Skip to content

Commit 7f701f1

Browse files
mauromoralesmauromorales
authored
Use kairos factory action for releases (#3587)
* use factory action on release workflow Signed-off-by: Mauro Morales <[email protected]> * remove unnecessary permissions Signed-off-by: Mauro Morales <[email protected]> --------- Signed-off-by: Mauro Morales <[email protected]>
1 parent ce9c5b7 commit 7f701f1

File tree

9 files changed

+120
-587
lines changed

9 files changed

+120
-587
lines changed

.github/workflows/image-master-arm.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ concurrency:
1717
jobs:
1818
core:
1919
name: ${{ matrix.base_image }}
20-
uses: kairos-io/kairos-factory-action/.github/workflows/[email protected].3
20+
uses: kairos-io/kairos-factory-action/.github/workflows/[email protected].6
2121
secrets:
2222
registry_username: ${{ secrets.QUAY_USERNAME }}
2323
registry_password: ${{ secrets.QUAY_PASSWORD }}
@@ -138,7 +138,7 @@ jobs:
138138
tags: quay.io/kairos/cache:nvidia-base
139139
nvidia:
140140
name: ${{ matrix.base_image }}
141-
uses: kairos-io/kairos-factory-action/.github/workflows/[email protected].3
141+
uses: kairos-io/kairos-factory-action/.github/workflows/[email protected].6
142142
secrets:
143143
registry_username: ${{ secrets.QUAY_USERNAME }}
144144
registry_password: ${{ secrets.QUAY_PASSWORD }}

.github/workflows/image-master.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ concurrency:
1616
jobs:
1717
core:
1818
name: ${{ matrix.base_image }}
19-
uses: kairos-io/kairos-factory-action/.github/workflows/[email protected].2
19+
uses: kairos-io/kairos-factory-action/.github/workflows/[email protected].6
2020
secrets:
2121
registry_username: ${{ secrets.QUAY_USERNAME }}
2222
registry_password: ${{ secrets.QUAY_PASSWORD }}
@@ -47,7 +47,7 @@ jobs:
4747
- "debian:12"
4848
standard:
4949
name: ${{ matrix.base_image }}
50-
uses: kairos-io/kairos-factory-action/.github/workflows/[email protected].2
50+
uses: kairos-io/kairos-factory-action/.github/workflows/[email protected].6
5151
secrets:
5252
registry_username: ${{ secrets.QUAY_USERNAME }}
5353
registry_password: ${{ secrets.QUAY_PASSWORD }}

.github/workflows/image-pr-arm.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ concurrency:
1414
jobs:
1515
build-board:
1616
name: ${{ matrix.base_image }}
17-
uses: kairos-io/kairos-factory-action/.github/workflows/[email protected].3
17+
uses: kairos-io/kairos-factory-action/.github/workflows/[email protected].6
1818
secrets:
1919
registry_username: ${{ secrets.QUAY_USERNAME }}
2020
registry_password: ${{ secrets.QUAY_PASSWORD }}
@@ -43,7 +43,7 @@ jobs:
4343

4444
build-generic:
4545
name: ${{ matrix.base_image }}
46-
uses: kairos-io/kairos-factory-action/.github/workflows/[email protected].3
46+
uses: kairos-io/kairos-factory-action/.github/workflows/[email protected].6
4747
secrets:
4848
registry_username: ${{ secrets.QUAY_USERNAME }}
4949
registry_password: ${{ secrets.QUAY_PASSWORD }}

.github/workflows/image-pr.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ concurrency:
1414
jobs:
1515
build:
1616
name: ${{ matrix.base_image }}
17-
uses: kairos-io/kairos-factory-action/.github/workflows/[email protected].3
17+
uses: kairos-io/kairos-factory-action/.github/workflows/[email protected].6
1818
secrets:
1919
registry_username: ${{ secrets.QUAY_USERNAME }}
2020
registry_password: ${{ secrets.QUAY_PASSWORD }}

.github/workflows/release-arm.yaml

Lines changed: 64 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -7,19 +7,16 @@ on:
77
permissions: read-all
88
jobs:
99
build-core:
10-
uses: ./.github/workflows/reusable-release.yaml
10+
uses: kairos-io/kairos-factory-action/.github/workflows/reusable-factory.yaml@v0.0.6
1111
secrets: inherit
1212
permissions:
1313
id-token: write # OIDC support
1414
contents: write
15-
actions: read
1615
security-events: write
16+
actions: read
1717
strategy:
1818
fail-fast: false
1919
matrix:
20-
model: ["generic"]
21-
variant: ["core"]
22-
arch: ["arm64"]
2320
base_image:
2421
- "opensuse/leap:15.6"
2522
- "opensuse/tumbleweed:latest"
@@ -33,33 +30,44 @@ jobs:
3330
- "rockylinux:9"
3431
with:
3532
base_image: ${{ matrix.base_image }}
36-
arch: ${{ matrix.arch }}
37-
variant: ${{ matrix.variant }}
38-
model: ${{ matrix.model }}
33+
arch: "amd64"
34+
model: "generic"
35+
version: "auto"
36+
iso: true
37+
grype: true
38+
grype_sarif: true
39+
trivy: true
40+
trivy_sarif: true
41+
list_release_artifacts: true
42+
cosign: true
43+
release: true
3944
build-core-rpi4:
40-
uses: ./.github/workflows/reusable-release.yaml
45+
uses: kairos-io/kairos-factory-action/.github/workflows/reusable-factory.yaml@v0.0.6
4146
secrets: inherit
4247
permissions:
4348
id-token: write # OIDC support
4449
contents: write
45-
actions: read
4650
security-events: write
51+
actions: read
4752
strategy:
4853
fail-fast: false
4954
matrix:
50-
model: ["rpi4"]
51-
variant: ["core"]
52-
arch: ["arm64"]
5355
base_image:
5456
- "opensuse/leap:15.6"
5557
- "ubuntu:20.04"
5658
- "ubuntu:22.04"
5759
- "alpine:3.21"
5860
with:
5961
base_image: ${{ matrix.base_image }}
60-
arch: ${{ matrix.arch }}
61-
variant: ${{ matrix.variant }}
62-
model: ${{ matrix.model }}
62+
arch: "arm64"
63+
model: "rpi4"
64+
version: "auto"
65+
grype: true
66+
grype_sarif: true
67+
trivy: true
68+
trivy_sarif: true
69+
list_release_artifacts: true
70+
cosign: true
6371
get-k3s-versions:
6472
runs-on: ubuntu-latest
6573
outputs:
@@ -73,11 +81,11 @@ jobs:
7381
kubernetes_versions=$(curl -s https://api.github.com/repos/k3s-io/k3s/releases | jq -r '
7482
[.[] | select(.prerelease == false and .draft == false and (.tag_name | test("rc") | not)) | .tag_name]
7583
| map({
76-
version: .,
77-
minor: (split(".")[1:2]|join("")),
78-
patch: (split(".")[2:3]|join("")|split("+")[0]),
79-
revision: (split("+k3s")[1])
80-
})
84+
version: .,
85+
minor: (split(".")[1:2]|join("")),
86+
patch: (split(".")[2:3]|join("")|split("+")[0]),
87+
revision: (split("+k3s")[1])
88+
})
8189
| group_by(.minor)
8290
| map(sort_by([(.patch | tonumber), (.revision | tonumber)]) | reverse | .[0])
8391
| sort_by(.minor | tonumber)
@@ -87,22 +95,19 @@ jobs:
8795
' | jq -c '.')
8896
echo "kubernetes_versions=$kubernetes_versions" >> $GITHUB_OUTPUT
8997
build-standard:
90-
uses: ./.github/workflows/reusable-release.yaml
98+
uses: kairos-io/kairos-factory-action/.github/workflows/reusable-factory.yaml@v0.0.6
9199
secrets: inherit
92100
needs:
93101
- get-k3s-versions
94102
permissions:
95103
id-token: write # OIDC support
96104
contents: write
97-
actions: read
98105
security-events: write
106+
actions: read
99107
strategy:
100108
fail-fast: false
101109
matrix:
102110
kubernetes_version: ${{ fromJson(needs.get-k3s-versions.outputs.kubernetes_versions) }}
103-
model: ["generic"]
104-
variant: ["standard"]
105-
arch: ["arm64"]
106111
base_image:
107112
- "opensuse/leap:15.6"
108113
- "opensuse/tumbleweed:latest"
@@ -116,40 +121,51 @@ jobs:
116121
- "rockylinux:9"
117122
with:
118123
base_image: ${{ matrix.base_image }}
119-
arch: ${{ matrix.arch }}
120-
variant: ${{ matrix.variant }}
121-
model: ${{ matrix.model }}
124+
arch: "amd64"
125+
model: "generic"
122126
kubernetes_version: ${{ matrix.kubernetes_version }}
123127
kubernetes_distro: "k3s"
128+
version: "auto"
129+
iso: true
130+
grype: true
131+
grype_sarif: true
132+
trivy: true
133+
trivy_sarif: true
134+
list_release_artifacts: true
135+
cosign: true
136+
release: true
124137
build-standard-rpi4:
125-
uses: ./.github/workflows/reusable-release.yaml
138+
uses: kairos-io/kairos-factory-action/.github/workflows/reusable-factory.yaml@v0.0.6
126139
secrets: inherit
127140
needs:
128141
- get-k3s-versions
129142
permissions:
130143
id-token: write # OIDC support
131144
contents: write
132-
actions: read
133145
security-events: write
146+
actions: read
134147
strategy:
135148
fail-fast: false
136149
matrix:
137150
kubernetes_version: ${{ fromJson(needs.get-k3s-versions.outputs.kubernetes_versions) }}
138-
model: ["rpi4"]
139-
variant: ["standard"]
140-
arch: ["arm64"]
141151
base_image:
142152
- "opensuse/leap:15.6"
143153
- "ubuntu:20.04"
144154
- "ubuntu:22.04"
145155
- "alpine:3.21"
146156
with:
147157
base_image: ${{ matrix.base_image }}
148-
arch: ${{ matrix.arch }}
149-
variant: ${{ matrix.variant }}
150-
model: ${{ matrix.model }}
158+
arch: "amd64"
159+
model: "generic"
151160
kubernetes_version: ${{ matrix.kubernetes_version }}
152161
kubernetes_distro: "k3s"
162+
version: "auto"
163+
grype: true
164+
grype_sarif: true
165+
trivy: true
166+
trivy_sarif: true
167+
list_release_artifacts: true
168+
cosign: true
153169
build-nvidia-base:
154170
runs-on: 'ubuntu-24.04-arm'
155171
steps:
@@ -189,34 +205,22 @@ jobs:
189205
push: true
190206
tags: quay.io/kairos/cache:nvidia-base
191207
nvidia-arm-core:
192-
uses: ./.github/workflows/reusable-release.yaml
208+
uses: kairos-io/kairos-factory-action/.github/workflows/reusable-factory.yaml@v0.0.6
193209
secrets: inherit
194210
permissions:
195211
id-token: write # OIDC support
196212
contents: write
197213
security-events: write
198214
actions: read
199-
attestations: read
200-
checks: read
201-
deployments: read
202-
discussions: read
203-
issues: read
204-
packages: read
205-
pages: read
206-
pull-requests: read
207-
repository-projects: read
208-
statuses: read
209215
needs: build-nvidia-base
210216
with:
211-
base_image: ${{ matrix.base_image }}
212-
arch: ${{ matrix.arch }}
213-
variant: ${{ matrix.variant }}
214-
model: ${{ matrix.model }}
215-
strategy:
216-
fail-fast: false
217-
matrix:
218-
model: ["nvidia-jetson-agx-orin"]
219-
variant: ["core"]
220-
arch: ["arm64"]
221-
base_image:
222-
- "quay.io/kairos/cache:nvidia-base"
217+
base_image: "quay.io/kairos/cache:nvidia-base"
218+
arch: "arm64"
219+
model: "nvidia-jetson-agx-orin"
220+
version: "auto"
221+
grype: true
222+
grype_sarif: true
223+
trivy: true
224+
trivy_sarif: true
225+
list_release_artifacts: true
226+
cosign: true

0 commit comments

Comments
 (0)