publish on OBS / release-1.34 #4431
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: obs | |
| on: | |
| pull_request: | |
| workflow_dispatch: | |
| inputs: | |
| revision: | |
| default: main | |
| description: Branch or Tag to be published | |
| type: string | |
| skip-bundles: | |
| default: false | |
| description: Skip bundling and only stage+test+release | |
| type: boolean | |
| skip-stage: | |
| default: false | |
| description: Skip staging and only bundles+test+release | |
| type: boolean | |
| skip-tests: | |
| default: false | |
| description: Skip testing and only bundles+stage+release | |
| type: boolean | |
| skip-release: | |
| default: false | |
| description: Skip releasing and only bundles+stage+test | |
| type: boolean | |
| env: | |
| REVISION: ${{ inputs.revision || 'main' }} | |
| OBS_PASSWORD: ${{ secrets.OBS_PASSWORD }} | |
| run-name: publish on OBS / ${{ inputs.revision || 'main' }} | |
| jobs: | |
| vars: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 300 | |
| outputs: | |
| archive_path: ${{ steps.step.outputs.ARCHIVE_PATH }} | |
| commit: ${{ steps.step.outputs.COMMIT }} | |
| git_root: ${{ steps.step.outputs.GIT_ROOT }} | |
| project: ${{ steps.step.outputs.PROJECT }} | |
| project_type: ${{ steps.step.outputs.PROJECT_TYPE }} | |
| project_version: ${{ steps.step.outputs.PROJECT_VERSION }} | |
| version: ${{ steps.step.outputs.VERSION }} | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - id: step | |
| run: | | |
| source scripts/vars | |
| echo "ARCHIVE_PATH=$ARCHIVE_PATH" >> "$GITHUB_OUTPUT" | |
| echo "COMMIT=$COMMIT" >> "$GITHUB_OUTPUT" | |
| echo "GIT_ROOT=$GIT_ROOT" >> "$GITHUB_OUTPUT" | |
| echo "PROJECT=$PROJECT" >> "$GITHUB_OUTPUT" | |
| echo "PROJECT_TYPE=$PROJECT_TYPE" >> "$GITHUB_OUTPUT" | |
| echo "PROJECT_VERSION=$PROJECT_VERSION" >> "$GITHUB_OUTPUT" | |
| echo "VERSION=$VERSION" >> "$GITHUB_OUTPUT" | |
| - run: scripts/github-job-wait | |
| if: ${{ github.event_name != 'pull_request' }} | |
| env: | |
| COMMIT: ${{ steps.step.outputs.commit }} | |
| GH_TOKEN: ${{ github.token }} | |
| - name: COMMIT=${{ steps.step.outputs.commit }} | |
| run: true | |
| bundles: | |
| runs-on: ubuntu-latest | |
| needs: vars | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| arch: | |
| - amd64 | |
| - arm64 | |
| - ppc64le | |
| - s390x | |
| name: bundle / build / ${{ inputs.revision || 'main' }} / ${{ matrix.arch }} | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 | |
| - run: scripts/bundle/build | |
| if: ${{ inputs.skip-bundles == false }} | |
| env: | |
| ARCH: ${{ matrix.arch }} | |
| ARCHIVE_PATH: ${{ needs.vars.outputs.archive_path }} | |
| COMMIT: ${{ needs.vars.outputs.commit }} | |
| GIT_ROOT: ${{ needs.vars.outputs.git_root }} | |
| PROJECT: ${{ needs.vars.outputs.project }} | |
| PROJECT_TYPE: ${{ needs.vars.outputs.project_type }} | |
| PROJECT_VERSION: ${{ needs.vars.outputs.project_version }} | |
| VERSION: ${{ needs.vars.outputs.version }} | |
| - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| if: ${{ inputs.skip-bundles == false }} | |
| with: | |
| name: bundles-${{ matrix.arch }} | |
| path: build/bundle/*.tar.gz* | |
| bundle-test: | |
| name: bundle / test / ${{ inputs.revision || 'main' }} / amd64 | |
| runs-on: ubuntu-latest | |
| needs: | |
| - vars | |
| - bundles | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| if: ${{ inputs.skip-bundles == false }} | |
| with: | |
| name: bundles-amd64 | |
| path: build/bundle | |
| - run: sudo -E scripts/bundle/test | |
| if: ${{ inputs.skip-bundles == false }} | |
| env: | |
| ARCHIVE_PATH: ${{ needs.vars.outputs.archive_path }} | |
| COMMIT: ${{ needs.vars.outputs.commit }} | |
| GIT_ROOT: ${{ needs.vars.outputs.git_root }} | |
| PROJECT: ${{ needs.vars.outputs.project }} | |
| PROJECT_TYPE: ${{ needs.vars.outputs.project_type }} | |
| PROJECT_VERSION: ${{ needs.vars.outputs.project_version }} | |
| VERSION: ${{ needs.vars.outputs.version }} | |
| bundles-publish: | |
| name: bundles / publish / ${{ inputs.revision || 'main' }} | |
| runs-on: ubuntu-latest | |
| needs: bundle-test | |
| permissions: | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 | |
| if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
| with: | |
| credentials_json: ${{ secrets.GCS_CRIO_SA }} | |
| - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 | |
| if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
| - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
| with: | |
| name: bundles-amd64 | |
| path: build/bundle | |
| - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
| with: | |
| name: bundles-arm64 | |
| path: build/bundle | |
| - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
| with: | |
| name: bundles-ppc64le | |
| path: build/bundle | |
| - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
| with: | |
| name: bundles-s390x | |
| path: build/bundle | |
| - run: scripts/sign-artifacts | |
| if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
| - uses: google-github-actions/upload-cloud-storage@6397bd7208e18d13ba2619ee21b9873edc94427a # v3.0.0 | |
| if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
| with: | |
| path: build/bundle | |
| destination: cri-o/artifacts | |
| parent: false | |
| process_gcloudignore: false | |
| - name: Create bundle marker | |
| if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
| run: find . -type f -iname "cri-o.amd64.*.tar.gz" | sed -n 's;.*amd64.\(.*\).tar.gz;\1;p' > latest-bundle-${{ inputs.revision || 'main' }}.txt | |
| - name: Upload bundle marker | |
| uses: google-github-actions/upload-cloud-storage@6397bd7208e18d13ba2619ee21b9873edc94427a # v3.0.0 | |
| if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
| with: | |
| path: latest-bundle-${{ inputs.revision || 'main' }}.txt | |
| destination: cri-o | |
| process_gcloudignore: false | |
| - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
| with: | |
| name: signatures | |
| path: | | |
| build/bundle/*.sig | |
| build/bundle/*.cert | |
| oci-artifacts-publish: | |
| name: oci-artifacts / publish / ${{ inputs.revision || 'main' }} | |
| runs-on: ubuntu-latest | |
| needs: | |
| - vars | |
| - bundle-test | |
| permissions: | |
| contents: read | |
| id-token: write | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
| with: | |
| registry: ghcr.io/cri-o | |
| username: cri-o | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 | |
| if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
| - uses: oras-project/setup-oras@22ce207df3b08e061f537244349aac6ae1d214f6 # v1.2.4 | |
| if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
| with: | |
| version: 1.3.0 | |
| - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
| with: | |
| name: bundles-amd64 | |
| path: build/bundle | |
| - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
| with: | |
| name: bundles-arm64 | |
| path: build/bundle | |
| - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
| with: | |
| name: bundles-ppc64le | |
| path: build/bundle | |
| - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
| with: | |
| name: bundles-s390x | |
| path: build/bundle | |
| - run: scripts/oci-artifacts | |
| if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
| env: | |
| ARCHIVE_PATH: ${{ needs.vars.outputs.archive_path }} | |
| COMMIT: ${{ needs.vars.outputs.commit }} | |
| GIT_ROOT: ${{ needs.vars.outputs.git_root }} | |
| PROJECT_TYPE: ${{ needs.vars.outputs.project_type }} | |
| PROJECT_VERSION: ${{ needs.vars.outputs.project_version }} | |
| VERSION: ${{ needs.vars.outputs.version }} | |
| stage: | |
| runs-on: ubuntu-latest | |
| name: stage / ${{ inputs.revision || 'main' }} | |
| timeout-minutes: 240 | |
| needs: | |
| - vars | |
| - bundles-publish | |
| - oci-artifacts-publish | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - run: scripts/obs | |
| if: ${{ inputs.skip-stage == false && github.event_name != 'pull_request' }} | |
| env: | |
| ARCHIVE_PATH: ${{ needs.vars.outputs.archive_path }} | |
| COMMIT: ${{ needs.vars.outputs.commit }} | |
| GIT_ROOT: ${{ needs.vars.outputs.git_root }} | |
| PROJECT: ${{ needs.vars.outputs.project }} | |
| PROJECT_TYPE: ${{ needs.vars.outputs.project_type }} | |
| PROJECT_VERSION: ${{ needs.vars.outputs.project_version }} | |
| VERSION: ${{ needs.vars.outputs.version }} | |
| test-kubernetes: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 120 | |
| needs: | |
| - vars | |
| - stage | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| type: | |
| - deb | |
| - rpm | |
| name: test / ${{ matrix.type }} / kubernetes / amd64 | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - run: sudo scripts/github-actions-setup | |
| if: ${{ inputs.skip-tests == false }} | |
| - run: sudo -E scripts/test-kubernetes | |
| if: ${{ inputs.skip-tests == false }} | |
| env: | |
| TYPE: ${{ matrix.type }} | |
| ARCHIVE_PATH: ${{ needs.vars.outputs.archive_path }} | |
| COMMIT: ${{ needs.vars.outputs.commit }} | |
| GIT_ROOT: ${{ needs.vars.outputs.git_root }} | |
| PROJECT: ${{ needs.vars.outputs.project }} | |
| PROJECT_TYPE: ${{ needs.vars.outputs.project_type }} | |
| PROJECT_VERSION: ${{ needs.vars.outputs.project_version }} | |
| VERSION: ${{ needs.vars.outputs.version }} | |
| test-architectures: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 120 | |
| needs: | |
| - vars | |
| - stage | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| run: | |
| - image: almalinux:10 | |
| type: rpm | |
| - image: fedora:42 | |
| type: rpm | |
| - image: debian:13 | |
| type: deb | |
| - image: ubuntu:24.04 | |
| type: deb | |
| arch: | |
| - amd64 | |
| - arm64 | |
| - ppc64le | |
| - s390x | |
| exclude: | |
| - run: | |
| image: fedora:39 | |
| arch: arm64 # takes forever | |
| name: test / ${{ matrix.run.type }} / ${{ matrix.run.image }} / ${{ matrix.arch }} | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 | |
| - run: scripts/test-architectures | |
| if: ${{ inputs.skip-tests == false }} | |
| env: | |
| IMAGE: ${{ matrix.run.image }} | |
| ARCH: ${{ matrix.arch }} | |
| TYPE: ${{ matrix.run.type }} | |
| ARCHIVE_PATH: ${{ needs.vars.outputs.archive_path }} | |
| COMMIT: ${{ needs.vars.outputs.commit }} | |
| GIT_ROOT: ${{ needs.vars.outputs.git_root }} | |
| PROJECT: ${{ needs.vars.outputs.project }} | |
| PROJECT_TYPE: ${{ needs.vars.outputs.project_type }} | |
| PROJECT_VERSION: ${{ needs.vars.outputs.project_version }} | |
| VERSION: ${{ needs.vars.outputs.version }} | |
| release: | |
| runs-on: ubuntu-latest | |
| name: release / ${{ inputs.revision || 'main' }} | |
| needs: | |
| - vars | |
| - test-architectures | |
| - test-kubernetes | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - run: scripts/obs | |
| if: ${{ inputs.skip-release == false && github.event_name != 'pull_request' }} | |
| env: | |
| RUN_RELEASE: 1 | |
| ARCHIVE_PATH: ${{ needs.vars.outputs.archive_path }} | |
| COMMIT: ${{ needs.vars.outputs.commit }} | |
| GIT_ROOT: ${{ needs.vars.outputs.git_root }} | |
| PROJECT: ${{ needs.vars.outputs.project }} | |
| PROJECT_TYPE: ${{ needs.vars.outputs.project_type }} | |
| PROJECT_VERSION: ${{ needs.vars.outputs.project_version }} | |
| VERSION: ${{ needs.vars.outputs.version }} |