Skip to content

verify-conformance #5420

verify-conformance

verify-conformance #5420

name: verify-conformance
on:
workflow_dispatch: {}
schedule:
- cron: '0 * * * *'
# NOTE: docs available at
# https://github.com/kubernetes-sigs/verify-conformance/blob/main/docs/maintainance.md#deployment
# TODO(BobyMCbobs): auto update image, but don't use latest tag
jobs:
verify-conformance:
if: ${{ github.repository == 'cncf/k8s-conformance' }}
env:
IMAGE: gcr.io/k8s-staging-apisnoop/verify-conformance:v20241213-2024-08-14-1030-18-g8df32a2@sha256:a2dba117e7f049d8f21704f03525af44682a5d2546cf2fd6a8b0eaaa19c6eb95
runs-on: ubuntu-latest
steps:
- name: write-config
env:
GH_APP_PRIVATE_KEY: ${{ secrets.GH_APP_PRIVATE_KEY }}
GH_APP_ID: ${{ secrets.GH_APP_ID }}
GH_APP_HMAC: ${{ secrets.GH_APP_HMAC }}
run: |
mkdir -p ./tmp/
echo '${{ env.GH_APP_PRIVATE_KEY }}' | base64 -d > ./tmp/github-app-private-key
echo '${{ env.GH_APP_HMAC }}' > ./tmp/hmac
- name: verify-conformance
env:
GH_APP_ID: ${{ secrets.GH_APP_ID }}
REPO: ${{ github.repository }}
run: |
set -x
docker run --rm \
-v "$PWD:$PWD:ro" \
--workdir "$PWD" \
"${{ env.IMAGE }}" \
--github-endpoint=https://api.github.com \
--dry-run=false \
--github-app-id="${{ env.GH_APP_ID }}" \
--github-app-private-key-path="$PWD/tmp/github-app-private-key" \
--hmac-secret-file=$PWD/tmp/hmac \
--repo="$REPO"
- name: cleanup
if: ${{ always() }}
run: |
rm -rf ./tmp/