kata-containers/.github/workflows/release-arm64.yaml

name: Publish Kata release artifacts for arm64
on:
  workflow_call:
    inputs:
      target-arch:
        required: true
        type: string
    secrets:
      QUAY_DEPLOYER_PASSWORD:
        required: true

permissions:
  contents: read

jobs:
  build-kata-static-tarball-arm64:
    uses: ./.github/workflows/build-kata-static-tarball-arm64.yaml
    with:
      push-to-registry: yes
      stage: release
    secrets:
      QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
    permissions:
      contents: read
      packages: write
      id-token: write
      attestations: write

  kata-deploy:
    needs: build-kata-static-tarball-arm64
    permissions:
      contents: read
      packages: write
    runs-on: ubuntu-22.04-arm
    steps:
      - name: Login to Kata Containers ghcr.io
        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Login to Kata Containers quay.io
        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          registry: quay.io
          username: ${{ vars.QUAY_DEPLOYER_USERNAME }}
          password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}

      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: get-kata-tarball
        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
        with:
          name: kata-static-tarball-arm64

      - name: build-and-push-kata-deploy-ci-arm64
        id: build-and-push-kata-deploy-ci-arm64
        run: |
          # We need to do such trick here as the format of the $GITHUB_REF
          # is "refs/tags/<tag>"
          tag=$(echo "$GITHUB_REF" | cut -d/ -f3-)
          if [ "${tag}" = "main" ]; then
              tag=$(./tools/packaging/release/release.sh release-version)
              tags=("${tag}" "latest")
          else
              tags=("${tag}")
          fi
          for tag in "${tags[@]}"; do
              ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \
                  "$(pwd)"/kata-static.tar.xz "ghcr.io/kata-containers/kata-deploy" \
                  "${tag}-${{ inputs.target-arch }}"
              ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \
                  "$(pwd)"/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \
                  "${tag}-${{ inputs.target-arch }}"
          done