Skip to content

fix: add GHA based nightly workflow for chains#1634

Open
anithapriyanatarajan wants to merge 1 commit intotektoncd:mainfrom
anithapriyanatarajan:fix-nightly
Open

fix: add GHA based nightly workflow for chains#1634
anithapriyanatarajan wants to merge 1 commit intotektoncd:mainfrom
anithapriyanatarajan:fix-nightly

Conversation

@anithapriyanatarajan
Copy link
Copy Markdown
Contributor

Changes

PR to include nightly build workflows for chains repo to publish the manifests to oracle cloud buckets.

Submitter Checklist

As the author of this PR, please check off the items in this checklist:

  • Has Docs included if any changes are user facing
  • Has Tests included if any functionality added or changed
  • Follows the commit message standard
  • Meets the Tekton contributor standards (including
    functionality, content, code)
  • Release notes block below has been updated with any user facing changes (API changes, bug fixes, changes requiring upgrade notices or deprecation warnings)
  • Release notes contains the string "action required" if the change requires additional action from users switching to the new release

Release Notes

NONE

@tekton-robot tekton-robot requested a review from jkhelil April 16, 2026 09:41
@tekton-robot
Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please ask for approval from anithapriyanatarajan after the PR has been reviewed.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot requested a review from waveywaves April 16, 2026 09:41
@tekton-robot tekton-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Apr 16, 2026
with:
kubernetes_version: ${{ env.KUBERNETES_VERSION }}
image_registry_user: ${{ env.IMAGE_REGISTRY_USER }}
ghcr_token: ${{ secrets.GHCR_TOKEN }}
Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fix for this would be to add an environment: nightly (key/value) to the job and then configure the repo setting to include these secrets to Settings->Environment->nightly. Instead, would like to get this PR merged,make sure the nightly builds are published as expected following the existing components and then do a follow up PR for the same.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@anithapriyanatarajan is it possible to setup an environment at org level?
What is the protection that environment provide, will the environment fill the secret only for a specific workflow and avoid the secret being exposed through PRs?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

environments are repository scoped. The advantage is, Secrets defined on the environment are only injected into jobs that declare environment: nightly. A job without that declaration simply cannot access them, even in the same workflow.

As of now, we are consuming the secret from org setting I believe. So if we are inclined for this environment approach, I will update the PR or we will have a follow up PR. Thank you

kubernetes_version: ${{ env.KUBERNETES_VERSION }}
image_registry_user: ${{ env.IMAGE_REGISTRY_USER }}
ghcr_token: ${{ secrets.GHCR_TOKEN }}
oci_api_key: ${{ secrets.OCI_API_KEY }}
Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fix for this would be to add an environment: nightly (key/value) to the job and then configure the repo setting to include these secrets to Settings->Environment->nightly. Instead, would like to get this PR merged,make sure the nightly builds are published as expected following the existing components and then do a follow up PR for the same.

image_registry_user: ${{ env.IMAGE_REGISTRY_USER }}
ghcr_token: ${{ secrets.GHCR_TOKEN }}
oci_api_key: ${{ secrets.OCI_API_KEY }}
oci_fingerprint: ${{ secrets.OCI_FINGERPRINT }}
Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fix for this would be to add an environment: nightly (key/value) to the job and then configure the repo setting to include these secrets to Settings->Environment->nightly. Instead, would like to get this PR merged,make sure the nightly builds are published as expected following the existing components and then do a follow up PR for the same.

ghcr_token: ${{ secrets.GHCR_TOKEN }}
oci_api_key: ${{ secrets.OCI_API_KEY }}
oci_fingerprint: ${{ secrets.OCI_FINGERPRINT }}
oci_tenancy_ocid: ${{ secrets.OCI_TENANCY_OCID }}
Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same as above

oci_api_key: ${{ secrets.OCI_API_KEY }}
oci_fingerprint: ${{ secrets.OCI_FINGERPRINT }}
oci_tenancy_ocid: ${{ secrets.OCI_TENANCY_OCID }}
oci_user_ocid: ${{ secrets.OCI_USER_OCID }}
Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same as above

Comment thread .github/workflows/nightly-build.yml Fixed
Comment thread .github/workflows/nightly-build.yml Fixed
Comment thread .github/workflows/nightly-build.yml Fixed
Comment thread .github/workflows/nightly-build.yml Fixed
Comment thread .github/workflows/nightly-build.yml Fixed
@anithapriyanatarajan
Copy link
Copy Markdown
Contributor Author

/kind misc

@tekton-robot tekton-robot added the kind/misc Categorizes issue or PR as a miscellaneuous one. label Apr 16, 2026
Signed-off-by: Anitha Natarajan <anataraj@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

kind/misc Categorizes issue or PR as a miscellaneuous one. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants