Skip to content

Fixes SLES permissions errors when logging into quay.io #5166

Fixes SLES permissions errors when logging into quay.io

Fixes SLES permissions errors when logging into quay.io #5166

Workflow file for this run

name: CPaaS related workflows
on:
schedule:
- cron: '0 6 * * *'
pull_request:
types:
- labeled
- unlabeled
- synchronize
- opened
- reopened
concurrency:
group: cpaas-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
should-run:
outputs:
should-run: ${{ steps.should-run.outputs.should-run }}
runs-on: ubuntu-24.04
steps:
- id: should-run
run: |
SHOULD_RUN="${{ github.event_name == 'schedule' || contains(github.event.pull_request.labels.*.name, 'run-cpaas-steps') }}"
echo "should-run=${SHOULD_RUN}" >> "$GITHUB_OUTPUT"
init:
needs:
- should-run
if: needs.should-run.outputs.should-run == 'true'
uses: ./.github/workflows/init.yml
with:
cpaas-workflow: true
sync-drivers-and-support-packages:
uses: ./.github/workflows/cpaas-sync-drivers.yml
needs: init
secrets: inherit
with:
support-packages-bucket: ${{ needs.init.outputs.cpaas-support-packages-bucket }}
support-packages-index-bucket: ${{ needs.init.outputs.support-packages-index-bucket }}
public-support-packages-bucket: ${{ needs.init.outputs.public-support-packages-bucket }}
drivers-bucket: ${{ needs.init.outputs.cpaas-drivers-bucket }}
merged-drivers-bucket: ${{ needs.init.outputs.merged-drivers-bucket }}
all-archs-drivers-bucket: ${{ needs.init.outputs.cpaas-all-archs-drivers-bucket }}
branch-name: ${{ needs.init.outputs.branch-name }}
check-drivers-failures:
uses: ./.github/workflows/check-drivers-failures.yml
needs: sync-drivers-and-support-packages
secrets: inherit
with:
logs-artifact:
drivers-build-failures
build-collector:
runs-on: ubuntu-24.04
needs: init
strategy:
matrix:
arch:
- amd64
- s390x
- ppc64le
steps:
- uses: actions/checkout@v4
- uses: docker/login-action@v3
with:
registry: brew.registry.redhat.io
username: ${{ secrets.REDHAT_USERNAME }}
password: ${{ secrets.REDHAT_PASSWORD }}
- name: Pull downstream slim collector
run: |
docker pull --platform linux/${{ matrix.arch }} brew.registry.redhat.io/rh-osbs/rhacs-collector-slim-rhel8:0.1.0
- name: Retag and push stackrox-io -amd64-slim
uses: stackrox/actions/images/retag-and-push@v1
with:
src-image: brew.registry.redhat.io/rh-osbs/rhacs-collector-slim-rhel8:0.1.0
dst-image: ${{ needs.init.outputs.collector-image }}-cpaas-${{ matrix.arch }}
username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }}
password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }}
multiarch-manifest:
runs-on: ubuntu-24.04
env:
COLLECTOR_TAG: ${{ needs.init.outputs.collector-tag }}-cpaas
ARCHS: amd64 ppc64le s390x
needs:
- init
- build-collector
- sync-drivers-and-support-packages
steps:
- uses: actions/checkout@v4
- name: Login to quay.io/stackrox-io
uses: docker/login-action@v3
with:
registry: quay.io
username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }}
password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }}
- name: Multiarch manifest stackrox-io
uses: ./.github/actions/create-multiarch-manifest
with:
base-image: ${{ needs.init.outputs.collector-image }}-cpaas
archs: ${{ env.ARCHS }}
build-test-containers:
uses: ./.github/workflows/integration-test-containers.yml
needs:
- init
with:
collector-tag: ${{ needs.init.outputs.collector-tag }}-cpaas
collector-qa-tag: ${{ needs.init.outputs.collector-qa-tag }}
rebuild-qa-containers: ${{ needs.init.outputs.rebuild-qa-containers == 'true' }}
secrets: inherit
integration-tests:
uses: ./.github/workflows/integration-tests-vm-type.yml
if: ${{ !contains(github.event.pull_request.labels.*.name, 'skip-integration-tests') }}
strategy:
# ensure that if one part of the matrix fails, the
# rest will continue
fail-fast: false
matrix:
vm_type:
- rhel
- rhel-sap
- rhel-s390x
- rhel-ppc64le
with:
vm_type: ${{ matrix.vm_type }}
collector-tag: ${{ needs.init.outputs.collector-tag }}-cpaas
collector-qa-tag: ${{ needs.init.outputs.collector-qa-tag }}
collector-tests-tag: ${{ needs.build-test-containers.outputs.collector-tests-tag }}
job-tag: cpaas
collector-repo: quay.io/stackrox-io/collector
needs:
- init
- multiarch-manifest
- build-test-containers
secrets: inherit
notify:
runs-on: ubuntu-24.04
if: always() && contains(join(needs.*.result, ','), 'failure') && github.event_name == 'schedule'
needs:
- init
- sync-drivers-and-support-packages
- build-collector
- multiarch-manifest
- integration-tests
steps:
- name: Slack notification
uses: rtCamp/action-slack-notify@v2
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_COLLECTOR_ONCALL_WEBHOOK }}
SLACK_CHANNEL: team-acs-collector-oncall
SLACK_COLOR: failure
SLACK_LINK_NAMES: true
SLACK_TITLE: Downstream nightly failed
MSG_MINIMAL: actions url,commit
SLACK_MESSAGE: |
@acs-collector-oncall