Skip to content

Bump framework to address CVE-2024-45337 #1991

Bump framework to address CVE-2024-45337

Bump framework to address CVE-2024-45337 #1991

Workflow file for this run

name: Build and test images - Pull Request
on:
pull_request:
paths:
- '**'
permissions: read-all
concurrency:
group: ci-image-${{ github.head_ref || github.ref }}-${{ github.repository }}
cancel-in-progress: true
env:
FORCE_COLOR: 1
EARTHLY_TOKEN: ${{ secrets.EARTHLY_TOKEN }}
jobs:
core-ubuntu-22-lts:
uses: ./.github/workflows/reusable-build-flavor.yaml
secrets: inherit
permissions:
contents: write
security-events: write
id-token: write
actions: read
attestations: read
checks: read
deployments: read
discussions: read
issues: read
packages: read
pages: read
pull-requests: read
repository-projects: read
statuses: read
with:
flavor: ubuntu
flavor_release: "22.04"
family: ubuntu
base_image: ubuntu:22.04
model: generic
variant: core
arch: amd64
core-ubuntu-24-lts:
uses: ./.github/workflows/reusable-build-flavor.yaml
secrets: inherit
permissions:
contents: write
security-events: write
id-token: write
actions: read
attestations: read
checks: read
deployments: read
discussions: read
issues: read
packages: read
pages: read
pull-requests: read
repository-projects: read
statuses: read
with:
flavor: ubuntu
flavor_release: "24.04"
family: ubuntu
base_image: ubuntu:24.04
model: generic
variant: core
arch: amd64
core-ubuntu-24-10:
uses: ./.github/workflows/reusable-build-flavor.yaml
secrets: inherit
permissions:
contents: write
security-events: write
id-token: write
actions: read
attestations: read
checks: read
deployments: read
discussions: read
issues: read
packages: read
pages: read
pull-requests: read
repository-projects: read
statuses: read
with:
flavor: ubuntu
flavor_release: "24.10"
family: ubuntu
base_image: ubuntu:24.10
model: generic
variant: core
arch: amd64
core-alpine:
uses: ./.github/workflows/reusable-build-flavor.yaml
secrets: inherit
permissions:
contents: write
security-events: write
id-token: write
actions: read
attestations: read
checks: read
deployments: read
discussions: read
issues: read
packages: read
pages: read
pull-requests: read
repository-projects: read
statuses: read
with:
flavor: alpine
flavor_release: "3.19"
family: alpine
base_image: alpine:3.19
model: generic
variant: core
arch: amd64
standard:
uses: ./.github/workflows/reusable-build-provider.yaml
secrets: inherit
permissions:
id-token: write # OIDC support
contents: write
security-events: write
actions: read
attestations: read
checks: read
deployments: read
discussions: read
issues: read
packages: read
pages: read
pull-requests: read
repository-projects: read
statuses: read
with:
flavor: opensuse
flavor_release: "leap-15.6"
family: opensuse
base_image: opensuse/leap:15.6
model: generic
variant: standard
arch: amd64
install:
uses: ./.github/workflows/reusable-install-test.yaml
secrets: inherit
with:
flavor: ubuntu
flavor_release: "24.04"
secureboot: false
needs:
- core-ubuntu-24-lts
install-target:
secrets: inherit
uses: ./.github/workflows/reusable-install-test-target.yaml
with:
flavor: ubuntu
flavor_release: "24.04"
secureboot: false
needs:
- core-ubuntu-24-lts
install-secureboot:
uses: ./.github/workflows/reusable-install-test.yaml
secrets: inherit
with:
flavor: ubuntu
flavor_release: "24.04"
secureboot: true
needs:
- core-ubuntu-24-lts
install-alpine:
uses: ./.github/workflows/reusable-install-test.yaml
secrets: inherit
with:
flavor: alpine
flavor_release: "3.19"
needs:
- core-alpine
zfs:
uses: ./.github/workflows/reusable-zfs-test.yaml
secrets: inherit
with:
flavor: ubuntu
flavor_release: "22.04"
needs:
- core-ubuntu-22-lts
acceptance:
uses: ./.github/workflows/reusable-qemu-acceptance-test.yaml
secrets: inherit
with:
flavor: ubuntu
flavor_release: "24.04"
needs:
- core-ubuntu-24-lts
acceptance-alpine:
uses: ./.github/workflows/reusable-qemu-acceptance-test.yaml
secrets: inherit
with:
flavor: alpine
flavor_release: "3.19"
needs:
- core-alpine
bundles:
uses: ./.github/workflows/reusable-qemu-bundles-test.yaml
secrets: inherit
with:
flavor: ubuntu
flavor_release: "24.04"
needs:
- core-ubuntu-24-lts
reset:
uses: ./.github/workflows/reusable-qemu-reset-test.yaml
secrets: inherit
with:
flavor: ubuntu
flavor_release: "24.04"
needs:
- core-ubuntu-24-lts
reset-alpine:
uses: ./.github/workflows/reusable-qemu-reset-test.yaml
secrets: inherit
with:
flavor: alpine
flavor_release: "3.19"
needs:
- core-alpine
netboot:
uses: ./.github/workflows/reusable-qemu-netboot-test.yaml
secrets: inherit
with:
flavor: ubuntu
flavor_release: "24.04"
family: ubuntu
base_image: ubuntu:24.04
model: generic
variant: core
needs:
- core-ubuntu-24-lts
netboot-alpine:
uses: ./.github/workflows/reusable-qemu-netboot-test.yaml
secrets: inherit
with:
flavor: alpine
flavor_release: "3.19"
family: alpine
base_image: alpine:3.19
model: generic
variant: core
needs:
- core-alpine
upgrade:
uses: ./.github/workflows/reusable-upgrade-with-cli-test.yaml
secrets: inherit
with:
flavor: ubuntu
flavor_release: "24.04"
needs:
- core-ubuntu-24-lts
upgrade-alpine:
uses: ./.github/workflows/reusable-upgrade-with-cli-test.yaml
secrets: inherit
with:
flavor: alpine
flavor_release: "3.19"
needs:
- core-alpine
upgrade-latest:
uses: ./.github/workflows/reusable-upgrade-latest-test.yaml
secrets: inherit
with:
flavor: ubuntu
flavor_release: "24.04"
family: "ubuntu"
# release_matcher: "23.10" # introduced so tests can be green while we wait for the kairos release with the latest flavor release
needs:
- core-ubuntu-24-lts
# enable once the first alpine only release is out as it currently cannot find the latest alpine release properly
# upgrade-latest-alpine:
# uses: ./.github/workflows/reusable-upgrade-latest-test.yaml
# with:
# flavor: alpine
# flavor_release: "3.19"
# needs:
# - core-alpine
custom-partitioning:
secrets: inherit
uses: ./.github/workflows/reusable-custom-partitioning-test.yaml
permissions:
id-token: write # OIDC support
contents: write
security-events: write
actions: read
attestations: read
checks: read
deployments: read
discussions: read
issues: read
packages: read
pages: read
pull-requests: read
repository-projects: read
statuses: read
with:
flavor: ${{ matrix.flavor }}
flavor_release: ${{ matrix.flavorRelease }}
needs:
- core-ubuntu-24-lts
strategy:
fail-fast: true
matrix:
flavor:
- "ubuntu"
flavorRelease:
- "24.04"
encryption:
secrets: inherit
uses: ./.github/workflows/reusable-encryption-test.yaml
with:
flavor: ubuntu
flavor_release: "24.04"
label: ${{ matrix.label }}
needs:
- core-ubuntu-24-lts
strategy:
fail-fast: true
matrix:
label:
- "local-encryption"
- "remote-auto"
- "remote-static"
- "remote-https-pinned"
- "remote-https-bad-cert"
encryption-alpine:
secrets: inherit
uses: ./.github/workflows/reusable-encryption-test.yaml
with:
flavor: alpine
flavor_release: "3.19"
label: ${{ matrix.label }}
needs:
- core-alpine
strategy:
fail-fast: true
matrix:
label:
- "local-encryption"
- "remote-auto"
- "remote-static"
- "remote-https-pinned"
- "remote-https-bad-cert"