mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-04-10 05:54:03 +00:00
ba85a5ea10
Comment out all non-arm64 builds and tests to save CI resources while iterating on arm64 qemu-coco-dev-runtime-rs support. Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com> Made-with: Cursor
461 lines
16 KiB
YAML
461 lines
16 KiB
YAML
name: Run the Kata Containers CI
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
commit-hash:
|
|
required: true
|
|
type: string
|
|
pr-number:
|
|
required: true
|
|
type: string
|
|
tag:
|
|
required: true
|
|
type: string
|
|
target-branch:
|
|
required: false
|
|
type: string
|
|
default: ""
|
|
skip-test:
|
|
required: false
|
|
type: string
|
|
default: no
|
|
extensive-matrix-autogenerated-policy:
|
|
required: false
|
|
type: string
|
|
default: no
|
|
secrets:
|
|
AUTHENTICATED_IMAGE_PASSWORD:
|
|
required: true
|
|
|
|
AZ_APPID:
|
|
required: true
|
|
AZ_TENANT_ID:
|
|
required: true
|
|
AZ_SUBSCRIPTION_ID:
|
|
required: true
|
|
CI_HKD_PATH:
|
|
required: true
|
|
ITA_KEY:
|
|
required: true
|
|
QUAY_DEPLOYER_PASSWORD:
|
|
required: true
|
|
NGC_API_KEY:
|
|
required: true
|
|
KBUILD_SIGN_PIN:
|
|
required: true
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
# build-kata-static-tarball-amd64:
|
|
# permissions:
|
|
# contents: read
|
|
# packages: write
|
|
# id-token: write
|
|
# attestations: write
|
|
# uses: ./.github/workflows/build-kata-static-tarball-amd64.yaml
|
|
# with:
|
|
# tarball-suffix: -${{ inputs.tag }}
|
|
# commit-hash: ${{ inputs.commit-hash }}
|
|
# target-branch: ${{ inputs.target-branch }}
|
|
# secrets:
|
|
# KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}
|
|
#
|
|
# publish-kata-deploy-payload-amd64:
|
|
# needs: build-kata-static-tarball-amd64
|
|
# permissions:
|
|
# contents: read
|
|
# packages: write
|
|
# uses: ./.github/workflows/publish-kata-deploy-payload.yaml
|
|
# with:
|
|
# tarball-suffix: -${{ inputs.tag }}
|
|
# registry: ghcr.io
|
|
# repo: ${{ github.repository_owner }}/kata-deploy-ci
|
|
# tag: ${{ inputs.tag }}-amd64
|
|
# commit-hash: ${{ inputs.commit-hash }}
|
|
# target-branch: ${{ inputs.target-branch }}
|
|
# runner: ubuntu-22.04
|
|
# arch: amd64
|
|
# secrets:
|
|
# QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
|
|
|
build-kata-static-tarball-arm64:
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
id-token: write
|
|
attestations: write
|
|
uses: ./.github/workflows/build-kata-static-tarball-arm64.yaml
|
|
with:
|
|
tarball-suffix: -${{ inputs.tag }}
|
|
commit-hash: ${{ inputs.commit-hash }}
|
|
target-branch: ${{ inputs.target-branch }}
|
|
secrets:
|
|
KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}
|
|
|
|
publish-kata-deploy-payload-arm64:
|
|
needs: build-kata-static-tarball-arm64
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
uses: ./.github/workflows/publish-kata-deploy-payload.yaml
|
|
with:
|
|
tarball-suffix: -${{ inputs.tag }}
|
|
registry: ghcr.io
|
|
repo: ${{ github.repository_owner }}/kata-deploy-ci
|
|
tag: ${{ inputs.tag }}-arm64
|
|
commit-hash: ${{ inputs.commit-hash }}
|
|
target-branch: ${{ inputs.target-branch }}
|
|
runner: ubuntu-24.04-arm
|
|
arch: arm64
|
|
secrets:
|
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
|
|
|
# build-kata-static-tarball-s390x:
|
|
# permissions:
|
|
# contents: read
|
|
# packages: write
|
|
# id-token: write
|
|
# attestations: write
|
|
# uses: ./.github/workflows/build-kata-static-tarball-s390x.yaml
|
|
# with:
|
|
# tarball-suffix: -${{ inputs.tag }}
|
|
# commit-hash: ${{ inputs.commit-hash }}
|
|
# target-branch: ${{ inputs.target-branch }}
|
|
# secrets:
|
|
# CI_HKD_PATH: ${{ secrets.ci_hkd_path }}
|
|
# QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
|
#
|
|
# build-kata-static-tarball-ppc64le:
|
|
# permissions:
|
|
# contents: read
|
|
# packages: write
|
|
# uses: ./.github/workflows/build-kata-static-tarball-ppc64le.yaml
|
|
# with:
|
|
# tarball-suffix: -${{ inputs.tag }}
|
|
# commit-hash: ${{ inputs.commit-hash }}
|
|
# target-branch: ${{ inputs.target-branch }}
|
|
# secrets:
|
|
# QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
|
#
|
|
# publish-kata-deploy-payload-s390x:
|
|
# needs: build-kata-static-tarball-s390x
|
|
# permissions:
|
|
# contents: read
|
|
# packages: write
|
|
# uses: ./.github/workflows/publish-kata-deploy-payload.yaml
|
|
# with:
|
|
# tarball-suffix: -${{ inputs.tag }}
|
|
# registry: ghcr.io
|
|
# repo: ${{ github.repository_owner }}/kata-deploy-ci
|
|
# tag: ${{ inputs.tag }}-s390x
|
|
# commit-hash: ${{ inputs.commit-hash }}
|
|
# target-branch: ${{ inputs.target-branch }}
|
|
# runner: ubuntu-24.04-s390x
|
|
# arch: s390x
|
|
# secrets:
|
|
# QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
|
#
|
|
# publish-kata-deploy-payload-ppc64le:
|
|
# needs: build-kata-static-tarball-ppc64le
|
|
# permissions:
|
|
# contents: read
|
|
# packages: write
|
|
# uses: ./.github/workflows/publish-kata-deploy-payload.yaml
|
|
# with:
|
|
# tarball-suffix: -${{ inputs.tag }}
|
|
# registry: ghcr.io
|
|
# repo: ${{ github.repository_owner }}/kata-deploy-ci
|
|
# tag: ${{ inputs.tag }}-ppc64le
|
|
# commit-hash: ${{ inputs.commit-hash }}
|
|
# target-branch: ${{ inputs.target-branch }}
|
|
# runner: ubuntu-24.04-ppc64le
|
|
# arch: ppc64le
|
|
# secrets:
|
|
# QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
|
#
|
|
# build-and-publish-tee-confidential-unencrypted-image:
|
|
# name: build-and-publish-tee-confidential-unencrypted-image
|
|
# permissions:
|
|
# contents: read
|
|
# packages: write
|
|
# runs-on: ubuntu-22.04
|
|
# steps:
|
|
# - name: Checkout code
|
|
# uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
# with:
|
|
# ref: ${{ inputs.commit-hash }}
|
|
# fetch-depth: 0
|
|
# persist-credentials: false
|
|
#
|
|
# - name: Rebase atop of the latest target branch
|
|
# run: |
|
|
# ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
|
|
# env:
|
|
# TARGET_BRANCH: ${{ inputs.target-branch }}
|
|
#
|
|
# - name: Set up QEMU
|
|
# uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
|
|
#
|
|
# - name: Set up Docker Buildx
|
|
# uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
|
|
#
|
|
# - name: Login to Kata Containers ghcr.io
|
|
# uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
|
|
# with:
|
|
# registry: ghcr.io
|
|
# username: ${{ github.actor }}
|
|
# password: ${{ secrets.GITHUB_TOKEN }}
|
|
#
|
|
# - name: Docker build and push
|
|
# uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
|
|
# with:
|
|
# tags: ghcr.io/kata-containers/test-images:unencrypted-${{ inputs.pr-number }}
|
|
# push: true
|
|
# context: tests/integration/kubernetes/runtimeclass_workloads/confidential/unencrypted/
|
|
# platforms: linux/amd64, linux/s390x
|
|
# file: tests/integration/kubernetes/runtimeclass_workloads/confidential/unencrypted/Dockerfile
|
|
#
|
|
# run-kata-monitor-tests:
|
|
# if: ${{ inputs.skip-test != 'yes' }}
|
|
# needs: build-kata-static-tarball-amd64
|
|
# uses: ./.github/workflows/run-kata-monitor-tests.yaml
|
|
# with:
|
|
# tarball-suffix: -${{ inputs.tag }}
|
|
# commit-hash: ${{ inputs.commit-hash }}
|
|
# target-branch: ${{ inputs.target-branch }}
|
|
#
|
|
# run-k8s-tests-on-aks:
|
|
# if: ${{ inputs.skip-test != 'yes' }}
|
|
# needs: publish-kata-deploy-payload-amd64
|
|
# uses: ./.github/workflows/run-k8s-tests-on-aks.yaml
|
|
#
|
|
# permissions:
|
|
# contents: read
|
|
# id-token: write # Used for OIDC access to log into Azure
|
|
# with:
|
|
# tarball-suffix: -${{ inputs.tag }}
|
|
# registry: ghcr.io
|
|
# repo: ${{ github.repository_owner }}/kata-deploy-ci
|
|
# tag: ${{ inputs.tag }}-amd64
|
|
# commit-hash: ${{ inputs.commit-hash }}
|
|
# pr-number: ${{ inputs.pr-number }}
|
|
# target-branch: ${{ inputs.target-branch }}
|
|
# secrets:
|
|
# AZ_APPID: ${{ secrets.AZ_APPID }}
|
|
# AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
|
# AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
|
|
#
|
|
# run-k8s-tests-on-free-runner:
|
|
# if: ${{ inputs.skip-test != 'yes' }}
|
|
# needs: publish-kata-deploy-payload-amd64
|
|
# permissions:
|
|
# contents: read
|
|
# uses: ./.github/workflows/run-k8s-tests-on-free-runner.yaml
|
|
# with:
|
|
# tarball-suffix: -${{ inputs.tag }}
|
|
# registry: ghcr.io
|
|
# repo: ${{ github.repository_owner }}/kata-deploy-ci
|
|
# tag: ${{ inputs.tag }}-amd64
|
|
# commit-hash: ${{ inputs.commit-hash }}
|
|
# pr-number: ${{ inputs.pr-number }}
|
|
# target-branch: ${{ inputs.target-branch }}
|
|
|
|
run-k8s-tests-on-arm64:
|
|
if: ${{ inputs.skip-test != 'yes' }}
|
|
needs: publish-kata-deploy-payload-arm64
|
|
uses: ./.github/workflows/run-k8s-tests-on-arm64.yaml
|
|
with:
|
|
tarball-suffix: -${{ inputs.tag }}
|
|
registry: ghcr.io
|
|
repo: ${{ github.repository_owner }}/kata-deploy-ci
|
|
tag: ${{ inputs.tag }}-arm64
|
|
commit-hash: ${{ inputs.commit-hash }}
|
|
pr-number: ${{ inputs.pr-number }}
|
|
target-branch: ${{ inputs.target-branch }}
|
|
secrets:
|
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
|
|
|
# run-k8s-tests-on-nvidia-gpu:
|
|
# if: ${{ inputs.skip-test != 'yes' }}
|
|
# needs: publish-kata-deploy-payload-amd64
|
|
# uses: ./.github/workflows/run-k8s-tests-on-nvidia-gpu.yaml
|
|
# with:
|
|
# tarball-suffix: -${{ inputs.tag }}
|
|
# registry: ghcr.io
|
|
# repo: ${{ github.repository_owner }}/kata-deploy-ci
|
|
# tag: ${{ inputs.tag }}-amd64
|
|
# commit-hash: ${{ inputs.commit-hash }}
|
|
# pr-number: ${{ inputs.pr-number }}
|
|
# target-branch: ${{ inputs.target-branch }}
|
|
# secrets:
|
|
# NGC_API_KEY: ${{ secrets.NGC_API_KEY }}
|
|
#
|
|
#
|
|
# run-kata-coco-tests:
|
|
# if: ${{ inputs.skip-test != 'yes' }}
|
|
# needs:
|
|
# - publish-kata-deploy-payload-amd64
|
|
# - build-and-publish-tee-confidential-unencrypted-image
|
|
# uses: ./.github/workflows/run-kata-coco-tests.yaml
|
|
# permissions:
|
|
# contents: read
|
|
# id-token: write # Used for OIDC access to log into Azure
|
|
# with:
|
|
# tarball-suffix: -${{ inputs.tag }}
|
|
# registry: ghcr.io
|
|
# repo: ${{ github.repository_owner }}/kata-deploy-ci
|
|
# tag: ${{ inputs.tag }}-amd64
|
|
# commit-hash: ${{ inputs.commit-hash }}
|
|
# pr-number: ${{ inputs.pr-number }}
|
|
# target-branch: ${{ inputs.target-branch }}
|
|
# extensive-matrix-autogenerated-policy: ${{ inputs.extensive-matrix-autogenerated-policy }}
|
|
# secrets:
|
|
# AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
|
# AZ_APPID: ${{ secrets.AZ_APPID }}
|
|
# AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
|
# AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
|
|
# ITA_KEY: ${{ secrets.ITA_KEY }}
|
|
#
|
|
# run-k8s-tests-on-zvsi:
|
|
# if: ${{ inputs.skip-test != 'yes' }}
|
|
# needs: [publish-kata-deploy-payload-s390x, build-and-publish-tee-confidential-unencrypted-image]
|
|
# uses: ./.github/workflows/run-k8s-tests-on-zvsi.yaml
|
|
# with:
|
|
# registry: ghcr.io
|
|
# repo: ${{ github.repository_owner }}/kata-deploy-ci
|
|
# tag: ${{ inputs.tag }}-s390x
|
|
# commit-hash: ${{ inputs.commit-hash }}
|
|
# pr-number: ${{ inputs.pr-number }}
|
|
# target-branch: ${{ inputs.target-branch }}
|
|
# secrets:
|
|
# AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
|
#
|
|
# run-k8s-tests-on-ppc64le:
|
|
# if: ${{ inputs.skip-test != 'yes' }}
|
|
# needs: publish-kata-deploy-payload-ppc64le
|
|
# uses: ./.github/workflows/run-k8s-tests-on-ppc64le.yaml
|
|
# with:
|
|
# registry: ghcr.io
|
|
# repo: ${{ github.repository_owner }}/kata-deploy-ci
|
|
# tag: ${{ inputs.tag }}-ppc64le
|
|
# commit-hash: ${{ inputs.commit-hash }}
|
|
# pr-number: ${{ inputs.pr-number }}
|
|
# target-branch: ${{ inputs.target-branch }}
|
|
#
|
|
# run-kata-deploy-tests:
|
|
# if: ${{ inputs.skip-test != 'yes' }}
|
|
# needs: [publish-kata-deploy-payload-amd64]
|
|
# uses: ./.github/workflows/run-kata-deploy-tests.yaml
|
|
# with:
|
|
# registry: ghcr.io
|
|
# repo: ${{ github.repository_owner }}/kata-deploy-ci
|
|
# tag: ${{ inputs.tag }}-amd64
|
|
# commit-hash: ${{ inputs.commit-hash }}
|
|
# pr-number: ${{ inputs.pr-number }}
|
|
# target-branch: ${{ inputs.target-branch }}
|
|
#
|
|
# run-basic-amd64-tests:
|
|
# if: ${{ inputs.skip-test != 'yes' }}
|
|
# needs: build-kata-static-tarball-amd64
|
|
# uses: ./.github/workflows/basic-ci-amd64.yaml
|
|
# with:
|
|
# tarball-suffix: -${{ inputs.tag }}
|
|
# commit-hash: ${{ inputs.commit-hash }}
|
|
# target-branch: ${{ inputs.target-branch }}
|
|
#
|
|
# run-basic-s390x-tests:
|
|
# if: ${{ inputs.skip-test != 'yes' }}
|
|
# needs: build-kata-static-tarball-s390x
|
|
# uses: ./.github/workflows/basic-ci-s390x.yaml
|
|
# with:
|
|
# tarball-suffix: -${{ inputs.tag }}
|
|
# commit-hash: ${{ inputs.commit-hash }}
|
|
# target-branch: ${{ inputs.target-branch }}
|
|
#
|
|
# run-cri-containerd-amd64:
|
|
# if: ${{ inputs.skip-test != 'yes' }}
|
|
# needs: build-kata-static-tarball-amd64
|
|
# strategy:
|
|
# fail-fast: false
|
|
# matrix:
|
|
# params: [
|
|
# { containerd_version: lts, vmm: clh },
|
|
# { containerd_version: lts, vmm: dragonball },
|
|
# { containerd_version: lts, vmm: qemu },
|
|
# { containerd_version: lts, vmm: cloud-hypervisor },
|
|
# { containerd_version: lts, vmm: qemu-runtime-rs },
|
|
# { containerd_version: active, vmm: clh },
|
|
# { containerd_version: active, vmm: dragonball },
|
|
# { containerd_version: active, vmm: qemu },
|
|
# { containerd_version: active, vmm: cloud-hypervisor },
|
|
# { containerd_version: active, vmm: qemu-runtime-rs },
|
|
# ]
|
|
# uses: ./.github/workflows/run-cri-containerd-tests.yaml
|
|
# with:
|
|
# tarball-suffix: -${{ inputs.tag }}
|
|
# commit-hash: ${{ inputs.commit-hash }}
|
|
# target-branch: ${{ inputs.target-branch }}
|
|
# runner: ubuntu-22.04
|
|
# arch: amd64
|
|
# containerd_version: ${{ matrix.params.containerd_version }}
|
|
# vmm: ${{ matrix.params.vmm }}
|
|
#
|
|
# run-cri-containerd-s390x:
|
|
# if: ${{ inputs.skip-test != 'yes' }}
|
|
# needs: build-kata-static-tarball-s390x
|
|
# strategy:
|
|
# fail-fast: false
|
|
# matrix:
|
|
# params: [
|
|
# { containerd_version: active, vmm: qemu },
|
|
# { containerd_version: active, vmm: qemu-runtime-rs },
|
|
# ]
|
|
# uses: ./.github/workflows/run-cri-containerd-tests.yaml
|
|
# with:
|
|
# tarball-suffix: -${{ inputs.tag }}
|
|
# commit-hash: ${{ inputs.commit-hash }}
|
|
# target-branch: ${{ inputs.target-branch }}
|
|
# runner: s390x-large
|
|
# arch: s390x
|
|
# containerd_version: ${{ matrix.params.containerd_version }}
|
|
# vmm: ${{ matrix.params.vmm }}
|
|
#
|
|
# run-cri-containerd-tests-ppc64le:
|
|
# if: ${{ inputs.skip-test != 'yes' }}
|
|
# needs: build-kata-static-tarball-ppc64le
|
|
# strategy:
|
|
# fail-fast: false
|
|
# matrix:
|
|
# params: [
|
|
# { containerd_version: active, vmm: qemu },
|
|
# ]
|
|
# uses: ./.github/workflows/run-cri-containerd-tests.yaml
|
|
# with:
|
|
# tarball-suffix: -${{ inputs.tag }}
|
|
# commit-hash: ${{ inputs.commit-hash }}
|
|
# target-branch: ${{ inputs.target-branch }}
|
|
# runner: ppc64le-small
|
|
# arch: ppc64le
|
|
# containerd_version: ${{ matrix.params.containerd_version }}
|
|
# vmm: ${{ matrix.params.vmm }}
|
|
#
|
|
# run-cri-containerd-tests-arm64:
|
|
# if: false
|
|
# needs: build-kata-static-tarball-arm64
|
|
# strategy:
|
|
# fail-fast: false
|
|
# matrix:
|
|
# params: [
|
|
# { containerd_version: active, vmm: qemu },
|
|
# ]
|
|
# uses: ./.github/workflows/run-cri-containerd-tests.yaml
|
|
# with:
|
|
# tarball-suffix: -${{ inputs.tag }}
|
|
# commit-hash: ${{ inputs.commit-hash }}
|
|
# target-branch: ${{ inputs.target-branch }}
|
|
# runner: arm64-non-k8s
|
|
# arch: arm64
|
|
# containerd_version: ${{ matrix.params.containerd_version }}
|
|
# vmm: ${{ matrix.params.vmm }}
|