From fac8ccf5cd83af683449d49aa6b580183b29b122 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fabiano.fidencio@intel.com>
Date: Tue, 8 Aug 2023 19:05:21 +0200
Subject: [PATCH] ci: Add build-and-publish-tee-confidential-unencrypted-image
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This will be done before running TEE tests, and it's a hard dependency
fr them.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
---
 .github/workflows/ci.yaml | 30 +++++++++++++++++++++++++++---
 1 file changed, 27 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 52a86b08d3..da09da4a44 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -30,6 +30,30 @@ jobs:
       commit-hash: ${{ inputs.commit-hash }}
     secrets: inherit
 
+  build-and-publish-tee-confidential-unencrypted-image:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Login to Kata Containers ghcr.io
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ inputs.commit-hash }}
+
+      - name: Docker build and push
+        uses: docker/build-and-push-action@v3
+        with:
+          tags: ghcr.io/kata-containers/test-images:unencrypted-${{ pr-number }}
+          push: true
+          context: .
+          platforms: linux/amd64, linux/s390x
+          file: tests/integration/kubernetes/runtimeclass_workloads/confidential/unencrypted/Dockerfile
+
   run-k8s-tests-on-aks:
     needs: publish-kata-deploy-payload-amd64
     uses: ./.github/workflows/run-k8s-tests-on-aks.yaml
@@ -42,7 +66,7 @@ jobs:
     secrets: inherit
 
   run-k8s-tests-on-sev:
-    needs: publish-kata-deploy-payload-amd64
+    needs: [publish-kata-deploy-payload-amd64, build-and-publish-tee-confidential-unencrypted-image]
     uses: ./.github/workflows/run-k8s-tests-on-sev.yaml
     with:
       registry: ghcr.io
@@ -51,7 +75,7 @@ jobs:
       commit-hash: ${{ inputs.commit-hash }}
 
   run-k8s-tests-on-snp:
-    needs: publish-kata-deploy-payload-amd64
+    needs: [publish-kata-deploy-payload-amd64, build-and-publish-tee-confidential-unencrypted-image]
     uses: ./.github/workflows/run-k8s-tests-on-snp.yaml
     with:
       registry: ghcr.io
@@ -60,7 +84,7 @@ jobs:
       commit-hash: ${{ inputs.commit-hash }}
 
   run-k8s-tests-on-tdx:
-    needs: publish-kata-deploy-payload-amd64
+    needs: [publish-kata-deploy-payload-amd64, build-and-publish-tee-confidential-unencrypted-image]
     uses: ./.github/workflows/run-k8s-tests-on-tdx.yaml
     with:
       registry: ghcr.io