Certify UBI image quay.io/nginx/nginx-ingress:edge-ubi by @pdabelf5 #15
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Certify UBI image | |
| run-name: Certify UBI image ${{ inputs.image }} by @${{ github.actor }} | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| image: | |
| description: "Image to certify" | |
| required: true | |
| type: string | |
| submit: | |
| description: "Submit results to Redhat" | |
| required: false | |
| type: boolean | |
| default: false | |
| preflight_version: | |
| description: "Preflight version to use" | |
| required: false | |
| type: string | |
| default: "1.14.1" | |
| platforms: | |
| description: A comma separated list of architectures in the image manifest to certify | |
| required: false | |
| default: "amd64,arm64" | |
| defaults: | |
| run: | |
| shell: bash | |
| permissions: | |
| contents: read | |
| jobs: | |
| certify-ubi-images: | |
| name: Certify OpenShift UBI images | |
| runs-on: ubuntu-24.04 | |
| environment: access | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - name: Azure login | |
| uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0 | |
| with: | |
| client-id: ${{ secrets.AZURE_VAULT_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_VAULT_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_VAULT_SUBSCRIPTION_ID }} | |
| - name: Setup secrets | |
| id: secrets | |
| run: | | |
| echo "Setting PyAxis secrets for authenticated build" | |
| PYAXIS_TOKEN=$(az keyvault secret show --name nic-pyaxis-token --vault-name ${{ secrets.NIC_KEYVAULT_NAME }} --query value -o tsv) | |
| echo "::add-mask::$PYAXIS_TOKEN" | |
| echo "PYAXIS_TOKEN=$PYAXIS_TOKEN" >> $GITHUB_OUTPUT | |
| PYAXIS_CERTIFICATION_PROJECT_ID=$(az keyvault secret show --name nic-pyaxis-certification-pid --vault-name ${{ secrets.NIC_KEYVAULT_NAME }} --query value -o tsv) | |
| echo "::add-mask::$PYAXIS_CERTIFICATION_PROJECT_ID" | |
| echo "PYAXIS_CERTIFICATION_PROJECT_ID=$PYAXIS_CERTIFICATION_PROJECT_ID" >> $GITHUB_OUTPUT | |
| - name: Certify UBI OSS images in quay | |
| uses: ./.github/actions/certify-openshift-image | |
| with: | |
| image: ${{ inputs.image }} | |
| project_id: ${{ steps.secrets.outputs.PYAXIS_CERTIFICATION_PROJECT_ID }} | |
| pyxis_token: ${{ steps.secrets.outputs.PYAXIS_TOKEN }} | |
| preflight_version: ${{ inputs.preflight_version }} | |
| submit: ${{ inputs.submit || true }} | |
| platforms: ${{ inputs.platforms }} |