name: CI | Publish Kata Containers payload on: push: branches: - main workflow_dispatch: permissions: contents: read concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} jobs: build-assets-amd64: permissions: contents: read packages: write id-token: write attestations: write uses: ./.github/workflows/build-kata-static-tarball-amd64.yaml with: commit-hash: ${{ github.sha }} push-to-registry: yes target-branch: ${{ github.ref_name }} secrets: QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }} build-assets-arm64: permissions: contents: read packages: write id-token: write attestations: write uses: ./.github/workflows/build-kata-static-tarball-arm64.yaml with: commit-hash: ${{ github.sha }} push-to-registry: yes target-branch: ${{ github.ref_name }} secrets: QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} build-assets-s390x: permissions: contents: read packages: write id-token: write attestations: write uses: ./.github/workflows/build-kata-static-tarball-s390x.yaml with: commit-hash: ${{ github.sha }} push-to-registry: yes target-branch: ${{ github.ref_name }} secrets: CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }} QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} build-assets-ppc64le: permissions: contents: read packages: write uses: ./.github/workflows/build-kata-static-tarball-ppc64le.yaml with: commit-hash: ${{ github.sha }} push-to-registry: yes target-branch: ${{ github.ref_name }} secrets: QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} publish-kata-deploy-payload-amd64: needs: build-assets-amd64 permissions: contents: read packages: write uses: ./.github/workflows/publish-kata-deploy-payload.yaml with: commit-hash: ${{ github.sha }} registry: quay.io repo: kata-containers/kata-deploy-ci tag: kata-containers-latest-amd64 target-branch: ${{ github.ref_name }} runner: ubuntu-22.04 arch: amd64 secrets: QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} publish-kata-deploy-payload-arm64: needs: build-assets-arm64 permissions: contents: read packages: write uses: ./.github/workflows/publish-kata-deploy-payload.yaml with: commit-hash: ${{ github.sha }} registry: quay.io repo: kata-containers/kata-deploy-ci tag: kata-containers-latest-arm64 target-branch: ${{ github.ref_name }} runner: ubuntu-22.04-arm arch: arm64 secrets: QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} publish-kata-deploy-payload-s390x: needs: build-assets-s390x permissions: contents: read packages: write uses: ./.github/workflows/publish-kata-deploy-payload.yaml with: commit-hash: ${{ github.sha }} registry: quay.io repo: kata-containers/kata-deploy-ci tag: kata-containers-latest-s390x target-branch: ${{ github.ref_name }} runner: s390x arch: s390x secrets: QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} publish-kata-deploy-payload-ppc64le: needs: build-assets-ppc64le permissions: contents: read packages: write uses: ./.github/workflows/publish-kata-deploy-payload.yaml with: commit-hash: ${{ github.sha }} registry: quay.io repo: kata-containers/kata-deploy-ci tag: kata-containers-latest-ppc64le target-branch: ${{ github.ref_name }} runner: ppc64le arch: ppc64le secrets: QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} publish-manifest: runs-on: ubuntu-22.04 permissions: contents: read packages: write needs: [publish-kata-deploy-payload-amd64, publish-kata-deploy-payload-arm64, publish-kata-deploy-payload-s390x, publish-kata-deploy-payload-ppc64le] steps: - name: Checkout repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Login to Kata Containers quay.io uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ vars.QUAY_DEPLOYER_USERNAME }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - name: Push multi-arch manifest run: | ./tools/packaging/release/release.sh publish-multiarch-manifest env: KATA_DEPLOY_IMAGE_TAGS: "kata-containers-latest" KATA_DEPLOY_REGISTRIES: "quay.io/kata-containers/kata-deploy-ci"