workflow: mount keys dir into coco-keyprovider container

The coco-keyprovider container receives the encryption key path via
gRPC from skopeo, but runs in its own filesystem namespace and cannot
see the host's files. Mount the keys directory into the container at
the same absolute path so the keyprovider can read the key file.

Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
Made-with: Cursor

Author: fidencio

.github/workflows/build-test-containers.yaml

@@ -75,7 +75,10 @@ jobs:
 
       - name: Start coco-keyprovider
         run: |
-          docker run -d --rm --network host --name coco-keyprovider coco-keyprovider
+          KEYS_DIR="${{ github.workspace }}/container-images/keys"
+          docker run -d --rm --network host --name coco-keyprovider \
+            -v "${KEYS_DIR}:${KEYS_DIR}:ro" \
+            coco-keyprovider
           echo "Waiting for coco-keyprovider on localhost:50000"
           timeout 30 bash -c 'until nc -z localhost 50000; do sleep 1; done'
           echo "coco-keyprovider is ready"