Skip to content

fix: add GHA based nightly workflow for chains#1634

Open
anithapriyanatarajan wants to merge 1 commit intotektoncd:mainfrom
anithapriyanatarajan:fix-nightly
Open

fix: add GHA based nightly workflow for chains#1634
anithapriyanatarajan wants to merge 1 commit intotektoncd:mainfrom
anithapriyanatarajan:fix-nightly

Conversation

@anithapriyanatarajan
Copy link
Copy Markdown
Contributor

@anithapriyanatarajan anithapriyanatarajan commented Apr 16, 2026

Changes

PR to include nightly build workflows for chains repo to publish the manifests to oracle cloud buckets.

Submitter Checklist

As the author of this PR, please check off the items in this checklist:

  • Has Docs included if any changes are user facing
  • Has Tests included if any functionality added or changed
  • Follows the commit message standard
  • Meets the Tekton contributor standards (including
    functionality, content, code)
  • Release notes block below has been updated with any user facing changes (API changes, bug fixes, changes requiring upgrade notices or deprecation warnings)
  • Release notes contains the string "action required" if the change requires additional action from users switching to the new release

Release Notes

NONE

@tekton-robot tekton-robot requested a review from jkhelil April 16, 2026 09:41
@tekton-robot
Copy link
Copy Markdown

tekton-robot commented Apr 16, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please ask for approval from anithapriyanatarajan after the PR has been reviewed.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot requested a review from waveywaves April 16, 2026 09:41
@tekton-robot tekton-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Apr 16, 2026
github-advanced-security[bot]
github-advanced-security AI found potential problems Apr 16, 2026
View reviewed changes
Comment thread .github/workflows/nightly-build.yml
with:
kubernetes_version: ${{ env.KUBERNETES_VERSION }}
image_registry_user: ${{ env.IMAGE_REGISTRY_USER }}
ghcr_token: ${{ secrets.GHCR_TOKEN }}
Copy link
Copy Markdown
Contributor Author

@anithapriyanatarajan anithapriyanatarajan Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fix for this would be to add an environment: nightly (key/value) to the job and then configure the repo setting to include these secrets to Settings->Environment->nightly. Instead, would like to get this PR merged,make sure the nightly builds are published as expected following the existing components and then do a follow up PR for the same.

Copy link
Copy Markdown
Member

@afrittoli afrittoli Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@anithapriyanatarajan is it possible to setup an environment at org level?
What is the protection that environment provide, will the environment fill the secret only for a specific workflow and avoid the secret being exposed through PRs?

Copy link
Copy Markdown
Contributor Author

@anithapriyanatarajan anithapriyanatarajan Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

environments are repository scoped. The advantage is, Secrets defined on the environment are only injected into jobs that declare environment: nightly. A job without that declaration simply cannot access them, even in the same workflow.

As of now, we are consuming the secret from org setting I believe. So if we are inclined for this environment approach, I will update the PR or we will have a follow up PR. Thank you

Comment thread .github/workflows/nightly-build.yml
kubernetes_version: ${{ env.KUBERNETES_VERSION }}
image_registry_user: ${{ env.IMAGE_REGISTRY_USER }}
ghcr_token: ${{ secrets.GHCR_TOKEN }}
oci_api_key: ${{ secrets.OCI_API_KEY }}
Copy link
Copy Markdown
Contributor Author

@anithapriyanatarajan anithapriyanatarajan Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fix for this would be to add an environment: nightly (key/value) to the job and then configure the repo setting to include these secrets to Settings->Environment->nightly. Instead, would like to get this PR merged,make sure the nightly builds are published as expected following the existing components and then do a follow up PR for the same.

Comment thread .github/workflows/nightly-build.yml
image_registry_user: ${{ env.IMAGE_REGISTRY_USER }}
ghcr_token: ${{ secrets.GHCR_TOKEN }}
oci_api_key: ${{ secrets.OCI_API_KEY }}
oci_fingerprint: ${{ secrets.OCI_FINGERPRINT }}
Copy link
Copy Markdown
Contributor Author

@anithapriyanatarajan anithapriyanatarajan Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fix for this would be to add an environment: nightly (key/value) to the job and then configure the repo setting to include these secrets to Settings->Environment->nightly. Instead, would like to get this PR merged,make sure the nightly builds are published as expected following the existing components and then do a follow up PR for the same.

Comment thread .github/workflows/nightly-build.yml
ghcr_token: ${{ secrets.GHCR_TOKEN }}
oci_api_key: ${{ secrets.OCI_API_KEY }}
oci_fingerprint: ${{ secrets.OCI_FINGERPRINT }}
oci_tenancy_ocid: ${{ secrets.OCI_TENANCY_OCID }}
Copy link
Copy Markdown
Contributor Author

@anithapriyanatarajan anithapriyanatarajan Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same as above

Comment thread .github/workflows/nightly-build.yml
oci_api_key: ${{ secrets.OCI_API_KEY }}
oci_fingerprint: ${{ secrets.OCI_FINGERPRINT }}
oci_tenancy_ocid: ${{ secrets.OCI_TENANCY_OCID }}
oci_user_ocid: ${{ secrets.OCI_USER_OCID }}
Copy link
Copy Markdown
Contributor Author

@anithapriyanatarajan anithapriyanatarajan Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same as above

Comment thread .github/workflows/nightly-build.yml Fixed
Comment thread .github/workflows/nightly-build.yml Fixed
Comment thread .github/workflows/nightly-build.yml Fixed
Comment thread .github/workflows/nightly-build.yml Fixed
Comment thread .github/workflows/nightly-build.yml Fixed
@anithapriyanatarajan
Copy link
Copy Markdown
Contributor Author

anithapriyanatarajan commented Apr 16, 2026

/kind misc

@tekton-robot tekton-robot added the kind/misc Categorizes issue or PR as a miscellaneuous one. label Apr 16, 2026
@anithapriyanatarajan
fix: add GHA based nightly workflow for chains
e6723f2 
Signed-off-by: Anitha Natarajan <anataraj@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@afrittoli afrittoli afrittoli left review comments

@jkhelil jkhelil Awaiting requested review from jkhelil

@waveywaves waveywaves Awaiting requested review from waveywaves

+1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

kind/misc Categorizes issue or PR as a miscellaneuous one. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@anithapriyanatarajan @tekton-robot @afrittoli @github-advanced-security