Skip to content

Update of action.yml / readme #97

Update of action.yml / readme

Update of action.yml / readme #97

Workflow file for this run

name: Integration Tests
on:
push:
pull_request_target:
types: [assigned, opened, synchronize, reopened]
permissions:
id-token: write
packages: write
contents: read
attestations: write
concurrency:
group: ci-tests
cancel-in-progress: true
jobs:
general-tests:
name: General Tests
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Node.js
id: setup-node
uses: actions/setup-node@v4
with:
node-version-file: .node-version
cache: npm
- name: Install Dependencies
id: npm-ci
run: npm ci
- name: Check Format
id: npm-format-check
run: npm run format:check
- name: Lint
id: npm-lint
run: npm run lint
- name: Test
id: npm-ci-test
run: npm run ci-test
integration-tests:
name: Test
runs-on: ubuntu-latest
needs: general-tests
strategy:
max-parallel: 1
matrix:
tests:
- title: '1a - Single: Untagged'
purpose: 'Removes all untagged images (single arch)'
folder: '1a_single-untagged'
- title: '1b - Multi: Untagged'
purpose: 'Removes all untagged images (multi arch)'
folder: '1b_multi-untagged'
- title: '2a - Single: Tagged'
purpose: 'Removes images with specific tag (single arch)'
folder: '2a_single-tagged'
tags: 'uclibc-1.35,uclibc-1.36'
- title: '2b - Multi: Tagged'
purpose: 'Removes images with specific tag (multi arch)'
folder: '2b_multi-tagged'
tags: 'uclibc-1.35,uclibc-1.36'
- title: '3a - Single: Keep N Tagged'
purpose:
'Removes all tags except the newest 2 tagged images (single arch)
and keeps untagged'
folder: '3a_single-keep-n-tagged'
keep-n-tagged: 2
exclude-tags: dummy
- title: '3b - Multi: Keep N Tagged'
purpose:
'Removes all tags except the newest 2 tagged images (multi arch)
and keeps untagged'
folder: '3b_multi-keep-n-tagged'
keep-n-tagged: 2
exclude-tags: dummy
- title: '4a - Single: Keep N Untagged'
purpose:
'Keeps all tagged images and removes all but the newest 2 untagged
images (single arch)'
folder: '4a_single-keep-n-untagged'
keep-n-untagged: 2
- title: '4b - Multi: Keep N Untagged'
purpose:
'Keeps all tagged images and removes all but the newest 2 untagged
images (multi arch)'
folder: '4b_multi-keep-n-untagged'
keep-n-untagged: 2
- title: '5 - Dry-Run'
purpose: 'No packages are removed'
folder: '5_dry-run'
dry-run: true
- title: '6a - Missing Digests: Tagged'
purpose: 'Looks for missing digests'
folder: '6a_missing-digests-tagged'
tags: 'uclibc-1.34'
steps:
# Setup for test execution
- name: Checkout
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version-file: .node-version
cache: npm
# Execution of respective test
- name: 'Starting Test: ${{ matrix.tests.title }}'
run: |
echo "Purpose of test: ${{ matrix.tests.purpose }}"
TAGS=""
if [ ! -z "${{ matrix.tests.tags }}" ]; then
TAGS="${{ matrix.tests.tags }}"
fi
KEEP_N_TAGGED=""
if [ ! -z "${{ matrix.tests.keep-n-tagged }}" ]; then
KEEP_N_TAGGED="${{ matrix.tests.keep-n-tagged }}"
fi
KEEP_N_UNTAGGED=""
if [ ! -z "${{ matrix.tests.keep-n-untagged }}" ]; then
KEEP_N_UNTAGGED="${{ matrix.tests.keep-n-untagged }}"
fi
EXCLUDE_TAGS=""
if [ ! -z "${{ matrix.tests.exclude-tags }}" ]; then
EXCLUDE_TAGS="${{ matrix.tests.exclude-tags }}"
fi
DRY_RUN=""
if [ ! -z "${{ matrix.tests.dry-run }}" ]; then
DRY_RUN="TRUE"
fi
DRY_RUN=""
if [ ! -z "${{ matrix.tests.dry-run }}" ]; then
DRY_RUN="TRUE"
fi
DELAY="0"
if [ ! -z "$KEEP_N_TAGGED" ] || [ ! -z "$KEEP_N_UNTAGGED" ]; then
DELAY="3000"
fi
echo "TAGS=$TAGS" >> $GITHUB_ENV
echo "KEEP_N_TAGGED=$KEEP_N_TAGGED" >> $GITHUB_ENV
echo "KEEP_N_UNTAGGED=$KEEP_N_UNTAGGED" >> $GITHUB_ENV
echo "EXCLUDE_TAGS=$EXCLUDE_TAGS" >> $GITHUB_ENV
echo "DRY_RUN=$DRY_RUN" >> $GITHUB_ENV
echo "DELAY=$DELAY" >> $GITHUB_ENV
# - name: ' > Debug: Print Matrix Variables'
# run: |
# echo "tags: ${{ matrix.tests.tags }}"
# echo "keep-n-tagged: ${{ matrix.tests.keep-n-tagged }}"
# echo "keep-n-untagged: ${{ matrix.tests.keep-n-untagged }}"
# echo "exclude-tags: ${{ matrix.tests.exclude-tags }}"
# echo "dry-run: ${{ matrix.tests.dry-run }}"
# - name: ' > Debug: Print Env Variables'
# run: |
# echo "tags: ${{ env.TAGS }}"
# echo "keep-n-tagged: ${{ env.KEEP_N_TAGGED }}"
# echo "keep-n-untagged: ${{ env.KEEP_N_UNTAGGED }}"
# echo "exclude-tags: ${{ env.EXCLUDE_TAGS }}"
# echo "dry-run: ${{ env.DRY_RUN }}"
- name: ' > Priming Test Environment'
run: |
node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} \
--directory tests/${{ matrix.tests.folder }} \
--mode prime --delay ${{ env.DELAY }}
- name: ' > Running Workflow'
uses: ./
with:
tags: ${{ env.TAGS }}
keep-n-tagged: ${{ env.KEEP_N_TAGGED }}
keep-n-untagged: ${{ env.KEEP_N_UNTAGGED }}
exclude-tags: ${{ env.EXCLUDE_TAGS }}
dry-run: ${{ env.DRY_RUN }}
token: ${{ secrets.GITHUB_TOKEN }}
- name: ' > Validating Outcome'
run: |
node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} \
--directory tests/${{ matrix.tests.folder }} \
--mode validate
attestation-tests:
name: Attestation Tests
runs-on: ubuntu-latest
concurrency:
group: attestation-tests-group
env:
REGISTRY: ghcr.io
needs: integration-tests
steps:
# Setup for test execution
- name: Checkout
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version-file: .node-version
cache: npm
# referrer/attestation tests
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- id: lower-repo
run: |
echo "repository=${GITHUB_REPOSITORY@L}" >> $GITHUB_OUTPUT
# attestation tagged test
- name: Prime Test - Attestation Tagged
run:
node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory
tests/attestation-tagged --mode prime
- name: Build and push image
id: push1
uses: docker/build-push-action@v6.5.0
with:
context: tests/attestation-tagged
file: tests/attestation-tagged/Dockerfile.image
push: true
tags:
${{ env.REGISTRY }}/${{ steps.lower-repo.outputs.repository }}:test
- name: Attest Image
uses: actions/attest-build-provenance@v1
with:
subject-name:
${{ env.REGISTRY }}/${{ steps.lower-repo.outputs.repository }}
subject-digest: ${{ steps.push1.outputs.digest }}
push-to-registry: true
- name: Run Test - Attestation Tagged
uses: ./
with:
tags: test
token: ${{ secrets.GITHUB_TOKEN }}
- name: Validate Test Results - Attestation Tagged
run:
node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory
tests/attestation-tagged --mode validate
# attestation untagged test
- name: Prime Test - Attestation UnTagged
run:
node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory
tests/attestation-untagged --mode prime
- name: Build and push image 1
id: push2
uses: docker/build-push-action@v6.5.0
with:
context: tests/attestation-untagged
file: tests/attestation-untagged/Dockerfile.image1
push: true
tags:
${{ env.REGISTRY }}/${{ steps.lower-repo.outputs.repository }}:test
- name: Attest Image 1
uses: actions/attest-build-provenance@v1
with:
subject-name:
${{ env.REGISTRY }}/${{ steps.lower-repo.outputs.repository }}
subject-digest: ${{ steps.push2.outputs.digest }}
push-to-registry: true
- name: Build and push image 2
id: push3
uses: docker/build-push-action@v6.5.0
with:
context: tests/attestation-untagged
file: tests/attestation-untagged/Dockerfile.image2
push: true
tags:
${{ env.REGISTRY }}/${{ steps.lower-repo.outputs.repository }}:test
- name: Attest Image 2
uses: actions/attest-build-provenance@v1
with:
subject-name:
${{ env.REGISTRY }}/${{ steps.lower-repo.outputs.repository }}
subject-digest: ${{ steps.push3.outputs.digest }}
push-to-registry: true
- name: Save Digests - Attestation UnTagged
run:
node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory
tests/attestation-untagged --mode save-expected --tag test
- name: Run Test - Attestation UnTagged
uses: ./
with:
validate: true
token: ${{ secrets.GITHUB_TOKEN }}
- name: Validate Test Results - Attestation Tagged
run:
node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory
tests/attestation-untagged --mode validate