github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-05 11:36:56 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #6596 from fidencio/topic/gha-only-push-to-registry-when-merging-content

Browse Source 
gha: Only push images to registry after merging a PR
This commit is contained in:
Fabiano Fidêncio 2023-04-05 22:07:13 +02:00 committed by GitHub
commit ae488cc09f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 90 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
.github/workflows/build-kata-static-tarball-amd64.yaml vendored
View File

@ -2,9 +2,17 @@ name: CI | Build kata-static tarball for amd64
on: on:
workflow_call: workflow_call:
inputs: inputs:
checkout-ref:
required: false
type: string
default: ${{ github.sha }}
tarball-suffix: tarball-suffix:
required: false required: false
type: string type: string
push-to-registry:
required: false
type: string
default: no
jobs: jobs:
build-asset: build-asset:
@ -25,6 +33,7 @@ jobs:
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
with: with:
ref: ${{ inputs.checkout-ref }}
fetch-depth: 0 # This is needed in order to keep the commit ids history fetch-depth: 0 # This is needed in order to keep the commit ids history
- name: Build ${{ matrix.asset }} - name: Build ${{ matrix.asset }}
run: | run: |
@ -35,7 +44,7 @@ jobs:
env: env:
KATA_ASSET: ${{ matrix.asset }} KATA_ASSET: ${{ matrix.asset }}
TAR_OUTPUT: ${{ matrix.asset }}.tar.gz TAR_OUTPUT: ${{ matrix.asset }}.tar.gz
PUSH_TO_REGISTRY: yes PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }}
- name: store-artifact ${{ matrix.asset }} - name: store-artifact ${{ matrix.asset }}
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@v3
@ -50,6 +59,8 @@ jobs:
needs: build-asset needs: build-asset
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
with:
ref: ${{ inputs.checkout-ref }}
- name: get-artifacts - name: get-artifacts
uses: actions/download-artifact@v3 uses: actions/download-artifact@v3
with: with:

13
.github/workflows/build-kata-static-tarball-arm64.yaml vendored
View File

@ -2,9 +2,17 @@ name: CI | Build kata-static tarball for arm64
on: on:
workflow_call: workflow_call:
inputs: inputs:
checkout-ref:
required: false
type: string
default: ${{ github.sha }}
tarball-suffix: tarball-suffix:
required: false required: false
type: string type: string
push-to-registry:
required: false
type: string
default: no
jobs: jobs:
build-asset: build-asset:
@ -29,6 +37,7 @@ jobs:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
with: with:
ref: ${{ inputs.checkout-ref }}
fetch-depth: 0 # This is needed in order to keep the commit ids history fetch-depth: 0 # This is needed in order to keep the commit ids history
- name: Build ${{ matrix.asset }} - name: Build ${{ matrix.asset }}
run: | run: |
@ -39,7 +48,7 @@ jobs:
env: env:
KATA_ASSET: ${{ matrix.asset }} KATA_ASSET: ${{ matrix.asset }}
TAR_OUTPUT: ${{ matrix.asset }}.tar.gz TAR_OUTPUT: ${{ matrix.asset }}.tar.gz
PUSH_TO_REGISTRY: yes PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }}
- name: store-artifact ${{ matrix.asset }} - name: store-artifact ${{ matrix.asset }}
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@v3
@ -58,6 +67,8 @@ jobs:
sudo chown -R $USER:$USER $GITHUB_WORKSPACE sudo chown -R $USER:$USER $GITHUB_WORKSPACE
- uses: actions/checkout@v3 - uses: actions/checkout@v3
with:
ref: ${{ inputs.checkout-ref }}
- name: get-artifacts - name: get-artifacts
uses: actions/download-artifact@v3 uses: actions/download-artifact@v3
with: with:

13
.github/workflows/build-kata-static-tarball-s390x.yaml vendored
View File

@ -2,9 +2,17 @@ name: CI | Build kata-static tarball for s390x
on: on:
workflow_call: workflow_call:
inputs: inputs:
checkout-ref:
required: false
type: string
default: ${{ github.sha }}
tarball-suffix: tarball-suffix:
required: false required: false
type: string type: string
push-to-registry:
required: false
type: string
default: no
jobs: jobs:
build-asset: build-asset:
@ -25,6 +33,7 @@ jobs:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
with: with:
ref: ${{ inputs.checkout-ref }}
fetch-depth: 0 # This is needed in order to keep the commit ids history fetch-depth: 0 # This is needed in order to keep the commit ids history
- name: Build ${{ matrix.asset }} - name: Build ${{ matrix.asset }}
run: | run: |
@ -36,7 +45,7 @@ jobs:
env: env:
KATA_ASSET: ${{ matrix.asset }} KATA_ASSET: ${{ matrix.asset }}
TAR_OUTPUT: ${{ matrix.asset }}.tar.gz TAR_OUTPUT: ${{ matrix.asset }}.tar.gz
PUSH_TO_REGISTRY: yes PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }}
- name: store-artifact ${{ matrix.asset }} - name: store-artifact ${{ matrix.asset }}
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@v3
@ -55,6 +64,8 @@ jobs:
sudo chown -R $USER:$USER $GITHUB_WORKSPACE sudo chown -R $USER:$USER $GITHUB_WORKSPACE
- uses: actions/checkout@v3 - uses: actions/checkout@v3
with:
ref: ${{ inputs.checkout-ref }}
- name: get-artifacts - name: get-artifacts
uses: actions/download-artifact@v3 uses: actions/download-artifact@v3
with: with:

25
.github/workflows/ci-on-push.yaml vendored
View File

@ -1,37 +1,36 @@
name: Kata Containers CI name: Kata Containers CI
on: on:
pull_request_target: workflow_run:
workflows:
- Commit Message Check
types: types:
- opened - completed
- reopened
- labeled
- synchronize
jobs: jobs:
build-kata-static-tarball-amd64: build-kata-static-tarball-amd64:
if: contains(github.event.pull_request.labels.*.name, 'ok-to-test') if: ${{ github.event.workflow_run.conclusion == 'success' }}
uses: ./.github/workflows/build-kata-static-tarball-amd64.yaml uses: ./.github/workflows/build-kata-static-tarball-amd64.yaml
with: with:
tarball-suffix: -${{ github.event.pull_request.number}}-${{ github.sha }} checkout-ref: ${{ github.event.workflow_run.head_sha }}
tarball-suffix: -${{ github.event.workflow_run.head_sha }}
publish-kata-deploy-payload-amd64: publish-kata-deploy-payload-amd64:
if: contains(github.event.pull_request.labels.*.name, 'ok-to-test')
needs: build-kata-static-tarball-amd64 needs: build-kata-static-tarball-amd64
uses: ./.github/workflows/publish-kata-deploy-payload-amd64.yaml uses: ./.github/workflows/publish-kata-deploy-payload-amd64.yaml
with: with:
tarball-suffix: -${{ github.event.pull_request.number}}-${{ github.sha }} checkout-ref: ${{ github.event.workflow_run.head_sha }}
tarball-suffix: -${{ github.event.workflow_run.head_sha }}
registry: ghcr.io registry: ghcr.io
repo: ${{ github.repository_owner }}/kata-deploy-ci repo: ${{ github.repository_owner }}/kata-deploy-ci
tag: ${{ github.event.pull_request.number }}-${{ github.sha }}-amd64 tag: ${{ github.event.workflow_run.head_sha }}-amd64
quay-io-login-continue-on-error: true
secrets: inherit secrets: inherit
run-k8s-tests-on-aks: run-k8s-tests-on-aks:
if: contains(github.event.pull_request.labels.*.name, 'ok-to-test')
needs: publish-kata-deploy-payload-amd64 needs: publish-kata-deploy-payload-amd64
uses: ./.github/workflows/run-k8s-tests-on-aks.yaml uses: ./.github/workflows/run-k8s-tests-on-aks.yaml
with: with:
checkout-ref: ${{ github.event.workflow_run.head_sha }}
registry: ghcr.io registry: ghcr.io
repo: ${{ github.repository_owner }}/kata-deploy-ci repo: ${{ github.repository_owner }}/kata-deploy-ci
tag: ${{ github.event.pull_request.number }}-${{ github.sha }}-amd64 tag: ${{ github.event.workflow_run.head_sha }}-amd64
secrets: inherit secrets: inherit

12
.github/workflows/payload-after-push.yaml vendored
View File

@ -8,12 +8,18 @@ on:
jobs: jobs:
build-assets-amd64: build-assets-amd64:
uses: ./.github/workflows/build-kata-static-tarball-amd64.yaml uses: ./.github/workflows/build-kata-static-tarball-amd64.yaml
with:
push-to-registry: yes
build-assets-arm64: build-assets-arm64:
uses: ./.github/workflows/build-kata-static-tarball-arm64.yaml uses: ./.github/workflows/build-kata-static-tarball-arm64.yaml
with:
push-to-registry: yes
build-assets-s390x: build-assets-s390x:
uses: ./.github/workflows/build-kata-static-tarball-s390x.yaml uses: ./.github/workflows/build-kata-static-tarball-s390x.yaml
with:
push-to-registry: yes
publish-kata-deploy-payload-amd64: publish-kata-deploy-payload-amd64:
needs: build-assets-amd64 needs: build-assets-amd64
@ -28,7 +34,8 @@ jobs:
needs: build-assets-arm64 needs: build-assets-arm64
uses: ./.github/workflows/publish-kata-deploy-payload-arm64.yaml uses: ./.github/workflows/publish-kata-deploy-payload-arm64.yaml
with: with:
registry: quay.io/kata-containers/kata-deploy-ci registry: quay.io
repo: kata-containers/kata-deploy-ci
tag: kata-containers-arm64 tag: kata-containers-arm64
secrets: inherit secrets: inherit
@ -36,7 +43,8 @@ jobs:
needs: build-assets-s390x needs: build-assets-s390x
uses: ./.github/workflows/publish-kata-deploy-payload-s390x.yaml uses: ./.github/workflows/publish-kata-deploy-payload-s390x.yaml
with: with:
registry: quay.io/kata-containers/kata-deploy-ci registry: quay.io
repo: kata-containers/kata-deploy-ci
tag: kata-containers-s390x tag: kata-containers-s390x
secrets: inherit secrets: inherit

13
.github/workflows/publish-kata-deploy-payload-amd64.yaml vendored
View File

@ -2,6 +2,10 @@ name: CI | Publish kata-deploy payload for amd64
on: on:
workflow_call: workflow_call:
inputs: inputs:
checkout-ref:
required: false
type: string
default: ${{ github.sha }}
tarball-suffix: tarball-suffix:
required: false required: false
type: string type: string
@ -14,16 +18,14 @@ on:
tag: tag:
required: true required: true
type: string type: string
quay-io-login-continue-on-error:
required: false
type: boolean
default: false
jobs: jobs:
kata-payload: kata-payload:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
with:
ref: ${{ inputs.checkout-ref }}
- name: get-kata-tarball - name: get-kata-tarball
uses: actions/download-artifact@v3 uses: actions/download-artifact@v3
@ -31,14 +33,15 @@ jobs:
name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} name: kata-static-tarball-amd64${{ inputs.tarball-suffix }}
- name: Login to Kata Containers quay.io - name: Login to Kata Containers quay.io
if: ${{ inputs.registry == 'quay.io' }}
uses: docker/login-action@v2 uses: docker/login-action@v2
with: with:
registry: quay.io registry: quay.io
username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} username: ${{ secrets.QUAY_DEPLOYER_USERNAME }}
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
continue-on-error: ${{ inputs.quay-io-login-continue-on-error }}
- name: Login to Kata Containers ghcr.io - name: Login to Kata Containers ghcr.io
if: ${{ inputs.registry == 'ghcr.io' }}
uses: docker/login-action@v2 uses: docker/login-action@v2
with: with:
registry: ghcr.io registry: ghcr.io

13
.github/workflows/publish-kata-deploy-payload-arm64.yaml vendored
View File

@ -2,6 +2,10 @@ name: CI | Publish kata-deploy payload for arm64
on: on:
workflow_call: workflow_call:
inputs: inputs:
checkout-ref:
required: false
type: string
default: ${{ github.sha }}
tarball-suffix: tarball-suffix:
required: false required: false
type: string type: string
@ -14,10 +18,6 @@ on:
tag: tag:
required: true required: true
type: string type: string
quay-io-login-continue-on-error:
required: false
type: boolean
default: false
jobs: jobs:
kata-payload: kata-payload:
@ -28,6 +28,8 @@ jobs:
sudo chown -R $USER:$USER $GITHUB_WORKSPACE sudo chown -R $USER:$USER $GITHUB_WORKSPACE
- uses: actions/checkout@v3 - uses: actions/checkout@v3
with:
ref: ${{ inputs.checkout-ref }}
- name: get-kata-tarball - name: get-kata-tarball
uses: actions/download-artifact@v3 uses: actions/download-artifact@v3
@ -35,14 +37,15 @@ jobs:
name: kata-static-tarball-arm64${{ inputs.tarball-suffix }} name: kata-static-tarball-arm64${{ inputs.tarball-suffix }}
- name: Login to Kata Containers quay.io - name: Login to Kata Containers quay.io
if: ${{ inputs.registry == 'quay.io' }}
uses: docker/login-action@v2 uses: docker/login-action@v2
with: with:
registry: quay.io registry: quay.io
username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} username: ${{ secrets.QUAY_DEPLOYER_USERNAME }}
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
continue-on-error: ${{ inputs.quay-io-login-continue-on-error }}
- name: Login to Kata Containers ghcr.io - name: Login to Kata Containers ghcr.io
if: ${{ inputs.registry == 'ghcr.io' }}
uses: docker/login-action@v2 uses: docker/login-action@v2
with: with:
registry: ghcr.io registry: ghcr.io

13
.github/workflows/publish-kata-deploy-payload-s390x.yaml vendored
View File

@ -2,6 +2,10 @@ name: CI | Publish kata-deploy payload for s390x
on: on:
workflow_call: workflow_call:
inputs: inputs:
checkout-ref:
required: false
type: string
default: ${{ github.sha }}
tarball-suffix: tarball-suffix:
required: false required: false
type: string type: string
@ -14,10 +18,6 @@ on:
tag: tag:
required: true required: true
type: string type: string
quay-io-login-continue-on-error:
required: false
type: boolean
default: false
jobs: jobs:
kata-payload: kata-payload:
@ -28,6 +28,8 @@ jobs:
sudo chown -R $USER:$USER $GITHUB_WORKSPACE sudo chown -R $USER:$USER $GITHUB_WORKSPACE
- uses: actions/checkout@v3 - uses: actions/checkout@v3
with:
ref: ${{ inputs.checkout-ref }}
- name: get-kata-tarball - name: get-kata-tarball
uses: actions/download-artifact@v3 uses: actions/download-artifact@v3
@ -35,14 +37,15 @@ jobs:
name: kata-static-tarball-s390x${{ inputs.tarball-suffix }} name: kata-static-tarball-s390x${{ inputs.tarball-suffix }}
- name: Login to Kata Containers quay.io - name: Login to Kata Containers quay.io
if: ${{ inputs.registry == 'quay.io' }}
uses: docker/login-action@v2 uses: docker/login-action@v2
with: with:
registry: quay.io registry: quay.io
username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} username: ${{ secrets.QUAY_DEPLOYER_USERNAME }}
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
continue-on-error: ${{ inputs.quay-io-login-continue-on-error }}
- name: Login to Kata Containers ghcr.io - name: Login to Kata Containers ghcr.io
if: ${{ inputs.registry == 'ghcr.io' }}
uses: docker/login-action@v2 uses: docker/login-action@v2
with: with:
registry: ghcr.io registry: ghcr.io

6
.github/workflows/run-k8s-tests-on-aks.yaml vendored
View File

@ -2,6 +2,10 @@ name: CI | Run kubernetes tests on AKS
on: on:
workflow_call: workflow_call:
inputs: inputs:
checkout-ref:
required: false
type: string
default: ${{ github.sha }}
registry: registry:
required: true required: true
type: string type: string
@ -35,6 +39,8 @@ jobs:
needs: create-aks needs: create-aks
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
with:
ref: ${{ inputs.checkout-ref }}
- name: Install `bats` - name: Install `bats`
run: | run: |
sudo apt-get update sudo apt-get update

4
tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh
View File

@ -20,7 +20,7 @@ IMAGE_TAG="${REGISTRY}:kata-containers-$(git rev-parse HEAD)-$(uname -m)"
echo "Building the image" echo "Building the image"
docker build --tag ${IMAGE_TAG} . docker build --tag ${IMAGE_TAG} .
echo "Pushing the image to quay.io" echo "Pushing the image to the registry"
docker push ${IMAGE_TAG} docker push ${IMAGE_TAG}
if [ -n "${TAG}" ]; then if [ -n "${TAG}" ]; then
@ -30,7 +30,7 @@ if [ -n "${TAG}" ]; then
docker build --tag ${ADDITIONAL_TAG} . docker build --tag ${ADDITIONAL_TAG} .
echo "Pushing the image ${ADDITIONAL_TAG} to quay.io" echo "Pushing the image ${ADDITIONAL_TAG} to the registry"
docker push ${ADDITIONAL_TAG} docker push ${ADDITIONAL_TAG}
fi fi