From patchwork Mon Mar 23 08:30:35 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Kiszka X-Patchwork-Id: 4972 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 23 Mar 2026 09:30:53 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-wr1-f60.google.com (mail-wr1-f60.google.com [209.85.221.60]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 62N8Uo5U028868 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 23 Mar 2026 09:30:50 +0100 Received: by mail-wr1-f60.google.com with SMTP id ffacd0b85a97d-43b7ec737c1sf95744f8f.1 for ; Mon, 23 Mar 2026 01:30:50 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1774254644; cv=pass; d=google.com; s=arc-20240605; b=I5wCWg7BljjaQO5+qX1p+f00/fL3K2ZSpP3h9dfa3ANGHK78fmw4wcPx7FIH8231UU PfsxbDqg0vdhosdw7O3UKJFq6BQhEYn7h0zSz1ICm9K0vP0Kgu6dV2N6Was91YAWVvHr gaFlwF62ySaENE9AImxAkK8Td2RhtTF+KTPhWyC8oYdQahojvAbewhqKfWYdFk/b91xH X1mTg+NZDmG1ZvuCzN5JosUgrA0JyGVACVStpyx88dyu1fW8X4QqnD7canPukNMQ8UNz XKCxpYJgiS74weaHqvncNQ512RYQSVJ7FFvFMb34UuqDTlKrEBoE6WMFRVIZVlD+ZhaG 3s2Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=YnlncZ4FGet0CP93OddU4/n21wMUjPFJt7I9PR0hDYc=; fh=eaTBaqj4J3M7znsbGcOf4QKpPRRjIse4NF7drvTqEFo=; b=ODRLL8DbDsu+gTD5bp6TZudrkEhPyM93L2KBLen318gdjkBCCyAfL68YjO01BCZqu5 2CxS3B7bkxLQt+poxOmh/iiZCbseckUOhin8UbyXjhn4N1+0QCOoilPNFK8imIxlZVT6 AMwVHMFbK5HPR0HEsqVG+H5OU6YH2xVF+ZF9UNdw7FeciGf4vJXlya4Dw3Dj52REazO/ 5w7Tih3Z0V6xij6rGi4CRQ7ByfY+zL/F5NE+NCQJ5/MJxZP5j4o1pqTzDy33PIIxtaDC ihAhJfGwfuHSCfSfLwcccxjxCcmKozohoRtIpovTzTmoAWbwfobgBKszbk5NTJg4sBjB yHyg==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b="blkE1/YQ"; spf=pass (google.com: domain of fm-294854-20260323083041c9b322e03b00020774-vtug9t@rts-flowmailer.siemens.com designates 185.136.65.226 as permitted sender) smtp.mailfrom=fm-294854-20260323083041c9b322e03b00020774-VTUG9t@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1774254644; x=1774859444; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=YnlncZ4FGet0CP93OddU4/n21wMUjPFJt7I9PR0hDYc=; b=CgR87mG49FZrEog/eiSUG0xn7drDlOdVoZ5LeXVh5VfIjrms3LfWLoNwgIrjWGT1LM dqKoFL+y4tiyBzhPwxP4cmAW7l5DpQYdRhRaskkQg502DbpFGEboLVKSQ0dWlDiMx+eZ LoZwc08K/hjB5ju73xsS6daOaAfrUT/TTzGg77uIyvzewo3fPIaxDw1ZhPUs74cCusH7 8rrPz7EcOvprE1qk3WLbpaDnQSI/b2tSCXgai2P2lGgZecUDUrP1dm1LEIbzoADAqj19 ymcYmgPtVxAhOr1ZqmjziQTmH3gwRAF0vhoJt38Cpt32tXzFvS7rX2iFGkniief/QOO1 wPYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774254644; x=1774859444; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=YnlncZ4FGet0CP93OddU4/n21wMUjPFJt7I9PR0hDYc=; b=hX7no3uYYufkLaaXtLjoalFeltJp60Qa3Ua7gxd5klvG2HO/h4/ltM1gMg/sQJ+z89 F2lwFCv3hp8bQ7I6+c8QWn2ptYDMVnv61HIrBSXsXBwxCq4vIcfSm4Ehb7++7ggfGCWn xsVwom+UgCDxftKOMPxGWd7a9Iz+VX9vuz2sPf74jfv62trsc+vCUzjP1IQXHsEmd6Gn IkND9apVKJ0ajT1Zm9XSi+E2UScgNZZqkwReWzUMHOD4D/IDl36EX33i/p+C26Sd5a+I 9hKBxLhbOxtwMoKaT3RyD4upuewOTIY7994oCy2fjxlklLHsvgPtKJdwfbeW2MHVQuZK nplQ== X-Forwarded-Encrypted: i=2; AJvYcCX8w2jegcICpJxWUPW6SrEqixsMFHCh+nDcqLElptkqiyW6oRUZNzmfpgnFjwVfFCU3FMHHTWY=@isar-build.org X-Gm-Message-State: AOJu0YxRZn/8UTH4gbCPMWQFGB1DRjinhzWRBVqydSsUJM7Mm/eluVpT uf3d99sfWXsVtWonuvqZ+1cUc/ylRbGYFFsRR1GqcFIUJHBy/LNY7OY/ X-Received: by 2002:a5d:5d02:0:b0:43b:4982:fc73 with SMTP id ffacd0b85a97d-43b6427d2b6mr18516785f8f.25.1774254644163; Mon, 23 Mar 2026 01:30:44 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AYAyTiKMAo0dfPdcxQANsZR8FFaBNYFBlOX7QKAW/sqL5y+c1g==" Received: by 2002:a05:6000:298f:10b0:43b:5003:e2eb with SMTP id ffacd0b85a97d-43b5863fe36ls1616163f8f.2.-pod-prod-04-eu; Mon, 23 Mar 2026 01:30:42 -0700 (PDT) X-Received: by 2002:a05:6000:2584:b0:43b:4e01:4aa9 with SMTP id ffacd0b85a97d-43b64242a6emr17432472f8f.10.1774254642086; Mon, 23 Mar 2026 01:30:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1774254642; cv=none; d=google.com; s=arc-20240605; b=KiA3nuIfV6JV6B68BdiSYxQ/jHFCumNH2lt8UMM+akmHQCWIditruQUiewwtY9FxbJ Rzj4D0ymphbFzSf9klpk0oz5yqw66ORIeQiuxa8RWN7sqmFhsP1CsyxcvmMTtI7k6fWK riqhTCsQ46bhJirb9nG7A8wgp+jPNOMBYj+ZgrdZ57s/2CADB8EEMv8/1pJXrnGWtHJY 9SXf41a4rJdoN+ECrRw3DsvX3Kk7sq9ojgGUdZKYzpFqbZEVgWJzky2ClREIpzjD2Ggb 02DyxyACpkrPfvJdQ+7OcfJNbwHFqx3CeXawz2GB18e/26dHJz8AEA134SOhVNgCfTel g2/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=+lZsQtdmfM5uFc3+4Bw+WSHgLuCvLw+8sp4gugUia/M=; fh=TnBsgKgmUKR6lCgSnR10YW4SMYjU5gXEv4fxP/+RPug=; b=G5X+DH41ZHf7muLZO7JAYLJ1712omSioFDd0pu82bwu5lmWcK69Q7KoNPrrYSB3n7c dMmn+edEBRvEqu6c0KUb3vOfkXi/nMyriAaHmoVQycNujwpriGOcSkO3Nrb1HdppRhHo IWylObCh7tazytQHcLCmVXr8mtIfucKMcj3OHArzPudWt5QjygWTXU3dTfSHfIzxL1Rs OaKGtu8nsB54iD9q/KtklMe41/b4A4a0Hts5u+M8SoWmpMMGjkJKrIs1nDPEuFBcRrgr iEZYeJlRL9qxO5Uo/HHOMfhPHSgMTnm3ZCBeIakxDavQ/Qm9Y51X/41UWtGt1TR5LcQ5 s4rA==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b="blkE1/YQ"; spf=pass (google.com: domain of fm-294854-20260323083041c9b322e03b00020774-vtug9t@rts-flowmailer.siemens.com designates 185.136.65.226 as permitted sender) smtp.mailfrom=fm-294854-20260323083041c9b322e03b00020774-VTUG9t@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-65-226.siemens.flowmailer.net (mta-65-226.siemens.flowmailer.net. [185.136.65.226]) by gmr-mx.google.com with ESMTPS id ffacd0b85a97d-43b644b7432si177037f8f.1.2026.03.23.01.30.42 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 23 Mar 2026 01:30:42 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-294854-20260323083041c9b322e03b00020774-vtug9t@rts-flowmailer.siemens.com designates 185.136.65.226 as permitted sender) client-ip=185.136.65.226; Received: by mta-65-226.siemens.flowmailer.net with ESMTPSA id 20260323083041c9b322e03b00020774 for ; Mon, 23 Mar 2026 09:30:42 +0100 X-Patchwork-Original-From: "'Jan Kiszka' via isar-users" From: Jan Kiszka To: isar-users Cc: Felix Moessbauer , Cedric Hombourger Subject: [PATCH 5/9] ci: Add github workflow for building and deploying test-container Date: Mon, 23 Mar 2026 09:30:35 +0100 Message-ID: <0d31a55008c43a72c8afcba35319ddb894c49012.1774254639.git.jan.kiszka@siemens.com> In-Reply-To: References: MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-294854:519-21489:flowmailer X-Original-Sender: jan.kiszka@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b="blkE1/YQ"; spf=pass (google.com: domain of fm-294854-20260323083041c9b322e03b00020774-vtug9t@rts-flowmailer.siemens.com designates 185.136.65.226 as permitted sender) smtp.mailfrom=fm-294854-20260323083041c9b322e03b00020774-VTUG9t@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Jan Kiszka Reply-To: Jan Kiszka Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= From: Jan Kiszka Trigger a container build if the registery does not yet contain the version of the test-container described by testsuite/dockerdata/version. This obsoletes the need for manual build and deployment. Drop the related README.md. Signed-off-by: Jan Kiszka --- .github/workflows/main.yml | 72 ++++++++++++++++++++++++++++++++++ testsuite/dockerdata/README.md | 22 ----------- 2 files changed, 72 insertions(+), 22 deletions(-) create mode 100644 .github/workflows/main.yml delete mode 100644 testsuite/dockerdata/README.md diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 00000000..e9dd039e --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,72 @@ +# Copyright (c) Siemens AG, 2026 +# SPDX-License-Identifier: MIT + +name: CI + +on: [push] + +env: + CONTAINER_BASENAME: ${{ vars.CONTAINER_BASENAME || 'ghcr.io/ilbers/isar' }} + +jobs: + container: + name: Refresh test-container + runs-on: ubuntu-latest + permissions: + id-token: write + packages: write + contents: read + attestations: write + artifact-metadata: write + if: github.ref == 'refs/heads/next' + steps: + - name: Check out repo + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - name: Check for pre-existing container version + run: | + TEST_CONTAINER_VERSION=$(cat testsuite/dockerdata/version) + echo "TEST_CONTAINER_VERSION=$TEST_CONTAINER_VERSION" >> $GITHUB_ENV + if ! docker manifest inspect ${CONTAINER_BASENAME}/test-container:$TEST_CONTAINER_VERSION >/dev/null 2>&1; then + eval $(grep "^KAS_CONTAINER_SCRIPT_VERSION=" kas/kas-container) + echo "KAS_VERSION=$KAS_CONTAINER_SCRIPT_VERSION" >> $GITHUB_ENV + echo "BUILD_CONTAINER=true" >> $GITHUB_ENV + fi + + - name: Set up QEMU + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 + with: + platforms: linux/amd64,linux/arm64 + if: ${{ env.BUILD_CONTAINER }} + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 + if: ${{ env.BUILD_CONTAINER }} + - name: Login to ghcr.io + uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + if: ${{ env.BUILD_CONTAINER }} + + - name: Build and deploy container + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 #v7.0.0 + id: push + with: + platforms: linux/amd64,linux/arm64 + file: testsuite/dockerdata/Dockerfile + build-args: KAS_VERSION=${{ env.KAS_VERSION }} + provenance: false + outputs: type=registry + tags: | + ${{ env.CONTAINER_BASENAME }}/test-container:latest + ${{ env.CONTAINER_BASENAME }}/test-container:${{ env.TEST_CONTAINER_VERSION }} + annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }} + if: ${{ env.BUILD_CONTAINER }} + - name: Attest container image + uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0 + with: + subject-name: ${{ env.CONTAINER_BASENAME }}/test-container + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true + if: ${{ env.BUILD_CONTAINER }} diff --git a/testsuite/dockerdata/README.md b/testsuite/dockerdata/README.md deleted file mode 100644 index 54a78187..00000000 --- a/testsuite/dockerdata/README.md +++ /dev/null @@ -1,22 +0,0 @@ -# Creating image - -- Make sure `testsuite/dockerdata/version` is bumped for new images, also - after updating `kas/kas-container`. - -- Run: - -``` -testsuite/dockerdata/build.sh -``` - -# Pushing the image to docker hub - -- Configure github token (classic) with `write:packages` permissions. - -- Use it for uploading docker image: - -``` -docker push ghcr.io/ilbers/isar/test-container:$(cat testsuite/dockerdata/version) -``` - -- Make the uploaded package public