mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-03-18 10:44:10 +00:00
Compare commits
3 Commits
3.28.0
...
topic/ci-l
| Author | SHA1 | Date | |
|---|---|---|---|
|
1eabd6c729 | ||
|
|
b1ec7d0c02 | ||
|
|
83dce477d0 |
@@ -23,8 +23,6 @@ on:
|
|||||||
secrets:
|
secrets:
|
||||||
QUAY_DEPLOYER_PASSWORD:
|
QUAY_DEPLOYER_PASSWORD:
|
||||||
required: false
|
required: false
|
||||||
KBUILD_SIGN_PIN:
|
|
||||||
required: true
|
|
||||||
|
|
||||||
permissions: {}
|
permissions: {}
|
||||||
|
|
||||||
@@ -102,7 +100,6 @@ jobs:
|
|||||||
ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
|
ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
|
||||||
TARGET_BRANCH: ${{ inputs.target-branch }}
|
TARGET_BRANCH: ${{ inputs.target-branch }}
|
||||||
RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }}
|
RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }}
|
||||||
KBUILD_SIGN_PIN: ${{ contains(matrix.asset, 'nvidia') && secrets.KBUILD_SIGN_PIN || '' }}
|
|
||||||
|
|
||||||
- name: Parse OCI image name and digest
|
- name: Parse OCI image name and digest
|
||||||
id: parse-oci-segments
|
id: parse-oci-segments
|
||||||
@@ -215,7 +212,6 @@ jobs:
|
|||||||
ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
|
ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
|
||||||
TARGET_BRANCH: ${{ inputs.target-branch }}
|
TARGET_BRANCH: ${{ inputs.target-branch }}
|
||||||
RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }}
|
RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }}
|
||||||
KBUILD_SIGN_PIN: ${{ contains(matrix.asset, 'nvidia') && secrets.KBUILD_SIGN_PIN || '' }}
|
|
||||||
|
|
||||||
- name: store-artifact ${{ matrix.asset }}
|
- name: store-artifact ${{ matrix.asset }}
|
||||||
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
||||||
|
|||||||
@@ -23,8 +23,6 @@ on:
|
|||||||
secrets:
|
secrets:
|
||||||
QUAY_DEPLOYER_PASSWORD:
|
QUAY_DEPLOYER_PASSWORD:
|
||||||
required: false
|
required: false
|
||||||
KBUILD_SIGN_PIN:
|
|
||||||
required: true
|
|
||||||
|
|
||||||
permissions: {}
|
permissions: {}
|
||||||
|
|
||||||
@@ -90,7 +88,6 @@ jobs:
|
|||||||
ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
|
ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
|
||||||
TARGET_BRANCH: ${{ inputs.target-branch }}
|
TARGET_BRANCH: ${{ inputs.target-branch }}
|
||||||
RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }}
|
RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }}
|
||||||
KBUILD_SIGN_PIN: ${{ contains(matrix.asset, 'nvidia') && secrets.KBUILD_SIGN_PIN || '' }}
|
|
||||||
|
|
||||||
- name: Parse OCI image name and digest
|
- name: Parse OCI image name and digest
|
||||||
id: parse-oci-segments
|
id: parse-oci-segments
|
||||||
@@ -197,7 +194,6 @@ jobs:
|
|||||||
ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
|
ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
|
||||||
TARGET_BRANCH: ${{ inputs.target-branch }}
|
TARGET_BRANCH: ${{ inputs.target-branch }}
|
||||||
RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }}
|
RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }}
|
||||||
KBUILD_SIGN_PIN: ${{ contains(matrix.asset, 'nvidia') && secrets.KBUILD_SIGN_PIN || '' }}
|
|
||||||
|
|
||||||
- name: store-artifact ${{ matrix.asset }}
|
- name: store-artifact ${{ matrix.asset }}
|
||||||
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
||||||
|
|||||||
@@ -21,8 +21,6 @@ on:
|
|||||||
type: string
|
type: string
|
||||||
default: ""
|
default: ""
|
||||||
secrets:
|
secrets:
|
||||||
CI_HKD_PATH:
|
|
||||||
required: true
|
|
||||||
QUAY_DEPLOYER_PASSWORD:
|
QUAY_DEPLOYER_PASSWORD:
|
||||||
required: true
|
required: true
|
||||||
|
|
||||||
@@ -197,60 +195,11 @@ jobs:
|
|||||||
retention-days: 15
|
retention-days: 15
|
||||||
if-no-files-found: error
|
if-no-files-found: error
|
||||||
|
|
||||||
build-asset-boot-image-se:
|
|
||||||
name: build-asset-boot-image-se
|
|
||||||
runs-on: s390x
|
|
||||||
needs: [build-asset, build-asset-rootfs]
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
packages: write
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
||||||
with:
|
|
||||||
persist-credentials: false
|
|
||||||
- name: Rebase atop of the latest target branch
|
|
||||||
run: |
|
|
||||||
./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
|
|
||||||
env:
|
|
||||||
TARGET_BRANCH: ${{ inputs.target-branch }}
|
|
||||||
|
|
||||||
- name: get-artifacts
|
|
||||||
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
|
||||||
with:
|
|
||||||
pattern: kata-artifacts-s390x-*${{ inputs.tarball-suffix }}
|
|
||||||
path: kata-artifacts
|
|
||||||
merge-multiple: true
|
|
||||||
|
|
||||||
- name: Place a host key document
|
|
||||||
run: |
|
|
||||||
mkdir -p "host-key-document"
|
|
||||||
cp "${CI_HKD_PATH}" "host-key-document"
|
|
||||||
env:
|
|
||||||
CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
|
|
||||||
|
|
||||||
- name: Build boot-image-se
|
|
||||||
run: |
|
|
||||||
./tests/gha-adjust-to-use-prebuilt-components.sh kata-artifacts "boot-image-se"
|
|
||||||
make boot-image-se-tarball
|
|
||||||
build_dir=$(readlink -f build)
|
|
||||||
sudo cp -r "${build_dir}" "kata-build"
|
|
||||||
sudo chown -R "$(id -u)":"$(id -g)" "kata-build"
|
|
||||||
env:
|
|
||||||
HKD_PATH: "host-key-document"
|
|
||||||
|
|
||||||
- name: store-artifact boot-image-se
|
|
||||||
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
|
||||||
with:
|
|
||||||
name: kata-artifacts-s390x${{ inputs.tarball-suffix }}
|
|
||||||
path: kata-build/kata-static-boot-image-se.tar.zst
|
|
||||||
retention-days: 1
|
|
||||||
if-no-files-found: error
|
|
||||||
|
|
||||||
# We don't need the binaries installed in the rootfs as part of the release tarball, so can delete them now we've built the rootfs
|
# We don't need the binaries installed in the rootfs as part of the release tarball, so can delete them now we've built the rootfs
|
||||||
remove-rootfs-binary-artifacts:
|
remove-rootfs-binary-artifacts:
|
||||||
name: remove-rootfs-binary-artifacts
|
name: remove-rootfs-binary-artifacts
|
||||||
runs-on: ubuntu-22.04
|
runs-on: ubuntu-22.04
|
||||||
needs: [build-asset-rootfs, build-asset-boot-image-se]
|
needs: [build-asset-rootfs]
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
asset:
|
asset:
|
||||||
@@ -331,7 +280,6 @@ jobs:
|
|||||||
needs:
|
needs:
|
||||||
- build-asset
|
- build-asset
|
||||||
- build-asset-rootfs
|
- build-asset-rootfs
|
||||||
- build-asset-boot-image-se
|
|
||||||
- build-asset-shim-v2
|
- build-asset-shim-v2
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
|
|||||||
3
.github/workflows/ci-coco-stability.yaml
vendored
3
.github/workflows/ci-coco-stability.yaml
vendored
@@ -25,9 +25,8 @@ jobs:
|
|||||||
tag: ${{ github.sha }}-weekly
|
tag: ${{ github.sha }}-weekly
|
||||||
target-branch: ${{ github.ref_name }}
|
target-branch: ${{ github.ref_name }}
|
||||||
secrets:
|
secrets:
|
||||||
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ vars.AUTHENTICATED_IMAGE_PASSWORD }}
|
||||||
AZ_APPID: ${{ secrets.AZ_APPID }}
|
AZ_APPID: ${{ secrets.AZ_APPID }}
|
||||||
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
||||||
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
|
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
|
||||||
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}
|
|
||||||
|
|||||||
4
.github/workflows/ci-devel.yaml
vendored
4
.github/workflows/ci-devel.yaml
vendored
@@ -19,15 +19,13 @@ jobs:
|
|||||||
target-branch: ${{ github.ref_name }}
|
target-branch: ${{ github.ref_name }}
|
||||||
|
|
||||||
secrets:
|
secrets:
|
||||||
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ vars.AUTHENTICATED_IMAGE_PASSWORD }}
|
||||||
AZ_APPID: ${{ secrets.AZ_APPID }}
|
AZ_APPID: ${{ secrets.AZ_APPID }}
|
||||||
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
||||||
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
|
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
|
||||||
CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
|
|
||||||
ITA_KEY: ${{ secrets.ITA_KEY }}
|
ITA_KEY: ${{ secrets.ITA_KEY }}
|
||||||
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
NGC_API_KEY: ${{ secrets.NGC_API_KEY }}
|
NGC_API_KEY: ${{ secrets.NGC_API_KEY }}
|
||||||
KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}
|
|
||||||
|
|
||||||
build-checks:
|
build-checks:
|
||||||
uses: ./.github/workflows/build-checks.yaml
|
uses: ./.github/workflows/build-checks.yaml
|
||||||
|
|||||||
4
.github/workflows/ci-nightly.yaml
vendored
4
.github/workflows/ci-nightly.yaml
vendored
@@ -23,12 +23,10 @@ jobs:
|
|||||||
tag: ${{ github.sha }}-nightly
|
tag: ${{ github.sha }}-nightly
|
||||||
target-branch: ${{ github.ref_name }}
|
target-branch: ${{ github.ref_name }}
|
||||||
secrets:
|
secrets:
|
||||||
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ vars.AUTHENTICATED_IMAGE_PASSWORD }}
|
||||||
AZ_APPID: ${{ secrets.AZ_APPID }}
|
AZ_APPID: ${{ secrets.AZ_APPID }}
|
||||||
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
||||||
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
|
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
|
||||||
CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
|
|
||||||
ITA_KEY: ${{ secrets.ITA_KEY }}
|
ITA_KEY: ${{ secrets.ITA_KEY }}
|
||||||
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
NGC_API_KEY: ${{ secrets.NGC_API_KEY }}
|
NGC_API_KEY: ${{ secrets.NGC_API_KEY }}
|
||||||
KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}
|
|
||||||
|
|||||||
4
.github/workflows/ci-on-push.yaml
vendored
4
.github/workflows/ci-on-push.yaml
vendored
@@ -43,12 +43,10 @@ jobs:
|
|||||||
target-branch: ${{ github.event.pull_request.base.ref }}
|
target-branch: ${{ github.event.pull_request.base.ref }}
|
||||||
skip-test: ${{ needs.skipper.outputs.skip_test }}
|
skip-test: ${{ needs.skipper.outputs.skip_test }}
|
||||||
secrets:
|
secrets:
|
||||||
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ vars.AUTHENTICATED_IMAGE_PASSWORD }}
|
||||||
AZ_APPID: ${{ secrets.AZ_APPID }}
|
AZ_APPID: ${{ secrets.AZ_APPID }}
|
||||||
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
||||||
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
|
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
|
||||||
CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
|
|
||||||
ITA_KEY: ${{ secrets.ITA_KEY }}
|
ITA_KEY: ${{ secrets.ITA_KEY }}
|
||||||
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
NGC_API_KEY: ${{ secrets.NGC_API_KEY }}
|
NGC_API_KEY: ${{ secrets.NGC_API_KEY }}
|
||||||
KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}
|
|
||||||
|
|||||||
6
.github/workflows/ci-weekly.yaml
vendored
6
.github/workflows/ci-weekly.yaml
vendored
@@ -27,8 +27,6 @@ on:
|
|||||||
required: true
|
required: true
|
||||||
QUAY_DEPLOYER_PASSWORD:
|
QUAY_DEPLOYER_PASSWORD:
|
||||||
required: true
|
required: true
|
||||||
KBUILD_SIGN_PIN:
|
|
||||||
required: true
|
|
||||||
|
|
||||||
permissions: {}
|
permissions: {}
|
||||||
|
|
||||||
@@ -44,8 +42,6 @@ jobs:
|
|||||||
tarball-suffix: -${{ inputs.tag }}
|
tarball-suffix: -${{ inputs.tag }}
|
||||||
commit-hash: ${{ inputs.commit-hash }}
|
commit-hash: ${{ inputs.commit-hash }}
|
||||||
target-branch: ${{ inputs.target-branch }}
|
target-branch: ${{ inputs.target-branch }}
|
||||||
secrets:
|
|
||||||
KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}
|
|
||||||
|
|
||||||
publish-kata-deploy-payload-amd64:
|
publish-kata-deploy-payload-amd64:
|
||||||
needs: build-kata-static-tarball-amd64
|
needs: build-kata-static-tarball-amd64
|
||||||
@@ -119,7 +115,7 @@ jobs:
|
|||||||
target-branch: ${{ inputs.target-branch }}
|
target-branch: ${{ inputs.target-branch }}
|
||||||
tarball-suffix: -${{ inputs.tag }}
|
tarball-suffix: -${{ inputs.tag }}
|
||||||
secrets:
|
secrets:
|
||||||
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ vars.AUTHENTICATED_IMAGE_PASSWORD }}
|
||||||
AZ_APPID: ${{ secrets.AZ_APPID }}
|
AZ_APPID: ${{ secrets.AZ_APPID }}
|
||||||
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
||||||
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
|
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
|
||||||
|
|||||||
13
.github/workflows/ci.yaml
vendored
13
.github/workflows/ci.yaml
vendored
@@ -29,16 +29,12 @@ on:
|
|||||||
required: true
|
required: true
|
||||||
AZ_SUBSCRIPTION_ID:
|
AZ_SUBSCRIPTION_ID:
|
||||||
required: true
|
required: true
|
||||||
CI_HKD_PATH:
|
|
||||||
required: true
|
|
||||||
ITA_KEY:
|
ITA_KEY:
|
||||||
required: true
|
required: true
|
||||||
QUAY_DEPLOYER_PASSWORD:
|
QUAY_DEPLOYER_PASSWORD:
|
||||||
required: true
|
required: true
|
||||||
NGC_API_KEY:
|
NGC_API_KEY:
|
||||||
required: true
|
required: true
|
||||||
KBUILD_SIGN_PIN:
|
|
||||||
required: true
|
|
||||||
|
|
||||||
permissions: {}
|
permissions: {}
|
||||||
|
|
||||||
@@ -54,8 +50,6 @@ jobs:
|
|||||||
tarball-suffix: -${{ inputs.tag }}
|
tarball-suffix: -${{ inputs.tag }}
|
||||||
commit-hash: ${{ inputs.commit-hash }}
|
commit-hash: ${{ inputs.commit-hash }}
|
||||||
target-branch: ${{ inputs.target-branch }}
|
target-branch: ${{ inputs.target-branch }}
|
||||||
secrets:
|
|
||||||
KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}
|
|
||||||
|
|
||||||
publish-kata-deploy-payload-amd64:
|
publish-kata-deploy-payload-amd64:
|
||||||
needs: build-kata-static-tarball-amd64
|
needs: build-kata-static-tarball-amd64
|
||||||
@@ -86,8 +80,6 @@ jobs:
|
|||||||
tarball-suffix: -${{ inputs.tag }}
|
tarball-suffix: -${{ inputs.tag }}
|
||||||
commit-hash: ${{ inputs.commit-hash }}
|
commit-hash: ${{ inputs.commit-hash }}
|
||||||
target-branch: ${{ inputs.target-branch }}
|
target-branch: ${{ inputs.target-branch }}
|
||||||
secrets:
|
|
||||||
KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}
|
|
||||||
|
|
||||||
publish-kata-deploy-payload-arm64:
|
publish-kata-deploy-payload-arm64:
|
||||||
needs: build-kata-static-tarball-arm64
|
needs: build-kata-static-tarball-arm64
|
||||||
@@ -119,7 +111,6 @@ jobs:
|
|||||||
commit-hash: ${{ inputs.commit-hash }}
|
commit-hash: ${{ inputs.commit-hash }}
|
||||||
target-branch: ${{ inputs.target-branch }}
|
target-branch: ${{ inputs.target-branch }}
|
||||||
secrets:
|
secrets:
|
||||||
CI_HKD_PATH: ${{ secrets.ci_hkd_path }}
|
|
||||||
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
build-kata-static-tarball-ppc64le:
|
build-kata-static-tarball-ppc64le:
|
||||||
@@ -344,7 +335,7 @@ jobs:
|
|||||||
pr-number: ${{ inputs.pr-number }}
|
pr-number: ${{ inputs.pr-number }}
|
||||||
target-branch: ${{ inputs.target-branch }}
|
target-branch: ${{ inputs.target-branch }}
|
||||||
secrets:
|
secrets:
|
||||||
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ vars.AUTHENTICATED_IMAGE_PASSWORD }}
|
||||||
AZ_APPID: ${{ secrets.AZ_APPID }}
|
AZ_APPID: ${{ secrets.AZ_APPID }}
|
||||||
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
||||||
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
|
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
|
||||||
@@ -362,7 +353,7 @@ jobs:
|
|||||||
pr-number: ${{ inputs.pr-number }}
|
pr-number: ${{ inputs.pr-number }}
|
||||||
target-branch: ${{ inputs.target-branch }}
|
target-branch: ${{ inputs.target-branch }}
|
||||||
secrets:
|
secrets:
|
||||||
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ vars.AUTHENTICATED_IMAGE_PASSWORD }}
|
||||||
|
|
||||||
run-k8s-tests-on-ppc64le:
|
run-k8s-tests-on-ppc64le:
|
||||||
if: ${{ inputs.skip-test != 'yes' }}
|
if: ${{ inputs.skip-test != 'yes' }}
|
||||||
|
|||||||
3
.github/workflows/payload-after-push.yaml
vendored
3
.github/workflows/payload-after-push.yaml
vendored
@@ -24,7 +24,6 @@ jobs:
|
|||||||
target-branch: ${{ github.ref_name }}
|
target-branch: ${{ github.ref_name }}
|
||||||
secrets:
|
secrets:
|
||||||
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}
|
|
||||||
|
|
||||||
build-assets-arm64:
|
build-assets-arm64:
|
||||||
permissions:
|
permissions:
|
||||||
@@ -39,7 +38,6 @@ jobs:
|
|||||||
target-branch: ${{ github.ref_name }}
|
target-branch: ${{ github.ref_name }}
|
||||||
secrets:
|
secrets:
|
||||||
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}
|
|
||||||
|
|
||||||
build-assets-s390x:
|
build-assets-s390x:
|
||||||
permissions:
|
permissions:
|
||||||
@@ -53,7 +51,6 @@ jobs:
|
|||||||
push-to-registry: yes
|
push-to-registry: yes
|
||||||
target-branch: ${{ github.ref_name }}
|
target-branch: ${{ github.ref_name }}
|
||||||
secrets:
|
secrets:
|
||||||
CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
|
|
||||||
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
build-assets-ppc64le:
|
build-assets-ppc64le:
|
||||||
|
|||||||
3
.github/workflows/release-amd64.yaml
vendored
3
.github/workflows/release-amd64.yaml
vendored
@@ -8,8 +8,6 @@ on:
|
|||||||
secrets:
|
secrets:
|
||||||
QUAY_DEPLOYER_PASSWORD:
|
QUAY_DEPLOYER_PASSWORD:
|
||||||
required: true
|
required: true
|
||||||
KBUILD_SIGN_PIN:
|
|
||||||
required: true
|
|
||||||
|
|
||||||
permissions: {}
|
permissions: {}
|
||||||
|
|
||||||
@@ -21,7 +19,6 @@ jobs:
|
|||||||
stage: release
|
stage: release
|
||||||
secrets:
|
secrets:
|
||||||
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}
|
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
packages: write
|
packages: write
|
||||||
|
|||||||
3
.github/workflows/release-arm64.yaml
vendored
3
.github/workflows/release-arm64.yaml
vendored
@@ -8,8 +8,6 @@ on:
|
|||||||
secrets:
|
secrets:
|
||||||
QUAY_DEPLOYER_PASSWORD:
|
QUAY_DEPLOYER_PASSWORD:
|
||||||
required: true
|
required: true
|
||||||
KBUILD_SIGN_PIN:
|
|
||||||
required: true
|
|
||||||
|
|
||||||
permissions: {}
|
permissions: {}
|
||||||
|
|
||||||
@@ -21,7 +19,6 @@ jobs:
|
|||||||
stage: release
|
stage: release
|
||||||
secrets:
|
secrets:
|
||||||
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}
|
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
packages: write
|
packages: write
|
||||||
|
|||||||
3
.github/workflows/release-s390x.yaml
vendored
3
.github/workflows/release-s390x.yaml
vendored
@@ -6,8 +6,6 @@ on:
|
|||||||
required: true
|
required: true
|
||||||
type: string
|
type: string
|
||||||
secrets:
|
secrets:
|
||||||
CI_HKD_PATH:
|
|
||||||
required: true
|
|
||||||
QUAY_DEPLOYER_PASSWORD:
|
QUAY_DEPLOYER_PASSWORD:
|
||||||
required: true
|
required: true
|
||||||
|
|
||||||
@@ -20,7 +18,6 @@ jobs:
|
|||||||
push-to-registry: yes
|
push-to-registry: yes
|
||||||
stage: release
|
stage: release
|
||||||
secrets:
|
secrets:
|
||||||
CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
|
|
||||||
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
|
|||||||
3
.github/workflows/release.yaml
vendored
3
.github/workflows/release.yaml
vendored
@@ -35,7 +35,6 @@ jobs:
|
|||||||
target-arch: amd64
|
target-arch: amd64
|
||||||
secrets:
|
secrets:
|
||||||
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}
|
|
||||||
|
|
||||||
build-and-push-assets-arm64:
|
build-and-push-assets-arm64:
|
||||||
needs: release
|
needs: release
|
||||||
@@ -49,7 +48,6 @@ jobs:
|
|||||||
target-arch: arm64
|
target-arch: arm64
|
||||||
secrets:
|
secrets:
|
||||||
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}
|
|
||||||
|
|
||||||
build-and-push-assets-s390x:
|
build-and-push-assets-s390x:
|
||||||
needs: release
|
needs: release
|
||||||
@@ -62,7 +60,6 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
target-arch: s390x
|
target-arch: s390x
|
||||||
secrets:
|
secrets:
|
||||||
CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
|
|
||||||
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
||||||
|
|
||||||
build-and-push-assets-ppc64le:
|
build-and-push-assets-ppc64le:
|
||||||
|
|||||||
2
.github/workflows/run-k8s-tests-on-zvsi.yaml
vendored
2
.github/workflows/run-k8s-tests-on-zvsi.yaml
vendored
@@ -76,7 +76,7 @@ jobs:
|
|||||||
SNAPSHOTTER: ${{ matrix.snapshotter }}
|
SNAPSHOTTER: ${{ matrix.snapshotter }}
|
||||||
TARGET_ARCH: "s390x"
|
TARGET_ARCH: "s390x"
|
||||||
AUTHENTICATED_IMAGE_USER: ${{ vars.AUTHENTICATED_IMAGE_USER }}
|
AUTHENTICATED_IMAGE_USER: ${{ vars.AUTHENTICATED_IMAGE_USER }}
|
||||||
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ vars.AUTHENTICATED_IMAGE_PASSWORD }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||||
with:
|
with:
|
||||||
|
|||||||
@@ -69,7 +69,7 @@ jobs:
|
|||||||
KUBERNETES: "vanilla"
|
KUBERNETES: "vanilla"
|
||||||
PULL_TYPE: ${{ matrix.pull-type }}
|
PULL_TYPE: ${{ matrix.pull-type }}
|
||||||
AUTHENTICATED_IMAGE_USER: ${{ vars.AUTHENTICATED_IMAGE_USER }}
|
AUTHENTICATED_IMAGE_USER: ${{ vars.AUTHENTICATED_IMAGE_USER }}
|
||||||
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ vars.AUTHENTICATED_IMAGE_PASSWORD }}
|
||||||
SNAPSHOTTER: ${{ matrix.snapshotter }}
|
SNAPSHOTTER: ${{ matrix.snapshotter }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||||
|
|||||||
4
.github/workflows/run-kata-coco-tests.yaml
vendored
4
.github/workflows/run-kata-coco-tests.yaml
vendored
@@ -63,7 +63,7 @@ jobs:
|
|||||||
SNAPSHOTTER: "nydus"
|
SNAPSHOTTER: "nydus"
|
||||||
PULL_TYPE: "guest-pull"
|
PULL_TYPE: "guest-pull"
|
||||||
AUTHENTICATED_IMAGE_USER: ${{ vars.AUTHENTICATED_IMAGE_USER }}
|
AUTHENTICATED_IMAGE_USER: ${{ vars.AUTHENTICATED_IMAGE_USER }}
|
||||||
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ vars.AUTHENTICATED_IMAGE_PASSWORD }}
|
||||||
GH_ITA_KEY: ${{ secrets.ITA_KEY }}
|
GH_ITA_KEY: ${{ secrets.ITA_KEY }}
|
||||||
AUTO_GENERATE_POLICY: "yes"
|
AUTO_GENERATE_POLICY: "yes"
|
||||||
steps:
|
steps:
|
||||||
@@ -168,7 +168,7 @@ jobs:
|
|||||||
KUBERNETES: "vanilla"
|
KUBERNETES: "vanilla"
|
||||||
PULL_TYPE: ${{ matrix.pull-type }}
|
PULL_TYPE: ${{ matrix.pull-type }}
|
||||||
AUTHENTICATED_IMAGE_USER: ${{ vars.AUTHENTICATED_IMAGE_USER }}
|
AUTHENTICATED_IMAGE_USER: ${{ vars.AUTHENTICATED_IMAGE_USER }}
|
||||||
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ vars.AUTHENTICATED_IMAGE_PASSWORD }}
|
||||||
SNAPSHOTTER: ${{ matrix.snapshotter }}
|
SNAPSHOTTER: ${{ matrix.snapshotter }}
|
||||||
EXPERIMENTAL_FORCE_GUEST_PULL: ${{ matrix.pull-type == 'experimental-force-guest-pull' && matrix.vmm || '' }}
|
EXPERIMENTAL_FORCE_GUEST_PULL: ${{ matrix.pull-type == 'experimental-force-guest-pull' && matrix.vmm || '' }}
|
||||||
# Caution: current ingress controller used to expose the KBS service
|
# Caution: current ingress controller used to expose the KBS service
|
||||||
|
|||||||
@@ -20,7 +20,6 @@ readonly BUILD_DIR="/kata-containers/tools/packaging/kata-deploy/local-build/bui
|
|||||||
script_dir="$(dirname "$(readlink -f "$0")")"
|
script_dir="$(dirname "$(readlink -f "$0")")"
|
||||||
readonly SCRIPT_DIR="${script_dir}/nvidia"
|
readonly SCRIPT_DIR="${script_dir}/nvidia"
|
||||||
|
|
||||||
KBUILD_SIGN_PIN=${KBUILD_SIGN_PIN:-}
|
|
||||||
AGENT_POLICY="${AGENT_POLICY:-no}"
|
AGENT_POLICY="${AGENT_POLICY:-no}"
|
||||||
|
|
||||||
NVIDIA_GPU_STACK=${NVIDIA_GPU_STACK:?NVIDIA_GPU_STACK must be set}
|
NVIDIA_GPU_STACK=${NVIDIA_GPU_STACK:?NVIDIA_GPU_STACK must be set}
|
||||||
|
|||||||
@@ -58,7 +58,6 @@ REPO_URL=${REPO_URL:-""}
|
|||||||
REPO_URL_X86_64=${REPO_URL_X86_64:-""}
|
REPO_URL_X86_64=${REPO_URL_X86_64:-""}
|
||||||
REPO_COMPONENTS=${REPO_COMPONENTS:-""}
|
REPO_COMPONENTS=${REPO_COMPONENTS:-""}
|
||||||
|
|
||||||
KBUILD_SIGN_PIN=${KBUILD_SIGN_PIN:-""}
|
|
||||||
NVIDIA_GPU_STACK=${NVIDIA_GPU_STACK:-""}
|
NVIDIA_GPU_STACK=${NVIDIA_GPU_STACK:-""}
|
||||||
BUILD_VARIANT=${BUILD_VARIANT:-""}
|
BUILD_VARIANT=${BUILD_VARIANT:-""}
|
||||||
|
|
||||||
@@ -582,7 +581,6 @@ build_rootfs_distro()
|
|||||||
--env AGENT_POLICY="${AGENT_POLICY}" \
|
--env AGENT_POLICY="${AGENT_POLICY}" \
|
||||||
--env CONFIDENTIAL_GUEST="${CONFIDENTIAL_GUEST}" \
|
--env CONFIDENTIAL_GUEST="${CONFIDENTIAL_GUEST}" \
|
||||||
--env NVIDIA_GPU_STACK="${NVIDIA_GPU_STACK}" \
|
--env NVIDIA_GPU_STACK="${NVIDIA_GPU_STACK}" \
|
||||||
--env KBUILD_SIGN_PIN="${KBUILD_SIGN_PIN}" \
|
|
||||||
-v "${repo_dir}":"/kata-containers" \
|
-v "${repo_dir}":"/kata-containers" \
|
||||||
-v "${ROOTFS_DIR}":"/rootfs" \
|
-v "${ROOTFS_DIR}":"/rootfs" \
|
||||||
-v "${script_dir}/../scripts":"/scripts" \
|
-v "${script_dir}/../scripts":"/scripts" \
|
||||||
|
|||||||
@@ -103,7 +103,6 @@ MEASURED_ROOTFS="${MEASURED_ROOTFS:-no}"
|
|||||||
USE_CACHE="${USE_CACHE:-}"
|
USE_CACHE="${USE_CACHE:-}"
|
||||||
BUSYBOX_CONF_FILE=${BUSYBOX_CONF_FILE:-}
|
BUSYBOX_CONF_FILE=${BUSYBOX_CONF_FILE:-}
|
||||||
NVIDIA_GPU_STACK="${NVIDIA_GPU_STACK:-}"
|
NVIDIA_GPU_STACK="${NVIDIA_GPU_STACK:-}"
|
||||||
KBUILD_SIGN_PIN=${KBUILD_SIGN_PIN:-}
|
|
||||||
GUEST_HOOKS_TARBALL_NAME="${GUEST_HOOKS_TARBALL_NAME:-}"
|
GUEST_HOOKS_TARBALL_NAME="${GUEST_HOOKS_TARBALL_NAME:-}"
|
||||||
EXTRA_PKGS="${EXTRA_PKGS:-}"
|
EXTRA_PKGS="${EXTRA_PKGS:-}"
|
||||||
REPO_URL="${REPO_URL:-}"
|
REPO_URL="${REPO_URL:-}"
|
||||||
@@ -144,7 +143,6 @@ docker run \
|
|||||||
--env USE_CACHE="${USE_CACHE}" \
|
--env USE_CACHE="${USE_CACHE}" \
|
||||||
--env BUSYBOX_CONF_FILE="${BUSYBOX_CONF_FILE}" \
|
--env BUSYBOX_CONF_FILE="${BUSYBOX_CONF_FILE}" \
|
||||||
--env NVIDIA_GPU_STACK="${NVIDIA_GPU_STACK}" \
|
--env NVIDIA_GPU_STACK="${NVIDIA_GPU_STACK}" \
|
||||||
--env KBUILD_SIGN_PIN="${KBUILD_SIGN_PIN}" \
|
|
||||||
--env GUEST_HOOKS_TARBALL_NAME="${GUEST_HOOKS_TARBALL_NAME}" \
|
--env GUEST_HOOKS_TARBALL_NAME="${GUEST_HOOKS_TARBALL_NAME}" \
|
||||||
--env EXTRA_PKGS="${EXTRA_PKGS}" \
|
--env EXTRA_PKGS="${EXTRA_PKGS}" \
|
||||||
--env REPO_URL="${REPO_URL}" \
|
--env REPO_URL="${REPO_URL}" \
|
||||||
|
|||||||
@@ -57,7 +57,6 @@ AGENT_POLICY="${AGENT_POLICY:-yes}"
|
|||||||
TARGET_BRANCH="${TARGET_BRANCH:-main}"
|
TARGET_BRANCH="${TARGET_BRANCH:-main}"
|
||||||
PUSH_TO_REGISTRY="${PUSH_TO_REGISTRY:-}"
|
PUSH_TO_REGISTRY="${PUSH_TO_REGISTRY:-}"
|
||||||
RELEASE="${RELEASE:-"no"}"
|
RELEASE="${RELEASE:-"no"}"
|
||||||
KBUILD_SIGN_PIN="${KBUILD_SIGN_PIN:-}"
|
|
||||||
RUNTIME_CHOICE="${RUNTIME_CHOICE:-both}"
|
RUNTIME_CHOICE="${RUNTIME_CHOICE:-both}"
|
||||||
KERNEL_DEBUG_ENABLED=${KERNEL_DEBUG_ENABLED:-"no"}
|
KERNEL_DEBUG_ENABLED=${KERNEL_DEBUG_ENABLED:-"no"}
|
||||||
INIT_DATA="${INIT_DATA:-yes}"
|
INIT_DATA="${INIT_DATA:-yes}"
|
||||||
|
|||||||
@@ -31,7 +31,6 @@ readonly default_config_whitelist="${script_dir}/configs/fragments/whitelist.con
|
|||||||
# xPU vendor
|
# xPU vendor
|
||||||
readonly VENDOR_INTEL="intel"
|
readonly VENDOR_INTEL="intel"
|
||||||
readonly VENDOR_NVIDIA="nvidia"
|
readonly VENDOR_NVIDIA="nvidia"
|
||||||
readonly KBUILD_SIGN_PIN=${KBUILD_SIGN_PIN:-""}
|
|
||||||
readonly KERNEL_DEBUG_ENABLED=${KERNEL_DEBUG_ENABLED:-"no"}
|
readonly KERNEL_DEBUG_ENABLED=${KERNEL_DEBUG_ENABLED:-"no"}
|
||||||
|
|
||||||
#Path to kernel directory
|
#Path to kernel directory
|
||||||
@@ -313,13 +312,6 @@ get_kernel_frag_path() {
|
|||||||
all_configs="${all_configs} ${tmpfs_configs}"
|
all_configs="${all_configs} ${tmpfs_configs}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ "${KBUILD_SIGN_PIN}" != "" ]]; then
|
|
||||||
info "Enabling config for module signing"
|
|
||||||
local sign_configs
|
|
||||||
sign_configs="$(ls ${common_path}/signing/module_signing.conf)"
|
|
||||||
all_configs="${all_configs} ${sign_configs}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ ${KERNEL_DEBUG_ENABLED} == "yes" ]]; then
|
if [[ ${KERNEL_DEBUG_ENABLED} == "yes" ]]; then
|
||||||
info "Enable kernel debug"
|
info "Enable kernel debug"
|
||||||
local debug_configs="$(ls ${common_path}/common/debug.conf)"
|
local debug_configs="$(ls ${common_path}/common/debug.conf)"
|
||||||
@@ -542,16 +534,6 @@ build_kernel_headers() {
|
|||||||
if [ "$linux_headers" == "rpm" ]; then
|
if [ "$linux_headers" == "rpm" ]; then
|
||||||
make -j $(nproc) rpm-pkg ARCH="${arch_target}"
|
make -j $(nproc) rpm-pkg ARCH="${arch_target}"
|
||||||
fi
|
fi
|
||||||
# If we encrypt the key earlier it will break the kernel_headers build.
|
|
||||||
# At this stage the kernel has created the certs/signing_key.pem
|
|
||||||
# encrypt it for later usage in another job or out-of-tree build
|
|
||||||
# only encrypt if we have KBUILD_SIGN_PIN set
|
|
||||||
local key="certs/signing_key.pem"
|
|
||||||
if [ -n "${KBUILD_SIGN_PIN}" ]; then
|
|
||||||
[ -e "${key}" ] || die "${key} missing but KBUILD_SIGN_PIN is set"
|
|
||||||
openssl rsa -aes256 -in ${key} -out ${key} -passout env:KBUILD_SIGN_PIN
|
|
||||||
fi
|
|
||||||
|
|
||||||
popd >>/dev/null
|
popd >>/dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
180
|
181
|
||||||
|
|||||||
@@ -26,7 +26,6 @@ DESTDIR=${DESTDIR:-${PWD}}
|
|||||||
PREFIX=${PREFIX:-/opt/kata}
|
PREFIX=${PREFIX:-/opt/kata}
|
||||||
container_image="${KERNEL_CONTAINER_BUILDER:-$(get_kernel_image_name)}"
|
container_image="${KERNEL_CONTAINER_BUILDER:-$(get_kernel_image_name)}"
|
||||||
MEASURED_ROOTFS=${MEASURED_ROOTFS:-no}
|
MEASURED_ROOTFS=${MEASURED_ROOTFS:-no}
|
||||||
KBUILD_SIGN_PIN="${KBUILD_SIGN_PIN:-}"
|
|
||||||
kernel_builder_args="-a ${ARCH:-} $*"
|
kernel_builder_args="-a ${ARCH:-} $*"
|
||||||
KERNEL_DEBUG_ENABLED=${KERNEL_DEBUG_ENABLED:-"no"}
|
KERNEL_DEBUG_ENABLED=${KERNEL_DEBUG_ENABLED:-"no"}
|
||||||
|
|
||||||
@@ -69,7 +68,6 @@ container_build+=" --build-arg ARCH=${ARCH:-}"
|
|||||||
"${container_engine}" run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
|
"${container_engine}" run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
|
||||||
-w "${PWD}" \
|
-w "${PWD}" \
|
||||||
--env KERNEL_DEBUG_ENABLED="${KERNEL_DEBUG_ENABLED}" \
|
--env KERNEL_DEBUG_ENABLED="${KERNEL_DEBUG_ENABLED}" \
|
||||||
--env KBUILD_SIGN_PIN="${KBUILD_SIGN_PIN}" \
|
|
||||||
--user "$(id -u)":"$(id -g)" \
|
--user "$(id -u)":"$(id -g)" \
|
||||||
"${container_image}" \
|
"${container_image}" \
|
||||||
bash -c "${kernel_builder} ${kernel_builder_args} setup"
|
bash -c "${kernel_builder} ${kernel_builder_args} setup"
|
||||||
@@ -91,7 +89,6 @@ container_build+=" --build-arg ARCH=${ARCH:-}"
|
|||||||
-w "${PWD}" \
|
-w "${PWD}" \
|
||||||
--env DESTDIR="${DESTDIR}" --env PREFIX="${PREFIX}" \
|
--env DESTDIR="${DESTDIR}" --env PREFIX="${PREFIX}" \
|
||||||
--env USER="${USER}" \
|
--env USER="${USER}" \
|
||||||
--env KBUILD_SIGN_PIN="${KBUILD_SIGN_PIN}" \
|
|
||||||
--user "$(id -u)":"$(id -g)" \
|
--user "$(id -u)":"$(id -g)" \
|
||||||
"${container_image}" \
|
"${container_image}" \
|
||||||
bash -c "${kernel_builder} ${kernel_builder_args} build-headers"
|
bash -c "${kernel_builder} ${kernel_builder_args} build-headers"
|
||||||
|
|||||||
Reference in New Issue
Block a user