Test and Promote KMIs #1565
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test and Promote KMIs | |
| on: | |
| pull_request: | |
| workflow_dispatch: | |
| inputs: | |
| flavor: | |
| description: "Image Flavor to test (ex. ubuntu-22.04)" | |
| required: true | |
| env: | |
| FLAVOR: ${{ github.event.inputs.flavor || 'ubuntu-22.04' }} | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Install bats | |
| run: npm install -g bats | |
| - name: Create kind cluster | |
| uses: helm/[email protected] | |
| with: | |
| config: .github/workflows/kind/config.yml | |
| - name: Deploy and test ${{ env.FLAVOR }} | |
| run: | | |
| bats tests/run.bats --show-output-of-passing-tests --timing --verbose-run | |
| - name: Archive test logs | |
| uses: actions/upload-artifact@v3 | |
| if: always() | |
| with: | |
| name: ${{ env.FLAVOR }}-logs | |
| path: | | |
| ${{ github.workspace }}/logs/* | |
| promote: | |
| runs-on: ubuntu-latest | |
| if: github.event_name != 'pull_request' | |
| needs: test | |
| permissions: | |
| id-token: write | |
| env: | |
| COSIGN_EXPERIMENTAL: 1 | |
| steps: | |
| - name: Setup cosign | |
| uses: sigstore/cosign-installer@main | |
| - name: Login Docker Hub | |
| uses: redhat-actions/podman-login@v1 | |
| with: | |
| logout: false | |
| registry: docker.io | |
| username: ${{ secrets.DOCKERHUB_USER }} | |
| password: ${{ secrets.DOCKERHUB_PASSWD }} | |
| - name: Login Docker Hub | |
| uses: docker/[email protected] | |
| with: | |
| logout: false | |
| registry: docker.io | |
| username: ${{ secrets.DOCKERHUB_USER }} | |
| password: ${{ secrets.DOCKERHUB_PASSWD }} | |
| # - name: Login Quay.io | |
| # uses: docker/[email protected] | |
| # with: | |
| # logout: false | |
| # registry: quay.io | |
| # username: ${{ secrets.QUAY_USER }} | |
| # password: ${{ secrets.QUAY_PASSWD }} | |
| - name: Copy the manifest to product tag | |
| run: | | |
| skopeo copy --all \ | |
| docker://docker.io/containercraft/${FLAVOR//-/:}-dev \ | |
| docker://docker.io/containercraft/${FLAVOR//-/:} | |
| - name: Sign the image | |
| run: cosign sign --recursive docker.io/containercraft/${FLAVOR//-/:} | |
| - name: Verify the image | |
| run: cosign verify docker.io/containercraft/${FLAVOR//-/:} |