name: Run the Kata Containers CI on: workflow_call: inputs: commit-hash: required: true type: string pr-number: required: true type: string tag: required: true type: string target-branch: required: false type: string default: "" skip-test: required: false type: string default: no jobs: build-kata-static-tarball-amd64: uses: ./.github/workflows/build-kata-static-tarball-amd64.yaml with: tarball-suffix: -${{ inputs.tag }} commit-hash: ${{ inputs.commit-hash }} target-branch: ${{ inputs.target-branch }} publish-kata-deploy-payload-amd64: needs: build-kata-static-tarball-amd64 uses: ./.github/workflows/publish-kata-deploy-payload.yaml with: tarball-suffix: -${{ inputs.tag }} registry: ghcr.io repo: ${{ github.repository_owner }}/kata-deploy-ci tag: ${{ inputs.tag }}-amd64 commit-hash: ${{ inputs.commit-hash }} target-branch: ${{ inputs.target-branch }} runner: ubuntu-22.04 arch: amd64 secrets: inherit build-kata-static-tarball-arm64: uses: ./.github/workflows/build-kata-static-tarball-arm64.yaml with: tarball-suffix: -${{ inputs.tag }} commit-hash: ${{ inputs.commit-hash }} target-branch: ${{ inputs.target-branch }} publish-kata-deploy-payload-arm64: needs: build-kata-static-tarball-arm64 uses: ./.github/workflows/publish-kata-deploy-payload.yaml with: tarball-suffix: -${{ inputs.tag }} registry: ghcr.io repo: ${{ github.repository_owner }}/kata-deploy-ci tag: ${{ inputs.tag }}-arm64 commit-hash: ${{ inputs.commit-hash }} target-branch: ${{ inputs.target-branch }} runner: ubuntu-22.04-arm arch: arm64 secrets: inherit build-kata-static-tarball-s390x: uses: ./.github/workflows/build-kata-static-tarball-s390x.yaml with: tarball-suffix: -${{ inputs.tag }} commit-hash: ${{ inputs.commit-hash }} target-branch: ${{ inputs.target-branch }} secrets: inherit build-kata-static-tarball-ppc64le: uses: ./.github/workflows/build-kata-static-tarball-ppc64le.yaml with: tarball-suffix: -${{ inputs.tag }} commit-hash: ${{ inputs.commit-hash }} target-branch: ${{ inputs.target-branch }} build-kata-static-tarball-riscv64: uses: ./.github/workflows/build-kata-static-tarball-riscv64.yaml with: tarball-suffix: -${{ inputs.tag }} commit-hash: ${{ inputs.commit-hash }} target-branch: ${{ inputs.target-branch }} secrets: inherit publish-kata-deploy-payload-s390x: needs: build-kata-static-tarball-s390x uses: ./.github/workflows/publish-kata-deploy-payload.yaml with: tarball-suffix: -${{ inputs.tag }} registry: ghcr.io repo: ${{ github.repository_owner }}/kata-deploy-ci tag: ${{ inputs.tag }}-s390x commit-hash: ${{ inputs.commit-hash }} target-branch: ${{ inputs.target-branch }} runner: s390x arch: s390x secrets: inherit publish-kata-deploy-payload-ppc64le: needs: build-kata-static-tarball-ppc64le uses: ./.github/workflows/publish-kata-deploy-payload.yaml with: tarball-suffix: -${{ inputs.tag }} registry: ghcr.io repo: ${{ github.repository_owner }}/kata-deploy-ci tag: ${{ inputs.tag }}-ppc64le commit-hash: ${{ inputs.commit-hash }} target-branch: ${{ inputs.target-branch }} runner: ppc64le arch: ppc64le secrets: inherit build-and-publish-tee-confidential-unencrypted-image: runs-on: ubuntu-22.04 steps: - name: Checkout code uses: actions/checkout@v4 with: ref: ${{ inputs.commit-hash }} fetch-depth: 0 - name: Rebase atop of the latest target branch run: | ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" env: TARGET_BRANCH: ${{ inputs.target-branch }} - name: Set up QEMU uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Login to Kata Containers ghcr.io uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Docker build and push uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 with: tags: ghcr.io/kata-containers/test-images:unencrypted-${{ inputs.pr-number }} push: true context: tests/integration/kubernetes/runtimeclass_workloads/confidential/unencrypted/ platforms: linux/amd64, linux/s390x file: tests/integration/kubernetes/runtimeclass_workloads/confidential/unencrypted/Dockerfile publish-csi-driver-amd64: needs: build-kata-static-tarball-amd64 runs-on: ubuntu-22.04 steps: - name: Checkout code uses: actions/checkout@v4 with: ref: ${{ inputs.commit-hash }} fetch-depth: 0 - name: Rebase atop of the latest target branch run: | ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" env: TARGET_BRANCH: ${{ inputs.target-branch }} - name: get-kata-tarball uses: actions/download-artifact@v4 with: name: kata-static-tarball-amd64-${{ inputs.tag }} path: kata-artifacts - name: Install tools run: bash tests/integration/kubernetes/gha-run.sh install-kata-tools kata-artifacts - name: Copy binary into Docker context run: | # Copy to the location where the Dockerfile expects the binary. mkdir -p src/tools/csi-kata-directvolume/bin/ cp /opt/kata/bin/csi-kata-directvolume src/tools/csi-kata-directvolume/bin/directvolplugin - name: Set up Docker Buildx uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Login to Kata Containers ghcr.io uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Docker build and push uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 with: tags: ghcr.io/kata-containers/csi-kata-directvolume:${{ inputs.pr-number }} push: true context: src/tools/csi-kata-directvolume/ platforms: linux/amd64 file: src/tools/csi-kata-directvolume/Dockerfile run-kata-monitor-tests: if: ${{ inputs.skip-test != 'yes' }} needs: build-kata-static-tarball-amd64 uses: ./.github/workflows/run-kata-monitor-tests.yaml with: tarball-suffix: -${{ inputs.tag }} commit-hash: ${{ inputs.commit-hash }} target-branch: ${{ inputs.target-branch }} run-k8s-tests-on-aks: if: ${{ inputs.skip-test != 'yes' }} needs: publish-kata-deploy-payload-amd64 uses: ./.github/workflows/run-k8s-tests-on-aks.yaml with: tarball-suffix: -${{ inputs.tag }} registry: ghcr.io repo: ${{ github.repository_owner }}/kata-deploy-ci tag: ${{ inputs.tag }}-amd64 commit-hash: ${{ inputs.commit-hash }} pr-number: ${{ inputs.pr-number }} target-branch: ${{ inputs.target-branch }} secrets: inherit run-k8s-tests-on-amd64: if: ${{ inputs.skip-test != 'yes' }} needs: publish-kata-deploy-payload-amd64 uses: ./.github/workflows/run-k8s-tests-on-amd64.yaml with: registry: ghcr.io repo: ${{ github.repository_owner }}/kata-deploy-ci tag: ${{ inputs.tag }}-amd64 commit-hash: ${{ inputs.commit-hash }} pr-number: ${{ inputs.pr-number }} target-branch: ${{ inputs.target-branch }} secrets: inherit run-k8s-tests-on-arm64: if: ${{ inputs.skip-test != 'yes' }} needs: publish-kata-deploy-payload-arm64 uses: ./.github/workflows/run-k8s-tests-on-arm64.yaml with: registry: ghcr.io repo: ${{ github.repository_owner }}/kata-deploy-ci tag: ${{ inputs.tag }}-arm64 commit-hash: ${{ inputs.commit-hash }} pr-number: ${{ inputs.pr-number }} target-branch: ${{ inputs.target-branch }} run-kata-coco-tests: if: ${{ inputs.skip-test != 'yes' }} needs: - publish-kata-deploy-payload-amd64 - build-and-publish-tee-confidential-unencrypted-image - publish-csi-driver-amd64 uses: ./.github/workflows/run-kata-coco-tests.yaml with: tarball-suffix: -${{ inputs.tag }} registry: ghcr.io repo: ${{ github.repository_owner }}/kata-deploy-ci tag: ${{ inputs.tag }}-amd64 commit-hash: ${{ inputs.commit-hash }} pr-number: ${{ inputs.pr-number }} target-branch: ${{ inputs.target-branch }} secrets: inherit run-k8s-tests-on-zvsi: if: ${{ inputs.skip-test != 'yes' }} needs: [publish-kata-deploy-payload-s390x, build-and-publish-tee-confidential-unencrypted-image] uses: ./.github/workflows/run-k8s-tests-on-zvsi.yaml with: registry: ghcr.io repo: ${{ github.repository_owner }}/kata-deploy-ci tag: ${{ inputs.tag }}-s390x commit-hash: ${{ inputs.commit-hash }} pr-number: ${{ inputs.pr-number }} target-branch: ${{ inputs.target-branch }} secrets: inherit run-k8s-tests-on-ppc64le: if: ${{ inputs.skip-test != 'yes' }} needs: publish-kata-deploy-payload-ppc64le uses: ./.github/workflows/run-k8s-tests-on-ppc64le.yaml with: registry: ghcr.io repo: ${{ github.repository_owner }}/kata-deploy-ci tag: ${{ inputs.tag }}-ppc64le commit-hash: ${{ inputs.commit-hash }} pr-number: ${{ inputs.pr-number }} target-branch: ${{ inputs.target-branch }} run-kata-deploy-tests: if: ${{ inputs.skip-test != 'yes' }} needs: [publish-kata-deploy-payload-amd64] uses: ./.github/workflows/run-kata-deploy-tests.yaml with: registry: ghcr.io repo: ${{ github.repository_owner }}/kata-deploy-ci tag: ${{ inputs.tag }}-amd64 commit-hash: ${{ inputs.commit-hash }} pr-number: ${{ inputs.pr-number }} target-branch: ${{ inputs.target-branch }} run-metrics-tests: # Skip metrics tests whilst runner is broken if: false # if: ${{ inputs.skip-test != 'yes' }} needs: build-kata-static-tarball-amd64 uses: ./.github/workflows/run-metrics.yaml with: registry: ghcr.io repo: ${{ github.repository_owner }}/kata-deploy-ci tag: ${{ inputs.tag }}-amd64 commit-hash: ${{ inputs.commit-hash }} pr-number: ${{ inputs.pr-number }} target-branch: ${{ inputs.target-branch }} run-basic-amd64-tests: if: ${{ inputs.skip-test != 'yes' }} needs: build-kata-static-tarball-amd64 uses: ./.github/workflows/basic-ci-amd64.yaml with: tarball-suffix: -${{ inputs.tag }} commit-hash: ${{ inputs.commit-hash }} target-branch: ${{ inputs.target-branch }} run-cri-containerd-tests-s390x: if: ${{ inputs.skip-test != 'yes' }} needs: build-kata-static-tarball-s390x uses: ./.github/workflows/run-cri-containerd-tests-s390x.yaml with: tarball-suffix: -${{ inputs.tag }} commit-hash: ${{ inputs.commit-hash }} target-branch: ${{ inputs.target-branch }} run-cri-containerd-tests-ppc64le: if: ${{ inputs.skip-test != 'yes' }} needs: build-kata-static-tarball-ppc64le uses: ./.github/workflows/run-cri-containerd-tests-ppc64le.yaml with: tarball-suffix: -${{ inputs.tag }} commit-hash: ${{ inputs.commit-hash }} target-branch: ${{ inputs.target-branch }}