github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-29 12:54:10 +00:00
Code Issues Projects Releases Wiki Activity

gpu: Add secrets passthrough to the workflow

Browse Source 
We need to pass-through the secrets in all the needed workflows
ci, ci-on-push, ci-nightly, ci-devel

Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
This commit is contained in:
Zvonko Kaiser 2025-07-30 13:33:47 +00:00
parent 30778594d0
commit fbb0e7f2f2
10 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/build-kata-static-tarball-amd64.yaml vendored
View File

@ -23,6 +23,8 @@ on:
secrets: secrets:
QUAY_DEPLOYER_PASSWORD: QUAY_DEPLOYER_PASSWORD:
required: false required: false
KBUILD_SIGN_PIN:
required: true
permissions: permissions:
contents: read contents: read

1
.github/workflows/ci-coco-stability.yaml vendored
View File

@ -31,3 +31,4 @@ jobs:
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}

1
.github/workflows/ci-devel.yaml vendored
View File

@ -28,6 +28,7 @@ jobs:
ITA_KEY: ${{ secrets.ITA_KEY }} ITA_KEY: ${{ secrets.ITA_KEY }}
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
NGC_API_KEY: ${{ secrets.NGC_API_KEY }} NGC_API_KEY: ${{ secrets.NGC_API_KEY }}
KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}
build-checks: build-checks:
uses: ./.github/workflows/build-checks.yaml uses: ./.github/workflows/build-checks.yaml

2
.github/workflows/ci-nightly.yaml vendored
View File

@ -31,3 +31,5 @@ jobs:
CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }} CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
ITA_KEY: ${{ secrets.ITA_KEY }} ITA_KEY: ${{ secrets.ITA_KEY }}
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
NGC_API_KEY: ${{ secrets.NGC_API_KEY }}
KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}

2
.github/workflows/ci-on-push.yaml vendored
View File

@ -52,3 +52,5 @@ jobs:
CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }} CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
ITA_KEY: ${{ secrets.ITA_KEY }} ITA_KEY: ${{ secrets.ITA_KEY }}
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
NGC_API_KEY: ${{ secrets.NGC_API_KEY }}
KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}

4
.github/workflows/ci-weekly.yaml vendored
View File

@ -27,6 +27,8 @@ on:
required: true required: true
QUAY_DEPLOYER_PASSWORD: QUAY_DEPLOYER_PASSWORD:
required: true required: true
KBUILD_SIGN_PIN:
required: true
permissions: permissions:
contents: read contents: read
@ -43,6 +45,8 @@ jobs:
tarball-suffix: -${{ inputs.tag }} tarball-suffix: -${{ inputs.tag }}
commit-hash: ${{ inputs.commit-hash }} commit-hash: ${{ inputs.commit-hash }}
target-branch: ${{ inputs.target-branch }} target-branch: ${{ inputs.target-branch }}
secrets:
KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}
publish-kata-deploy-payload-amd64: publish-kata-deploy-payload-amd64:
needs: build-kata-static-tarball-amd64 needs: build-kata-static-tarball-amd64

5
.github/workflows/ci.yaml vendored
View File

@ -35,9 +35,10 @@ on:
required: true required: true
QUAY_DEPLOYER_PASSWORD: QUAY_DEPLOYER_PASSWORD:
required: true required: true
NGC_API_KEY: NGC_API_KEY:
required: true required: true
KBUILD_SIGN_PIN:
required: true
permissions: permissions:
contents: read contents: read
@ -55,6 +56,8 @@ jobs:
tarball-suffix: -${{ inputs.tag }} tarball-suffix: -${{ inputs.tag }}
commit-hash: ${{ inputs.commit-hash }} commit-hash: ${{ inputs.commit-hash }}
target-branch: ${{ inputs.target-branch }} target-branch: ${{ inputs.target-branch }}
secrets:
KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}
publish-kata-deploy-payload-amd64: publish-kata-deploy-payload-amd64:
needs: build-kata-static-tarball-amd64 needs: build-kata-static-tarball-amd64

1
.github/workflows/payload-after-push.yaml vendored
View File

@ -25,6 +25,7 @@ jobs:
target-branch: ${{ github.ref_name }} target-branch: ${{ github.ref_name }}
secrets: secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}
build-assets-arm64: build-assets-arm64:
permissions: permissions:

3
.github/workflows/release-amd64.yaml vendored
View File

@ -8,6 +8,8 @@ on:
secrets: secrets:
QUAY_DEPLOYER_PASSWORD: QUAY_DEPLOYER_PASSWORD:
required: true required: true
KBUILD_SIGN_PIN:
required: true
permissions: permissions:
contents: read contents: read
@ -20,6 +22,7 @@ jobs:
stage: release stage: release
secrets: secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}
permissions: permissions:
contents: read contents: read
packages: write packages: write

1
.github/workflows/release.yaml vendored
View File

@ -35,6 +35,7 @@ jobs:
target-arch: amd64 target-arch: amd64
secrets: secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}
build-and-push-assets-arm64: build-and-push-assets-arm64:
needs: release needs: release