RFC: add encrypted scratch space for sandbox #3244
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# (C) Copyright Confidential Containers Contributors 2023. | |
# SPDX-License-Identifier: Apache-2.0 | |
# | |
# Run end-to-end (e2e) tests on pull request. | |
--- | |
name: e2e tests | |
on: | |
# Note on repository checkout: pull_request_target sets `GITHUB_SHA` to the | |
# "last commit on the PR base branch", meaning that by default `actions/checkout` | |
# is going to checkout the repository main branch. In order to pick up the pull | |
# request code, this workflow uses the `github.event.pull_request.head.sha` | |
# property to get the last commit on the HEAD branch. One limitation of this approach | |
# is that, unlike the `pull_request` event, the checked pull request isn't necessarily | |
# rebased to main (so it is up to users ensure the pull request is rebased **before* | |
# triggering this workflow). | |
pull_request_target: | |
types: | |
# This workflow will be run if the pull request is labeled test_e2e_libvirt, so | |
# adding 'labeled' to the list of activity types. | |
# | |
- opened | |
- synchronize | |
- reopened | |
- labeled | |
branches: | |
- 'main' | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
authorize: | |
runs-on: ubuntu-24.04 | |
if: contains(github.event.pull_request.labels.*.name, 'test_e2e_libvirt') | |
steps: | |
- run: "true" | |
e2e: | |
uses: ./.github/workflows/e2e_run_all.yaml | |
needs: [authorize] | |
with: | |
caa_image_tag: ci-pr${{ github.event.number }} | |
git_ref: ${{ github.event.pull_request.head.sha }} | |
podvm_image_tag: ci-pr${{ github.event.number }} | |
registry: ghcr.io/${{ github.repository_owner }} | |
secrets: inherit |