mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-07-01 22:50:54 +00:00
Update the Dockerfile to copy each kata-static-<name>.tar.zst directly into the image alongside shim-components.json, replacing the old artifact-extractor stage that unpacked a single merged tarball. Update the publish-kata-deploy-payload and release CI workflows to download individual per-component artifacts instead of waiting for a merged tarball, and simplify kata-deploy-build-and-upload-payload.sh accordingly. The kata-deploy image build is no longer blocked on the merge step. Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
89 lines
2.9 KiB
YAML
89 lines
2.9 KiB
YAML
name: Publish Kata release artifacts for amd64
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
target-arch:
|
|
required: true
|
|
type: string
|
|
secrets:
|
|
QUAY_DEPLOYER_PASSWORD:
|
|
required: true
|
|
KBUILD_SIGN_PIN:
|
|
required: true
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}-release-amd64
|
|
cancel-in-progress: false # Note - don't cancel the in progress build as we could end up with inconsistent results
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
build-kata-static-tarball-amd64:
|
|
uses: ./.github/workflows/build-kata-static-tarball-amd64.yaml
|
|
with:
|
|
push-to-registry: yes
|
|
stage: release
|
|
secrets:
|
|
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
|
KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
id-token: write
|
|
attestations: write
|
|
|
|
kata-deploy:
|
|
name: kata-deploy
|
|
needs: build-kata-static-tarball-amd64
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- name: Login to Kata Containers ghcr.io
|
|
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Login to Kata Containers quay.io
|
|
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
|
|
with:
|
|
registry: quay.io
|
|
username: ${{ vars.QUAY_DEPLOYER_USERNAME }}
|
|
password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
|
|
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
persist-credentials: false
|
|
- name: get-kata-artifacts
|
|
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
|
|
with:
|
|
pattern: kata-artifacts-amd64-*
|
|
path: tools/packaging/kata-deploy/local-build/build
|
|
merge-multiple: true
|
|
|
|
- name: build-and-push-kata-deploy-ci-amd64
|
|
id: build-and-push-kata-deploy-ci-amd64
|
|
env:
|
|
TARGET_ARCH: ${{ inputs.target-arch }}
|
|
run: |
|
|
# We need to do such trick here as the format of the $GITHUB_REF
|
|
# is "refs/tags/<tag>"
|
|
tag=$(echo "$GITHUB_REF" | cut -d/ -f3-)
|
|
if [ "${tag}" = "main" ]; then
|
|
tag=$(./tools/packaging/release/release.sh release-version)
|
|
tags=("${tag}" "latest")
|
|
else
|
|
tags=("${tag}")
|
|
fi
|
|
for tag in "${tags[@]}"; do
|
|
./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \
|
|
"ghcr.io/kata-containers/kata-deploy" \
|
|
"${tag}-${TARGET_ARCH}"
|
|
./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \
|
|
"quay.io/kata-containers/kata-deploy" \
|
|
"${tag}-${TARGET_ARCH}"
|
|
done
|