Use env-based guards for pinned smoke secrets #16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| permissions: | |
| contents: read | |
| packages: read | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| jobs: | |
| validate: | |
| runs-on: ubuntu-latest | |
| env: | |
| MB3R_GHCR_USERNAME: ${{ secrets.MB3R_GHCR_USERNAME }} | |
| MB3R_GHCR_TOKEN: ${{ secrets.MB3R_GHCR_TOKEN }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.13" | |
| - uses: azure/setup-helm@v4 | |
| with: | |
| version: v3.15.4 | |
| - name: Install dependencies | |
| run: python -m pip install -r requirements.txt | |
| - name: Validate repository | |
| run: make validate | |
| - name: Adapter end-to-end contracts | |
| run: make e2e-adapters | |
| - name: Generic live smoke with pinned GHCR images | |
| if: ${{ env.MB3R_GHCR_USERNAME != '' && env.MB3R_GHCR_TOKEN != '' }} | |
| run: make k8s-smoke-generic-pinned | |
| - name: Note pinned GHCR smoke precondition | |
| if: ${{ env.MB3R_GHCR_USERNAME == '' || env.MB3R_GHCR_TOKEN == '' }} | |
| run: | | |
| echo "::warning::Pinned GHCR smoke skipped because MB3R_GHCR_USERNAME and MB3R_GHCR_TOKEN are not configured." | |
| echo "::warning::Repo-scoped GITHUB_TOKEN does not currently prove cross-repo pull access to upstream Bering/Sheaft GHCR packages." | |
| - name: Package chart | |
| run: make chart-package | |
| - name: Package assets | |
| run: make package-assets | |
| - name: Release dry run | |
| run: make release-dry-run |