From f0042fb8283dcd0898fa2c75d665c0d2333c714f Mon Sep 17 00:00:00 2001 From: Drew Minnear Date: Tue, 9 Sep 2025 15:14:00 -0400 Subject: [PATCH 1/4] use buildah based build and push actions for parity with local process --- .github/workflows/container-test.yml | 19 ++- .github/workflows/docker-publish.yml | 193 ++++++++------------------- 2 files changed, 70 insertions(+), 142 deletions(-) diff --git a/.github/workflows/container-test.yml b/.github/workflows/container-test.yml index 919b60d..6c5c344 100644 --- a/.github/workflows/container-test.yml +++ b/.github/workflows/container-test.yml @@ -1,10 +1,10 @@ ---- name: "Container build and test" on: workflow_call: -permissions: read-all +permissions: + contents: read jobs: podman-build: @@ -14,8 +14,19 @@ jobs: - name: Checkout uses: actions/checkout@v5 - - name: Utility Container Build - run: make manifest podman-build-amd64 + - name: Download AMD64 image + uses: actions/download-artifact@v5 + with: + name: image-amd64-${{ github.run_id }} + path: /tmp + + - name: Load tarballs into local containers-storage + run: | + buildah pull docker-archive:/tmp/image-amd64.tar + make manifest + buildah manifest add --arch=amd64 "${{ env.CONTAINER }}" "${{ env.CONTAINER }}-amd64" + env: + CONTAINER: utility-container:latest - name: Run Container tests run: make test-amd64 diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index ffadb57..954498f 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -1,10 +1,8 @@ ---- -name: Docker build and push to quay +name: Build (amd64 and arm64) and push to quay registries on: push: branches: ["main"] - # Publish semver tags as releases. tags: ["v*.*.*"] pull_request: branches: ["main"] @@ -15,32 +13,19 @@ on: types: [dependency-updated] env: - # Use docker.io for Docker Hub if empty - REGISTRY: quay.io - # Generic image name for build artifacts, will be retagged for specific repos - QUAY_IMAGE_NAME: localhost/utility-container + REGISTRY: localhost + NAME: utility-container + TAG: ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || (github.ref_name == 'main' && 'latest' || github.ref_name) }} jobs: - test: - uses: ./.github/workflows/container-test.yml - build-container: - needs: [test] strategy: matrix: include: - targetarch: amd64 runner: ubuntu-latest - platform: linux/amd64 - alttargetarch: x86_64 - opttargetarch: "" - extrarpms: "" - targetarch: arm64 runner: ubuntu-24.04-arm - platform: linux/arm64 - alttargetarch: aarch64 - opttargetarch: "arm64-" - extrarpms: "gcc python3-devel glibc-devel libxcrypt-devel" runs-on: ${{ matrix.runner }} permissions: @@ -50,50 +35,34 @@ jobs: - name: Checkout repository uses: actions/checkout@v5 - # Set up BuildKit Docker container builder for docker save functionality - # https://github.com/docker/setup-buildx-action - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - - # https://github.com/docker/build-push-action - # Build Docker image with Buildx. We always disable the cache as - # it sometimes would not pull the new git changes for the cluster_utils,v1 - - name: Build Docker image - id: build-and-push - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 - with: - context: . - file: Containerfile - platforms: ${{ matrix.platform }} - push: false - tags: ${{ env.REGISTRY }}/${{ env.QUAY_IMAGE_NAME }}:build-${{ github.run_id }}-${{ matrix.targetarch }} - no-cache: true - outputs: type=docker,dest=/tmp/image-${{ matrix.targetarch }}.tar - build-args: | - TARGETARCH=${{ matrix.targetarch }} - ALTTARGETARCH=${{ matrix.alttargetarch }} - OPTTARGETARCH=${{ matrix.opttargetarch }} - EXTRARPMS=${{ matrix.extrarpms }} - - # Upload image as artifact + - name: Build container and save tarball + run: | + make ${{ matrix.targetarch }} + buildah push ${{ env.CONTAINER }}-${{ matrix.targetarch }} docker-archive:/tmp/image-${{ matrix.targetarch }}.tar:${{ env.CONTAINER }}-${{ matrix.targetarch }} + env: + CONTAINER: ${{ env.NAME }}:${{ env.TAG }} + - name: Upload image artifact - if: github.event_name != 'pull_request' uses: actions/upload-artifact@v4 with: name: image-${{ matrix.targetarch }}-${{ github.run_id }} path: /tmp/image-${{ matrix.targetarch }}.tar retention-days: 1 - create-multiarch-manifest: + test-container: needs: [build-container] - if: github.event_name != 'pull_request' + uses: ./.github/workflows/container-test.yml + + push-multiarch-manifest: + needs: [test-container] + # if: github.event_name != 'pull_request' strategy: matrix: include: - - image_name: validatedpatterns/utility-container + - upload_registry: quay.io/validatedpatterns username_secret: QUAY_USERNAME password_secret: QUAY_PASSWORD - - image_name: hybridcloudpatterns/utility-container + - upload_registry: quay.io/hybridcloudpatterns username_secret: LEGACY_QUAY_USERNAME password_secret: LEGACY_QUAY_PASSWORD @@ -105,110 +74,58 @@ jobs: id-token: write steps: - # Download image artifacts + - name: Checkout repository + uses: actions/checkout@v5 + - name: Download AMD64 image - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v5 with: name: image-amd64-${{ github.run_id }} - path: /tmp/ + path: /tmp - name: Download ARM64 image - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v5 with: name: image-arm64-${{ github.run_id }} - path: /tmp/ + path: /tmp - # Load images into Docker and retag for this repo - - name: Load and retag images + - name: Load tarballs into local containers-storage run: | - docker load --input /tmp/image-amd64.tar - docker load --input /tmp/image-arm64.tar + buildah pull docker-archive:/tmp/image-amd64.tar + buildah pull docker-archive:/tmp/image-arm64.tar - # Retag loaded images for this specific repo - OLD_IMAGE_BASE="${{ env.REGISTRY }}/${{ env.QUAY_IMAGE_NAME }}" - NEW_IMAGE_BASE="${{ env.REGISTRY }}/${{ matrix.image_name }}" + - name: Log into Quay + run: | + buildah login -u ${{ env.USERNAME }} -p ${{ env.PASSWORD }} quay.io + env: + USERNAME: ${{ secrets[matrix.username_secret] }} + PASSWORD: ${{ secrets[matrix.password_secret] }} - docker tag "${OLD_IMAGE_BASE}:build-${{ github.run_id }}-amd64" "${NEW_IMAGE_BASE}:build-${{ github.run_id }}-amd64" - docker tag "${OLD_IMAGE_BASE}:build-${{ github.run_id }}-arm64" "${NEW_IMAGE_BASE}:build-${{ github.run_id }}-arm64" + # The compressed manifest in Quay has a different digest than the local so we + # need to use skopeo to retrieve the correct digest for signing + - name: Create manifest and push to Quay + id: manifest-push + run: | + make manifest + buildah manifest add --arch=amd64 "${{ env.LOCAL_IMAGE_NAME }}" "${{ env.LOCAL_IMAGE_NAME }}-amd64" + buildah manifest add --arch=arm64 "${{ env.LOCAL_IMAGE_NAME }}" "${{ env.LOCAL_IMAGE_NAME }}-arm64" + make upload + DIGEST=$(skopeo inspect --format "{{.Digest}}" "docker://${{ env.UPLOADREGISTRY }}/${{ env.CONTAINER }}") + echo "digest=$DIGEST" >> $GITHUB_OUTPUT + env: + UPLOADREGISTRY: ${{ matrix.upload_registry }} + CONTAINER: ${{ env.NAME }}:${{ env.TAG }} - # Install the cosign tool - # https://github.com/sigstore/cosign-installer - name: Install cosign uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2 with: cosign-release: "v2.2.4" - - name: Log into registry ${{ env.REGISTRY }} - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 - with: - registry: ${{ env.REGISTRY }} - username: ${{ secrets[matrix.username_secret] }} - password: ${{ secrets[matrix.password_secret] }} - - # Push individual architecture images to registry - - name: Push architecture-specific images - run: | - IMAGE_BASE="${{ env.REGISTRY }}/${{ matrix.image_name }}" - docker push "${IMAGE_BASE}:build-${{ github.run_id }}-amd64" - docker push "${IMAGE_BASE}:build-${{ github.run_id }}-arm64" - - # Extract metadata for multi-arch manifest - - name: Extract Docker metadata for manifest - id: meta - uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0 - with: - images: ${{ env.REGISTRY }}/${{ matrix.image_name }} - flavor: | - latest=${{ github.ref == 'refs/heads/main' }} - - # Create and push multi-arch manifest - - name: Create and push multi-arch manifest - id: push-manifest - run: | - IMAGE_BASE="${{ env.REGISTRY }}/${{ matrix.image_name }}" - - # Get the tags from metadata - TAGS="${{ steps.meta.outputs.tags }}" - - for TAG in $TAGS; do - echo "Creating manifest for: $TAG" - - # Use docker buildx imagetools to create multi-arch manifest - docker buildx imagetools create -t "$TAG" \ - "${IMAGE_BASE}:build-${{ github.run_id }}-amd64" \ - "${IMAGE_BASE}:build-${{ github.run_id }}-arm64" - done - - # Get the digest of the first tag for signing - FIRST_TAG=$(echo "$TAGS" | head -n1) - DIGEST=$(docker buildx imagetools inspect "$FIRST_TAG" --format '{{json .}}' | jq -r '.manifest.digest') - echo "digest=$DIGEST" >> "$GITHUB_OUTPUT" - - # Sign the resulting Docker image digest - # This will only write to the public Rekor transparency log when the Docker - # repository is public to avoid leaking data. If you would like to publish - # transparency data even for private images, pass --force to cosign below. - # https://github.com/sigstore/cosign + # Cosign expects the docker config.json for registry authentication so we must + # copy it from buildah - name: Sign the published Docker image - env: - # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable - TAGS: ${{ steps.meta.outputs.tags }} - DIGEST: ${{ steps.push-manifest.outputs.digest }} - # This step uses the identity token to provision an ephemeral certificate - # against the sigstore community Fulcio instance. - run: echo "${TAGS}" | xargs -I "{}" cosign sign --yes "{}@${DIGEST}" - - # Clean up temporary architecture-specific images - - name: Clean up temporary images - if: always() run: | - IMAGE_BASE="${{ env.REGISTRY }}/${{ matrix.image_name }}" - - # Try to delete temporary images, ignore errors if they don't exist - docker run --rm quay.io/skopeo/stable delete \ - --creds "${{ secrets[matrix.username_secret] }}:${{ secrets[matrix.password_secret] }}" \ - docker://"${IMAGE_BASE}:build-${{ github.run_id }}-amd64" || true - - docker run --rm quay.io/skopeo/stable delete \ - --creds "${{ secrets[matrix.username_secret] }}:${{ secrets[matrix.password_secret] }}" \ - docker://"${IMAGE_BASE}:build-${{ github.run_id }}-arm64" || true + cat ${XDG_RUNTIME_DIR}/containers/auth.json > ~/.docker/config.json + cosign sign --yes ${{ matrix.upload_registry }}/${{ env.CONTAINER }}@${{ steps.manifest-push.outputs.digest }} + env: + CONTAINER: ${{ env.NAME }}:${{ env.TAG }} From f2e0a077cca636338977c48b515e5608d6279b48 Mon Sep 17 00:00:00 2001 From: Drew Minnear Date: Wed, 10 Sep 2025 10:13:53 -0400 Subject: [PATCH 2/4] update based on superlinter --- .github/linters/.hadolint.yaml | 2 +- .github/workflows/container-test.yml | 12 ++-- .github/workflows/docker-publish.yml | 50 ++++++++------- .github/workflows/superlinter.yml | 45 +++----------- README.md | 91 +++++++++++++++------------- default-cmd.sh | 2 +- 6 files changed, 97 insertions(+), 105 deletions(-) diff --git a/.github/linters/.hadolint.yaml b/.github/linters/.hadolint.yaml index 78b22a8..6826e7f 100644 --- a/.github/linters/.hadolint.yaml +++ b/.github/linters/.hadolint.yaml @@ -8,6 +8,6 @@ ignored: # version explicitly to a release tag - DL3007 # Specify version with `dnf install -y -`. - - DL3041 + - DL3041 # Pin versions in pip. Instead of `pip install ` use `pip install - DL3013 diff --git a/.github/workflows/container-test.yml b/.github/workflows/container-test.yml index 6c5c344..b8aaae6 100644 --- a/.github/workflows/container-test.yml +++ b/.github/workflows/container-test.yml @@ -6,6 +6,10 @@ on: permissions: contents: read +env: + REGISTRY: localhost + CONTAINER: utility-container:latest + jobs: podman-build: name: Utility Container Build @@ -13,6 +17,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v5 + with: + persist-credentials: false - name: Download AMD64 image uses: actions/download-artifact@v5 @@ -24,9 +30,7 @@ jobs: run: | buildah pull docker-archive:/tmp/image-amd64.tar make manifest - buildah manifest add --arch=amd64 "${{ env.CONTAINER }}" "${{ env.CONTAINER }}-amd64" - env: - CONTAINER: utility-container:latest + buildah manifest add --arch=amd64 "${REGISTRY}/${CONTAINER}" "${REGISTRY}/${CONTAINER}-amd64" - name: Run Container tests run: make test-amd64 @@ -35,5 +39,5 @@ jobs: run: | git clone --depth 1 https://github.com/hybrid-cloud-patterns/multicloud-gitops cd multicloud-gitops - export PATTERN_UTILITY_CONTAINER=localhost/utility-container:latest-amd64 + export PATTERN_UTILITY_CONTAINER="${REGISTRY}/${CONTAINER}-amd64" ./pattern.sh make validate-schema diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 954498f..0b48d4a 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -12,6 +12,9 @@ on: repository_dispatch: types: [dependency-updated] +permissions: + contents: read + env: REGISTRY: localhost NAME: utility-container @@ -34,13 +37,16 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v5 + with: + persist-credentials: false - name: Build container and save tarball - run: | - make ${{ matrix.targetarch }} - buildah push ${{ env.CONTAINER }}-${{ matrix.targetarch }} docker-archive:/tmp/image-${{ matrix.targetarch }}.tar:${{ env.CONTAINER }}-${{ matrix.targetarch }} env: CONTAINER: ${{ env.NAME }}:${{ env.TAG }} + TARGETARCH: ${{ matrix.targetarch }} + run: | + make "${TARGETARCH}" + buildah push "${CONTAINER}-${TARGETARCH}" "docker-archive:/tmp/image-${TARGETARCH}.tar:${CONTAINER}-${TARGETARCH}" - name: Upload image artifact uses: actions/upload-artifact@v4 @@ -60,11 +66,9 @@ jobs: matrix: include: - upload_registry: quay.io/validatedpatterns - username_secret: QUAY_USERNAME - password_secret: QUAY_PASSWORD + legacy: false - upload_registry: quay.io/hybridcloudpatterns - username_secret: LEGACY_QUAY_USERNAME - password_secret: LEGACY_QUAY_PASSWORD + legacy: true runs-on: ubuntu-latest permissions: @@ -76,6 +80,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v5 + with: + persist-credentials: false - name: Download AMD64 image uses: actions/download-artifact@v5 @@ -95,26 +101,26 @@ jobs: buildah pull docker-archive:/tmp/image-arm64.tar - name: Log into Quay - run: | - buildah login -u ${{ env.USERNAME }} -p ${{ env.PASSWORD }} quay.io env: - USERNAME: ${{ secrets[matrix.username_secret] }} - PASSWORD: ${{ secrets[matrix.password_secret] }} + USERNAME: ${{ matrix.legacy && secrets.LEGACY_QUAY_USERNAME || secrets.QUAY_USERNAME }} + PASSWORD: ${{ matrix.legacy && secrets.LEGACY_QUAY_PASSWORD || secrets.QUAY_PASSWORD }} + run: | + buildah login -u "${USERNAME}" -p "${PASSWORD}" quay.io # The compressed manifest in Quay has a different digest than the local so we # need to use skopeo to retrieve the correct digest for signing - name: Create manifest and push to Quay id: manifest-push - run: | - make manifest - buildah manifest add --arch=amd64 "${{ env.LOCAL_IMAGE_NAME }}" "${{ env.LOCAL_IMAGE_NAME }}-amd64" - buildah manifest add --arch=arm64 "${{ env.LOCAL_IMAGE_NAME }}" "${{ env.LOCAL_IMAGE_NAME }}-arm64" - make upload - DIGEST=$(skopeo inspect --format "{{.Digest}}" "docker://${{ env.UPLOADREGISTRY }}/${{ env.CONTAINER }}") - echo "digest=$DIGEST" >> $GITHUB_OUTPUT env: UPLOADREGISTRY: ${{ matrix.upload_registry }} CONTAINER: ${{ env.NAME }}:${{ env.TAG }} + run: | + make manifest + buildah manifest add --arch=amd64 "${REGISTRY}/${CONTAINER}" "${REGISTRY}/${CONTAINER}-amd64" + buildah manifest add --arch=arm64 "${REGISTRY}/${CONTAINER}" "${REGISTRY}/${CONTAINER}-arm64" + make upload + DIGEST=$(skopeo inspect --format "{{.Digest}}" "docker://${UPLOADREGISTRY}/${CONTAINER}") + echo "digest=$DIGEST" >> "$GITHUB_OUTPUT" - name: Install cosign uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2 @@ -124,8 +130,10 @@ jobs: # Cosign expects the docker config.json for registry authentication so we must # copy it from buildah - name: Sign the published Docker image - run: | - cat ${XDG_RUNTIME_DIR}/containers/auth.json > ~/.docker/config.json - cosign sign --yes ${{ matrix.upload_registry }}/${{ env.CONTAINER }}@${{ steps.manifest-push.outputs.digest }} env: CONTAINER: ${{ env.NAME }}:${{ env.TAG }} + DIGEST: ${{ steps.manifest-push.outputs.digest }} + UPLOADREGISTRY: ${{ matrix.upload_registry }} + run: | + cat "${XDG_RUNTIME_DIR}/containers/auth.json" > ~/.docker/config.json + cosign sign --yes "${UPLOADREGISTRY}/${CONTAINER}@${DIGEST}" diff --git a/.github/workflows/superlinter.yml b/.github/workflows/superlinter.yml index 502be1b..694d644 100644 --- a/.github/workflows/superlinter.yml +++ b/.github/workflows/superlinter.yml @@ -1,42 +1,15 @@ ---- name: Super linter on: pull_request: - branches: ["main"] + branches: [main] -jobs: - build: - # Name the Job - name: Super linter - # Set the agent to run on - runs-on: ubuntu-latest - - steps: - - name: Checkout Code - uses: actions/checkout@v5 - with: - # Full git history is needed to get a proper list of changed files - # within `super-linter` - fetch-depth: 0 +permissions: + contents: read - ################################ - # Run Linter against code base # - ################################ - - name: Lint Code Base - uses: super-linter/super-linter/slim@v8 - env: - VALIDATE_ALL_CODEBASE: true - VALIDATE_CHECKOV: false - VALIDATE_GITHUB_ACTIONS_ZIZMOR: false - VALIDATE_JSON_PRETTIER: false - VALIDATE_MARKDOWN_PRETTIER: false - VALIDATE_NATURAL_LANGUAGE: false - VALIDATE_PYTHON_PYLINT: false - VALIDATE_SHELL_SHFMT: false - VALIDATE_TRIVY: false - VALIDATE_YAML: false - VALIDATE_YAML_PRETTIER: false - DEFAULT_BRANCH: main - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # These are the validation we disable atm +jobs: + lint: + uses: validatedpatterns/github-actions-library/.github/workflows/superlinter.yml@v1 + with: + sl_env: | + VALIDATE_TRIVY=false diff --git a/README.md b/README.md index dad0b43..a0cd31f 100644 --- a/README.md +++ b/README.md @@ -12,48 +12,52 @@ This container provides a pre-configured environment with all the necessary tool ## Installed Software -| name | type | version | -|:---------------------------------:|:--------:|:------------:| -|ansible |pip |2.16.14 | -|ansible.posix |collection|2.1.0 | -|ansible-runner |pip |2.4.1 | -|ansible.utils |collection|6.0.0 | -|argocd |binary |v2.9.7+fbb6b20| -|awscli |pip |1.42.25 | -|awx.awx |collection|24.6.1 | -|awxkit |pip |24.6.1 | -|azure-cli |pip |2.77.0 | -|boto3 |pip |1.40.25 | -|botocore |pip |1.40.25 | -|community.general |collection|11.2.1 | -|community.okd |collection|5.0.0 | -|gcloud |pip |0.18.3 | -|gh |package |2.78.0 | -|git-core |package |2.47.3 | -|gzip |package |1.12 | -|hcp |binary |4.17.0 | -|helm |binary |v3.13.3 | -|infra.ah_configuration |collection|2.1.0 | -|infra.controller_configuration |collection|3.1.3 | -|infra.eda_configuration |collection|1.1.0 | -|jmespath |pip |1.0.1 | -|jq |package |1.6 | -|kubernetes.core |collection|6.1.0 | -|kubernetes |pip |33.1.0 | -|kustomize |binary |v5.0.1 | -|make |package |4.3 | -|openshift |binary |4.14.20 | -|pytest |pip |8.4.2 | -|python3-pip |package |21.3.1 | -|python |package |3.11.11 | -|redhat_cop.controller_configuration|collection|2.3.1 | -|rhvp.cluster_utils |collection|1.1.0 | -|sshpass |package |1.09 | -|tar |package |1.34 | -|tea |binary |0.9.2 | -|tekton |binary |0.35.2 | -|vi |package |8.2.2637 | -|vp-qe-test-common |pip |0.1.0 | + + +| name | type | version | +| :---------------------------------: | :--------: | :------------: | +| ansible | pip | 2.16.14 | +| ansible.posix | collection | 2.1.0 | +| ansible-runner | pip | 2.4.1 | +| ansible.utils | collection | 6.0.0 | +| argocd | binary | v2.9.7+fbb6b20 | +| awscli | pip | 1.42.25 | +| awx.awx | collection | 24.6.1 | +| awxkit | pip | 24.6.1 | +| azure-cli | pip | 2.77.0 | +| boto3 | pip | 1.40.25 | +| botocore | pip | 1.40.25 | +| community.general | collection | 11.2.1 | +| community.okd | collection | 5.0.0 | +| gcloud | pip | 0.18.3 | +| gh | package | 2.78.0 | +| git-core | package | 2.47.3 | +| gzip | package | 1.12 | +| hcp | binary | 4.17.0 | +| helm | binary | v3.13.3 | +| infra.ah_configuration | collection | 2.1.0 | +| infra.controller_configuration | collection | 3.1.3 | +| infra.eda_configuration | collection | 1.1.0 | +| jmespath | pip | 1.0.1 | +| jq | package | 1.6 | +| kubernetes.core | collection | 6.1.0 | +| kubernetes | pip | 33.1.0 | +| kustomize | binary | v5.0.1 | +| make | package | 4.3 | +| openshift | binary | 4.14.20 | +| pytest | pip | 8.4.2 | +| python3-pip | package | 21.3.1 | +| python | package | 3.11.11 | +| redhat_cop.controller_configuration | collection | 2.3.1 | +| rhvp.cluster_utils | collection | 1.1.0 | +| sshpass | package | 1.09 | +| tar | package | 1.34 | +| tea | binary | 0.9.2 | +| tekton | binary | 0.35.2 | +| vi | package | 8.2.2637 | +| vp-qe-test-common | pip | 0.1.0 | + + ## Usage @@ -103,14 +107,17 @@ podman run --rm -it --net=host \ ## Troubleshooting **Permission issues with volume mounts** + - Ensure the `--security-opt label=disable` flag is used when running the container. - Check that your user has read/write access to the mounted directories. **Network connectivity issues** + - Use `--net=host` for full network access. - For restricted environments, configure appropriate network policies. **Missing tools or outdated versions** + - Check the installed software table above for current versions. - Consider building a custom image if you need different tool versions. diff --git a/default-cmd.sh b/default-cmd.sh index 727abc1..3670eec 100755 --- a/default-cmd.sh +++ b/default-cmd.sh @@ -1,6 +1,6 @@ #!/bin/bash echo -e \ -" + " 1 Welcome to the Validate Pattern utility container 111 It contains all the needed components to install a pattern. 1 1 From a229fde3c4d64b227c7b792b9ae92df9275a6359 Mon Sep 17 00:00:00 2001 From: Drew Minnear Date: Wed, 10 Sep 2025 10:52:36 -0400 Subject: [PATCH 3/4] use corret tag --- .github/workflows/container-test.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/container-test.yml b/.github/workflows/container-test.yml index b8aaae6..132edcd 100644 --- a/.github/workflows/container-test.yml +++ b/.github/workflows/container-test.yml @@ -8,7 +8,8 @@ permissions: env: REGISTRY: localhost - CONTAINER: utility-container:latest + NAME: utility-container + TAG: ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || (github.ref_name == 'main' && 'latest' || github.ref_name) }} jobs: podman-build: @@ -27,6 +28,8 @@ jobs: path: /tmp - name: Load tarballs into local containers-storage + env: + CONTAINER: ${{ env.NAME }}:${{ env.TAG }} run: | buildah pull docker-archive:/tmp/image-amd64.tar make manifest @@ -36,6 +39,8 @@ jobs: run: make test-amd64 - name: Clone MCG and test a target via container + env: + CONTAINER: ${{ env.NAME }}:${{ env.TAG }} run: | git clone --depth 1 https://github.com/hybrid-cloud-patterns/multicloud-gitops cd multicloud-gitops From c3f81f626c20d40766233fd934881d5a163446f6 Mon Sep 17 00:00:00 2001 From: Drew Minnear Date: Wed, 10 Sep 2025 11:11:17 -0400 Subject: [PATCH 4/4] no push on PRs --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 0b48d4a..4ed2c3d 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -61,7 +61,7 @@ jobs: push-multiarch-manifest: needs: [test-container] - # if: github.event_name != 'pull_request' + if: github.event_name != 'pull_request' strategy: matrix: include: