[0.43.x] Fixing CVE #1509
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: test-gh-external-registries | |
on: | |
push: | |
branches: | |
- develop | |
pull_request_target: | |
types: [opened, reopened, synchronize, edited] | |
permissions: | |
contents: read | |
actions: none | |
checks: none | |
deployments: none | |
issues: none | |
packages: none | |
pull-requests: none | |
repository-projects: none | |
security-events: none | |
statuses: none | |
jobs: | |
test-gcr: | |
name: Test GH with GCR | |
runs-on: ubuntu-latest | |
environment: GCR e2e | |
steps: | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
persist-credentials: false | |
- name: Set up Go 1.x | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: go.mod | |
- name: Run Tests | |
env: | |
IMGPKG_E2E_IMAGE: "gcr.io/cf-k8s-lifecycle-tooling-klt/github-action-test-relocation" | |
IMGPKG_E2E_RELOCATION_REPO: "gcr.io/cf-k8s-lifecycle-tooling-klt/github-action-imgpkg-test" | |
GCR_PASSWORD: ${{ secrets.GCR_PASSWORD }} | |
run: | | |
set -e | |
# Prevent conflicts from multiple e2e tests run in parallel from diff PR's | |
export IMGPKG_E2E_IMAGE="$IMGPKG_E2E_IMAGE-$GITHUB_RUN_ID" | |
export IMGPKG_E2E_RELOCATION_REPO="$IMGPKG_E2E_RELOCATION_REPO-$GITHUB_RUN_ID" | |
docker login -u _json_key --password-stdin https://gcr.io <<< "$GCR_PASSWORD" | |
# pull registry for e2e tests that require a locally running docker registry. i.e. airgapped env tests | |
docker pull registry:2 | |
function cleanup { | |
set +e | |
{ | |
gcloud auth activate-service-account --key-file <(echo "$GCR_PASSWORD") | |
gcloud config set project cf-k8s-lifecycle-tooling-klt > /dev/null | |
gcloud container images list --filter=$GITHUB_RUN_ID | while read img; do | |
gcloud container images list-tags $img --format='get(digest)' | while read img_sha_to_delete; do | |
gcloud container images delete "${img}@${img_sha_to_delete}" --force-delete-tags --quiet | |
done | |
done | |
} > /dev/null | |
} | |
trap cleanup EXIT | |
./hack/test-all.sh | |