@@ -73,96 +73,94 @@ jobs:
7373 tags : ghcr.io/iabtechlab/uid2-operator:5.49.9-alpha-224-SNAPSHOT-azure-cc
7474 is_release : false
7575 steps :
76- - name : Noop
77- run : echo noop
78- # - name: Update Operator Version
79- # id: update_version
80- # uses: IABTechLab/uid2-operator/.github/actions/update_operator_version@main
81- # with:
82- # release_type: ${{ inputs.release_type }}
83- # version_number_input: ${{ inputs.version_number_input }}
84- # image_tag_suffix: ${{ env.ENCLAVE_PROTOCOL }}
85- # commit_sha: ${{ inputs.commit_sha }}
86-
87- # - name: Set up JDK
88- # uses: actions/setup-java@v4
89- # with:
90- # distribution: 'temurin'
91- # java-version: '21'
92-
93- # - name: Package JAR
94- # id: package
95- # run: |
96- # mvn -B package -P ${{ env.MAVEN_PROFILE }}
97- # echo "jar_version=$(mvn help:evaluate -Dexpression=project.version | grep -e '^[1-9][^\[]')" >> $GITHUB_OUTPUT
98- # echo "git_commit=$(git show --format="%h" --no-patch)" >> $GITHUB_OUTPUT
99- # cp -r target ${{ env.DOCKER_CONTEXT_PATH }}/
100- # cp scripts/confidential_compute.py ${{ env.DOCKER_CONTEXT_PATH }}/
101-
102- # - name: Log in to the Docker container registry
103- # uses: docker/login-action@v3
104- # with:
105- # registry: ${{ env.REGISTRY }}
106- # username: ${{ github.actor }}
107- # password: ${{ secrets.GITHUB_TOKEN }}
108-
109- # - name: Extract metadata (tags, labels) for Docker
110- # id: meta
111- # uses: docker/metadata-action@v5
112- # with:
113- # images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
114- # tags: |
115- # type=raw,value=${{ steps.update_version.outputs.image_tag }}
116-
117- # - name: Build and export to Docker
118- # uses: docker/build-push-action@v5
119- # with:
120- # context: ${{ env.DOCKER_CONTEXT_PATH }}
121- # load: true
122- # tags: ${{ steps.meta.outputs.tags }}
123- # labels: ${{ steps.meta.outputs.labels }}
124- # build-args: |
125- # JAR_VERSION=${{ steps.update_version.outputs.new_version }}
126- # IMAGE_VERSION=${{ steps.update_version.outputs.new_version }}
127- # BUILD_TARGET=${{ env.ENCLAVE_PROTOCOL }}
128-
129- # - name: Generate Trivy vulnerability scan report
130- # uses: aquasecurity/[email protected] 131- # with:
132- # image-ref: ${{ steps.meta.outputs.tags }}
133- # format: 'sarif'
134- # exit-code: '0'
135- # ignore-unfixed: true
136- # severity: 'CRITICAL,HIGH'
137- # output: 'trivy-results.sarif'
138- # hide-progress: true
139-
140- # - name: Upload Trivy scan report to GitHub Security tab
141- # uses: github/codeql-action/upload-sarif@v3
142- # with:
143- # sarif_file: 'trivy-results.sarif'
144-
145- # - name: Test with Trivy vulnerability scanner
146- # uses: aquasecurity/[email protected] 147- # with:
148- # image-ref: ${{ steps.meta.outputs.tags }}
149- # format: 'table'
150- # exit-code: '1'
151- # ignore-unfixed: true
152- # severity: ${{ inputs.vulnerability_severity }}
153- # hide-progress: true
154-
155- # - name: Push to Docker
156- # id: push-to-docker
157- # uses: docker/build-push-action@v5
158- # with:
159- # context: ${{ env.DOCKER_CONTEXT_PATH }}
160- # push: true
161- # tags: ${{ steps.meta.outputs.tags }}
162- # labels: ${{ steps.meta.outputs.labels }}
163- # build-args: |
164- # JAR_VERSION=${{ steps.update_version.outputs.new_version }}
165- # IMAGE_VERSION=${{ steps.update_version.outputs.new_version }}
76+ - name : Update Operator Version
77+ id : update_version
78+ uses : IABTechLab/uid2-operator/.github/actions/update_operator_version@main
79+ with :
80+ release_type : ${{ inputs.release_type }}
81+ version_number_input : ${{ inputs.version_number_input }}
82+ image_tag_suffix : ${{ env.ENCLAVE_PROTOCOL }}
83+ commit_sha : ${{ inputs.commit_sha }}
84+
85+ - name : Set up JDK
86+ uses : actions/setup-java@v4
87+ with :
88+ distribution : ' temurin'
89+ java-version : ' 21'
90+
91+ - name : Package JAR
92+ id : package
93+ run : |
94+ mvn -B package -P ${{ env.MAVEN_PROFILE }}
95+ echo "jar_version=$(mvn help:evaluate -Dexpression=project.version | grep -e '^[1-9][^\[]')" >> $GITHUB_OUTPUT
96+ echo "git_commit=$(git show --format="%h" --no-patch)" >> $GITHUB_OUTPUT
97+ cp -r target ${{ env.DOCKER_CONTEXT_PATH }}/
98+ cp scripts/confidential_compute.py ${{ env.DOCKER_CONTEXT_PATH }}/
99+
100+ name : Log in to the Docker container registry
101+ uses : docker/login-action@v3
102+ with :
103+ registry : ${{ env.REGISTRY }}
104+ username : ${{ github.actor }}
105+ password : ${{ secrets.GITHUB_TOKEN }}
106+
107+ - name : Extract metadata (tags, labels) for Docker
108+ id : meta
109+ uses : docker/metadata-action@v5
110+ with :
111+ images : ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
112+ tags : |
113+ type=raw,value=${{ steps.update_version.outputs.image_tag }}
114+
115+ name : Build and export to Docker
116+ uses : docker/build-push-action@v5
117+ with :
118+ context : ${{ env.DOCKER_CONTEXT_PATH }}
119+ load : true
120+ tags : ${{ steps.meta.outputs.tags }}
121+ labels : ${{ steps.meta.outputs.labels }}
122+ build-args : |
123+ JAR_VERSION=${{ steps.update_version.outputs.new_version }}
124+ IMAGE_VERSION=${{ steps.update_version.outputs.new_version }}
125+ BUILD_TARGET=${{ env.ENCLAVE_PROTOCOL }}
126+
127+ name : Generate Trivy vulnerability scan report
128+ uses :
aquasecurity/[email protected] 129+ with :
130+ image-ref : ${{ steps.meta.outputs.tags }}
131+ format : ' sarif'
132+ exit-code : ' 0'
133+ ignore-unfixed : true
134+ severity : ' CRITICAL,HIGH'
135+ output : ' trivy-results.sarif'
136+ hide-progress : true
137+
138+ - name : Upload Trivy scan report to GitHub Security tab
139+ uses : github/codeql-action/upload-sarif@v3
140+ with :
141+ sarif_file : ' trivy-results.sarif'
142+
143+ - name : Test with Trivy vulnerability scanner
144+ uses :
aquasecurity/[email protected] 145+ with :
146+ image-ref : ${{ steps.meta.outputs.tags }}
147+ format : ' table'
148+ exit-code : ' 1'
149+ ignore-unfixed : true
150+ severity : ${{ inputs.vulnerability_severity }}
151+ hide-progress : true
152+
153+ - name : Push to Docker
154+ id : push-to-docker
155+ uses : docker/build-push-action@v5
156+ with :
157+ context : ${{ env.DOCKER_CONTEXT_PATH }}
158+ push : true
159+ tags : ${{ steps.meta.outputs.tags }}
160+ labels : ${{ steps.meta.outputs.labels }}
161+ build-args : |
162+ JAR_VERSION=${{ steps.update_version.outputs.new_version }}
163+ IMAGE_VERSION=${{ steps.update_version.outputs.new_version }}
166164
167165azureCc :
168166 name : Azure CC
@@ -234,14 +232,14 @@ jobs:
234232 ${{ env.ARTIFACTS_OUTPUT_DIR }}/uid2-operator-deployment-artifacts-${{ needs.buildImage.outputs.jar_version }}.zip
235233 ${{ env.MANIFEST_OUTPUT_DIR }}/azure-cc-operator-digest-${{ needs.buildImage.outputs.jar_version }}.txt
236234
237- # e2e :
238- # name: E2E
239- # uses: ./.github/workflows/run-e2e-tests-on-operator.yaml
240- # needs: [buildImage, azureCc]
241- # with:
242- # operator_type: azure
243- # operator_image_version: ${{ needs.buildImage.outputs.image_tag }}
244- # secrets: inherit
235+ e2eAzureCc :
236+ name : E2E Azure CC
237+ uses : ./.github/workflows/run-e2e-tests-on-operator.yaml
238+ needs : [buildImage, azureCc]
239+ with :
240+ operator_type : azure
241+ operator_image_version : ${{ needs.buildImage.outputs.image_tag }}
242+ secrets : inherit
245243
246244 azureVn :
247245 name : Azure VN
@@ -312,3 +310,12 @@ jobs:
312310 files : |
313311 ${{ env.ARTIFACTS_OUTPUT_DIR }}/uid2-operator-deployment-artifacts-${{ needs.buildImage.outputs.jar_version }}.zip
314312 ${{ env.MANIFEST_OUTPUT_DIR }}/${{ env.ARTIFACT_PREFIX }}operator-digest-${{ needs.buildImage.outputs.jar_version }}.txt
313+
314+ e2eAzureCc :
315+ name : E2E Azure VN
316+ uses : ./.github/workflows/run-e2e-tests-on-operator.yaml
317+ needs : [buildImage, azureCc]
318+ with :
319+ operator_type : azureVn
320+ operator_image_version : ${{ needs.buildImage.outputs.image_tag }}
321+ secrets : inherit
0 commit comments