Files
kata-containers/.github/workflows/release-s390x.yaml
Fabiano Fidêncio 1f5ed27b99 release: tag per-arch images with the release version
The per-arch kata-deploy/kata-monitor build jobs derived their image tag
from $GITHUB_REF, which only resolves to the release version when the
release workflow is dispatched from main. The multi-arch manifest step,
however, always publishes using the release version, so dispatching the
release workflow from any other branch tagged the per-arch images with
the branch name and the manifest step failed with "<image>: not found".

Always tag the per-arch images with the release version so the build and
manifest steps stay in sync regardless of the dispatch branch. This also
subsumes the earlier "drop latest" tweak in these per-arch workflows.
2026-06-13 14:15:30 +02:00

86 lines
3.0 KiB
YAML

name: Publish Kata release artifacts for s390x
on:
workflow_call:
inputs:
target-arch:
required: true
type: string
secrets:
QUAY_DEPLOYER_PASSWORD:
required: true
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-release-s390x
cancel-in-progress: false # Note - don't cancel the in progress build as we could end up with inconsistent results
permissions: {}
jobs:
build-kata-static-tarball-s390x:
uses: ./.github/workflows/build-kata-static-tarball-s390x.yaml
with:
push-to-registry: yes
stage: release
secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
permissions:
contents: read
packages: write
id-token: write
attestations: write
kata-deploy:
name: kata-deploy
needs: build-kata-static-tarball-s390x
permissions:
contents: read
packages: write
runs-on: ubuntu-24.04-s390x
steps:
- name: Login to Kata Containers ghcr.io
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Kata Containers quay.io
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
with:
registry: quay.io
username: ${{ vars.QUAY_DEPLOYER_USERNAME }}
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: get-kata-artifacts
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
with:
pattern: kata-artifacts-s390x-*
path: tools/packaging/kata-deploy/local-build/build
merge-multiple: true
- name: build-and-push-kata-deploy-ci-s390x
id: build-and-push-kata-deploy-ci-s390x
env:
TARGET_ARCH: ${{ inputs.target-arch }}
run: |
# The multi-arch manifest is always published using the release
# version (see the publish-multiarch-manifest step), so the per-arch
# images must be tagged with the release version too -- regardless of
# the branch the release workflow was dispatched from. Otherwise a run
# from a testing branch would tag the images with the branch name and
# the manifest step would not be able to find them.
tag=$(./tools/packaging/release/release.sh release-version)
tags=("${tag}")
for tag in "${tags[@]}"; do
./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \
"ghcr.io/kata-containers/kata-deploy" \
"${tag}-${TARGET_ARCH}"
./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \
"quay.io/kata-containers/kata-deploy" \
"${tag}-${TARGET_ARCH}"
done