forked from gardenlinux/gardenlinux
-
Notifications
You must be signed in to change notification settings - Fork 0
69 lines (69 loc) · 2.21 KB
/
nightly.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
name: nightly
on:
schedule:
- cron: '0 6 * * *'
workflow_dispatch:
inputs:
version:
type: string
default: now
jobs:
build:
uses: ./.github/workflows/build.yml
permissions:
id-token: write
packages: write
with:
version: ${{ inputs.version || 'now' }}
default_modifier: "-gardener_prod"
use_kms: true
secrets:
secureboot_db_kms_arn: ${{ secrets.SECUREBOOT_DB_KMS_ARN }}
aws_region: ${{ secrets.AWS_REGION }}
aws_kms_role: ${{ secrets.SECUREBOOT_DB_IAM_ROLE }}
aws_oidc_session: ${{ secrets.AWS_OIDC_SESSION }}
build_container:
name: build container
uses: ./.github/workflows/build_container.yml
tests:
needs: [ build, build_container ]
permissions:
id-token: write
packages: write
uses: ./.github/workflows/tests.yml
with:
version: ${{ needs.build.outputs.version }}
default_modifier: "-gardener_prod"
secrets:
gcp_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
gcp_service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
gcp_project: ${{ secrets.GCP_PROJECT }}
gcp_region: ${{ secrets.GCP_REGION }}
gcp_zone: ${{ secrets.GCP_ZONE }}
aws_role: ${{ secrets.AWS_TESTS_IAM_ROLE }}
aws_session: ${{ secrets.AWS_TESTS_OIDC_SESSION }}
aws_region: ${{ secrets.AWS_TESTS_REGION }}
az_client_id: ${{ secrets.AZURE_CLIENT_ID }}
az_tenant_id: ${{ secrets.AZURE_TENANT_ID }}
az_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
ccc_credentials: ${{ secrets.CCC_CREDENTIALS }}
upload_to_s3:
name: upload to S3
needs: [ build, tests ]
permissions:
id-token: write
uses: ./.github/workflows/upload_to_s3.yml
with:
version: ${{ needs.build.outputs.version }}
default_modifier: "-gardener_prod"
secrets:
bucket: ${{ secrets.AWS_S3_BUCKET }}
region: ${{ secrets.AWS_REGION }}
role: ${{ secrets.AWS_IAM_ROLE }}
session: ${{ secrets.AWS_OIDC_SESSION }}
publish_container:
name: publish gardenlinux container base image
needs: [ build, tests ]
uses: ./.github/workflows/publish_container.yml
with:
version: ${{ needs.build.outputs.version }}