-
Notifications
You must be signed in to change notification settings - Fork 45
76 lines (63 loc) · 2.59 KB
/
Copy pathprivate-pki-test.yaml
File metadata and controls
76 lines (63 loc) · 2.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
# Copyright 2025-2026 Defense Unicorns
# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
name: Private PKI Testing
on:
schedule:
# Runs every morning at 2:00 AM UTC
- cron: "0 2 * * *"
pull_request:
# milestoned is added here as a workaround for release-please not triggering PR workflows (PRs should be added to a milestone to trigger the workflow).
# labeled is added to support renovate-ready labelling on PRs
types: [milestoned, labeled, opened, reopened, synchronize]
paths:
- ".github/workflows/private-pki-test.yaml"
- "bundles/k3d-standard/**"
- "test/playwright/private-pki/**"
concurrency:
group: private-pki-test-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
id-token: write
packages: read
pull-requests: write # Allows writing to pull requests (needed for renovate-readiness)
jobs:
uds-core-private-pki-nightly:
runs-on: uds-ubuntu-big-boy-8-core
timeout-minutes: 45
name: Private PKI
strategy:
matrix:
flavor: [upstream, registry1, unicorn]
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Check renovate readiness
if: startsWith(github.event.pull_request.head.ref, 'renovate/') # Only call for Renovate PRs
uses: ./.github/actions/renovate-readiness
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Environment setup
uses: ./.github/actions/setup
with:
ghToken: ${{ secrets.GITHUB_TOKEN }}
registry1Username: ${{ (matrix.flavor == 'registry1') && secrets.IRON_BANK_ROBOT_USERNAME || '' }}
registry1Password: ${{ (matrix.flavor == 'registry1') && secrets.IRON_BANK_ROBOT_PASSWORD || '' }}
chainguardIdentity: ${{ (matrix.flavor == 'unicorn') && secrets.CHAINGUARD_IDENTITY || '' }}
installK3d: 'true'
- name: Run UDS Core Private PKI Test
run: uds run -f tasks/test.yaml uds-core-private-pki --set FLAVOR=${{ matrix.flavor }} --no-progress
- name: Debug Output
if: ${{ always() }}
uses: ./.github/actions/debug-output
- name: Save logs
if: always()
uses: ./.github/actions/save-logs
with:
suffix: -private-pki-${{ matrix.flavor }}
- name: Send Slack notification
if: failure() && github.event_name == 'schedule'
uses: ./.github/actions/slack-alert
with:
webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
channel: ${{ vars.SLACK_ALERT_CHANNEL }}