some-natalie · some-natalie · Mar 24, 2023 · Mar 24, 2023 · Mar 24, 2023 · Mar 24, 2023
diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml
@@ -6,74 +6,7 @@ on:
     types: [published] # build on release
 
 jobs:
-  build-ubuntu:
-    runs-on: ubuntu-latest # use the GitHub hosted runners
-    permissions:
-      contents: write # for uploading the SBOM to the release
-      packages: write # for uploading the finished container
-      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-      id-token: write # to complete the identity challenge with sigstore/fulcio when running outside of PRs
-    strategy:
-      matrix:
-        runner-image: [ubuntu-focal, rootless-ubuntu-focal, ubuntu-jammy]
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-
-      - name: Set version
-        run: echo "VERSION=$(cat ${GITHUB_EVENT_PATH} | jq -r '.release.tag_name')" >> $GITHUB_ENV
-
-      - name: Set short SHA
-        run: echo "SHA_SHORT=${GITHUB_SHA::7}" >> $GITHUB_ENV
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build and push the image
-        uses: docker/build-push-action@v4
-        id: build-and-push
-        with:
-          file: "images/${{ matrix.runner-image }}.Dockerfile"
-          push: true
-          tags: |
-            ghcr.io/some-natalie/kubernoodles/${{ matrix.runner-image }}:latest
-            ghcr.io/some-natalie/kubernoodles/${{ matrix.runner-image }}:${{ env.VERSION }}
-            ghcr.io/some-natalie/kubernoodles/${{ matrix.runner-image }}:${{ env.VERSION }}-${{ env.SHA_SHORT }}
-
-      - name: Run Anchore scan
-        uses: anchore/scan-action@v3
-        id: scan
-        with:
-          image: "ghcr.io/some-natalie/kubernoodles/${{ matrix.runner-image }}:${{ env.VERSION }}"
-          fail-build: false
-
-      - name: Upload Anchore scan report
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: ${{ steps.scan.outputs.sarif }}
-
-      - name: Generate SBOM for the Ubuntu-based runners
-        uses: anchore/sbom-action@v0
-        with:
-          image: ghcr.io/some-natalie/kubernoodles/${{ matrix.runner-image }}:${{ env.VERSION }}-${{ env.SHA_SHORT }}
-
-      - name: Install cosign
-        uses: sigstore/cosign-installer@main
-
-      - name: Sign the published Docker image
-        env:
-          COSIGN_EXPERIMENTAL: "true"
-        run: cosign sign ghcr.io/some-natalie/kubernoodles/${{ matrix.runner-image }}@${{ steps.build-and-push.outputs.digest }}
-
-  build-podman:
+  build-ubi8:
     runs-on: ubuntu-latest # use the GitHub hosted runners
     permissions:
       contents: write # for uploading the SBOM to the release
@@ -95,9 +28,9 @@ jobs:
         id: build-image
         uses: redhat-actions/buildah-build@v2
         with:
-          image: ghcr.io/some-natalie/kubernoodles/podman
+          image: ghcr.io/some-natalie/kubernoodles/ubi8
           tags: latest ${{ env.VERSION }} ${{ env.VERSION }}-${{ env.SHA_SHORT }}
-          containerfiles: images/podman.Dockerfile
+          containerfiles: images/ubi8.Dockerfile
 
       - name: Push image
         uses: redhat-actions/push-to-registry@v2
@@ -113,7 +46,7 @@ jobs:
         uses: anchore/scan-action@v3
         id: scan
         with:
-          image: "ghcr.io/some-natalie/kubernoodles/podman:${{ env.VERSION }}"
+          image: "ghcr.io/some-natalie/kubernoodles/ubi8:${{ env.VERSION }}"
           fail-build: false
 
       - name: Upload Anchore scan report
@@ -124,7 +57,7 @@ jobs:
       - name: Generate SBOM for the Podman (Fedora 37) runner
         uses: anchore/sbom-action@v0
         with:
-          image: ghcr.io/some-natalie/kubernoodles/podman:${{ env.VERSION }}-${{ env.SHA_SHORT }}
+          image: ghcr.io/some-natalie/kubernoodles/ubi8:${{ env.VERSION }}-${{ env.SHA_SHORT }}
 
       - name: Get image digest
         run: echo "IMAGE_DIGEST=$(cat digest.txt)" >> $GITHUB_ENV
@@ -138,33 +71,4 @@ jobs:
       - name: Sign the published Docker image
         env:
           COSIGN_EXPERIMENTAL: "true"
-        run: cosign sign ghcr.io/some-natalie/kubernoodles/podman@${{ env.IMAGE_DIGEST }}
-
-  deploy:
-    runs-on: ubuntu-latest # use the GitHub hosted runners to deploy the self-hosted runners in GHEC
-    # If using GHES or GHAE, use another deployment, such as having CentOS redeploy Ubuntu and vice versa
-    environment: production
-    needs: [build-podman, build-ubuntu]
-    strategy:
-      matrix:
-        runner-image:
-          [podman, ubuntu-focal, rootless-ubuntu-focal, ubuntu-jammy]
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-
-      - name: Write out the kubeconfig info
-        run: |
-          echo ${{ secrets.DEPLOY_ACCOUNT }} | base64 -d > /tmp/config
-
-      - name: Update deployments
-        run: |
-          kubectl delete -f deployments/${{ matrix.runner-image }}.yml
-          sleep 30
-          kubectl apply -f deployments/${{ matrix.runner-image }}.yml
-        env:
-          KUBECONFIG: /tmp/config
-
-      - name: Remove kubeconfig info
-        run: rm -f /tmp/config
+        run: cosign sign ghcr.io/some-natalie/kubernoodles/ubi8@${{ env.IMAGE_DIGEST }}
diff --git a/.github/workflows/test-podman.yml b/.github/workflows/test-podman.yml
diff --git a/.github/workflows/test-rootless-ubuntu-focal.yml b/.github/workflows/test-rootless-ubuntu-focal.yml