mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-09-26 03:03:52 +00:00
workflows: Replace secrets: inherit
Having secrets unconditionally being inherited is bad practice, so update the workflows to only pass through the minimal secrets that are needed Signed-off-by: stevenhorsman <steven@uk.ibm.com>
This commit is contained in:
stevenhorsman
@@ -20,6 +20,9 @@ on:
|
|||||||
required: false
|
required: false
|
||||||
type: string
|
type: string
|
||||||
default: ""
|
default: ""
|
||||||
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD:
|
||||||
|
required: false
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
|
|||||||
@@ -20,6 +20,9 @@ on:
|
|||||||
required: false
|
required: false
|
||||||
type: string
|
type: string
|
||||||
default: ""
|
default: ""
|
||||||
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD:
|
||||||
|
required: false
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
|
|||||||
@@ -20,6 +20,9 @@ on:
|
|||||||
required: false
|
required: false
|
||||||
type: string
|
type: string
|
||||||
default: ""
|
default: ""
|
||||||
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD:
|
||||||
|
required: true
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
|
|||||||
@@ -20,6 +20,9 @@ on:
|
|||||||
required: false
|
required: false
|
||||||
type: string
|
type: string
|
||||||
default: ""
|
default: ""
|
||||||
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD:
|
||||||
|
required: true
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
|
|||||||
@@ -20,6 +20,12 @@ on:
|
|||||||
required: false
|
required: false
|
||||||
type: string
|
type: string
|
||||||
default: ""
|
default: ""
|
||||||
|
secrets:
|
||||||
|
CI_HKD_PATH:
|
||||||
|
required: true
|
||||||
|
QUAY_DEPLOYER_PASSWORD:
|
||||||
|
required: true
|
||||||
|
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
|
|||||||
8
.github/workflows/ci-coco-stability.yaml
vendored
8
.github/workflows/ci-coco-stability.yaml
vendored
@@ -24,4 +24,10 @@ jobs:
|
|||||||
pr-number: "weekly"
|
pr-number: "weekly"
|
||||||
tag: ${{ github.sha }}-weekly
|
tag: ${{ github.sha }}-weekly
|
||||||
target-branch: ${{ github.ref_name }}
|
target-branch: ${{ github.ref_name }}
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
||||||
|
AZ_APPID: ${{ secrets.AZ_APPID }}
|
||||||
|
AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }}
|
||||||
|
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
||||||
|
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|||||||
11
.github/workflows/ci-devel.yaml
vendored
11
.github/workflows/ci-devel.yaml
vendored
@@ -18,7 +18,16 @@ jobs:
|
|||||||
pr-number: "dev"
|
pr-number: "dev"
|
||||||
tag: ${{ github.sha }}-dev
|
tag: ${{ github.sha }}-dev
|
||||||
target-branch: ${{ github.ref_name }}
|
target-branch: ${{ github.ref_name }}
|
||||||
secrets: inherit
|
|
||||||
|
secrets:
|
||||||
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
||||||
|
AZ_APPID: ${{ secrets.AZ_APPID }}
|
||||||
|
AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }}
|
||||||
|
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
||||||
|
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
|
||||||
|
CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
|
||||||
|
ITA_KEY: ${{ secrets.ITA_KEY }}
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
build-checks:
|
build-checks:
|
||||||
uses: ./.github/workflows/build-checks.yaml
|
uses: ./.github/workflows/build-checks.yaml
|
||||||
|
|||||||
10
.github/workflows/ci-nightly.yaml
vendored
10
.github/workflows/ci-nightly.yaml
vendored
@@ -23,4 +23,12 @@ jobs:
|
|||||||
pr-number: "nightly"
|
pr-number: "nightly"
|
||||||
tag: ${{ github.sha }}-nightly
|
tag: ${{ github.sha }}-nightly
|
||||||
target-branch: ${{ github.ref_name }}
|
target-branch: ${{ github.ref_name }}
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
||||||
|
AZ_APPID: ${{ secrets.AZ_APPID }}
|
||||||
|
AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }}
|
||||||
|
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
||||||
|
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
|
||||||
|
CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
|
||||||
|
ITA_KEY: ${{ secrets.ITA_KEY }}
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|||||||
10
.github/workflows/ci-on-push.yaml
vendored
10
.github/workflows/ci-on-push.yaml
vendored
@@ -44,4 +44,12 @@ jobs:
|
|||||||
tag: ${{ github.event.pull_request.number }}-${{ github.event.pull_request.head.sha }}
|
tag: ${{ github.event.pull_request.number }}-${{ github.event.pull_request.head.sha }}
|
||||||
target-branch: ${{ github.event.pull_request.base.ref }}
|
target-branch: ${{ github.event.pull_request.base.ref }}
|
||||||
skip-test: ${{ needs.skipper.outputs.skip_test }}
|
skip-test: ${{ needs.skipper.outputs.skip_test }}
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
||||||
|
AZ_APPID: ${{ secrets.AZ_APPID }}
|
||||||
|
AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }}
|
||||||
|
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
||||||
|
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
|
||||||
|
CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
|
||||||
|
ITA_KEY: ${{ secrets.ITA_KEY }}
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|||||||
24
.github/workflows/ci-weekly.yaml
vendored
24
.github/workflows/ci-weekly.yaml
vendored
@@ -15,6 +15,20 @@ on:
|
|||||||
required: false
|
required: false
|
||||||
type: string
|
type: string
|
||||||
default: ""
|
default: ""
|
||||||
|
secrets:
|
||||||
|
AUTHENTICATED_IMAGE_PASSWORD:
|
||||||
|
required: true
|
||||||
|
|
||||||
|
AZ_APPID:
|
||||||
|
required: true
|
||||||
|
AZ_PASSWORD:
|
||||||
|
required: true
|
||||||
|
AZ_TENANT_ID:
|
||||||
|
required: true
|
||||||
|
AZ_SUBSCRIPTION_ID:
|
||||||
|
required: true
|
||||||
|
QUAY_DEPLOYER_PASSWORD:
|
||||||
|
required: true
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
@@ -47,7 +61,8 @@ jobs:
|
|||||||
target-branch: ${{ inputs.target-branch }}
|
target-branch: ${{ inputs.target-branch }}
|
||||||
runner: ubuntu-22.04
|
runner: ubuntu-22.04
|
||||||
arch: amd64
|
arch: amd64
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
build-and-publish-tee-confidential-unencrypted-image:
|
build-and-publish-tee-confidential-unencrypted-image:
|
||||||
permissions:
|
permissions:
|
||||||
@@ -100,4 +115,9 @@ jobs:
|
|||||||
pr-number: ${{ inputs.pr-number }}
|
pr-number: ${{ inputs.pr-number }}
|
||||||
target-branch: ${{ inputs.target-branch }}
|
target-branch: ${{ inputs.target-branch }}
|
||||||
tarball-suffix: -${{ inputs.tag }}
|
tarball-suffix: -${{ inputs.tag }}
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
||||||
|
AZ_APPID: ${{ secrets.AZ_APPID }}
|
||||||
|
AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }}
|
||||||
|
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
||||||
|
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
|
||||||
|
|||||||
57
.github/workflows/ci.yaml
vendored
57
.github/workflows/ci.yaml
vendored
@@ -19,6 +19,24 @@ on:
|
|||||||
required: false
|
required: false
|
||||||
type: string
|
type: string
|
||||||
default: no
|
default: no
|
||||||
|
secrets:
|
||||||
|
AUTHENTICATED_IMAGE_PASSWORD:
|
||||||
|
required: true
|
||||||
|
|
||||||
|
AZ_APPID:
|
||||||
|
required: true
|
||||||
|
AZ_PASSWORD:
|
||||||
|
required: true
|
||||||
|
AZ_TENANT_ID:
|
||||||
|
required: true
|
||||||
|
AZ_SUBSCRIPTION_ID:
|
||||||
|
required: true
|
||||||
|
CI_HKD_PATH:
|
||||||
|
required: true
|
||||||
|
ITA_KEY:
|
||||||
|
required: true
|
||||||
|
QUAY_DEPLOYER_PASSWORD:
|
||||||
|
required: true
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
@@ -51,7 +69,8 @@ jobs:
|
|||||||
target-branch: ${{ inputs.target-branch }}
|
target-branch: ${{ inputs.target-branch }}
|
||||||
runner: ubuntu-22.04
|
runner: ubuntu-22.04
|
||||||
arch: amd64
|
arch: amd64
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
build-kata-static-tarball-arm64:
|
build-kata-static-tarball-arm64:
|
||||||
permissions:
|
permissions:
|
||||||
@@ -80,7 +99,8 @@ jobs:
|
|||||||
target-branch: ${{ inputs.target-branch }}
|
target-branch: ${{ inputs.target-branch }}
|
||||||
runner: ubuntu-22.04-arm
|
runner: ubuntu-22.04-arm
|
||||||
arch: arm64
|
arch: arm64
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
build-kata-static-tarball-s390x:
|
build-kata-static-tarball-s390x:
|
||||||
permissions:
|
permissions:
|
||||||
@@ -93,7 +113,9 @@ jobs:
|
|||||||
tarball-suffix: -${{ inputs.tag }}
|
tarball-suffix: -${{ inputs.tag }}
|
||||||
commit-hash: ${{ inputs.commit-hash }}
|
commit-hash: ${{ inputs.commit-hash }}
|
||||||
target-branch: ${{ inputs.target-branch }}
|
target-branch: ${{ inputs.target-branch }}
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
CI_HKD_PATH: ${{ secrets.ci_hkd_path }}
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
build-kata-static-tarball-ppc64le:
|
build-kata-static-tarball-ppc64le:
|
||||||
permissions:
|
permissions:
|
||||||
@@ -104,6 +126,8 @@ jobs:
|
|||||||
tarball-suffix: -${{ inputs.tag }}
|
tarball-suffix: -${{ inputs.tag }}
|
||||||
commit-hash: ${{ inputs.commit-hash }}
|
commit-hash: ${{ inputs.commit-hash }}
|
||||||
target-branch: ${{ inputs.target-branch }}
|
target-branch: ${{ inputs.target-branch }}
|
||||||
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
build-kata-static-tarball-riscv64:
|
build-kata-static-tarball-riscv64:
|
||||||
permissions:
|
permissions:
|
||||||
@@ -116,7 +140,8 @@ jobs:
|
|||||||
tarball-suffix: -${{ inputs.tag }}
|
tarball-suffix: -${{ inputs.tag }}
|
||||||
commit-hash: ${{ inputs.commit-hash }}
|
commit-hash: ${{ inputs.commit-hash }}
|
||||||
target-branch: ${{ inputs.target-branch }}
|
target-branch: ${{ inputs.target-branch }}
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
publish-kata-deploy-payload-s390x:
|
publish-kata-deploy-payload-s390x:
|
||||||
needs: build-kata-static-tarball-s390x
|
needs: build-kata-static-tarball-s390x
|
||||||
@@ -133,7 +158,8 @@ jobs:
|
|||||||
target-branch: ${{ inputs.target-branch }}
|
target-branch: ${{ inputs.target-branch }}
|
||||||
runner: s390x
|
runner: s390x
|
||||||
arch: s390x
|
arch: s390x
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
publish-kata-deploy-payload-ppc64le:
|
publish-kata-deploy-payload-ppc64le:
|
||||||
needs: build-kata-static-tarball-ppc64le
|
needs: build-kata-static-tarball-ppc64le
|
||||||
@@ -150,7 +176,8 @@ jobs:
|
|||||||
target-branch: ${{ inputs.target-branch }}
|
target-branch: ${{ inputs.target-branch }}
|
||||||
runner: ppc64le
|
runner: ppc64le
|
||||||
arch: ppc64le
|
arch: ppc64le
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
build-and-publish-tee-confidential-unencrypted-image:
|
build-and-publish-tee-confidential-unencrypted-image:
|
||||||
permissions:
|
permissions:
|
||||||
@@ -266,7 +293,11 @@ jobs:
|
|||||||
commit-hash: ${{ inputs.commit-hash }}
|
commit-hash: ${{ inputs.commit-hash }}
|
||||||
pr-number: ${{ inputs.pr-number }}
|
pr-number: ${{ inputs.pr-number }}
|
||||||
target-branch: ${{ inputs.target-branch }}
|
target-branch: ${{ inputs.target-branch }}
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
AZ_APPID: ${{ secrets.AZ_APPID }}
|
||||||
|
AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }}
|
||||||
|
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
||||||
|
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
|
||||||
|
|
||||||
run-k8s-tests-on-amd64:
|
run-k8s-tests-on-amd64:
|
||||||
if: ${{ inputs.skip-test != 'yes' }}
|
if: ${{ inputs.skip-test != 'yes' }}
|
||||||
@@ -279,7 +310,6 @@ jobs:
|
|||||||
commit-hash: ${{ inputs.commit-hash }}
|
commit-hash: ${{ inputs.commit-hash }}
|
||||||
pr-number: ${{ inputs.pr-number }}
|
pr-number: ${{ inputs.pr-number }}
|
||||||
target-branch: ${{ inputs.target-branch }}
|
target-branch: ${{ inputs.target-branch }}
|
||||||
secrets: inherit
|
|
||||||
|
|
||||||
run-k8s-tests-on-arm64:
|
run-k8s-tests-on-arm64:
|
||||||
if: ${{ inputs.skip-test != 'yes' }}
|
if: ${{ inputs.skip-test != 'yes' }}
|
||||||
@@ -308,7 +338,13 @@ jobs:
|
|||||||
commit-hash: ${{ inputs.commit-hash }}
|
commit-hash: ${{ inputs.commit-hash }}
|
||||||
pr-number: ${{ inputs.pr-number }}
|
pr-number: ${{ inputs.pr-number }}
|
||||||
target-branch: ${{ inputs.target-branch }}
|
target-branch: ${{ inputs.target-branch }}
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
||||||
|
AZ_APPID: ${{ secrets.AZ_APPID }}
|
||||||
|
AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }}
|
||||||
|
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
||||||
|
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
|
||||||
|
ITA_KEY: ${{ secrets.ITA_KEY }}
|
||||||
|
|
||||||
run-k8s-tests-on-zvsi:
|
run-k8s-tests-on-zvsi:
|
||||||
if: ${{ inputs.skip-test != 'yes' }}
|
if: ${{ inputs.skip-test != 'yes' }}
|
||||||
@@ -321,7 +357,8 @@ jobs:
|
|||||||
commit-hash: ${{ inputs.commit-hash }}
|
commit-hash: ${{ inputs.commit-hash }}
|
||||||
pr-number: ${{ inputs.pr-number }}
|
pr-number: ${{ inputs.pr-number }}
|
||||||
target-branch: ${{ inputs.target-branch }}
|
target-branch: ${{ inputs.target-branch }}
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
||||||
|
|
||||||
run-k8s-tests-on-ppc64le:
|
run-k8s-tests-on-ppc64le:
|
||||||
if: ${{ inputs.skip-test != 'yes' }}
|
if: ${{ inputs.skip-test != 'yes' }}
|
||||||
|
|||||||
25
.github/workflows/payload-after-push.yaml
vendored
25
.github/workflows/payload-after-push.yaml
vendored
@@ -23,7 +23,8 @@ jobs:
|
|||||||
commit-hash: ${{ github.sha }}
|
commit-hash: ${{ github.sha }}
|
||||||
push-to-registry: yes
|
push-to-registry: yes
|
||||||
target-branch: ${{ github.ref_name }}
|
target-branch: ${{ github.ref_name }}
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
build-assets-arm64:
|
build-assets-arm64:
|
||||||
permissions:
|
permissions:
|
||||||
@@ -36,7 +37,8 @@ jobs:
|
|||||||
commit-hash: ${{ github.sha }}
|
commit-hash: ${{ github.sha }}
|
||||||
push-to-registry: yes
|
push-to-registry: yes
|
||||||
target-branch: ${{ github.ref_name }}
|
target-branch: ${{ github.ref_name }}
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
build-assets-s390x:
|
build-assets-s390x:
|
||||||
permissions:
|
permissions:
|
||||||
@@ -49,7 +51,9 @@ jobs:
|
|||||||
commit-hash: ${{ github.sha }}
|
commit-hash: ${{ github.sha }}
|
||||||
push-to-registry: yes
|
push-to-registry: yes
|
||||||
target-branch: ${{ github.ref_name }}
|
target-branch: ${{ github.ref_name }}
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
build-assets-ppc64le:
|
build-assets-ppc64le:
|
||||||
permissions:
|
permissions:
|
||||||
@@ -60,7 +64,8 @@ jobs:
|
|||||||
commit-hash: ${{ github.sha }}
|
commit-hash: ${{ github.sha }}
|
||||||
push-to-registry: yes
|
push-to-registry: yes
|
||||||
target-branch: ${{ github.ref_name }}
|
target-branch: ${{ github.ref_name }}
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
publish-kata-deploy-payload-amd64:
|
publish-kata-deploy-payload-amd64:
|
||||||
needs: build-assets-amd64
|
needs: build-assets-amd64
|
||||||
@@ -76,7 +81,8 @@ jobs:
|
|||||||
target-branch: ${{ github.ref_name }}
|
target-branch: ${{ github.ref_name }}
|
||||||
runner: ubuntu-22.04
|
runner: ubuntu-22.04
|
||||||
arch: amd64
|
arch: amd64
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
publish-kata-deploy-payload-arm64:
|
publish-kata-deploy-payload-arm64:
|
||||||
needs: build-assets-arm64
|
needs: build-assets-arm64
|
||||||
@@ -92,7 +98,8 @@ jobs:
|
|||||||
target-branch: ${{ github.ref_name }}
|
target-branch: ${{ github.ref_name }}
|
||||||
runner: ubuntu-22.04-arm
|
runner: ubuntu-22.04-arm
|
||||||
arch: arm64
|
arch: arm64
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
publish-kata-deploy-payload-s390x:
|
publish-kata-deploy-payload-s390x:
|
||||||
needs: build-assets-s390x
|
needs: build-assets-s390x
|
||||||
@@ -108,7 +115,8 @@ jobs:
|
|||||||
target-branch: ${{ github.ref_name }}
|
target-branch: ${{ github.ref_name }}
|
||||||
runner: s390x
|
runner: s390x
|
||||||
arch: s390x
|
arch: s390x
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
publish-kata-deploy-payload-ppc64le:
|
publish-kata-deploy-payload-ppc64le:
|
||||||
needs: build-assets-ppc64le
|
needs: build-assets-ppc64le
|
||||||
@@ -124,7 +132,8 @@ jobs:
|
|||||||
target-branch: ${{ github.ref_name }}
|
target-branch: ${{ github.ref_name }}
|
||||||
runner: ppc64le
|
runner: ppc64le
|
||||||
arch: ppc64le
|
arch: ppc64le
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
publish-manifest:
|
publish-manifest:
|
||||||
runs-on: ubuntu-22.04
|
runs-on: ubuntu-22.04
|
||||||
|
|||||||
@@ -30,6 +30,9 @@ on:
|
|||||||
description: The arch of the tarball.
|
description: The arch of the tarball.
|
||||||
required: true
|
required: true
|
||||||
type: string
|
type: string
|
||||||
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD:
|
||||||
|
required: true
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
|
|||||||
6
.github/workflows/release-amd64.yaml
vendored
6
.github/workflows/release-amd64.yaml
vendored
@@ -5,6 +5,9 @@ on:
|
|||||||
target-arch:
|
target-arch:
|
||||||
required: true
|
required: true
|
||||||
type: string
|
type: string
|
||||||
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD:
|
||||||
|
required: true
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
@@ -15,7 +18,8 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
push-to-registry: yes
|
push-to-registry: yes
|
||||||
stage: release
|
stage: release
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
kata-deploy:
|
kata-deploy:
|
||||||
needs: build-kata-static-tarball-amd64
|
needs: build-kata-static-tarball-amd64
|
||||||
|
|||||||
6
.github/workflows/release-arm64.yaml
vendored
6
.github/workflows/release-arm64.yaml
vendored
@@ -5,6 +5,9 @@ on:
|
|||||||
target-arch:
|
target-arch:
|
||||||
required: true
|
required: true
|
||||||
type: string
|
type: string
|
||||||
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD:
|
||||||
|
required: true
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
@@ -15,7 +18,8 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
push-to-registry: yes
|
push-to-registry: yes
|
||||||
stage: release
|
stage: release
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
kata-deploy:
|
kata-deploy:
|
||||||
needs: build-kata-static-tarball-arm64
|
needs: build-kata-static-tarball-arm64
|
||||||
|
|||||||
6
.github/workflows/release-ppc64le.yaml
vendored
6
.github/workflows/release-ppc64le.yaml
vendored
@@ -5,6 +5,9 @@ on:
|
|||||||
target-arch:
|
target-arch:
|
||||||
required: true
|
required: true
|
||||||
type: string
|
type: string
|
||||||
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD:
|
||||||
|
required: true
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
@@ -15,7 +18,8 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
push-to-registry: yes
|
push-to-registry: yes
|
||||||
stage: release
|
stage: release
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
kata-deploy:
|
kata-deploy:
|
||||||
needs: build-kata-static-tarball-ppc64le
|
needs: build-kata-static-tarball-ppc64le
|
||||||
|
|||||||
10
.github/workflows/release-s390x.yaml
vendored
10
.github/workflows/release-s390x.yaml
vendored
@@ -5,6 +5,11 @@ on:
|
|||||||
target-arch:
|
target-arch:
|
||||||
required: true
|
required: true
|
||||||
type: string
|
type: string
|
||||||
|
secrets:
|
||||||
|
CI_HKD_PATH:
|
||||||
|
required: true
|
||||||
|
QUAY_DEPLOYER_PASSWORD:
|
||||||
|
required: true
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
@@ -15,7 +20,10 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
push-to-registry: yes
|
push-to-registry: yes
|
||||||
stage: release
|
stage: release
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
|
|
||||||
kata-deploy:
|
kata-deploy:
|
||||||
needs: build-kata-static-tarball-s390x
|
needs: build-kata-static-tarball-s390x
|
||||||
|
|||||||
13
.github/workflows/release.yaml
vendored
13
.github/workflows/release.yaml
vendored
@@ -30,7 +30,8 @@ jobs:
|
|||||||
uses: ./.github/workflows/release-amd64.yaml
|
uses: ./.github/workflows/release-amd64.yaml
|
||||||
with:
|
with:
|
||||||
target-arch: amd64
|
target-arch: amd64
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
build-and-push-assets-arm64:
|
build-and-push-assets-arm64:
|
||||||
needs: release
|
needs: release
|
||||||
@@ -42,7 +43,8 @@ jobs:
|
|||||||
uses: ./.github/workflows/release-arm64.yaml
|
uses: ./.github/workflows/release-arm64.yaml
|
||||||
with:
|
with:
|
||||||
target-arch: arm64
|
target-arch: arm64
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
build-and-push-assets-s390x:
|
build-and-push-assets-s390x:
|
||||||
needs: release
|
needs: release
|
||||||
@@ -54,7 +56,9 @@ jobs:
|
|||||||
uses: ./.github/workflows/release-s390x.yaml
|
uses: ./.github/workflows/release-s390x.yaml
|
||||||
with:
|
with:
|
||||||
target-arch: s390x
|
target-arch: s390x
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
build-and-push-assets-ppc64le:
|
build-and-push-assets-ppc64le:
|
||||||
needs: release
|
needs: release
|
||||||
@@ -64,7 +68,8 @@ jobs:
|
|||||||
uses: ./.github/workflows/release-ppc64le.yaml
|
uses: ./.github/workflows/release-ppc64le.yaml
|
||||||
with:
|
with:
|
||||||
target-arch: ppc64le
|
target-arch: ppc64le
|
||||||
secrets: inherit
|
secrets:
|
||||||
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
publish-multi-arch-images:
|
publish-multi-arch-images:
|
||||||
runs-on: ubuntu-22.04
|
runs-on: ubuntu-22.04
|
||||||
|
|||||||
11
.github/workflows/run-k8s-tests-on-aks.yaml
vendored
11
.github/workflows/run-k8s-tests-on-aks.yaml
vendored
@@ -24,6 +24,17 @@ on:
|
|||||||
required: false
|
required: false
|
||||||
type: string
|
type: string
|
||||||
default: ""
|
default: ""
|
||||||
|
secrets:
|
||||||
|
|
||||||
|
AZ_APPID:
|
||||||
|
required: true
|
||||||
|
AZ_PASSWORD:
|
||||||
|
required: true
|
||||||
|
AZ_TENANT_ID:
|
||||||
|
required: true
|
||||||
|
AZ_SUBSCRIPTION_ID:
|
||||||
|
required: true
|
||||||
|
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
|
|||||||
3
.github/workflows/run-k8s-tests-on-zvsi.yaml
vendored
3
.github/workflows/run-k8s-tests-on-zvsi.yaml
vendored
@@ -21,6 +21,9 @@ on:
|
|||||||
required: false
|
required: false
|
||||||
type: string
|
type: string
|
||||||
default: ""
|
default: ""
|
||||||
|
secrets:
|
||||||
|
AUTHENTICATED_IMAGE_PASSWORD:
|
||||||
|
required: true
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
|
|||||||
@@ -24,6 +24,18 @@ on:
|
|||||||
tarball-suffix:
|
tarball-suffix:
|
||||||
required: false
|
required: false
|
||||||
type: string
|
type: string
|
||||||
|
secrets:
|
||||||
|
|
||||||
|
AZ_APPID:
|
||||||
|
required: true
|
||||||
|
AZ_PASSWORD:
|
||||||
|
required: true
|
||||||
|
AZ_TENANT_ID:
|
||||||
|
required: true
|
||||||
|
AZ_SUBSCRIPTION_ID:
|
||||||
|
required: true
|
||||||
|
AUTHENTICATED_IMAGE_PASSWORD:
|
||||||
|
required: true
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
|
|||||||
13
.github/workflows/run-kata-coco-tests.yaml
vendored
13
.github/workflows/run-kata-coco-tests.yaml
vendored
@@ -24,6 +24,19 @@ on:
|
|||||||
required: false
|
required: false
|
||||||
type: string
|
type: string
|
||||||
default: ""
|
default: ""
|
||||||
|
secrets:
|
||||||
|
AUTHENTICATED_IMAGE_PASSWORD:
|
||||||
|
required: true
|
||||||
|
AZ_APPID:
|
||||||
|
required: true
|
||||||
|
AZ_PASSWORD:
|
||||||
|
required: true
|
||||||
|
AZ_TENANT_ID:
|
||||||
|
required: true
|
||||||
|
AZ_SUBSCRIPTION_ID:
|
||||||
|
required: true
|
||||||
|
ITA_KEY:
|
||||||
|
required: true
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
|
|||||||
@@ -21,6 +21,15 @@ on:
|
|||||||
required: false
|
required: false
|
||||||
type: string
|
type: string
|
||||||
default: ""
|
default: ""
|
||||||
|
secrets:
|
||||||
|
AZ_APPID:
|
||||||
|
required: true
|
||||||
|
AZ_PASSWORD:
|
||||||
|
required: true
|
||||||
|
AZ_TENANT_ID:
|
||||||
|
required: true
|
||||||
|
AZ_SUBSCRIPTION_ID:
|
||||||
|
required: true
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
|
|||||||
Reference in New Issue
Block a user