Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
86 changes: 63 additions & 23 deletions .github/workflows/lib-publish.yaml
Original file line number Diff line number Diff line change
@@ -1,11 +1,16 @@
name: publish
on:
workflow_dispatch:
workflow_call:
inputs:
image_tag:
default: "devel"
required: false
type: string
registry:
default: "docker.io/intel"
required: false
type: string
env:
no_base_check: "['intel-qat-plugin-kerneldrv', 'intel-idxd-config-initcontainer', 'crypto-perf', 'opae-nlb-demo']"

Expand All @@ -20,27 +25,27 @@ jobs:
fail-fast: false
matrix:
image:
- intel-fpga-admissionwebhook
- intel-fpga-initcontainer
- intel-gpu-initcontainer
#- intel-fpga-admissionwebhook
# - intel-fpga-initcontainer
# - intel-gpu-initcontainer
- intel-gpu-plugin
- intel-fpga-plugin
- intel-qat-initcontainer
- intel-qat-plugin
- intel-deviceplugin-operator
- intel-sgx-admissionwebhook
- intel-sgx-plugin
- intel-sgx-initcontainer
- intel-dsa-plugin
- intel-iaa-plugin
- intel-idxd-config-initcontainer
- intel-dlb-plugin
- intel-dlb-initcontainer
- intel-xpumanager-sidecar
# - intel-fpga-plugin
# - intel-qat-initcontainer
# - intel-qat-plugin
# - intel-deviceplugin-operator
# - intel-sgx-admissionwebhook
# - intel-sgx-plugin
# - intel-sgx-initcontainer
# - intel-dsa-plugin
# - intel-iaa-plugin
# - intel-idxd-config-initcontainer
# - intel-dlb-plugin
# - intel-dlb-initcontainer
# - intel-xpumanager-sidecar

# # Demo images
- crypto-perf
- opae-nlb-demo
#- crypto-perf
#- opae-nlb-demo
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
Expand All @@ -52,21 +57,56 @@ jobs:
env:
IMAGE_NAME: ${{ matrix.image }}
run: |
REG=intel/ make ${IMAGE_NAME} BUILDER=docker
ORG=${{ inputs.registry }} TAG=${{ inputs.image_tag }} make ${IMAGE_NAME} BUILDER=docker
- name: List images
run: docker images
- name: Trivy scan for image
uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0
with:
scan-type: image
image-ref: intel/${{ matrix.image }}:${{ inputs.image_tag }}
image-ref: ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }}
exit-code: 1
- name: Test image base layer
# Don't run base layer check for selected images
if: ${{ !contains(fromJson(env.no_base_check), matrix.image) }}
run: IMG=intel/${{ matrix.image }}:${{ inputs.image_tag }} make test-image-base-layer BUILDER=docker
run: IMG=${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }} make test-image-base-layer BUILDER=docker
- name: Login
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
with:
registry: ghcr.io
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_PASS }}
- name: Push
run: docker push intel/${{ matrix.image }}:${{ inputs.image_tag }}
- name: Extract Docker metadata
if: ${{ inputs.image_tag != 'devel' }}
id: meta
uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
with:
images: ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }}
- name: Push & Pull
run: |
docker push ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }}
docker pull ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }}
- name: Get image digest
if: ${{ inputs.image_tag != 'devel' }}
id: digest
run: |
echo "image_sha=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }})" >> $GITHUB_OUTPUT
- name: Install cosign
if: ${{ inputs.image_tag != 'devel' }}
uses: sigstore/cosign-installer@v3.6.0
with:
cosign-release: 'v2.4.0'
- name: Keyless image sign
if: ${{ inputs.image_tag != 'devel' }}
env:
TAGS: ${{ steps.meta.outputs.tags }}
DIGEST: ${{ steps.digest.outputs.image_sha }}
run: |
echo "${TAGS}"
echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
#run: |
# echo ${{ steps.digest.outputs.image_sha }}
# cosign sign --yes --rekor-url "https://rekor.sigstore.dev/" ${{ steps.digest.outputs.image_sha }}
#- name: Verify the image signing
# run: |
# cosign verify --rekor-url "https://rekor.sigstore.dev/" ${{ steps.digest.outputs.image_sha }} --certificate-identity "https://github.com/saintmalik/sign-container-images/.github/workflows/keyless.yaml@refs/heads/main" --certificate-oidc-issuer "https://token.actions.githubusercontent.com" | jq .
18 changes: 18 additions & 0 deletions .github/workflows/test.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
name: Test
on:
workflow_dispatch:
push:

permissions:
contents: read
pull-requests: read
id-token: write

jobs:
build:
name: Build & Publish
uses: "./.github/workflows/lib-publish.yaml"
secrets: inherit
with:
image_tag: v9.99.9
registry: ghcr.io/tkatila
14 changes: 7 additions & 7 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -17,16 +17,16 @@ require (
golang.org/x/text v0.17.0
google.golang.org/grpc v1.65.0
gopkg.in/yaml.v2 v2.4.0
k8s.io/api v0.31.0-beta.0
k8s.io/apimachinery v0.31.0-beta.0
k8s.io/client-go v0.31.0-beta.0
k8s.io/component-base v0.31.0-beta.0
k8s.io/api v0.31.0-rc.1
k8s.io/apimachinery v0.31.0-rc.1
k8s.io/client-go v0.31.0-rc.1
k8s.io/component-base v0.31.0-rc.1
k8s.io/klog/v2 v2.130.1
k8s.io/kubelet v0.31.0-beta.0
k8s.io/kubernetes v1.31.0-beta.0
k8s.io/pod-security-admission v0.0.0
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8
sigs.k8s.io/controller-runtime v0.18.1-0.20240717190548-1ed345090869
sigs.k8s.io/controller-runtime v0.19.0-beta.0
sigs.k8s.io/yaml v1.4.0
tags.cncf.io/container-device-interface/specs-go v0.8.0
)
Expand Down Expand Up @@ -114,8 +114,8 @@ require (
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/apiextensions-apiserver v0.31.0-beta.0 // indirect
k8s.io/apiserver v0.31.0-beta.0 // indirect
k8s.io/apiextensions-apiserver v0.31.0-rc.1 // indirect
k8s.io/apiserver v0.31.0-rc.1 // indirect
k8s.io/cloud-provider v0.0.0 // indirect
k8s.io/component-helpers v0.31.0-beta.0 // indirect
k8s.io/controller-manager v0.31.0-beta.0 // indirect
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -338,8 +338,8 @@ k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 h1:2770sDpzrjjsAtVhSeUFseziht227YAWYHLGNM8QPwY=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw=
sigs.k8s.io/controller-runtime v0.18.1-0.20240717190548-1ed345090869 h1:9+0SFkDM+/1JJQQoG+Zk/lZXTT87mZwc6qmIezGhEq8=
sigs.k8s.io/controller-runtime v0.18.1-0.20240717190548-1ed345090869/go.mod h1:0N/oS51dz0ZJriISp1SloFWkR7uKCDC6LBt65tRt2J0=
sigs.k8s.io/controller-runtime v0.19.0-beta.0 h1:2dhsJeWBmzrnSE+NMourFWen0lSRg3JYs3Pp04+cJss=
sigs.k8s.io/controller-runtime v0.19.0-beta.0/go.mod h1:DsWafTWWtE45ewmWCXm3Tsend5uwveZCkpYfod82SXE=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
Expand Down