diff --git a/.github/workflows/cc-payload-after-push.yaml b/.github/workflows/cc-payload-after-push.yaml new file mode 100644 index 0000000000..7d3f78abfe --- /dev/null +++ b/.github/workflows/cc-payload-after-push.yaml @@ -0,0 +1,87 @@ +name: CI | Publish Kata Containers payload for Confidential Containers +on: + push: + branches: + - CCv0 + +jobs: + build-asset: + runs-on: ubuntu-latest + strategy: + matrix: + asset: + - cc-cloud-hypervisor + - cc-kernel + - cc-qemu + - cc-rootfs-image + - cc-shim-v2 + - cc-virtiofsd + - cc-sev-kernel + - cc-sev-ovmf + - cc-sev-rootfs-initrd + - cc-tdx-kernel + - cc-tdx-qemu + - cc-tdx-td-shim + - cc-tdx-tdvf + steps: + - uses: actions/checkout@v3 + - name: Build ${{ matrix.asset }} + run: | + make "${KATA_ASSET}-tarball" + build_dir=$(readlink -f build) + # store-artifact does not work with symlink + sudo cp -r "${build_dir}" "kata-build" + env: + KATA_ASSET: ${{ matrix.asset }} + TAR_OUTPUT: ${{ matrix.asset }}.tar.gz + + - name: store-artifact ${{ matrix.asset }} + uses: actions/upload-artifact@v3 + with: + name: kata-artifacts + path: kata-build/kata-static-${{ matrix.asset }}.tar.xz + retention-days: 1 + if-no-files-found: error + + create-kata-tarball: + runs-on: ubuntu-latest + needs: build-asset + steps: + - uses: actions/checkout@v3 + - name: get-artifacts + uses: actions/download-artifact@v3 + with: + name: kata-artifacts + path: kata-artifacts + - name: merge-artifacts + run: | + ./tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh kata-artifacts + - name: store-artifacts + uses: actions/upload-artifact@v3 + with: + name: kata-static-tarball + path: kata-static.tar.xz + retention-days: 1 + if-no-files-found: error + + kata-payload: + needs: create-kata-tarball + runs-on: ubuntu-latest + steps: + - name: Login to quay.io + uses: docker/login-action@v2 + with: + registry: quay.io + username: ${{ secrets.COCO_QUAY_DEPLOYER_USERNAME }} + password: ${{ secrets.COCO_QUAY_DEPLOYER_PASSWORD }} + + - uses: actions/checkout@v3 + - name: get-kata-tarball + uses: actions/download-artifact@v3 + with: + name: kata-static-tarball + + - name: build-and-push-kata-payload + id: build-and-push-kata-payload + run: | + ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh $(pwd)/kata-static.tar.xz "quay.io/repository/confidential-containers/runtime-payload-ci" "kata-containers-latest" diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh index 917864249a..4e0d2393c4 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh @@ -5,20 +5,32 @@ # SPDX-License-Identifier: Apache-2.0 # -KATA_DEPLOY_DIR="`dirname $0`/../../kata-deploy-cc" +KATA_DEPLOY_DIR="`dirname ${0}`/../../kata-deploy-cc" KATA_DEPLOY_ARTIFACT="${1:-"kata-static.tar.xz"}" +REGISTRY="${2:-"quay.io/confidential-containers/runtime-payload"}" +TAG="${3:-}" -echo "Copying $KATA_DEPLOY_ARTIFACT to $KATA_DEPLOY_DIR" -cp $KATA_DEPLOY_ARTIFACT $KATA_DEPLOY_DIR +echo "Copying ${KATA_DEPLOY_ARTIFACT} to ${KATA_DEPLOY_DIR}" +cp ${KATA_DEPLOY_ARTIFACT} ${KATA_DEPLOY_DIR} -pushd $KATA_DEPLOY_DIR +pushd ${KATA_DEPLOY_DIR} -IMAGE_TAG="quay.io/confidential-containers/runtime-payload:kata-containers-$(git rev-parse HEAD)" +IMAGE_TAG="${REGISTRY}:kata-containers-$(git rev-parse HEAD)" echo "Building the image" -docker build --tag $IMAGE_TAG . +docker build --tag ${IMAGE_TAG} . echo "Pushing the image to quay.io" -docker push $IMAGE_TAG +docker push ${IMAGE_TAG} + +if [ -n "${TAG}" ]; then + ADDITIONAL_TAG="${REGISTRY}:${TAG}" + + echo "Building the ${ADDITIONAL_TAG} image" + docker build --tag ${ADDITIONAL_TAG} . + + echo "Pushing the image ${ADDITIONAL_TAG} to quay.io" + docker push ${ADDITIONAL_TAG} +fi popd