Switch to GitHub Actions #209
Conversation
| - ubuntu-latest | ||
| - macOS-latest | ||
| - windows-latest |
There was a problem hiding this comment.
Tests are also run on specific runners with respect to the target OS and the results are merged and sent to Codecov.
| --mount=type=bind,from=version,source=/tmp/.ldflags,target=/tmp/.ldflags <<EOT | ||
| set -ex | ||
| mkdir /out | ||
| xx-go install std |
There was a problem hiding this comment.
std needs to be installed for stdlib.
| FROM scratch AS binaries | ||
| COPY --from=build /out / | ||
|
|
||
| FROM debian:bullseye-slim AS build-deb |
There was a problem hiding this comment.
Build debian packages for pass and secretservice
| platforms = [ | ||
| // "darwin/amd64", | ||
| // "darwin/arm64", | ||
| "linux/amd64", |
There was a problem hiding this comment.
Containerized tests are only available for linux platform (that's why a specific job has been added in the build workflow).
| #SIGNINGHASH=$(security find-identity -v -p codesigning | grep "Developer ID Application: Docker Inc" | cut -d ' ' -f 4) | ||
| #xcrun -log codesign -s $(SIGNINGHASH) --force --verbose docker-credential-osxkeychain | ||
| #xcrun codesign --verify --deep --strict --verbose=2 --display docker-credential-osxkeychain |
There was a problem hiding this comment.
We discussed about that with @tonistiigi to sign our buildx MacOS binaries. I'm not sure if we should add secrets on the repo to be able to codesign (can be painful) or if we should create our own self-hosted MacOS GitHub Runner with the identity already available (cc @chris-crone).
| #echo ${PFX} | base64 -d > $dockerpfx | ||
| #signtool sign /fd SHA256 /a /f pfx /p ${PFXPASSWORD} /d Docker /du https://www.docker.com /t http://timestamp.verisign.com/scripts/timestamp.dll docker-credential-wincred.exe |
There was a problem hiding this comment.
Same as previous comment with Windows signtool.
| // These tests are not runnable from a headless environment such as | ||
| // Docker or a CI pipeline due to the DBus "prompt" interface being called | ||
| // when creating and unlocking a keychain. |
There was a problem hiding this comment.
Need to find a headless CLI tool to be able to run secretservice tests suite or we could mock prompter that connects to DBus.
crazy-max
force-pushed
the
gha
branch
3 times, most recently
from
ea27162
to
206d3c3
Compare
|
@crazy-max , Jenkinsfile is not used, you can delete it |
crazy-max
force-pushed
the
gha
branch
3 times, most recently
from
6b0653f
to
9097437
Compare
Done As @thaJeztah suggested I removed |
|
PTAL @thaJeztah @ebriney Since https://twitter.com/peter_szilagyi/status/1437646118700175360 I guess it's important to start ditching travis :) |
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
|
Removed the GitHub Release step as discussed with @ebriney |
|
Closing this one as we have moved to GHA in other PRs. Debian packaging will be moved to another repo in a follow-up. |
Follow-up #208 (cc @thaJeztah)
This PR allows to build credential helpers on GitHub Actions using cross-compilation thanks to tonistiigi/xx (cc @tonistiigi).
Run example: https://github.com/crazy-max/docker-credential-helpers/actions/runs/1181534227
@ebriney Is Jenkinsfile still used?
Signed-off-by: CrazyMax crazy-max@users.noreply.github.com