ci: move workflow to oci runner (#3426)

* ci: move workflow to oci runner Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * fix: some changes on top Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> --------- Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
2026-06-17 12:58:02 +08:00 · 2025-10-03 11:51:12 -07:00
parent 799496b7d3
commit d5779cfec8
5 changed files with 28 additions and 25 deletions
@@ -14,7 +14,7 @@ permissions: read-all
 jobs:
  client-tools:
    name: Check client tools
-    runs-on: ubuntu-latest-16-cores
+    runs-on: oracle-vm-16cpu-64gb-x86-64
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-go@v6
@@ -1,4 +1,5 @@
 export GO111MODULE=on
+SHELL := /bin/bash
 TOP_LEVEL=$(shell git rev-parse --show-toplevel)
 COMMIT_HASH=$(shell git describe --always --tags --long)
 RELEASE_TAG=$(shell git describe --tags --abbrev=0)
@@ -230,9 +230,9 @@ function teardown_file() {
    run notation cert generate-test "notation-sign-test"
    [ "$status" -eq 0 ]

-    local trust_policy_file=${HOME}/.config/notation/trustpolicy.json
+    local trust_policy_file=/tmp/trustpolicy.json

-    cat >${trust_policy_file} <<EOF
+    cat <<EOF >"${trust_policy_file}"
 {
    "version": "1.0",
    "trustPolicies": [
@@ -250,16 +250,17 @@ function teardown_file() {
    ]
 }
 EOF
-
-    run notation sign --key "notation-sign-test" --insecure-registry localhost:${zot_port}/annotations:latest
+    run notation policy import --force "${trust_policy_file}"
    [ "$status" -eq 0 ]
-    run notation verify --insecure-registry localhost:${zot_port}/annotations:latest
+    run notation sign --debug --verbose --force-referrers-tag=true --key "notation-sign-test" --insecure-registry localhost:${zot_port}/annotations:latest
+    [ "$status" -eq 0 ]
+    run notation verify --debug --verbose --insecure-registry localhost:${zot_port}/annotations:latest
    [ "$status" -eq 0 ]
    run notation list --insecure-registry localhost:${zot_port}/annotations:latest
    [ "$status" -eq 0 ]
 }

-@test "sign/verify with notation( NOTATION_EXPERIMENTAL=1 and --allow-referrers-api )" {
+@test "sign/verify with notation using referrers api" {
    zot_port=`cat ${BATS_FILE_TMPDIR}/zot.port`
    run curl -X POST -H "Content-Type: application/json" --data '{ "query": "{ ImageList(repo: \"annotations\") { Results { RepoName Tag Manifests {Digest ConfigDigest Size Layers { Size Digest }} Vendor Licenses }}}"}' http://localhost:${zot_port}/v2/_zot/ext/search
    [ "$status" -eq 0 ]
@@ -269,9 +270,9 @@ EOF
    run notation cert generate-test "notation-sign-test-experimental"
    [ "$status" -eq 0 ]

-    local trust_policy_file=${HOME}/.config/notation/trustpolicy.json
+    local trust_policy_file=/tmp/trustpolicy.json

-    cat >${trust_policy_file} <<EOF
+    cat <<EOF >"${trust_policy_file}"
 {
    "version": "1.0",
    "trustPolicies": [
@@ -290,12 +291,12 @@ EOF
 }
 EOF

-    export NOTATION_EXPERIMENTAL=1
-    run notation sign --allow-referrers-api --key "notation-sign-test-experimental" --insecure-registry localhost:${zot_port}/annotations:latest
+    run notation policy import --force "${trust_policy_file}"
    [ "$status" -eq 0 ]
-    run notation verify --allow-referrers-api --insecure-registry localhost:${zot_port}/annotations:latest
+    run notation sign --debug --verbose --force-referrers-tag=false --key "notation-sign-test-experimental" --insecure-registry localhost:${zot_port}/annotations:latest
    [ "$status" -eq 0 ]
-    run notation list --allow-referrers-api --insecure-registry localhost:${zot_port}/annotations:latest
+    run notation verify --debug --verbose --insecure-registry localhost:${zot_port}/annotations:latest
+    [ "$status" -eq 0 ]
+    run notation list --insecure-registry localhost:${zot_port}/annotations:latest
    [ "$status" -eq 0 ]
-    unset NOTATION_EXPERIMENTAL
 }
@@ -286,9 +286,9 @@ function teardown_file() {
    run notation cert generate-test "notation-sign-sync-test"
    [ "$status" -eq 0 ]

-    local trust_policy_file=${HOME}/.config/notation/trustpolicy.json
+    local trust_policy_file=/tmp/trustpolicy.json

-    cat >${trust_policy_file} <<EOF
+    cat <<EOF >"${trust_policy_file}"
 {
    "version": "1.0",
    "trustPolicies": [
@@ -306,10 +306,11 @@ function teardown_file() {
    ]
 }
 EOF
-
-    run notation sign --key "notation-sign-sync-test" --insecure-registry localhost:${zot_port3}/golang:1.20
+    run notation policy import --force "${trust_policy_file}"
    [ "$status" -eq 0 ]
-    run notation verify --insecure-registry localhost:${zot_port3}/golang:1.20
+    run notation sign --debug --verbose --key "notation-sign-sync-test" --insecure-registry localhost:${zot_port3}/golang:1.20
+    [ "$status" -eq 0 ]
+    run notation verify --debug --verbose --insecure-registry localhost:${zot_port3}/golang:1.20
    [ "$status" -eq 0 ]
    run notation list --insecure-registry localhost:${zot_port3}/golang:1.20
    [ "$status" -eq 0 ]
@@ -310,12 +310,10 @@ function teardown_file() {

@test "sign/verify with notation" {
    zot_port3=`cat ${BATS_FILE_TMPDIR}/zot.port3`
-    run notation cert generate-test "notation-sign-sync-test"
-    [ "$status" -eq 0 ]

-    local trust_policy_file=${HOME}/.config/notation/trustpolicy.json
+    local trust_policy_file=/tmp/trustpolicy.json

-    cat >${trust_policy_file} <<EOF
+    cat <<EOF >"${trust_policy_file}"
 {
    "version": "1.0",
    "trustPolicies": [
@@ -334,9 +332,11 @@ function teardown_file() {
 }
 EOF

-    run notation sign --key "notation-sign-sync-test" --insecure-registry localhost:${zot_port3}/golang:1.20
+    run notation policy import --force "${trust_policy_file}"
    [ "$status" -eq 0 ]
-    run notation verify --insecure-registry localhost:${zot_port3}/golang:1.20
+    run notation sign --debug --verbose --key "notation-sign-sync-test" --insecure-registry localhost:${zot_port3}/golang:1.20
+    [ "$status" -eq 0 ]
+    run notation verify --debug --verbose --insecure-registry localhost:${zot_port3}/golang:1.20
    [ "$status" -eq 0 ]
    run notation list --insecure-registry localhost:${zot_port3}/golang:1.20
    [ "$status" -eq 0 ]