Skip to content

[0.43.x] Fixing CVE #1509

[0.43.x] Fixing CVE

[0.43.x] Fixing CVE #1509

name: test-gh-external-registries
on:
push:
branches:
- develop
pull_request_target:
types: [opened, reopened, synchronize, edited]
permissions:
contents: read
actions: none
checks: none
deployments: none
issues: none
packages: none
pull-requests: none
repository-projects: none
security-events: none
statuses: none
jobs:
test-gcr:
name: Test GH with GCR
runs-on: ubuntu-latest
environment: GCR e2e
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
persist-credentials: false
- name: Set up Go 1.x
uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: Run Tests
env:
IMGPKG_E2E_IMAGE: "gcr.io/cf-k8s-lifecycle-tooling-klt/github-action-test-relocation"
IMGPKG_E2E_RELOCATION_REPO: "gcr.io/cf-k8s-lifecycle-tooling-klt/github-action-imgpkg-test"
GCR_PASSWORD: ${{ secrets.GCR_PASSWORD }}
run: |
set -e
# Prevent conflicts from multiple e2e tests run in parallel from diff PR's
export IMGPKG_E2E_IMAGE="$IMGPKG_E2E_IMAGE-$GITHUB_RUN_ID"
export IMGPKG_E2E_RELOCATION_REPO="$IMGPKG_E2E_RELOCATION_REPO-$GITHUB_RUN_ID"
docker login -u _json_key --password-stdin https://gcr.io <<< "$GCR_PASSWORD"
# pull registry for e2e tests that require a locally running docker registry. i.e. airgapped env tests
docker pull registry:2
function cleanup {
set +e
{
gcloud auth activate-service-account --key-file <(echo "$GCR_PASSWORD")
gcloud config set project cf-k8s-lifecycle-tooling-klt > /dev/null
gcloud container images list --filter=$GITHUB_RUN_ID | while read img; do
gcloud container images list-tags $img --format='get(digest)' | while read img_sha_to_delete; do
gcloud container images delete "${img}@${img_sha_to_delete}" --force-delete-tags --quiet
done
done
} > /dev/null
}
trap cleanup EXIT
./hack/test-all.sh