Add pkispawn EST deployment documentation #5466
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ACME Tests | |
on: [push, pull_request] | |
env: | |
BASE_IMAGE: ${{ vars.BASE_IMAGE || 'registry.fedoraproject.org/fedora:latest' }} | |
COPR_REPO: ${{ vars.COPR_REPO || '@pki/master' }} | |
jobs: | |
build: | |
name: Building ACME images | |
runs-on: ubuntu-latest | |
env: | |
NAMESPACE: ${{ vars.REGISTRY_NAMESPACE || 'dogtagpki' }} | |
steps: | |
- name: Clone repository | |
uses: actions/checkout@v4 | |
- name: Update Dockerfile | |
run: | | |
# update registry namespace | |
sed -i "s/quay.io\/dogtagpki\//quay.io\/$NAMESPACE\//g" Dockerfile | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Cache Docker layers | |
id: cache-buildx | |
uses: actions/cache@v4 | |
with: | |
key: buildx-${{ hashFiles('pki.spec') }} | |
path: /tmp/.buildx-cache | |
- name: Build pki-deps image | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
build-args: | | |
BASE_IMAGE=${{ env.BASE_IMAGE }} | |
COPR_REPO=${{ env.COPR_REPO }} | |
tags: pki-deps | |
target: pki-deps | |
cache-to: type=local,dest=/tmp/.buildx-cache | |
if: steps.cache-buildx.outputs.cache-hit != 'true' | |
- name: Build pki-builder-deps image | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
build-args: | | |
BASE_IMAGE=${{ env.BASE_IMAGE }} | |
COPR_REPO=${{ env.COPR_REPO }} | |
tags: pki-builder-deps | |
target: pki-builder-deps | |
cache-to: type=local,dest=/tmp/.buildx-cache | |
if: steps.cache-buildx.outputs.cache-hit != 'true' | |
- name: Build pki-runner image | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
build-args: | | |
BASE_IMAGE=${{ env.BASE_IMAGE }} | |
COPR_REPO=${{ env.COPR_REPO }} | |
BUILD_OPTS=--with-pkgs=base,server,ca,acme --without-test | |
tags: pki-runner | |
target: pki-runner | |
cache-from: type=local,src=/tmp/.buildx-cache | |
outputs: type=docker | |
- name: Build pki-acme image | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
build-args: | | |
BASE_IMAGE=${{ env.BASE_IMAGE }} | |
COPR_REPO=${{ env.COPR_REPO }} | |
BUILD_OPTS=--with-pkgs=base,server,ca,acme --without-test | |
tags: pki-acme | |
target: pki-acme | |
cache-from: type=local,src=/tmp/.buildx-cache | |
outputs: type=docker | |
- name: Save ACME images | |
run: | | |
docker images | |
docker save -o acme-images.tar pki-runner pki-acme | |
- name: Store ACME images | |
uses: actions/cache@v4 | |
with: | |
key: acme-images-${{ github.sha }} | |
path: acme-images.tar | |
acme-basic-test: | |
name: Basic ACME | |
needs: build | |
uses: ./.github/workflows/acme-basic-test.yml | |
acme-separate-test: | |
name: ACME on separate instance | |
needs: build | |
uses: ./.github/workflows/acme-separate-test.yml | |
acme-existing-nssdb-test: | |
name: ACME with existing NSS database | |
needs: build | |
uses: ./.github/workflows/acme-existing-nssdb-test.yml | |
acme-switchover-test: | |
name: ACME server switchover | |
needs: build | |
uses: ./.github/workflows/acme-switchover-test.yml | |
acme-container-test: | |
name: ACME container | |
needs: build | |
uses: ./.github/workflows/acme-container-test.yml | |
acme-postgresql-test: | |
name: ACME with postgresql back-end | |
needs: build | |
uses: ./.github/workflows/acme-postgresql-test.yml | |
publish: | |
if: github.event_name == 'push' && github.ref_name == 'master' | |
name: Publishing ACME images | |
needs: build | |
runs-on: ubuntu-latest | |
env: | |
NAMESPACE: ${{ vars.REGISTRY_NAMESPACE || github.repository_owner }} | |
steps: | |
- name: Log in to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ vars.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
if: vars.REGISTRY == 'ghcr.io' | |
- name: Log in to other container registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ vars.REGISTRY }} | |
username: ${{ secrets.REGISTRY_USERNAME }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
if: vars.REGISTRY != 'ghcr.io' | |
- name: Retrieve ACME images | |
uses: actions/cache@v4 | |
with: | |
key: acme-images-${{ github.sha }} | |
path: acme-images.tar | |
- name: Load ACME images | |
run: docker load --input acme-images.tar | |
- name: Publish pki-acme image | |
run: | | |
docker tag pki-acme ${{ vars.REGISTRY }}/$NAMESPACE/pki-acme:latest | |
docker push ${{ vars.REGISTRY }}/$NAMESPACE/pki-acme:latest |