From a159ffdba7835011abc8c6369e07dd4a52010bbf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Wed, 5 Apr 2023 09:41:48 +0200 Subject: [PATCH 1/7] gha: ci-on-push: Depend on Commit Message Check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's make this workflow dependent of the commit message check, and only start it if the commit message check one passes. As a side effect, this allows us to run this specific workflow using secrets, without having to rely on `pull_request_target`. Signed-off-by: Fabiano Fidêncio --- .github/workflows/ci-on-push.yaml | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci-on-push.yaml b/.github/workflows/ci-on-push.yaml index cbab26837..37f4b5080 100644 --- a/.github/workflows/ci-on-push.yaml +++ b/.github/workflows/ci-on-push.yaml @@ -1,21 +1,19 @@ name: Kata Containers CI on: - pull_request_target: + workflow_run: + workflows: + - Commit Message Check types: - - opened - - reopened - - labeled - - synchronize + - completed jobs: build-kata-static-tarball-amd64: - if: contains(github.event.pull_request.labels.*.name, 'ok-to-test') + if: ${{ github.event.workflow_run.conclusion == 'success' }} uses: ./.github/workflows/build-kata-static-tarball-amd64.yaml with: tarball-suffix: -${{ github.event.pull_request.number}}-${{ github.sha }} publish-kata-deploy-payload-amd64: - if: contains(github.event.pull_request.labels.*.name, 'ok-to-test') needs: build-kata-static-tarball-amd64 uses: ./.github/workflows/publish-kata-deploy-payload-amd64.yaml with: @@ -27,7 +25,6 @@ jobs: secrets: inherit run-k8s-tests-on-aks: - if: contains(github.event.pull_request.labels.*.name, 'ok-to-test') needs: publish-kata-deploy-payload-amd64 uses: ./.github/workflows/run-k8s-tests-on-aks.yaml with: From 3a760a157a05a38327468b92e2c3c1b30283b303 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Wed, 5 Apr 2023 10:24:31 +0200 Subject: [PATCH 2/7] gha: ci-on-push: Adjust to using workflow_run MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The way previously used to get the PR's commit sha can only be used with `pull_request*` kind of events. Let's adapt it to the `workflow_run` now that we're using it. With this change we ended up dropping the PR number from the tarball suffix, as that's not straightforward to get and, to be honest, not a unique differentiator that would justify the effort. Signed-off-by: Fabiano Fidêncio --- .github/workflows/ci-on-push.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci-on-push.yaml b/.github/workflows/ci-on-push.yaml index 37f4b5080..940be3a60 100644 --- a/.github/workflows/ci-on-push.yaml +++ b/.github/workflows/ci-on-push.yaml @@ -11,16 +11,16 @@ jobs: if: ${{ github.event.workflow_run.conclusion == 'success' }} uses: ./.github/workflows/build-kata-static-tarball-amd64.yaml with: - tarball-suffix: -${{ github.event.pull_request.number}}-${{ github.sha }} + tarball-suffix: -${{ github.event.workflow_run.head_sha }} publish-kata-deploy-payload-amd64: needs: build-kata-static-tarball-amd64 uses: ./.github/workflows/publish-kata-deploy-payload-amd64.yaml with: - tarball-suffix: -${{ github.event.pull_request.number}}-${{ github.sha }} + tarball-suffix: -${{ github.event.workflow_run.head_sha }} registry: ghcr.io repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ github.event.pull_request.number }}-${{ github.sha }}-amd64 + tag: ${{ github.event.workflow_run.head_sha }}-amd64 quay-io-login-continue-on-error: true secrets: inherit @@ -30,5 +30,5 @@ jobs: with: registry: ghcr.io repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ github.event.pull_request.number }}-${{ github.sha }}-amd64 + tag: ${{ github.event.workflow_run.head_sha }}-amd64 secrets: inherit From 7855b43062c1001de372253d33ebacaf120f24d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Wed, 5 Apr 2023 10:33:47 +0200 Subject: [PATCH 3/7] gha: ci-on-push: Adapt chained jobs to workflow_run MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As we're using the `workflow_run` event, the checkout action would pull the **current target branch** instead of the PR one. Signed-off-by: Fabiano Fidêncio --- .github/workflows/build-kata-static-tarball-amd64.yaml | 7 +++++++ .github/workflows/build-kata-static-tarball-arm64.yaml | 7 +++++++ .github/workflows/build-kata-static-tarball-s390x.yaml | 7 +++++++ .github/workflows/ci-on-push.yaml | 3 +++ .github/workflows/publish-kata-deploy-payload-amd64.yaml | 6 ++++++ .github/workflows/publish-kata-deploy-payload-arm64.yaml | 6 ++++++ .github/workflows/publish-kata-deploy-payload-s390x.yaml | 6 ++++++ .github/workflows/run-k8s-tests-on-aks.yaml | 6 ++++++ 8 files changed, 48 insertions(+) diff --git a/.github/workflows/build-kata-static-tarball-amd64.yaml b/.github/workflows/build-kata-static-tarball-amd64.yaml index 1a14d145e..f668d16fb 100644 --- a/.github/workflows/build-kata-static-tarball-amd64.yaml +++ b/.github/workflows/build-kata-static-tarball-amd64.yaml @@ -2,6 +2,10 @@ name: CI | Build kata-static tarball for amd64 on: workflow_call: inputs: + checkout-ref: + required: false + type: string + default: ${{ github.sha }} tarball-suffix: required: false type: string @@ -25,6 +29,7 @@ jobs: steps: - uses: actions/checkout@v3 with: + ref: ${{ inputs.checkout-ref }} fetch-depth: 0 # This is needed in order to keep the commit ids history - name: Build ${{ matrix.asset }} run: | @@ -50,6 +55,8 @@ jobs: needs: build-asset steps: - uses: actions/checkout@v3 + with: + ref: ${{ inputs.checkout-ref }} - name: get-artifacts uses: actions/download-artifact@v3 with: diff --git a/.github/workflows/build-kata-static-tarball-arm64.yaml b/.github/workflows/build-kata-static-tarball-arm64.yaml index f7b040b4a..e797dc824 100644 --- a/.github/workflows/build-kata-static-tarball-arm64.yaml +++ b/.github/workflows/build-kata-static-tarball-arm64.yaml @@ -2,6 +2,10 @@ name: CI | Build kata-static tarball for arm64 on: workflow_call: inputs: + checkout-ref: + required: false + type: string + default: ${{ github.sha }} tarball-suffix: required: false type: string @@ -29,6 +33,7 @@ jobs: - uses: actions/checkout@v3 with: + ref: ${{ inputs.checkout-ref }} fetch-depth: 0 # This is needed in order to keep the commit ids history - name: Build ${{ matrix.asset }} run: | @@ -58,6 +63,8 @@ jobs: sudo chown -R $USER:$USER $GITHUB_WORKSPACE - uses: actions/checkout@v3 + with: + ref: ${{ inputs.checkout-ref }} - name: get-artifacts uses: actions/download-artifact@v3 with: diff --git a/.github/workflows/build-kata-static-tarball-s390x.yaml b/.github/workflows/build-kata-static-tarball-s390x.yaml index c00795fe3..cf22379b3 100644 --- a/.github/workflows/build-kata-static-tarball-s390x.yaml +++ b/.github/workflows/build-kata-static-tarball-s390x.yaml @@ -2,6 +2,10 @@ name: CI | Build kata-static tarball for s390x on: workflow_call: inputs: + checkout-ref: + required: false + type: string + default: ${{ github.sha }} tarball-suffix: required: false type: string @@ -25,6 +29,7 @@ jobs: - uses: actions/checkout@v3 with: + ref: ${{ inputs.checkout-ref }} fetch-depth: 0 # This is needed in order to keep the commit ids history - name: Build ${{ matrix.asset }} run: | @@ -55,6 +60,8 @@ jobs: sudo chown -R $USER:$USER $GITHUB_WORKSPACE - uses: actions/checkout@v3 + with: + ref: ${{ inputs.checkout-ref }} - name: get-artifacts uses: actions/download-artifact@v3 with: diff --git a/.github/workflows/ci-on-push.yaml b/.github/workflows/ci-on-push.yaml index 940be3a60..da870d7d2 100644 --- a/.github/workflows/ci-on-push.yaml +++ b/.github/workflows/ci-on-push.yaml @@ -11,12 +11,14 @@ jobs: if: ${{ github.event.workflow_run.conclusion == 'success' }} uses: ./.github/workflows/build-kata-static-tarball-amd64.yaml with: + checkout-ref: ${{ github.event.workflow_run.head_sha }} tarball-suffix: -${{ github.event.workflow_run.head_sha }} publish-kata-deploy-payload-amd64: needs: build-kata-static-tarball-amd64 uses: ./.github/workflows/publish-kata-deploy-payload-amd64.yaml with: + checkout-ref: ${{ github.event.workflow_run.head_sha }} tarball-suffix: -${{ github.event.workflow_run.head_sha }} registry: ghcr.io repo: ${{ github.repository_owner }}/kata-deploy-ci @@ -28,6 +30,7 @@ jobs: needs: publish-kata-deploy-payload-amd64 uses: ./.github/workflows/run-k8s-tests-on-aks.yaml with: + checkout-ref: ${{ github.event.workflow_run.head_sha }} registry: ghcr.io repo: ${{ github.repository_owner }}/kata-deploy-ci tag: ${{ github.event.workflow_run.head_sha }}-amd64 diff --git a/.github/workflows/publish-kata-deploy-payload-amd64.yaml b/.github/workflows/publish-kata-deploy-payload-amd64.yaml index fea62765c..bcee25eea 100644 --- a/.github/workflows/publish-kata-deploy-payload-amd64.yaml +++ b/.github/workflows/publish-kata-deploy-payload-amd64.yaml @@ -2,6 +2,10 @@ name: CI | Publish kata-deploy payload for amd64 on: workflow_call: inputs: + checkout-ref: + required: false + type: string + default: ${{ github.sha }} tarball-suffix: required: false type: string @@ -24,6 +28,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + with: + ref: ${{ inputs.checkout-ref }} - name: get-kata-tarball uses: actions/download-artifact@v3 diff --git a/.github/workflows/publish-kata-deploy-payload-arm64.yaml b/.github/workflows/publish-kata-deploy-payload-arm64.yaml index 9b8e736dc..285ac97e4 100644 --- a/.github/workflows/publish-kata-deploy-payload-arm64.yaml +++ b/.github/workflows/publish-kata-deploy-payload-arm64.yaml @@ -2,6 +2,10 @@ name: CI | Publish kata-deploy payload for arm64 on: workflow_call: inputs: + checkout-ref: + required: false + type: string + default: ${{ github.sha }} tarball-suffix: required: false type: string @@ -28,6 +32,8 @@ jobs: sudo chown -R $USER:$USER $GITHUB_WORKSPACE - uses: actions/checkout@v3 + with: + ref: ${{ inputs.checkout-ref }} - name: get-kata-tarball uses: actions/download-artifact@v3 diff --git a/.github/workflows/publish-kata-deploy-payload-s390x.yaml b/.github/workflows/publish-kata-deploy-payload-s390x.yaml index 89efbd58e..4341e4397 100644 --- a/.github/workflows/publish-kata-deploy-payload-s390x.yaml +++ b/.github/workflows/publish-kata-deploy-payload-s390x.yaml @@ -2,6 +2,10 @@ name: CI | Publish kata-deploy payload for s390x on: workflow_call: inputs: + checkout-ref: + required: false + type: string + default: ${{ github.sha }} tarball-suffix: required: false type: string @@ -28,6 +32,8 @@ jobs: sudo chown -R $USER:$USER $GITHUB_WORKSPACE - uses: actions/checkout@v3 + with: + ref: ${{ inputs.checkout-ref }} - name: get-kata-tarball uses: actions/download-artifact@v3 diff --git a/.github/workflows/run-k8s-tests-on-aks.yaml b/.github/workflows/run-k8s-tests-on-aks.yaml index 83dd4ab7b..ae70f6ce9 100644 --- a/.github/workflows/run-k8s-tests-on-aks.yaml +++ b/.github/workflows/run-k8s-tests-on-aks.yaml @@ -2,6 +2,10 @@ name: CI | Run kubernetes tests on AKS on: workflow_call: inputs: + checkout-ref: + required: false + type: string + default: ${{ github.sha }} registry: required: true type: string @@ -35,6 +39,8 @@ jobs: needs: create-aks steps: - uses: actions/checkout@v3 + with: + ref: ${{ inputs.checkout-ref }} - name: Install `bats` run: | sudo apt-get update From 41026f003e1d3551712636f334c28ac5f3a0c9eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Wed, 5 Apr 2023 12:24:48 +0200 Subject: [PATCH 4/7] gha: payload-after-push: Pass registry / repo as inputs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We made registry / repo mandatory, but we only adapted that to the amd64 job. Let's fix it now and make sure this is also passed to the arm64 and s390x jobs. Signed-off-by: Fabiano Fidêncio --- .github/workflows/payload-after-push.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/payload-after-push.yaml b/.github/workflows/payload-after-push.yaml index 741af5902..b828c57aa 100644 --- a/.github/workflows/payload-after-push.yaml +++ b/.github/workflows/payload-after-push.yaml @@ -28,7 +28,8 @@ jobs: needs: build-assets-arm64 uses: ./.github/workflows/publish-kata-deploy-payload-arm64.yaml with: - registry: quay.io/kata-containers/kata-deploy-ci + registry: quay.io + repo: kata-containers/kata-deploy-ci tag: kata-containers-arm64 secrets: inherit @@ -36,7 +37,8 @@ jobs: needs: build-assets-s390x uses: ./.github/workflows/publish-kata-deploy-payload-s390x.yaml with: - registry: quay.io/kata-containers/kata-deploy-ci + registry: quay.io + repo: kata-containers/kata-deploy-ci tag: kata-containers-s390x secrets: inherit From 13929fc610d30a31a6ba5379c92deaf06af90f6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Wed, 5 Apr 2023 12:30:19 +0200 Subject: [PATCH 5/7] gha: publish-kata-deploy-payload: Improve registry login MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's only try to login to the registry that's being passed as an input argument. Signed-off-by: Fabiano Fidêncio --- .github/workflows/ci-on-push.yaml | 1 - .github/workflows/publish-kata-deploy-payload-amd64.yaml | 7 ++----- .github/workflows/publish-kata-deploy-payload-arm64.yaml | 7 ++----- .github/workflows/publish-kata-deploy-payload-s390x.yaml | 7 ++----- 4 files changed, 6 insertions(+), 16 deletions(-) diff --git a/.github/workflows/ci-on-push.yaml b/.github/workflows/ci-on-push.yaml index da870d7d2..f2cd7e055 100644 --- a/.github/workflows/ci-on-push.yaml +++ b/.github/workflows/ci-on-push.yaml @@ -23,7 +23,6 @@ jobs: registry: ghcr.io repo: ${{ github.repository_owner }}/kata-deploy-ci tag: ${{ github.event.workflow_run.head_sha }}-amd64 - quay-io-login-continue-on-error: true secrets: inherit run-k8s-tests-on-aks: diff --git a/.github/workflows/publish-kata-deploy-payload-amd64.yaml b/.github/workflows/publish-kata-deploy-payload-amd64.yaml index bcee25eea..697fdb433 100644 --- a/.github/workflows/publish-kata-deploy-payload-amd64.yaml +++ b/.github/workflows/publish-kata-deploy-payload-amd64.yaml @@ -18,10 +18,6 @@ on: tag: required: true type: string - quay-io-login-continue-on-error: - required: false - type: boolean - default: false jobs: kata-payload: @@ -37,14 +33,15 @@ jobs: name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - name: Login to Kata Containers quay.io + if: ${{ inputs.registry == 'quay.io' }} uses: docker/login-action@v2 with: registry: quay.io username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - continue-on-error: ${{ inputs.quay-io-login-continue-on-error }} - name: Login to Kata Containers ghcr.io + if: ${{ inputs.registry == 'ghcr.io' }} uses: docker/login-action@v2 with: registry: ghcr.io diff --git a/.github/workflows/publish-kata-deploy-payload-arm64.yaml b/.github/workflows/publish-kata-deploy-payload-arm64.yaml index 285ac97e4..f1de4abac 100644 --- a/.github/workflows/publish-kata-deploy-payload-arm64.yaml +++ b/.github/workflows/publish-kata-deploy-payload-arm64.yaml @@ -18,10 +18,6 @@ on: tag: required: true type: string - quay-io-login-continue-on-error: - required: false - type: boolean - default: false jobs: kata-payload: @@ -41,14 +37,15 @@ jobs: name: kata-static-tarball-arm64${{ inputs.tarball-suffix }} - name: Login to Kata Containers quay.io + if: ${{ inputs.registry == 'quay.io' }} uses: docker/login-action@v2 with: registry: quay.io username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - continue-on-error: ${{ inputs.quay-io-login-continue-on-error }} - name: Login to Kata Containers ghcr.io + if: ${{ inputs.registry == 'ghcr.io' }} uses: docker/login-action@v2 with: registry: ghcr.io diff --git a/.github/workflows/publish-kata-deploy-payload-s390x.yaml b/.github/workflows/publish-kata-deploy-payload-s390x.yaml index 4341e4397..498b8cd98 100644 --- a/.github/workflows/publish-kata-deploy-payload-s390x.yaml +++ b/.github/workflows/publish-kata-deploy-payload-s390x.yaml @@ -18,10 +18,6 @@ on: tag: required: true type: string - quay-io-login-continue-on-error: - required: false - type: boolean - default: false jobs: kata-payload: @@ -41,14 +37,15 @@ jobs: name: kata-static-tarball-s390x${{ inputs.tarball-suffix }} - name: Login to Kata Containers quay.io + if: ${{ inputs.registry == 'quay.io' }} uses: docker/login-action@v2 with: registry: quay.io username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - continue-on-error: ${{ inputs.quay-io-login-continue-on-error }} - name: Login to Kata Containers ghcr.io + if: ${{ inputs.registry == 'ghcr.io' }} uses: docker/login-action@v2 with: registry: ghcr.io From e81b8b8ee5a60e4cc7822f2df5803c8ddd07cff4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Wed, 5 Apr 2023 12:32:46 +0200 Subject: [PATCH 6/7] local-build: build-and-upload-payload is not quay.io specific MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's just print "to the registry" instead of printing "to quay.io", as the registry used is not tied to quay.io. Signed-off-by: Fabiano Fidêncio --- .../local-build/kata-deploy-build-and-upload-payload.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh index c4ff1abf5..b0cb5676b 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh @@ -20,7 +20,7 @@ IMAGE_TAG="${REGISTRY}:kata-containers-$(git rev-parse HEAD)-$(uname -m)" echo "Building the image" docker build --tag ${IMAGE_TAG} . -echo "Pushing the image to quay.io" +echo "Pushing the image to the registry" docker push ${IMAGE_TAG} if [ -n "${TAG}" ]; then @@ -30,7 +30,7 @@ if [ -n "${TAG}" ]; then docker build --tag ${ADDITIONAL_TAG} . - echo "Pushing the image ${ADDITIONAL_TAG} to quay.io" + echo "Pushing the image ${ADDITIONAL_TAG} to the registry" docker push ${ADDITIONAL_TAG} fi From 2550d4462dded7927b353b345166e10f4b04f6bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Tue, 4 Apr 2023 10:50:39 +0200 Subject: [PATCH 7/7] gha: build-kata-static-tarball: Only push to registry after merge MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 56331bd7bcfbc6aabd8a732a10c544ba3df84622 oversaw the fact that we mistakenly tried to push the build containers to the registry for a PR, rather than doing so only when the code is merged. As the workflow is now shared between different actions, let's introduce an input variable to specify which are the cases we actually need to perform a push to the registry. Fixes: #6592 Signed-off-by: Fabiano Fidêncio --- .github/workflows/build-kata-static-tarball-amd64.yaml | 6 +++++- .github/workflows/build-kata-static-tarball-arm64.yaml | 6 +++++- .github/workflows/build-kata-static-tarball-s390x.yaml | 6 +++++- .github/workflows/payload-after-push.yaml | 6 ++++++ 4 files changed, 21 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-kata-static-tarball-amd64.yaml b/.github/workflows/build-kata-static-tarball-amd64.yaml index f668d16fb..d2c902af2 100644 --- a/.github/workflows/build-kata-static-tarball-amd64.yaml +++ b/.github/workflows/build-kata-static-tarball-amd64.yaml @@ -9,6 +9,10 @@ on: tarball-suffix: required: false type: string + push-to-registry: + required: false + type: string + default: no jobs: build-asset: @@ -40,7 +44,7 @@ jobs: env: KATA_ASSET: ${{ matrix.asset }} TAR_OUTPUT: ${{ matrix.asset }}.tar.gz - PUSH_TO_REGISTRY: yes + PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }} - name: store-artifact ${{ matrix.asset }} uses: actions/upload-artifact@v3 diff --git a/.github/workflows/build-kata-static-tarball-arm64.yaml b/.github/workflows/build-kata-static-tarball-arm64.yaml index e797dc824..a50862231 100644 --- a/.github/workflows/build-kata-static-tarball-arm64.yaml +++ b/.github/workflows/build-kata-static-tarball-arm64.yaml @@ -9,6 +9,10 @@ on: tarball-suffix: required: false type: string + push-to-registry: + required: false + type: string + default: no jobs: build-asset: @@ -44,7 +48,7 @@ jobs: env: KATA_ASSET: ${{ matrix.asset }} TAR_OUTPUT: ${{ matrix.asset }}.tar.gz - PUSH_TO_REGISTRY: yes + PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }} - name: store-artifact ${{ matrix.asset }} uses: actions/upload-artifact@v3 diff --git a/.github/workflows/build-kata-static-tarball-s390x.yaml b/.github/workflows/build-kata-static-tarball-s390x.yaml index cf22379b3..064ed006b 100644 --- a/.github/workflows/build-kata-static-tarball-s390x.yaml +++ b/.github/workflows/build-kata-static-tarball-s390x.yaml @@ -9,6 +9,10 @@ on: tarball-suffix: required: false type: string + push-to-registry: + required: false + type: string + default: no jobs: build-asset: @@ -41,7 +45,7 @@ jobs: env: KATA_ASSET: ${{ matrix.asset }} TAR_OUTPUT: ${{ matrix.asset }}.tar.gz - PUSH_TO_REGISTRY: yes + PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }} - name: store-artifact ${{ matrix.asset }} uses: actions/upload-artifact@v3 diff --git a/.github/workflows/payload-after-push.yaml b/.github/workflows/payload-after-push.yaml index b828c57aa..25a7a18c2 100644 --- a/.github/workflows/payload-after-push.yaml +++ b/.github/workflows/payload-after-push.yaml @@ -8,12 +8,18 @@ on: jobs: build-assets-amd64: uses: ./.github/workflows/build-kata-static-tarball-amd64.yaml + with: + push-to-registry: yes build-assets-arm64: uses: ./.github/workflows/build-kata-static-tarball-arm64.yaml + with: + push-to-registry: yes build-assets-s390x: uses: ./.github/workflows/build-kata-static-tarball-s390x.yaml + with: + push-to-registry: yes publish-kata-deploy-payload-amd64: needs: build-assets-amd64