mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-05-05 12:02:33 +00:00
c087eb92ec
Node.js 20 is deprecated on GitHub Actions runners and will be forced to Node.js 24 starting June 2nd, 2026. Update all affected actions to versions that natively support Node.js 24: - actions/upload-artifact: v4.6.2 -> v6.0.0 - actions/download-artifact: v4.3.0 -> v7.0.0 - docker/build-push-action: v5.4.0 -> v7.0.0 - docker/login-action: v3.4.0 -> v4.1.0 - docker/setup-buildx-action: v3.10.0 -> v4.0.0 - docker/setup-qemu-action: v3.6.0 -> v4.0.0 - geekyeggo/delete-artifact: v5.1.0 -> v6.0.0 - azure/login: v2.3.0 -> v3.0.0 - azure/setup-kubectl: v4.0.1 -> v5.0.0 - nick-fields/retry: v3.0.2 -> v4.0.0 Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com> Made-with: Cursor
129 lines
4.0 KiB
YAML
129 lines
4.0 KiB
YAML
name: Run the CoCo Kata Containers Stability CI
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
commit-hash:
|
|
required: true
|
|
type: string
|
|
pr-number:
|
|
required: true
|
|
type: string
|
|
tag:
|
|
required: true
|
|
type: string
|
|
target-branch:
|
|
required: false
|
|
type: string
|
|
default: ""
|
|
secrets:
|
|
AUTHENTICATED_IMAGE_PASSWORD:
|
|
required: true
|
|
|
|
AZ_APPID:
|
|
required: true
|
|
AZ_TENANT_ID:
|
|
required: true
|
|
AZ_SUBSCRIPTION_ID:
|
|
required: true
|
|
QUAY_DEPLOYER_PASSWORD:
|
|
required: true
|
|
KBUILD_SIGN_PIN:
|
|
required: true
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
build-kata-static-tarball-amd64:
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
id-token: write
|
|
attestations: write
|
|
uses: ./.github/workflows/build-kata-static-tarball-amd64.yaml
|
|
with:
|
|
tarball-suffix: -${{ inputs.tag }}
|
|
commit-hash: ${{ inputs.commit-hash }}
|
|
target-branch: ${{ inputs.target-branch }}
|
|
secrets:
|
|
KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}
|
|
|
|
publish-kata-deploy-payload-amd64:
|
|
needs: build-kata-static-tarball-amd64
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
uses: ./.github/workflows/publish-kata-deploy-payload.yaml
|
|
with:
|
|
tarball-suffix: -${{ inputs.tag }}
|
|
registry: ghcr.io
|
|
repo: ${{ github.repository_owner }}/kata-deploy-ci
|
|
tag: ${{ inputs.tag }}-amd64
|
|
commit-hash: ${{ inputs.commit-hash }}
|
|
target-branch: ${{ inputs.target-branch }}
|
|
runner: ubuntu-22.04
|
|
arch: amd64
|
|
secrets:
|
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
|
|
|
build-and-publish-tee-confidential-unencrypted-image:
|
|
name: build-and-publish-tee-confidential-unencrypted-image
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
ref: ${{ inputs.commit-hash }}
|
|
fetch-depth: 0
|
|
persist-credentials: false
|
|
|
|
- name: Rebase atop of the latest target branch
|
|
run: |
|
|
./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
|
|
env:
|
|
TARGET_BRANCH: ${{ inputs.target-branch }}
|
|
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
|
|
|
|
- name: Login to Kata Containers ghcr.io
|
|
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Docker build and push
|
|
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.0.0
|
|
with:
|
|
tags: ghcr.io/kata-containers/test-images:unencrypted-${{ inputs.pr-number }}
|
|
push: true
|
|
context: tests/integration/kubernetes/runtimeclass_workloads/confidential/unencrypted/
|
|
platforms: linux/amd64
|
|
file: tests/integration/kubernetes/runtimeclass_workloads/confidential/unencrypted/Dockerfile
|
|
|
|
run-kata-coco-stability-tests:
|
|
needs: [publish-kata-deploy-payload-amd64, build-and-publish-tee-confidential-unencrypted-image]
|
|
uses: ./.github/workflows/run-kata-coco-stability-tests.yaml
|
|
with:
|
|
registry: ghcr.io
|
|
repo: ${{ github.repository_owner }}/kata-deploy-ci
|
|
tag: ${{ inputs.tag }}-amd64
|
|
commit-hash: ${{ inputs.commit-hash }}
|
|
pr-number: ${{ inputs.pr-number }}
|
|
target-branch: ${{ inputs.target-branch }}
|
|
tarball-suffix: -${{ inputs.tag }}
|
|
secrets:
|
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
|
AZ_APPID: ${{ secrets.AZ_APPID }}
|
|
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
|
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|