77permissions : read-all
88jobs :
99 build-core :
10- uses : ./ .github/workflows/reusable-release .yaml
10+ uses : kairos-io/kairos-factory-action/ .github/workflows/reusable-factory .yaml@v0.0.6
1111 secrets : inherit
1212 permissions :
1313 id-token : write # OIDC support
1414 contents : write
15- actions : read
1615 security-events : write
16+ actions : read
17+ attestations : read
18+ checks : read
19+ deployments : read
20+ discussions : read
21+ issues : read
22+ packages : read
23+ pages : read
24+ pull-requests : read
25+ repository-projects : read
26+ statuses : read
1727 strategy :
1828 fail-fast : false
1929 matrix :
20- model : ["generic"]
21- variant : ["core"]
22- arch : ["arm64"]
2330 base_image :
2431 - " opensuse/leap:15.6"
2532 - " opensuse/tumbleweed:latest"
@@ -33,33 +40,54 @@ jobs:
3340 - " rockylinux:9"
3441 with :
3542 base_image : ${{ matrix.base_image }}
36- arch : ${{ matrix.arch }}
37- variant : ${{ matrix.variant }}
38- model : ${{ matrix.model }}
43+ arch : " amd64"
44+ model : " generic"
45+ version : " auto"
46+ iso : true
47+ grype : true
48+ grype_sarif : true
49+ trivy : true
50+ trivy_sarif : true
51+ list_release_artifacts : true
52+ cosign : true
53+ release : true
3954 build-core-rpi4 :
40- uses : ./ .github/workflows/reusable-release .yaml
55+ uses : kairos-io/kairos-factory-action/ .github/workflows/reusable-factory .yaml@v0.0.6
4156 secrets : inherit
4257 permissions :
4358 id-token : write # OIDC support
4459 contents : write
45- actions : read
4660 security-events : write
61+ actions : read
62+ attestations : read
63+ checks : read
64+ deployments : read
65+ discussions : read
66+ issues : read
67+ packages : read
68+ pages : read
69+ pull-requests : read
70+ repository-projects : read
71+ statuses : read
4772 strategy :
4873 fail-fast : false
4974 matrix :
50- model : ["rpi4"]
51- variant : ["core"]
52- arch : ["arm64"]
5375 base_image :
5476 - " opensuse/leap:15.6"
5577 - " ubuntu:20.04"
5678 - " ubuntu:22.04"
5779 - " alpine:3.21"
5880 with :
5981 base_image : ${{ matrix.base_image }}
60- arch : ${{ matrix.arch }}
61- variant : ${{ matrix.variant }}
62- model : ${{ matrix.model }}
82+ arch : " arm64"
83+ model : " rpi4"
84+ version : " auto"
85+ grype : true
86+ grype_sarif : true
87+ trivy : true
88+ trivy_sarif : true
89+ list_release_artifacts : true
90+ cosign : true
6391 get-k3s-versions :
6492 runs-on : ubuntu-latest
6593 outputs :
@@ -73,11 +101,11 @@ jobs:
73101 kubernetes_versions=$(curl -s https://api.github.com/repos/k3s-io/k3s/releases | jq -r '
74102 [.[] | select(.prerelease == false and .draft == false and (.tag_name | test("rc") | not)) | .tag_name]
75103 | map({
76- version: .,
77- minor: (split(".")[1:2]|join("")),
78- patch: (split(".")[2:3]|join("")|split("+")[0]),
79- revision: (split("+k3s")[1])
80- })
104+ version: .,
105+ minor: (split(".")[1:2]|join("")),
106+ patch: (split(".")[2:3]|join("")|split("+")[0]),
107+ revision: (split("+k3s")[1])
108+ })
81109 | group_by(.minor)
82110 | map(sort_by([(.patch | tonumber), (.revision | tonumber)]) | reverse | .[0])
83111 | sort_by(.minor | tonumber)
@@ -87,22 +115,29 @@ jobs:
87115 ' | jq -c '.')
88116 echo "kubernetes_versions=$kubernetes_versions" >> $GITHUB_OUTPUT
89117build-standard :
90- uses : ./ .github/workflows/reusable-release .yaml
118+ uses : kairos-io/kairos-factory-action/ .github/workflows/reusable-factory .yaml@v0.0.6
91119 secrets : inherit
92120 needs :
93121 - get-k3s-versions
94122 permissions :
95123 id-token : write # OIDC support
96124 contents : write
97- actions : read
98125 security-events : write
126+ actions : read
127+ attestations : read
128+ checks : read
129+ deployments : read
130+ discussions : read
131+ issues : read
132+ packages : read
133+ pages : read
134+ pull-requests : read
135+ repository-projects : read
136+ statuses : read
99137 strategy :
100138 fail-fast : false
101139 matrix :
102140 kubernetes_version : ${{ fromJson(needs.get-k3s-versions.outputs.kubernetes_versions) }}
103- model : ["generic"]
104- variant : ["standard"]
105- arch : ["arm64"]
106141 base_image :
107142 - " opensuse/leap:15.6"
108143 - " opensuse/tumbleweed:latest"
@@ -116,40 +151,61 @@ jobs:
116151 - " rockylinux:9"
117152 with :
118153 base_image : ${{ matrix.base_image }}
119- arch : ${{ matrix.arch }}
120- variant : ${{ matrix.variant }}
121- model : ${{ matrix.model }}
154+ arch : " amd64"
155+ model : " generic"
122156 kubernetes_version : ${{ matrix.kubernetes_version }}
123157 kubernetes_distro : " k3s"
158+ version : " auto"
159+ iso : true
160+ grype : true
161+ grype_sarif : true
162+ trivy : true
163+ trivy_sarif : true
164+ list_release_artifacts : true
165+ cosign : true
166+ release : true
124167 build-standard-rpi4 :
125- uses : ./ .github/workflows/reusable-release .yaml
168+ uses : kairos-io/kairos-factory-action/ .github/workflows/reusable-factory .yaml@v0.0.6
126169 secrets : inherit
127170 needs :
128171 - get-k3s-versions
129172 permissions :
130173 id-token : write # OIDC support
131174 contents : write
132- actions : read
133175 security-events : write
176+ actions : read
177+ attestations : read
178+ checks : read
179+ deployments : read
180+ discussions : read
181+ issues : read
182+ packages : read
183+ pages : read
184+ pull-requests : read
185+ repository-projects : read
186+ statuses : read
134187 strategy :
135188 fail-fast : false
136189 matrix :
137190 kubernetes_version : ${{ fromJson(needs.get-k3s-versions.outputs.kubernetes_versions) }}
138- model : ["rpi4"]
139- variant : ["standard"]
140- arch : ["arm64"]
141191 base_image :
142192 - " opensuse/leap:15.6"
143193 - " ubuntu:20.04"
144194 - " ubuntu:22.04"
145195 - " alpine:3.21"
146196 with :
147197 base_image : ${{ matrix.base_image }}
148- arch : ${{ matrix.arch }}
149- variant : ${{ matrix.variant }}
150- model : ${{ matrix.model }}
198+ arch : " amd64"
199+ model : " generic"
151200 kubernetes_version : ${{ matrix.kubernetes_version }}
152201 kubernetes_distro : " k3s"
202+ version : " auto"
203+ grype : true
204+ grype_sarif : true
205+ trivy : true
206+ trivy_sarif : true
207+ list_release_artifacts : true
208+ cosign : true
153209 build-nvidia-base :
154210 runs-on : ' ubuntu-24.04-arm'
155211 steps :
@@ -189,7 +245,7 @@ jobs:
189245 push : true
190246 tags : quay.io/kairos/cache:nvidia-base
191247 nvidia-arm-core :
192- uses : ./ .github/workflows/reusable-release .yaml
248+ uses : kairos-io/kairos-factory-action/ .github/workflows/reusable-factory .yaml@v0.0.6
193249 secrets : inherit
194250 permissions :
195251 id-token : write # OIDC support
@@ -208,15 +264,13 @@ jobs:
208264 statuses : read
209265 needs : build-nvidia-base
210266 with :
211- base_image : ${{ matrix.base_image }}
212- arch : ${{ matrix.arch }}
213- variant : ${{ matrix.variant }}
214- model : ${{ matrix.model }}
215- strategy :
216- fail-fast : false
217- matrix :
218- model : ["nvidia-jetson-agx-orin"]
219- variant : ["core"]
220- arch : ["arm64"]
221- base_image :
222- - " quay.io/kairos/cache:nvidia-base"
267+ base_image : " quay.io/kairos/cache:nvidia-base"
268+ arch : " arm64"
269+ model : " nvidia-jetson-agx-orin"
270+ version : " auto"
271+ grype : true
272+ grype_sarif : true
273+ trivy : true
274+ trivy_sarif : true
275+ list_release_artifacts : true
276+ cosign : true
0 commit comments