }} commit-hash: ${{ github.sha }}
push-to-registry: yes push-to-registry: yes
target-branch: ${{ github.ref_name }} target-branch: ${{ github.ref_name }}
secrets: inherit secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
publish-kata-deploy-payload-amd64: publish-kata-deploy-payload-amd64:
needs: build-assets-amd64 needs: build-assets-amd64
@ -76,7 +81,8 @@ jobs:
target-branch: ${{ github.ref_name }} target-branch: ${{ github.ref_name }}
runner: ubuntu-22.04 runner: ubuntu-22.04
arch: amd64 arch: amd64
secrets: inherit secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
publish-kata-deploy-payload-arm64: publish-kata-deploy-payload-arm64:
needs: build-assets-arm64 needs: build-assets-arm64
@ -92,7 +98,8 @@ jobs:
target-branch: ${{ github.ref_name }} target-branch: ${{ github.ref_name }}
runner: ubuntu-22.04-arm runner: ubuntu-22.04-arm
arch: arm64 arch: arm64
secrets: inherit secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
publish-kata-deploy-payload-s390x: publish-kata-deploy-payload-s390x:
needs: build-assets-s390x needs: build-assets-s390x
@ -108,7 +115,8 @@ jobs:
target-branch: ${{ github.ref_name }} target-branch: ${{ github.ref_name }}
runner: s390x runner: s390x
arch: s390x arch: s390x
secrets: inherit secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
publish-kata-deploy-payload-ppc64le: publish-kata-deploy-payload-ppc64le:
needs: build-assets-ppc64le needs: build-assets-ppc64le
@ -124,7 +132,8 @@ jobs:
target-branch: ${{ github.ref_name }} target-branch: ${{ github.ref_name }}
runner: ppc64le runner: ppc64le
arch: ppc64le arch: ppc64le
secrets: inherit secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
publish-manifest: publish-manifest:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
@ -140,7 +149,7 @@ jobs:
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with: with:
registry: quay.io registry: quay.io
username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} username: ${{ vars.QUAY_DEPLOYER_USERNAME }}
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
- name: Push multi-arch manifest - name: Push multi-arch manifest

5
.github/workflows/publish-kata-deploy-payload.yaml vendored
View File

@ -30,6 +30,9 @@ on:
description: The arch of the tarball. description: The arch of the tarball.
required: true required: true
type: string type: string
secrets:
QUAY_DEPLOYER_PASSWORD:
required: true
permissions: permissions:
contents: read contents: read
@ -62,7 +65,7 @@ jobs:
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with: with:
registry: quay.io registry: quay.io
username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} username: ${{ vars.QUAY_DEPLOYER_USERNAME }}
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
- name: Login to Kata Containers ghcr.io - name: Login to Kata Containers ghcr.io

8
.github/workflows/release-amd64.yaml vendored
View File

@ -5,6 +5,9 @@ on:
target-arch: target-arch:
required: true required: true
type: string type: string
secrets:
QUAY_DEPLOYER_PASSWORD:
required: true
permissions: permissions:
contents: read contents: read
@ -15,7 +18,8 @@ jobs:
with: with:
push-to-registry: yes push-to-registry: yes
stage: release stage: release
secrets: inherit secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
kata-deploy: kata-deploy:
needs: build-kata-static-tarball-amd64 needs: build-kata-static-tarball-amd64
@ -35,7 +39,7 @@ jobs:
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with: with:
registry: quay.io registry: quay.io
username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} username: ${{ vars.QUAY_DEPLOYER_USERNAME }}
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
- uses: actions/checkout@v4 - uses: actions/checkout@v4

8
.github/workflows/release-arm64.yaml vendored
View File

@ -5,6 +5,9 @@ on:
target-arch: target-arch:
required: true required: true
type: string type: string
secrets:
QUAY_DEPLOYER_PASSWORD:
required: true
permissions: permissions:
contents: read contents: read
@ -15,7 +18,8 @@ jobs:
with: with:
push-to-registry: yes push-to-registry: yes
stage: release stage: release
secrets: inherit secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
kata-deploy: kata-deploy:
needs: build-kata-static-tarball-arm64 needs: build-kata-static-tarball-arm64
@ -35,7 +39,7 @@ jobs:
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with: with:
registry: quay.io registry: quay.io
username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} username: ${{ vars.QUAY_DEPLOYER_USERNAME }}
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
- uses: actions/checkout@v4 - uses: actions/checkout@v4

8
.github/workflows/release-ppc64le.yaml vendored
View File

@ -5,6 +5,9 @@ on:
target-arch: target-arch:
required: true required: true
type: string type: string
secrets:
QUAY_DEPLOYER_PASSWORD:
required: true
permissions: permissions:
contents: read contents: read
@ -15,7 +18,8 @@ jobs:
with: with:
push-to-registry: yes push-to-registry: yes
stage: release stage: release
secrets: inherit secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
kata-deploy: kata-deploy:
needs: build-kata-static-tarball-ppc64le needs: build-kata-static-tarball-ppc64le
@ -35,7 +39,7 @@ jobs:
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with: with:
registry: quay.io registry: quay.io
username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} username: ${{ vars.QUAY_DEPLOYER_USERNAME }}
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
- uses: actions/checkout@v4 - uses: actions/checkout@v4

12
.github/workflows/release-s390x.yaml vendored
View File

@ -5,6 +5,11 @@ on:
target-arch: target-arch:
required: true required: true
type: string type: string
secrets:
CI_HKD_PATH:
required: true
QUAY_DEPLOYER_PASSWORD:
required: true
permissions: permissions:
contents: read contents: read
@ -15,7 +20,10 @@ jobs:
with: with:
push-to-registry: yes push-to-registry: yes
stage: release stage: release
secrets: inherit secrets:
CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
kata-deploy: kata-deploy:
needs: build-kata-static-tarball-s390x needs: build-kata-static-tarball-s390x
@ -35,7 +43,7 @@ jobs:
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with: with:
registry: quay.io registry: quay.io
username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} username: ${{ vars.QUAY_DEPLOYER_USERNAME }}
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
- uses: actions/checkout@v4 - uses: actions/checkout@v4

17
.github/workflows/release.yaml vendored
View File

@ -30,7 +30,8 @@ jobs:
uses: ./.github/workflows/release-amd64.yaml uses: ./.github/workflows/release-amd64.yaml
with: with:
target-arch: amd64 target-arch: amd64
secrets: inherit secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
build-and-push-assets-arm64: build-and-push-assets-arm64:
needs: release needs: release
@ -42,7 +43,8 @@ jobs:
uses: ./.github/workflows/release-arm64.yaml uses: ./.github/workflows/release-arm64.yaml
with: with:
target-arch: arm64 target-arch: arm64
secrets: inherit secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
build-and-push-assets-s390x: build-and-push-assets-s390x:
needs: release needs: release
@ -54,7 +56,9 @@ jobs:
uses: ./.github/workflows/release-s390x.yaml uses: ./.github/workflows/release-s390x.yaml
with: with:
target-arch: s390x target-arch: s390x
secrets: inherit secrets:
CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
build-and-push-assets-ppc64le: build-and-push-assets-ppc64le:
needs: release needs: release
@ -64,7 +68,8 @@ jobs:
uses: ./.github/workflows/release-ppc64le.yaml uses: ./.github/workflows/release-ppc64le.yaml
with: with:
target-arch: ppc64le target-arch: ppc64le
secrets: inherit secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
publish-multi-arch-images: publish-multi-arch-images:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
@ -84,7 +89,7 @@ jobs:
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with: with:
registry: quay.io registry: quay.io
username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} username: ${{ vars.QUAY_DEPLOYER_USERNAME }}
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
- name: Get the image tags - name: Get the image tags
@ -216,7 +221,7 @@ jobs:
- name: Login to the OCI registries - name: Login to the OCI registries
run: | run: |
echo "${{ secrets.QUAY_DEPLOYER_PASSWORD }}" | helm registry login quay.io --username "${{ secrets.QUAY_DEPLOYER_USERNAME }}" --password-stdin echo "${{ secrets.QUAY_DEPLOYER_PASSWORD }}" | helm registry login quay.io --username "${{ vars.QUAY_DEPLOYER_USERNAME }}" --password-stdin
echo "${{ github.token }}" | helm registry login ghcr.io --username "${{ github.actor }}" --password-stdin echo "${{ github.token }}" | helm registry login ghcr.io --username "${{ github.actor }}" --password-stdin
- name: Push helm chart to the OCI registries - name: Push helm chart to the OCI registries

11
.github/workflows/run-k8s-tests-on-aks.yaml vendored
View File

@ -24,6 +24,17 @@ on:
required: false required: false
type: string type: string
default: "" default: ""
secrets:
AZ_APPID:
required: true
AZ_PASSWORD:
required: true
AZ_TENANT_ID:
required: true
AZ_SUBSCRIPTION_ID:
required: true
permissions: permissions:
contents: read contents: read

5
.github/workflows/run-k8s-tests-on-zvsi.yaml vendored
View File

@ -21,6 +21,9 @@ on:
required: false required: false
type: string type: string
default: "" default: ""
secrets:
AUTHENTICATED_IMAGE_PASSWORD:
required: true
permissions: permissions:
contents: read contents: read
@ -75,7 +78,7 @@ jobs:
SNAPSHOTTER: ${{ matrix.snapshotter }} SNAPSHOTTER: ${{ matrix.snapshotter }}
USING_NFD: ${{ matrix.using-nfd }} USING_NFD: ${{ matrix.using-nfd }}
TARGET_ARCH: "s390x" TARGET_ARCH: "s390x"
AUTHENTICATED_IMAGE_USER: ${{ secrets.AUTHENTICATED_IMAGE_USER }} AUTHENTICATED_IMAGE_USER: ${{ vars.AUTHENTICATED_IMAGE_USER }}
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }} AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4

14
.github/workflows/run-kata-coco-stability-tests.yaml vendored
View File

@ -24,6 +24,18 @@ on:
tarball-suffix: tarball-suffix:
required: false required: false
type: string type: string
secrets:
AZ_APPID:
required: true
AZ_PASSWORD:
required: true
AZ_TENANT_ID:
required: true
AZ_SUBSCRIPTION_ID:
required: true
AUTHENTICATED_IMAGE_PASSWORD:
required: true
permissions: permissions:
contents: read contents: read
@ -53,7 +65,7 @@ jobs:
KBS_INGRESS: "aks" KBS_INGRESS: "aks"
KUBERNETES: "vanilla" KUBERNETES: "vanilla"
PULL_TYPE: ${{ matrix.pull-type }} PULL_TYPE: ${{ matrix.pull-type }}
AUTHENTICATED_IMAGE_USER: ${{ secrets.AUTHENTICATED_IMAGE_USER }} AUTHENTICATED_IMAGE_USER: ${{ vars.AUTHENTICATED_IMAGE_USER }}
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }} AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
SNAPSHOTTER: ${{ matrix.snapshotter }} SNAPSHOTTER: ${{ matrix.snapshotter }}
USING_NFD: "false" USING_NFD: "false"

19
.github/workflows/run-kata-coco-tests.yaml vendored
View File

@ -24,6 +24,19 @@ on:
required: false required: false
type: string type: string
default: "" default: ""
secrets:
AUTHENTICATED_IMAGE_PASSWORD:
required: true
AZ_APPID:
required: true
AZ_PASSWORD:
required: true
AZ_TENANT_ID:
required: true
AZ_SUBSCRIPTION_ID:
required: true
ITA_KEY:
required: true
permissions: permissions:
contents: read contents: read
@ -53,7 +66,7 @@ jobs:
KBS_INGRESS: "nodeport" KBS_INGRESS: "nodeport"
SNAPSHOTTER: ${{ matrix.snapshotter }} SNAPSHOTTER: ${{ matrix.snapshotter }}
PULL_TYPE: ${{ matrix.pull-type }} PULL_TYPE: ${{ matrix.pull-type }}
AUTHENTICATED_IMAGE_USER: ${{ secrets.AUTHENTICATED_IMAGE_USER }} AUTHENTICATED_IMAGE_USER: ${{ vars.AUTHENTICATED_IMAGE_USER }}
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }} AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
ITA_KEY: ${{ secrets.ITA_KEY }} ITA_KEY: ${{ secrets.ITA_KEY }}
AUTO_GENERATE_POLICY: "yes" AUTO_GENERATE_POLICY: "yes"
@ -139,7 +152,7 @@ jobs:
K8S_TEST_HOST_TYPE: "baremetal" K8S_TEST_HOST_TYPE: "baremetal"
SNAPSHOTTER: ${{ matrix.snapshotter }} SNAPSHOTTER: ${{ matrix.snapshotter }}
PULL_TYPE: ${{ matrix.pull-type }} PULL_TYPE: ${{ matrix.pull-type }}
AUTHENTICATED_IMAGE_USER: ${{ secrets.AUTHENTICATED_IMAGE_USER }} AUTHENTICATED_IMAGE_USER: ${{ vars.AUTHENTICATED_IMAGE_USER }}
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }} AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
AUTO_GENERATE_POLICY: "yes" AUTO_GENERATE_POLICY: "yes"
steps: steps:
@ -222,7 +235,7 @@ jobs:
KBS_INGRESS: "aks" KBS_INGRESS: "aks"
KUBERNETES: "vanilla" KUBERNETES: "vanilla"
PULL_TYPE: ${{ matrix.pull-type }} PULL_TYPE: ${{ matrix.pull-type }}
AUTHENTICATED_IMAGE_USER: ${{ secrets.AUTHENTICATED_IMAGE_USER }} AUTHENTICATED_IMAGE_USER: ${{ vars.AUTHENTICATED_IMAGE_USER }}
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }} AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
SNAPSHOTTER: ${{ matrix.snapshotter }} SNAPSHOTTER: ${{ matrix.snapshotter }}
# Caution: current ingress controller used to expose the KBS service # Caution: current ingress controller used to expose the KBS service

9
.github/workflows/run-kata-deploy-tests-on-aks.yaml vendored
View File

@ -21,6 +21,15 @@ on:
required: false required: false
type: string type: string
default: "" default: ""
secrets:
AZ_APPID:
required: true
AZ_PASSWORD:
required: true
AZ_TENANT_ID:
required: true
AZ_SUBSCRIPTION_ID:
required: true
permissions: permissions:
contents: read contents: read