diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 822a6498..e36ee9b6 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -5,6 +5,7 @@ name: Rust permissions: actions: read + packages: write on: push: @@ -14,6 +15,7 @@ on: workflow_dispatch: {} env: + REGISTRY: ghcr.io CARGO_TERM_COLOR: always jobs: @@ -133,7 +135,7 @@ jobs: needs: build runs-on: ubuntu-latest container: - image: quay.io/fedora/fedora-coreos:testing-devel + image: quay.io/fedora/fedora-bootc:40 options: "--privileged --pid=host -v /var/tmp:/var/tmp -v /run/dbus:/run/dbus -v /run/systemd:/run/systemd -v /:/run/host" steps: - name: Checkout repository @@ -144,8 +146,10 @@ jobs: name: ostree-ext-cli - name: Install run: install ostree-ext-cli /usr/bin && rm -v ostree-ext-cli + - name: login + run: podman login --authfile=auth.json --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} ${{ env.REGISTRY }} - name: Integration tests - run: ./ci/priv-integration.sh + run: env TEST_AUTH_FILE=$(pwd)/auth.json ./ci/priv-integration.sh container-build: name: "Container build" needs: build diff --git a/ci/priv-integration.sh b/ci/priv-integration.sh index a226ef03..f1d3fcd2 100755 --- a/ci/priv-integration.sh +++ b/ci/priv-integration.sh @@ -56,6 +56,23 @@ ostree-ext-cli container image prune-images --sysroot "${sysroot}" ostree-ext-cli container image list --repo "${sysroot}/ostree/repo" > out.txt test $(stat -c '%s' out.txt) = 0 +if test -n "${TEST_AUTH_FILE}"; then + # REGISTRY must also be set + test -n "${REGISTRY}" + mkdir -p /etc/ostree + auth_image=$REGISTRY/testimage + skopeo copy --authfile ${TEST_AUTH_FILE} docker://${image} docker://$REGISTRY/testimage + if skopeo inspect -n --no-creds docker://$REGISTRY/testimage >/dev/null; then + echo "should have failed to access image"; exit 1 + fi + auth_imgref=ostree-unverified-registry:${image} + if ostree-ext-cli container image pull --repo "${sysroot}/repo" "${auth_imgref}"; then + echo "should have failed to deploy authenticated image"; exit 1 + fi + cp -p $TEST_AUTH_FILE /etc/ostree/auth.json + ostree-ext-cli container image pull --repo "${sysroot}/repo" "${auth_imgref}" +fi + for img in "${image}"; do ostree-ext-cli container image deploy --sysroot "${sysroot}" \ --stateroot "${stateroot}" --imgref ostree-unverified-registry:"${img}"