Skip to content

Commit 8e7d10e

Browse files
committed
feat: add support for google service account signing
Add support for signing installer images with a Google Service Account. Fixes: #412 Signed-off-by: Noel Georgi <git@frezbo.dev>
1 parent 74afd80 commit 8e7d10e

31 files changed

Lines changed: 913 additions & 522 deletions

.dockerignore

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
22
#
3-
# Generated on 2026-01-27T14:28:44Z by kres f189649-dirty.
3+
# Generated on 2026-04-14T06:27:51Z by kres b6d29bf.
44

55
*
66
!cmd
@@ -16,6 +16,7 @@
1616
!README.md
1717
!.markdownlint.json
1818
!hack/govulncheck.sh
19+
!.disvulncheck.yaml
1920
!tailwind.config.js
2021
!package.json
2122
!package-lock.json

.github/workflows/ci.yaml

Lines changed: 21 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
22
#
3-
# Generated on 2026-02-19T02:54:54Z by kres 6458cfd.
3+
# Generated on 2026-04-14T06:27:51Z by kres b6d29bf.
44

55
concurrency:
66
group: ${{ github.head_ref || github.run_id }}
@@ -57,7 +57,7 @@ jobs:
5757
git fetch --prune --unshallow
5858
- name: Set up Docker Buildx
5959
id: setup-buildx
60-
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # version: v3.12.0
60+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
6161
with:
6262
driver: remote
6363
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
@@ -113,7 +113,7 @@ jobs:
113113
git fetch --prune --unshallow
114114
- name: Set up Docker Buildx
115115
id: setup-buildx
116-
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # version: v3.12.0
116+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
117117
with:
118118
driver: remote
119119
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
@@ -126,7 +126,7 @@ jobs:
126126
make image-factory
127127
- name: Login to registry
128128
if: github.event_name != 'pull_request'
129-
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # version: v3.7.0
129+
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # version: v4.1.0
130130
with:
131131
password: ${{ secrets.GITHUB_TOKEN }}
132132
registry: ghcr.io
@@ -187,7 +187,7 @@ jobs:
187187
make release-notes
188188
- name: Release
189189
if: startsWith(github.ref, 'refs/tags/')
190-
uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # version: v2.5.0
190+
uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # version: v2.6.1
191191
with:
192192
body_path: _out/RELEASE_NOTES.md
193193
draft: "true"
@@ -233,7 +233,7 @@ jobs:
233233
git fetch --prune --unshallow
234234
- name: Set up Docker Buildx
235235
id: setup-buildx
236-
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # version: v3.12.0
236+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
237237
with:
238238
driver: remote
239239
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
@@ -247,7 +247,7 @@ jobs:
247247
run: |
248248
make integration-cdn
249249
- name: coverage
250-
uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # version: v5.5.2
250+
uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # version: v6.0.0
251251
with:
252252
files: _out/coverage-integration-cdn.txt
253253
flags: integration-cdn
@@ -292,7 +292,7 @@ jobs:
292292
git fetch --prune --unshallow
293293
- name: Set up Docker Buildx
294294
id: setup-buildx
295-
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # version: v3.12.0
295+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
296296
with:
297297
driver: remote
298298
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
@@ -343,7 +343,7 @@ jobs:
343343
git fetch --prune --unshallow
344344
- name: Set up Docker Buildx
345345
id: setup-buildx
346-
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # version: v3.12.0
346+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
347347
with:
348348
driver: remote
349349
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
@@ -357,7 +357,7 @@ jobs:
357357
run: |
358358
make integration-direct
359359
- name: coverage
360-
uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # version: v5.5.2
360+
uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # version: v6.0.0
361361
with:
362362
files: _out/coverage-integration-direct.txt
363363
flags: integration-direct
@@ -402,7 +402,7 @@ jobs:
402402
git fetch --prune --unshallow
403403
- name: Set up Docker Buildx
404404
id: setup-buildx
405-
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # version: v3.12.0
405+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
406406
with:
407407
driver: remote
408408
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
@@ -453,7 +453,7 @@ jobs:
453453
git fetch --prune --unshallow
454454
- name: Set up Docker Buildx
455455
id: setup-buildx
456-
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # version: v3.12.0
456+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
457457
with:
458458
driver: remote
459459
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
@@ -468,7 +468,7 @@ jobs:
468468
run: |
469469
make integration-enterprise
470470
- name: coverage
471-
uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # version: v5.5.2
471+
uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # version: v6.0.0
472472
with:
473473
files: _out/coverage-integration-enterprise.txt
474474
flags: integration-enterprise
@@ -513,7 +513,7 @@ jobs:
513513
git fetch --prune --unshallow
514514
- name: Set up Docker Buildx
515515
id: setup-buildx
516-
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # version: v3.12.0
516+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
517517
with:
518518
driver: remote
519519
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
@@ -527,7 +527,7 @@ jobs:
527527
run: |
528528
make integration-proxy-installer
529529
- name: coverage
530-
uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # version: v5.5.2
530+
uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # version: v6.0.0
531531
with:
532532
files: _out/coverage-integration-proxy-installer.txt
533533
flags: integration-proxy-installer
@@ -572,7 +572,7 @@ jobs:
572572
git fetch --prune --unshallow
573573
- name: Set up Docker Buildx
574574
id: setup-buildx
575-
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # version: v3.12.0
575+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
576576
with:
577577
driver: remote
578578
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
@@ -586,7 +586,7 @@ jobs:
586586
run: |
587587
make integration-s3
588588
- name: coverage
589-
uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # version: v5.5.2
589+
uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # version: v6.0.0
590590
with:
591591
files: _out/coverage-integration-s3.txt
592592
flags: integration-s3
@@ -631,7 +631,7 @@ jobs:
631631
git fetch --prune --unshallow
632632
- name: Set up Docker Buildx
633633
id: setup-buildx
634-
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # version: v3.12.0
634+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
635635
with:
636636
driver: remote
637637
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
@@ -682,7 +682,7 @@ jobs:
682682
git fetch --prune --unshallow
683683
- name: Set up Docker Buildx
684684
id: setup-buildx
685-
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # version: v3.12.0
685+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
686686
with:
687687
driver: remote
688688
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
@@ -729,7 +729,7 @@ jobs:
729729
git fetch --prune --unshallow
730730
- name: Set up Docker Buildx
731731
id: setup-buildx
732-
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # version: v3.12.0
732+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
733733
with:
734734
driver: remote
735735
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
@@ -741,7 +741,7 @@ jobs:
741741
run: |
742742
make unit-tests-race
743743
- name: coverage
744-
uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # version: v5.5.2
744+
uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # version: v6.0.0
745745
with:
746746
files: _out/coverage-unit-tests.txt
747747
flags: unit-tests

.github/workflows/helm.yaml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
22
#
3-
# Generated on 2026-02-19T02:54:54Z by kres 6458cfd.
3+
# Generated on 2026-04-14T06:27:51Z by kres b6d29bf.
44

55
concurrency:
66
group: helm-${{ github.head_ref || github.run_id }}
@@ -60,19 +60,19 @@ jobs:
6060
git fetch --prune --unshallow
6161
- name: Set up Docker Buildx
6262
id: setup-buildx
63-
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # version: v3.12.0
63+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
6464
with:
6565
driver: remote
6666
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
6767
timeout-minutes: 10
6868
- name: Install Helm
69-
uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # version: v4.3.1
69+
uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # version: v5.0.0
7070
- name: Install cosign
7171
if: github.event_name != 'pull_request'
72-
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # version: v4.0.0
72+
uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # version: v4.1.1
7373
- name: Login to registry
7474
if: github.event_name != 'pull_request'
75-
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # version: v3.7.0
75+
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # version: v4.1.0
7676
with:
7777
password: ${{ secrets.GITHUB_TOKEN }}
7878
registry: ghcr.io

.github/workflows/integration-cdn-talos-main-cron.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
22
#
3-
# Generated on 2026-02-19T02:54:54Z by kres 6458cfd.
3+
# Generated on 2026-04-14T06:27:51Z by kres b6d29bf.
44

55
concurrency:
66
group: ${{ github.head_ref || github.run_id }}
@@ -46,7 +46,7 @@ jobs:
4646
git fetch --prune --unshallow
4747
- name: Set up Docker Buildx
4848
id: setup-buildx
49-
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # version: v3.12.0
49+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
5050
with:
5151
driver: remote
5252
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234

.github/workflows/integration-direct-talos-main-cron.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
22
#
3-
# Generated on 2026-02-19T02:54:54Z by kres 6458cfd.
3+
# Generated on 2026-04-14T06:27:51Z by kres b6d29bf.
44

55
concurrency:
66
group: ${{ github.head_ref || github.run_id }}
@@ -46,7 +46,7 @@ jobs:
4646
git fetch --prune --unshallow
4747
- name: Set up Docker Buildx
4848
id: setup-buildx
49-
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # version: v3.12.0
49+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
5050
with:
5151
driver: remote
5252
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234

.github/workflows/integration-s3-talos-main-cron.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
22
#
3-
# Generated on 2026-02-19T02:54:54Z by kres 6458cfd.
3+
# Generated on 2026-04-14T06:27:51Z by kres b6d29bf.
44

55
concurrency:
66
group: ${{ github.head_ref || github.run_id }}
@@ -46,7 +46,7 @@ jobs:
4646
git fetch --prune --unshallow
4747
- name: Set up Docker Buildx
4848
id: setup-buildx
49-
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # version: v3.12.0
49+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
5050
with:
5151
driver: remote
5252
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234

.github/workflows/slack-notify-ci-failure.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
22
#
3-
# Generated on 2025-12-08T10:30:12Z by kres 9fb16fe.
3+
# Generated on 2026-04-14T06:27:51Z by kres b6d29bf.
44

55
"on":
66
workflow_run:
@@ -21,7 +21,7 @@ jobs:
2121
if: github.event.workflow_run.conclusion == 'failure' && github.event.workflow_run.event != 'pull_request'
2222
steps:
2323
- name: Slack Notify
24-
uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # version: v2.1.1
24+
uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # version: v3.0.1
2525
with:
2626
method: chat.postMessage
2727
payload: |

.github/workflows/slack-notify.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
22
#
3-
# Generated on 2025-12-08T10:30:12Z by kres 9fb16fe.
3+
# Generated on 2026-04-14T06:27:51Z by kres b6d29bf.
44

55
"on":
66
workflow_run:
@@ -26,7 +26,7 @@ jobs:
2626
run: |
2727
echo pull_request_number=$(gh pr view -R ${{ github.repository }} ${{ github.event.workflow_run.head_repository.owner.login }}:${{ github.event.workflow_run.head_branch }} --json number --jq .number) >> $GITHUB_OUTPUT
2828
- name: Slack Notify
29-
uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # version: v2.1.1
29+
uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # version: v3.0.1
3030
with:
3131
method: chat.postMessage
3232
payload: |

.golangci.yml

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
22
#
3-
# Generated on 2026-02-19T02:54:54Z by kres 6458cfd.
3+
# Generated on 2026-04-14T06:27:51Z by kres b6d29bf.
44

55
version: "2"
66

@@ -55,10 +55,6 @@ linters:
5555
- embeddedstructfieldcheck # fighting in many places with fieldalignment
5656
# all available settings of specific linters
5757
settings:
58-
staticcheck:
59-
checks:
60-
- all
61-
- '-SA4006' # disable until https://github.com/golangci/golangci-lint/issues/6363 is resolved
6258
cyclop:
6359
# the maximal code complexity to report
6460
max-complexity: 20

.kres.yaml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -460,7 +460,7 @@ spec:
460460
- docker pull $(REGISTRY)/$(USERNAME)/image-factory:$(TAG)
461461
- docker rm -f local-if || true
462462
- docker run -d -p 5100:5000 --name=local-if registry:3
463-
- docker run --rm --net=host -v /var/run:/var/run -v $(PWD)/$(ARTIFACTS)/:/out/ -v $(PWD)/$(ARTIFACTS)/integration.test:/bin/integration.test:ro --entrypoint /bin/integration.test $(REGISTRY)/$(USERNAME)/image-factory:$(TAG) -test.v $(TEST_FLAGS) -test.coverprofile=/out/coverage-integration-direct.txt -test.run $(RUN_TESTS_DIRECT)
463+
- docker run --rm --net=host --cap-drop=all --cap-add=DAC_OVERRIDE --userns=host -v /var/run:/var/run -v $(PWD)/$(ARTIFACTS)/:/out/ -v $(PWD)/$(ARTIFACTS)/integration.test:/bin/integration.test:ro --entrypoint /bin/integration.test $(REGISTRY)/$(USERNAME)/image-factory:$(TAG) -test.v $(TEST_FLAGS) -test.coverprofile=/out/coverage-integration-direct.txt -test.run $(RUN_TESTS_DIRECT)
464464
- docker rm -f local-if
465465
ghaction:
466466
enabled: true
@@ -494,7 +494,7 @@ spec:
494494
- docker pull $(REGISTRY)/$(USERNAME)/image-factory:$(TAG)
495495
- docker rm -f local-if || true
496496
- docker run -d -p 5100:5000 --name=local-if registry:3
497-
- docker run --rm --net=host -v /var/run:/var/run -v $(PWD)/$(ARTIFACTS)/:/out/ -v $(PWD)/$(ARTIFACTS)/integration.test:/bin/integration.test:ro --entrypoint /bin/integration.test $(REGISTRY)/$(USERNAME)/image-factory:$(TAG) -test.v $(TEST_FLAGS) -test.coverprofile=/out/coverage-integration-s3.txt -test.run $(RUN_TESTS_S3)
497+
- docker run --rm --net=host --cap-drop=all --cap-add=DAC_OVERRIDE --userns=host -v /var/run:/var/run -v $(PWD)/$(ARTIFACTS)/:/out/ -v $(PWD)/$(ARTIFACTS)/integration.test:/bin/integration.test:ro --entrypoint /bin/integration.test $(REGISTRY)/$(USERNAME)/image-factory:$(TAG) -test.v $(TEST_FLAGS) -test.coverprofile=/out/coverage-integration-s3.txt -test.run $(RUN_TESTS_S3)
498498
- docker rm -f local-if
499499
ghaction:
500500
enabled: true
@@ -528,7 +528,7 @@ spec:
528528
- docker pull $(REGISTRY)/$(USERNAME)/image-factory:$(TAG)
529529
- docker rm -f local-if || true
530530
- docker run -d -p 5100:5000 --name=local-if registry:3
531-
- docker run --rm --net=host -v /var/run:/var/run -v $(PWD)/$(ARTIFACTS)/:/out/ -v $(PWD)/$(ARTIFACTS)/integration.test:/bin/integration.test:ro --entrypoint /bin/integration.test $(REGISTRY)/$(USERNAME)/image-factory:$(TAG) -test.v $(TEST_FLAGS) -test.coverprofile=/out/coverage-integration-cdn.txt -test.run $(RUN_TESTS_CDN)
531+
- docker run --rm --net=host --cap-drop=all --cap-add=DAC_OVERRIDE --userns=host -v /var/run:/var/run -v $(PWD)/$(ARTIFACTS)/:/out/ -v $(PWD)/$(ARTIFACTS)/integration.test:/bin/integration.test:ro --entrypoint /bin/integration.test $(REGISTRY)/$(USERNAME)/image-factory:$(TAG) -test.v $(TEST_FLAGS) -test.coverprofile=/out/coverage-integration-cdn.txt -test.run $(RUN_TESTS_CDN)
532532
- docker rm -f local-if
533533
ghaction:
534534
enabled: true
@@ -562,7 +562,7 @@ spec:
562562
- docker pull $(REGISTRY)/$(USERNAME)/image-factory:$(TAG)
563563
- docker rm -f local-if || true
564564
- docker run -d -p 5100:5000 --name=local-if registry:3
565-
- docker run --rm --net=host -v /var/run:/var/run -v $(PWD)/$(ARTIFACTS)/:/out/ -v $(PWD)/$(ARTIFACTS)/integration.test:/bin/integration.test:ro --entrypoint /bin/integration.test $(REGISTRY)/$(USERNAME)/image-factory:$(TAG) -test.v $(TEST_FLAGS) -test.coverprofile=/out/coverage-integration-direct.txt -test.run $(RUN_TESTS_PROXY)
565+
- docker run --rm --net=host --cap-drop=all --cap-add=DAC_OVERRIDE --userns=host -v /var/run:/var/run -v $(PWD)/$(ARTIFACTS)/:/out/ -v $(PWD)/$(ARTIFACTS)/integration.test:/bin/integration.test:ro --entrypoint /bin/integration.test $(REGISTRY)/$(USERNAME)/image-factory:$(TAG) -test.v $(TEST_FLAGS) -test.coverprofile=/out/coverage-integration-direct.txt -test.run $(RUN_TESTS_PROXY)
566566
- docker rm -f local-if
567567
ghaction:
568568
enabled: true
@@ -596,7 +596,7 @@ spec:
596596
- docker pull $(REGISTRY)/$(USERNAME)/image-factory:$(TAG)
597597
- docker rm -f local-if || true
598598
- docker run -d -p 5100:5000 --name=local-if registry:3
599-
- docker run --rm --net=host -v /var/run:/var/run -v $(PWD)/$(ARTIFACTS)/:/out/ -v $(PWD)/$(ARTIFACTS)/integration.enterprise.test:/bin/integration.test:ro --entrypoint /bin/integration.test $(REGISTRY)/$(USERNAME)/image-factory:$(TAG) -test.v $(TEST_FLAGS) -test.coverprofile=/out/coverage-integration-enterprise.txt -test.run $(RUN_TESTS_ENTERPRISE)
599+
- docker run --rm --net=host --cap-drop=all --cap-add=DAC_OVERRIDE --userns=host -v /var/run:/var/run -v $(PWD)/$(ARTIFACTS)/:/out/ -v $(PWD)/$(ARTIFACTS)/integration.enterprise.test:/bin/integration.test:ro --entrypoint /bin/integration.test $(REGISTRY)/$(USERNAME)/image-factory:$(TAG) -test.v $(TEST_FLAGS) -test.coverprofile=/out/coverage-integration-enterprise.txt -test.run $(RUN_TESTS_ENTERPRISE)
600600
- docker rm -f local-if
601601
ghaction:
602602
enabled: true

0 commit comments

Comments
 (0)