gha: payload-after-push: Pass secrets down

The "build-assets-${arch}" jobs need to have access to the secrets in order to log into the container registry in the cases where "push-to-registry", which is used to push the builder containers to quay.io, is set to "yes". Now that "build-assets-${arch}" pass the secrets down, we need to log into the container registry in the "build-kata-static-tarball-${arch}" files, in case "push-to-registry" is set to "yes". Fixes: #6899 Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2025-10-21 20:08:54 +00:00 · 2023-05-19 14:49:18 +02:00
parent 7abae8ee9c
commit cfd8f4ff76
4 changed files with 28 additions and 0 deletions
--- a/.github/workflows/build-kata-static-tarball-amd64.yaml
+++ b/.github/workflows/build-kata-static-tarball-amd64.yaml
@@ -38,10 +38,19 @@ jobs:
          - tdvf
          - virtiofsd
    steps:
+      - name: Login to Kata Containers quay.io
+        if: ${{ inputs.push-to-registry == 'yes' }}
+        uses: docker/login-action@v2
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAY_DEPLOYER_USERNAME }}
+          password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
+
      - uses: actions/checkout@v3
        with:
          ref: ${{ github.event.pull_request.head.sha }}
          fetch-depth: 0 # This is needed in order to keep the commit ids history
+
      - name: Build ${{ matrix.asset }}
        run: |
          make "${KATA_ASSET}-tarball"