don't build label on missing package digests #208
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Integration Tests | |
| on: | |
| push: | |
| pull_request_target: | |
| types: [assigned, opened, synchronize, reopened] | |
| permissions: | |
| id-token: write | |
| packages: write | |
| contents: read | |
| attestations: write | |
| concurrency: | |
| group: ci-tests | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE: ghcr.io/${{ github.repository }} | |
| jobs: | |
| general-tests: | |
| name: General Tests | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| id: setup-node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: .node-version | |
| cache: npm | |
| - name: Install Dependencies | |
| id: npm-ci | |
| run: npm ci | |
| - name: Check Format | |
| id: npm-format-check | |
| run: npm run format:check | |
| - name: Lint | |
| id: npm-lint | |
| run: npm run lint | |
| - name: Test | |
| id: npm-ci-test | |
| run: npm run ci-test | |
| integration-tests: | |
| name: Test | |
| runs-on: ubuntu-24.04 | |
| needs: general-tests | |
| strategy: | |
| max-parallel: 1 | |
| matrix: | |
| tests: | |
| - title: '1a - Single: Untagged' | |
| purpose: 'Removes all untagged images (single arch)' | |
| folder: '1a_single-untagged' | |
| - title: '1b - Multi: Untagged' | |
| purpose: 'Removes all untagged images (multi arch)' | |
| folder: '1b_multi-untagged' | |
| - title: '2a - Single: Tagged' | |
| purpose: 'Removes images with specific tag (single arch)' | |
| folder: '2a_single-tagged' | |
| delete-tags: '1.35-uclibc,sha256:2707e3b95977dedc54aec62c1991be635d175c83dce0a0b5e8e43e545467003c' | |
| - title: '2b - Multi: Tagged' | |
| purpose: 'Removes images with specific tag (multi arch)' | |
| folder: '2b_multi-tagged' | |
| delete-tags: '^1.3[56]-uclibc$' | |
| use-regex: true | |
| - title: '3a - Single: Keep N Tagged' | |
| purpose: | |
| 'Removes all tags except the newest 2 tagged images (single arch) | |
| and keeps untagged' | |
| folder: '3a_single-keep-n-tagged' | |
| keep-n-tagged: 2 | |
| exclude-tags: sha256:1a41828fc1a347d7061f7089d6f0c94e5a056a3c674714712a1481a4a33eb56f | |
| use-regex: true | |
| - title: '3b - Multi: Keep N Tagged' | |
| purpose: | |
| 'Removes all tags except the newest 2 tagged images (multi arch) | |
| and keeps untagged' | |
| folder: '3b_multi-keep-n-tagged' | |
| keep-n-tagged: 2 | |
| exclude-tags: dummy | |
| - title: '4a - Single: Keep N Untagged' | |
| purpose: | |
| 'Keeps all tagged images and removes all but the newest 2 untagged | |
| images (single arch)' | |
| folder: '4a_single-keep-n-untagged' | |
| keep-n-untagged: 2 | |
| - title: '4b - Multi: Keep N Untagged' | |
| purpose: | |
| 'Keeps all tagged images and removes all but the newest 2 untagged | |
| images (multi arch)' | |
| folder: '4b_multi-keep-n-untagged' | |
| keep-n-untagged: 2 | |
| - title: '5 - Dry-Run' | |
| purpose: 'No packages are removed' | |
| folder: '5_dry-run' | |
| dry-run: true | |
| - title: '6a - Missing Digests: Tagged' | |
| purpose: 'Looks for missing digests' | |
| folder: '6a_missing-digests-tagged' | |
| delete-tags: '1.34-uclibc' | |
| - title: '6b - Ghost Images' | |
| purpose: 'Deletes Ghost images' | |
| folder: '6b_ghost-images' | |
| delete-ghost-images: true | |
| - title: '6c - Partial Images' | |
| purpose: 'Deletes Partial images' | |
| folder: '6c_partial-images' | |
| delete-partial-images: true | |
| - title: '6d - Orphaned Images' | |
| purpose: 'Deletes Orphaned images' | |
| folder: '6d_orphaned-images' | |
| delete-orphaned-images: true | |
| - title: '7a - Single: Untagging Images' | |
| purpose: 'Untagging multi tagged images (single arch)' | |
| folder: '7a_single-untagging' | |
| delete-tags: tag1,tag2 | |
| - title: '7b - Single: Untagging All Images' | |
| purpose: 'Untagging all multi tagged images (single arch)' | |
| folder: '7b_single-untagging-all' | |
| delete-tags: tag1,tag2,tag3 | |
| - title: '7c - Multi: Untagging Images' | |
| purpose: 'Untagging multi tagged images (multi arch)' | |
| folder: '7c_multi-untagging' | |
| delete-tags: tag2,tag3 | |
| - title: '8a - Multi: Complex' | |
| purpose: 'Complex combined Test (multi arch)' | |
| folder: '8a_multi-complex' | |
| keep-n-tagged: 1 | |
| delete-untagged: true | |
| delete-tags: sha256:136787c141852fd4b9b1e06e7cfda442fc3903a7b40b8fe9c91e0a97cb68aaf6 | |
| exclude-tags: sha256:1a41828fc1a347d7061f7089d6f0c94e5a056a3c674714712a1481a4a33eb56f | |
| - title: '8b - Multi: Complex' | |
| purpose: 'Complex combined Test (multi arch)' | |
| folder: '8b_multi-complex' | |
| keep-n-tagged: 1 | |
| keep-n-untagged: 1 | |
| delete-tags: 1.34-uclibc | |
| exclude-tags: dummy | |
| validate: true | |
| - title: '8c - Multi: Complex' | |
| purpose: 'Complex combined Test (multi arch)' | |
| folder: '8c_multi-complex' | |
| keep-n-tagged: 0 | |
| keep-n-untagged: 0 | |
| exclude-tags: dummy | |
| - title: '9a - Multi: Older Than Skip All Images' | |
| purpose: 'Skip processing all images' | |
| folder: '9a_multi-older-than-skip' | |
| older-than: 30 years | |
| - title: '9b - Multi: Older Than Normal Processing ' | |
| purpose: 'Normal processing all images' | |
| folder: '9b_multi-older-than-process' | |
| older-than: 1 second | |
| steps: | |
| # Setup for test execution | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: .node-version | |
| cache: npm | |
| # Execution of respective test | |
| - name: 'Starting Test: ${{ matrix.tests.title }}' | |
| run: | | |
| echo "Purpose of test: ${{ matrix.tests.purpose }}" | |
| DELETE_TAGS="" | |
| if [ -n "${{ matrix.tests.delete-tags }}" ]; then | |
| DELETE_TAGS="${{ matrix.tests.delete-tags }}" | |
| fi | |
| DELETE_UNTAGGED="" | |
| if [ -n "${{ matrix.tests.delete-untagged }}" ]; then | |
| DELETE_UNTAGGED="${{ matrix.tests.delete-untagged }}" | |
| fi | |
| DELETE_GHOST_IMAGES="" | |
| if [ -n "${{ matrix.tests.delete-ghost-images }}" ]; then | |
| DELETE_GHOST_IMAGES="${{ matrix.tests.delete-ghost-images }}" | |
| fi | |
| DELETE_PARTIAL_IMAGES="" | |
| if [ -n "${{ matrix.tests.delete-partial-images }}" ]; then | |
| DELETE_PARTIAL_IMAGES="${{ matrix.tests.delete-partial-images }}" | |
| fi | |
| DELETE_ORPHANED_IMAGES="" | |
| if [ -n "${{ matrix.tests.delete-orphaned-images }}" ]; then | |
| DELETE_ORPHANED_IMAGES="${{ matrix.tests.delete-orphaned-images }}" | |
| fi | |
| KEEP_N_TAGGED="" | |
| if [ -n "${{ matrix.tests.keep-n-tagged }}" ]; then | |
| KEEP_N_TAGGED="${{ matrix.tests.keep-n-tagged }}" | |
| fi | |
| KEEP_N_UNTAGGED="" | |
| if [ -n "${{ matrix.tests.keep-n-untagged }}" ]; then | |
| KEEP_N_UNTAGGED="${{ matrix.tests.keep-n-untagged }}" | |
| fi | |
| EXCLUDE_TAGS="" | |
| if [ -n "${{ matrix.tests.exclude-tags }}" ]; then | |
| EXCLUDE_TAGS="${{ matrix.tests.exclude-tags }}" | |
| fi | |
| OLDER_THAN="" | |
| if [ -n "${{ matrix.tests.older-than }}" ]; then | |
| OLDER_THAN="${{ matrix.tests.older-than }}" | |
| fi | |
| DRY_RUN="" | |
| if [ -n "${{ matrix.tests.dry-run }}" ]; then | |
| DRY_RUN="${{ matrix.tests.dry-run }}" | |
| fi | |
| USE_REGEX="" | |
| if [ -n "${{ matrix.tests.use-regex }}" ]; then | |
| USE_REGEX="${{ matrix.tests.use-regex }}" | |
| fi | |
| VALIDATE="" | |
| if [ -n "${{ matrix.tests.validate }}" ]; then | |
| VALIDATE="${{ matrix.tests.validate }}" | |
| fi | |
| DELAY="0" | |
| if [ -n "$KEEP_N_TAGGED" ] || [ -n "$KEEP_N_UNTAGGED" ]; then | |
| DELAY="3000" | |
| fi | |
| { echo "DELETE_TAGS=$DELETE_TAGS"; | |
| echo "DELETE_UNTAGGED=$DELETE_UNTAGGED"; | |
| echo "DELETE_GHOST_IMAGES=$DELETE_GHOST_IMAGES"; | |
| echo "DELETE_PARTIAL_IMAGES=$DELETE_PARTIAL_IMAGES"; | |
| echo "DELETE_ORPHANED_IMAGES=$DELETE_ORPHANED_IMAGES"; | |
| echo "KEEP_N_TAGGED=$KEEP_N_TAGGED"; | |
| echo "KEEP_N_UNTAGGED=$KEEP_N_UNTAGGED"; | |
| echo "EXCLUDE_TAGS=$EXCLUDE_TAGS"; | |
| echo "OLDER_THAN=$OLDER_THAN"; | |
| echo "DRY_RUN=$DRY_RUN"; | |
| echo "USE_REGEX=$USE_REGEX"; | |
| echo "VALIDATE=$VALIDATE"; | |
| echo "DELAY=$DELAY"; } >> "$GITHUB_ENV" | |
| - name: ' > Priming Test Environment' | |
| run: | | |
| node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} \ | |
| --directory tests/${{ matrix.tests.folder }} \ | |
| --mode prime --delay ${{ env.DELAY }} | |
| - name: ' > Running Workflow' | |
| uses: ./ | |
| with: | |
| delete-tags: ${{ env.DELETE_TAGS }} | |
| delete-untagged: ${{ env.DELETE_UNTAGGED }} | |
| delete-ghost-images: ${{ env.DELETE_GHOST_IMAGES }} | |
| delete-partial-images: ${{ env.DELETE_PARTIAL_IMAGES }} | |
| delete-orphaned-images: ${{ env.DELETE_ORPHANED_IMAGES }} | |
| keep-n-tagged: ${{ env.KEEP_N_TAGGED }} | |
| keep-n-untagged: ${{ env.KEEP_N_UNTAGGED }} | |
| exclude-tags: ${{ env.EXCLUDE_TAGS }} | |
| older-than: ${{ env.OLDER_THAN }} | |
| dry-run: ${{ env.DRY_RUN }} | |
| use-regex: ${{ env.USE_REGEX }} | |
| validate: ${{ env.VALIDATE }} | |
| log-level: info | |
| - name: ' > Validating Outcome' | |
| run: | | |
| node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} \ | |
| --directory tests/${{ matrix.tests.folder }} \ | |
| --mode validate | |
| github-attestation-tests: | |
| name: Github Referrer/Attestation Tests | |
| runs-on: ubuntu-24.04 | |
| env: | |
| REGISTRY: ghcr.io | |
| needs: integration-tests | |
| steps: | |
| # Setup for test execution | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: .node-version | |
| cache: npm | |
| # referrer/attestation tests | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - id: lower-repo | |
| run: | | |
| echo "repository=${GITHUB_REPOSITORY@L}" >> "$GITHUB_OUTPUT" | |
| # attestation tagged test | |
| - name: Prime Test - Attestation Tagged | |
| run: | |
| node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory | |
| tests/attestation-tagged --mode prime | |
| - name: Build and push image | |
| id: push1 | |
| uses: docker/[email protected] | |
| with: | |
| context: tests/attestation-tagged | |
| file: tests/attestation-tagged/Dockerfile.image | |
| push: true | |
| tags: | |
| ${{ env.REGISTRY }}/${{ steps.lower-repo.outputs.repository }}:test | |
| - name: Attest Image | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: | |
| ${{ env.REGISTRY }}/${{ steps.lower-repo.outputs.repository }} | |
| subject-digest: ${{ steps.push1.outputs.digest }} | |
| push-to-registry: true | |
| - name: Run Test - Attestation Tagged | |
| uses: ./ | |
| with: | |
| delete-tags: test | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Validate Test Results - Attestation Tagged | |
| run: | |
| node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory | |
| tests/attestation-tagged --mode validate | |
| # attestation untagged test | |
| - name: Prime Test - Attestation UnTagged | |
| run: | |
| node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory | |
| tests/attestation-untagged --mode prime | |
| - name: Build and push image 1 | |
| id: push2 | |
| uses: docker/[email protected] | |
| with: | |
| context: tests/attestation-untagged | |
| file: tests/attestation-untagged/Dockerfile.image1 | |
| push: true | |
| tags: | |
| ${{ env.REGISTRY }}/${{ steps.lower-repo.outputs.repository }}:test | |
| - name: Attest Image 1 | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: | |
| ${{ env.REGISTRY }}/${{ steps.lower-repo.outputs.repository }} | |
| subject-digest: ${{ steps.push2.outputs.digest }} | |
| push-to-registry: true | |
| - name: Build and push image 2 | |
| id: push3 | |
| uses: docker/[email protected] | |
| with: | |
| context: tests/attestation-untagged | |
| file: tests/attestation-untagged/Dockerfile.image2 | |
| push: true | |
| tags: | |
| ${{ env.REGISTRY }}/${{ steps.lower-repo.outputs.repository }}:test | |
| - name: Attest Image 2 | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: | |
| ${{ env.REGISTRY }}/${{ steps.lower-repo.outputs.repository }} | |
| subject-digest: ${{ steps.push3.outputs.digest }} | |
| push-to-registry: true | |
| - name: Save Digests - Attestation UnTagged | |
| run: | |
| node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory | |
| tests/attestation-untagged --mode save-expected --tag test | |
| - name: Run Test - Attestation UnTagged | |
| uses: ./ | |
| with: | |
| validate: true | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Validate Test Results - Attestation Tagged | |
| run: | |
| node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory | |
| tests/attestation-untagged --mode validate | |
| cosign-test: | |
| name: Cosign Test | |
| needs: github-attestation-tests | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: .node-version | |
| cache: npm | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - id: lower-repo | |
| run: | | |
| echo "repository=${GITHUB_REPOSITORY@L}" >> "$GITHUB_OUTPUT" | |
| - name: Prime Test - Cosign Test | |
| run: | |
| node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory | |
| tests/cosign --mode prime | |
| - name: Build and push image | |
| uses: docker/[email protected] | |
| with: | |
| context: tests/cosign | |
| file: tests/cosign/Dockerfile.image | |
| push: true | |
| tags: | |
| ${{ env.REGISTRY }}/${{ steps.lower-repo.outputs.repository | |
| }}:cosign | |
| - name: Install Cosign | |
| uses: sigstore/[email protected] | |
| - name: Sign container image | |
| run: | | |
| cosign sign -y ${{ env.REGISTRY }}/${{ steps.lower-repo.outputs.repository }}:cosign | |
| env: | |
| TAGS: cosign | |
| COSIGN_EXPERIMENTAL: false | |
| - name: Run Test - Cosign | |
| uses: ./ | |
| with: | |
| delete-tags: cosign | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Validate Test Results - Cosign | |
| run: | |
| node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory | |
| tests/cosign --mode validate | |
| multi-package-cleanup: | |
| name: Cleanup Multiple Packages | |
| runs-on: ubuntu-24.04 | |
| needs: cosign-test | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Run Test - Multi-package Cleanup | |
| uses: ./ | |
| with: | |
| validate: true | |
| packages: ghcr-cleanup-action,ghcr-cleanup-action-cache | |
| keep-n-tagged: 1 | |
| delete-untagged: true | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| shared-image-tagged-test: | |
| name: Shared Images Tagged Test | |
| runs-on: ubuntu-24.04 | |
| needs: multi-package-cleanup | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Prime Test - Shared Images Tagged Test | |
| run: | |
| node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory | |
| tests/shared-images-tagged --mode prime | |
| - name: Create builder | |
| run: docker buildx create --name mybuilder --use --bootstrap | |
| - name: Build multi-platform image1 | |
| run: | |
| docker buildx build --cache-to | |
| "type=registry,ref=$IMAGE-cache:latest,mode=max" --cache-from | |
| "type=registry,ref=$IMAGE-cache:latest" --platform | |
| linux/amd64,linux/arm64 --push -t "$IMAGE:image1" | |
| tests/shared-images-tagged | |
| - name: Build multi-platform image2 | |
| run: | |
| docker buildx build --cache-to | |
| "type=registry,ref=$IMAGE-cache:latest,mode=max" --cache-from | |
| "type=registry,ref=$IMAGE-cache:latest" --platform | |
| linux/amd64,linux/arm64 --push -t "$IMAGE:image2" | |
| tests/shared-images-tagged | |
| - name: Save Digests - Shared Images Tagged Test | |
| run: | |
| node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory | |
| tests/shared-images-tagged --mode save-expected --tag image2 | |
| - name: Run Test - Shared Images Tagged Test | |
| uses: ./ | |
| with: | |
| validate: true | |
| delete-tags: image1 | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Validate Test Results - Shared Images Tagged Test | |
| run: | |
| node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory | |
| tests/shared-images-tagged --mode validate | |
| shared-image-untagged-test: | |
| name: Shared Images Untagged Test | |
| runs-on: ubuntu-24.04 | |
| needs: shared-image-tagged-test | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Prime Test - Shared Images Untagged Test | |
| run: | |
| node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory | |
| tests/shared-images-untagged --mode prime | |
| - name: Create builder | |
| run: docker buildx create --name mybuilder --use --bootstrap | |
| - name: Build multi-platform dummy | |
| run: | |
| docker buildx build --cache-to | |
| "type=registry,ref=$IMAGE-cache:latest,mode=max" --cache-from | |
| "type=registry,ref=$IMAGE-cache:latest" --platform | |
| linux/amd64,linux/arm64 --push -t "$IMAGE:dummy" | |
| tests/shared-images-untagged | |
| - name: Build multi-platform dummy | |
| run: | |
| docker buildx build --cache-to | |
| "type=registry,ref=$IMAGE-cache:latest,mode=max" --cache-from | |
| "type=registry,ref=$IMAGE-cache:latest" --platform | |
| linux/amd64,linux/arm64 --push -t "$IMAGE:dummy" | |
| tests/shared-images-untagged | |
| - name: Reload dummy - Shared Images Untagged Test | |
| run: | |
| node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory | |
| tests/shared-images-untagged --mode prime-dummy | |
| - name: Run Test - Shared Images Untagged Test | |
| uses: ./ | |
| with: | |
| validate: true | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Validate Test Results - Shared Images Untagged Test | |
| run: | |
| node citester/index.js --token ${{ secrets.GITHUB_TOKEN }} --directory | |
| tests/shared-images-untagged --mode validate | |
| multi-package-cleanup-regex: | |
| name: Cleanup Multiple Packages - Regex | |
| runs-on: ubuntu-24.04 | |
| needs: shared-image-untagged-test | |
| env: | |
| GHCR_PAT: ${{secrets.GHCR_PAT}} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Run Test - Multi-package Cleanup | |
| if: ${{ env.GHCR_PAT }} | |
| uses: ./ | |
| with: | |
| validate: true | |
| packages: ghcr-cleanup-action* | |
| keep-n-tagged: 1 | |
| delete-untagged: true | |
| expand-packages: true | |
| use-regex: true | |
| token: ${{ env.GHCR_PAT }} |