diff --git a/.github/workflows/image-arm-pr.yaml b/.github/workflows/image-arm-pr.yaml index d508e2631..4943ba73c 100644 --- a/.github/workflows/image-arm-pr.yaml +++ b/.github/workflows/image-arm-pr.yaml @@ -11,10 +11,11 @@ concurrency: cancel-in-progress: true env: FORCE_COLOR: 1 - + EARTHLY_TOKEN: ${{ secrets.EARTHLY_TOKEN }} jobs: opensuse: uses: ./.github/workflows/reusable-docker-arm-build.yaml + secrets: inherit permissions: id-token: write # OIDC support contents: write @@ -39,6 +40,7 @@ jobs: worker: ARM64 alpine: uses: ./.github/workflows/reusable-docker-arm-build.yaml + secrets: inherit permissions: id-token: write # OIDC support contents: write diff --git a/.github/workflows/image-arm.yaml b/.github/workflows/image-arm.yaml index 8d8e8901c..8094394a7 100644 --- a/.github/workflows/image-arm.yaml +++ b/.github/workflows/image-arm.yaml @@ -11,7 +11,6 @@ concurrency: cancel-in-progress: true env: FORCE_COLOR: 1 - jobs: get-core-matrix: runs-on: ubuntu-latest diff --git a/.github/workflows/image-pr.yaml b/.github/workflows/image-pr.yaml index 75695ef7d..4b848f92f 100644 --- a/.github/workflows/image-pr.yaml +++ b/.github/workflows/image-pr.yaml @@ -10,9 +10,11 @@ concurrency: cancel-in-progress: true env: FORCE_COLOR: 1 + EARTHLY_TOKEN: ${{ secrets.EARTHLY_TOKEN }} jobs: core-ubuntu-22-lts: uses: ./.github/workflows/reusable-build-flavor.yaml + secrets: inherit permissions: contents: write security-events: write @@ -39,6 +41,7 @@ jobs: core-ubuntu-24-lts: uses: ./.github/workflows/reusable-build-flavor.yaml + secrets: inherit permissions: contents: write security-events: write @@ -65,6 +68,7 @@ jobs: core-alpine: uses: ./.github/workflows/reusable-build-flavor.yaml + secrets: inherit permissions: contents: write security-events: write @@ -91,6 +95,7 @@ jobs: standard: uses: ./.github/workflows/reusable-build-provider.yaml + secrets: inherit permissions: id-token: write # OIDC support contents: write @@ -117,6 +122,7 @@ jobs: install: uses: ./.github/workflows/reusable-install-test.yaml + secrets: inherit with: flavor: ubuntu flavor_release: "24.04" @@ -126,6 +132,7 @@ jobs: install-secureboot: uses: ./.github/workflows/reusable-install-test.yaml + secrets: inherit with: flavor: ubuntu flavor_release: "24.04" @@ -135,6 +142,7 @@ jobs: install-alpine: uses: ./.github/workflows/reusable-install-test.yaml + secrets: inherit with: flavor: alpine flavor_release: "3.19" @@ -143,6 +151,7 @@ jobs: zfs: uses: ./.github/workflows/reusable-zfs-test.yaml + secrets: inherit with: flavor: ubuntu flavor_release: "22.04" @@ -151,6 +160,7 @@ jobs: acceptance: uses: ./.github/workflows/reusable-qemu-acceptance-test.yaml + secrets: inherit with: flavor: ubuntu flavor_release: "24.04" @@ -159,6 +169,7 @@ jobs: acceptance-alpine: uses: ./.github/workflows/reusable-qemu-acceptance-test.yaml + secrets: inherit with: flavor: alpine flavor_release: "3.19" @@ -167,6 +178,7 @@ jobs: bundles: uses: ./.github/workflows/reusable-qemu-bundles-test.yaml + secrets: inherit with: flavor: ubuntu flavor_release: "24.04" @@ -175,6 +187,7 @@ jobs: reset: uses: ./.github/workflows/reusable-qemu-reset-test.yaml + secrets: inherit with: flavor: ubuntu flavor_release: "24.04" @@ -183,6 +196,7 @@ jobs: reset-alpine: uses: ./.github/workflows/reusable-qemu-reset-test.yaml + secrets: inherit with: flavor: alpine flavor_release: "3.19" @@ -191,6 +205,7 @@ jobs: netboot: uses: ./.github/workflows/reusable-qemu-netboot-test.yaml + secrets: inherit with: flavor: ubuntu flavor_release: "24.04" @@ -203,6 +218,7 @@ jobs: netboot-alpine: uses: ./.github/workflows/reusable-qemu-netboot-test.yaml + secrets: inherit with: flavor: alpine flavor_release: "3.19" @@ -215,6 +231,7 @@ jobs: upgrade: uses: ./.github/workflows/reusable-upgrade-with-cli-test.yaml + secrets: inherit with: flavor: ubuntu flavor_release: "24.04" @@ -223,6 +240,7 @@ jobs: upgrade-alpine: uses: ./.github/workflows/reusable-upgrade-with-cli-test.yaml + secrets: inherit with: flavor: alpine flavor_release: "3.19" @@ -231,6 +249,7 @@ jobs: upgrade-latest: uses: ./.github/workflows/reusable-upgrade-latest-test.yaml + secrets: inherit with: flavor: ubuntu flavor_release: "24.04" diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 0e589d3a7..42ad4b218 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -13,7 +13,6 @@ concurrency: env: FORCE_COLOR: 1 jobs: - get-core-matrix: runs-on: ubuntu-latest outputs: diff --git a/.github/workflows/release-arm.yaml b/.github/workflows/release-arm.yaml index d6f0a6e48..ea5097bf0 100644 --- a/.github/workflows/release-arm.yaml +++ b/.github/workflows/release-arm.yaml @@ -3,6 +3,9 @@ on: push: tags: - 'v*' +env: + FORCE_COLOR: 1 + EARTHLY_TOKEN: ${{ secrets.EARTHLY_TOKEN }} permissions: read-all jobs: get-core-matrix: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index d37343907..48384f40c 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -5,7 +5,9 @@ on: push: tags: - v* - +env: + FORCE_COLOR: 1 + EARTHLY_TOKEN: ${{ secrets.EARTHLY_TOKEN }} permissions: read-all jobs: get-core-matrix: diff --git a/.github/workflows/reusable-build-flavor.yaml b/.github/workflows/reusable-build-flavor.yaml index 30976cbfd..f2c4223ff 100644 --- a/.github/workflows/reusable-build-flavor.yaml +++ b/.github/workflows/reusable-build-flavor.yaml @@ -103,6 +103,9 @@ jobs: run: | sudo iptables -I INPUT -s 169.254.169.254 -j DROP sudo iptables -I OUTPUT -d 169.254.169.254 -j DROP + - name: Login to earthly + run: | + earthly account login --token ${{ secrets.EARTHLY_TOKEN }} && earthly org select Kairos - name: Build PR 🔧 if: ${{ github.event_name == 'pull_request' }} run: | diff --git a/.github/workflows/reusable-build-provider.yaml b/.github/workflows/reusable-build-provider.yaml index e69ced4a8..0ece9a82b 100644 --- a/.github/workflows/reusable-build-provider.yaml +++ b/.github/workflows/reusable-build-provider.yaml @@ -87,6 +87,9 @@ jobs: run: | sudo iptables -I INPUT -s 169.254.169.254 -j DROP sudo iptables -I OUTPUT -d 169.254.169.254 -j DROP + - name: Login to earthly + run: | + earthly account login --token ${{ secrets.EARTHLY_TOKEN }} && earthly org select Kairos - name: Build PR 🔧 if: ${{ github.event_name == 'pull_request' }} run: | diff --git a/.github/workflows/reusable-docker-arm-build.yaml b/.github/workflows/reusable-docker-arm-build.yaml index 888c52d82..edbe4e3d6 100644 --- a/.github/workflows/reusable-docker-arm-build.yaml +++ b/.github/workflows/reusable-docker-arm-build.yaml @@ -25,8 +25,7 @@ on: base_image: required: true type: string -env: - FORCE_COLOR: 1 + permissions: read-all jobs: build: @@ -129,6 +128,9 @@ jobs: if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }} run: | echo "IMG_COMPRESSION=xz" >> $GITHUB_ENV + - name: Login to earthly + run: | + earthly account login --token ${{ secrets.EARTHLY_TOKEN }} && earthly org select Kairos - name: Build 🔧 run: | earthly -P +all-arm \ diff --git a/.github/workflows/reusable-image-and-iso-arm-generic.yaml b/.github/workflows/reusable-image-and-iso-arm-generic.yaml index 31ac732d0..5c6373bca 100644 --- a/.github/workflows/reusable-image-and-iso-arm-generic.yaml +++ b/.github/workflows/reusable-image-and-iso-arm-generic.yaml @@ -48,6 +48,9 @@ jobs: run: | sudo iptables -I INPUT -s 169.254.169.254 -j DROP sudo iptables -I OUTPUT -d 169.254.169.254 -j DROP + - name: Login to earthly + run: | + earthly account login --token ${{ secrets.EARTHLY_TOKEN }} && earthly org select Kairos - name: Build iso 🔧 if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }} run: | diff --git a/.github/workflows/reusable-qemu-acceptance-test.yaml b/.github/workflows/reusable-qemu-acceptance-test.yaml index 9c9c768f3..e407b2d61 100644 --- a/.github/workflows/reusable-qemu-acceptance-test.yaml +++ b/.github/workflows/reusable-qemu-acceptance-test.yaml @@ -82,5 +82,8 @@ jobs: run: | sudo iptables -I INPUT -s 169.254.169.254 -j DROP sudo iptables -I OUTPUT -d 169.254.169.254 -j DROP + - name: Login to earthly + run: | + earthly account login --token ${{ secrets.EARTHLY_TOKEN }} && earthly org select Kairos - run: | earthly +run-qemu-datasource-tests --PREBUILT_ISO=$(ls *${{ inputs.flavor }}*.iso) --FLAVOR=${{ inputs.flavor }} --SSH_PORT=${{ inputs.port }} diff --git a/.github/workflows/reusable-qemu-bundles-test.yaml b/.github/workflows/reusable-qemu-bundles-test.yaml index d8d96b470..ad12b3de1 100644 --- a/.github/workflows/reusable-qemu-bundles-test.yaml +++ b/.github/workflows/reusable-qemu-bundles-test.yaml @@ -34,6 +34,9 @@ jobs: run: | sudo iptables -I INPUT -s 169.254.169.254 -j DROP sudo iptables -I OUTPUT -d 169.254.169.254 -j DROP + - name: Login to earthly + run: | + earthly account login --token ${{ secrets.EARTHLY_TOKEN }} && earthly org select Kairos - env: KVM: true run: | diff --git a/.github/workflows/reusable-qemu-netboot-test.yaml b/.github/workflows/reusable-qemu-netboot-test.yaml index 9bd1f206e..12c355de3 100644 --- a/.github/workflows/reusable-qemu-netboot-test.yaml +++ b/.github/workflows/reusable-qemu-netboot-test.yaml @@ -79,6 +79,9 @@ jobs: run: | sudo iptables -I INPUT -s 169.254.169.254 -j DROP sudo iptables -I OUTPUT -d 169.254.169.254 -j DROP + - name: Login to earthly + run: | + earthly account login --token ${{ secrets.EARTHLY_TOKEN }} && earthly org select Kairos - run: | earthly -P +run-qemu-netboot-test \ --TEST_SUITE=netboot-test \ diff --git a/.github/workflows/reusable-qemu-reset-test.yaml b/.github/workflows/reusable-qemu-reset-test.yaml index f21f1c437..a96c3a47c 100644 --- a/.github/workflows/reusable-qemu-reset-test.yaml +++ b/.github/workflows/reusable-qemu-reset-test.yaml @@ -34,6 +34,9 @@ jobs: run: | sudo iptables -I INPUT -s 169.254.169.254 -j DROP sudo iptables -I OUTPUT -d 169.254.169.254 -j DROP + - name: Login to earthly + run: | + earthly account login --token ${{ secrets.EARTHLY_TOKEN }} && earthly org select Kairos - env: KVM: true run: | diff --git a/.github/workflows/reusable-uki-test.yaml b/.github/workflows/reusable-uki-test.yaml index ca89470ba..8c00402cd 100644 --- a/.github/workflows/reusable-uki-test.yaml +++ b/.github/workflows/reusable-uki-test.yaml @@ -54,6 +54,9 @@ jobs: with: repository: quay.io/kairos/packages packages: utils/earthly + - name: Login to earthly + run: | + earthly account login --token ${{ secrets.EARTHLY_TOKEN }} && earthly org select Kairos - name: Build base image 🔧 run: | # known flavors to work with uki+encryption: fedora >= 38, ubuntu >= 23.10, anything with systemd 253 earthly +base-image \ diff --git a/.github/workflows/reusable-upgrade-latest-test.yaml b/.github/workflows/reusable-upgrade-latest-test.yaml index 272c7c0ef..f9971d523 100644 --- a/.github/workflows/reusable-upgrade-latest-test.yaml +++ b/.github/workflows/reusable-upgrade-latest-test.yaml @@ -84,6 +84,9 @@ jobs: run: | sudo iptables -I INPUT -s 169.254.169.254 -j DROP sudo iptables -I OUTPUT -d 169.254.169.254 -j DROP + - name: Login to earthly + run: | + earthly account login --token ${{ secrets.EARTHLY_TOKEN }} && earthly org select Kairos - run: | # release-downloader globing matches more than one iso. Make sure # we use the right one. diff --git a/.github/workflows/reusable-upgrade-with-cli-test.yaml b/.github/workflows/reusable-upgrade-with-cli-test.yaml index e36a42336..4909095ff 100644 --- a/.github/workflows/reusable-upgrade-with-cli-test.yaml +++ b/.github/workflows/reusable-upgrade-with-cli-test.yaml @@ -74,6 +74,9 @@ jobs: run: | sudo iptables -I INPUT -s 169.254.169.254 -j DROP sudo iptables -I OUTPUT -d 169.254.169.254 -j DROP + - name: Login to earthly + run: | + earthly account login --token ${{ secrets.EARTHLY_TOKEN }} && earthly org select Kairos - run: | earthly +run-qemu-test --PREBUILT_ISO=$(ls *${{ inputs.flavor }}*.iso) \ --FLAVOR=${{ inputs.flavor }} \ diff --git a/.github/workflows/reusable-zfs-test.yaml b/.github/workflows/reusable-zfs-test.yaml index 585ceae27..ca7e16c13 100644 --- a/.github/workflows/reusable-zfs-test.yaml +++ b/.github/workflows/reusable-zfs-test.yaml @@ -32,5 +32,8 @@ jobs: run: | sudo iptables -I INPUT -s 169.254.169.254 -j DROP sudo iptables -I OUTPUT -d 169.254.169.254 -j DROP + - name: Login to earthly + run: | + earthly account login --token ${{ secrets.EARTHLY_TOKEN }} && earthly org select Kairos - run: | earthly +run-qemu-test --PREBUILT_ISO=$(ls *${{ inputs.flavor }}*.iso) --TEST_SUITE=zfs --FLAVOR=${{ inputs.flavor }} diff --git a/.github/workflows/uki.yaml b/.github/workflows/uki.yaml index f3efb344a..8a8e3f15d 100644 --- a/.github/workflows/uki.yaml +++ b/.github/workflows/uki.yaml @@ -11,6 +11,7 @@ concurrency: cancel-in-progress: true env: FORCE_COLOR: 1 + EARTHLY_TOKEN: ${{ secrets.EARTHLY_TOKEN }} jobs: test-uki: strategy: