From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <isar-users+bncBD7ZZZNM2YPRBI63YDIAMGQERH3A2QQ@googlegroups.com>
Received: from shymkent.ilbers.de ([unix socket])
	 by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA;
	 Fri, 22 May 2026 12:19:23 +0200
X-Sieve: CMU Sieve 2.4
Received: from mail-wm1-f59.google.com (mail-wm1-f59.google.com [209.85.128.59])
	by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 64MAJMAf004416
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <iupi@ilbers.de>; Fri, 22 May 2026 12:19:22 +0200
Received: by mail-wm1-f59.google.com with SMTP id 5b1f17b1804b1-48fe40b61a3sf46734585e9.3
        for <iupi@ilbers.de>; Fri, 22 May 2026 03:19:22 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1779445157; cv=pass;
        d=google.com; s=arc-20240605;
        b=gi5v5sMG78JsfCOJ06sjH4VLrWTWA1I5enxtUJbUkGjYpSJqNXBPhNmWWegLGf5I+p
         VmO3gc7ZTL+sATmMH0dT9/LfAMXRntqR6xChGvJvwa+xfIubzeed8+JJ2DWBDJZhLW4U
         izezXPRABtMJDLKBYt46DnV9s583u4/PiIX8/ov2oAuAzv+LOGDIee7geQadc1GDRyRH
         l4xygSZfAvO5YyGjubgMNPs3zJjU2QrbsGqExYThpJIrN3H9dWSnSEHxtl+5T9Qf3xCU
         wWp4fd6neipZqCL0a29TcZ78ehc/VTn2OyXpV8ZrxpkRUivVyq0uANzMVAxwlANhWw0b
         hfaw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:in-reply-to:from:content-language
         :references:cc:to:subject:user-agent:mime-version:date:message-id
         :sender:dkim-signature;
        bh=lrpl3TradEoi4d+MGfYyH9YUum6yQ0meRqaWjAAk9aA=;
        fh=pskS4VFwUByqV9Mfl6u+yMpre5FkkENVb4KkmcaSWmY=;
        b=N6LVS92tSWOCAHd0y5iCDfAdrxbcutIymOswK5T3p5Xv5FYcF3K0mYu06w6csCgLtX
         BDgyTsEV3WHwqtdARFOFPz9xpUdH7LGNP9pHEGecQHvvm0zxzqkbC/YUPk66UVMcNCrn
         ljLS4bu3ZO78B+I+nNBH/CSdmf/nvSVTPiiqoMXjE0TUWg0YqkUsQD57L0522Fe48P4j
         HEHE6lruUrLmkDbzmjbGGtxYG3A6n2wjmNoPntX8R3kGHvwxD0CK/DVJPqM7Pqmfk5bW
         pP/rbFoj1lcLYHgSVLaP0ox/fDypyaZcQP4T8XT3bBCWb1aWsrd+UpRr80O6RWjVl7c7
         ApYA==;
        darn=ilbers.de
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       spf=pass (google.com: domain of wzh@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=wzh@ilbers.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20251104; t=1779445157; x=1780049957; darn=ilbers.de;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:in-reply-to:from:content-language:references:cc
         :to:subject:user-agent:mime-version:date:message-id:sender:from:to
         :cc:subject:date:message-id:reply-to;
        bh=lrpl3TradEoi4d+MGfYyH9YUum6yQ0meRqaWjAAk9aA=;
        b=Q2dBF16ZoGnyOii+Hpsw0G1jKiJPGxxJJ2S9nsbEfZKjDThJFeBbHjTZJj5UM6P0Hb
         Di5ElKSF3KJr6novlUMQEDOq+X0dz/WQCAKs3KIHOywtODqSRmMTPSAwtyb/NfRFLhlN
         p2XZIZBn8ByqGOe59+FVBg6gtYqMC2K3n/wjBHkKT17zNfuOpmLyrzAFw+pDNS42yogl
         rqv8+JLH6r2H8czvphNbt+3/MlI9f/3dX5+tqw5197NIwBOBv1/3eteaMkYaK9czJ9ij
         DdvryiofGsnDKyyMwsMI1o7Pt2j0C41DjdFsOHHsNzk8zNkxvUo8yRcyJV+IjMoEAMsT
         O28w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1779445157; x=1780049957;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :x-spam-checked-in-group:list-id:mailing-list:precedence
         :x-original-authentication-results:x-original-sender:in-reply-to
         :from:content-language:references:cc:to:subject:user-agent
         :mime-version:date:message-id:x-beenthere:x-gm-message-state:sender
         :from:to:cc:subject:date:message-id:reply-to;
        bh=lrpl3TradEoi4d+MGfYyH9YUum6yQ0meRqaWjAAk9aA=;
        b=dn7nkT/IWrvBPExyKl5SAata9mGVrSRbKOBnEQqyEcj/q60N885Jj0Bjds04QqVpW5
         2S1IkvHdIDS9rYB1phceLvTxP7tp5IFgqOox2U65qxCkS9JFCGIkPYRD3tmPAmyCuU9i
         pz3iRTU8ye71u9dQjHwfXMY42to65B0ngqcOyVOjDFuyMBJKVu9RcgIjRZF9NdzwEd5o
         KfU6PhZrcyCtPvugPcttUruclbT5x1T8XYKfoVCFQK5Mn1hzFOI9ffAV0M29FjofVDzp
         1zpyszRMo+RE1FLCekwg3Q7Mb8mxM64N2Yn2u/3uv2diObF57PbPPBNzID3WgQ5kM12g
         /bDw==
Sender: isar-users@googlegroups.com
X-Forwarded-Encrypted: i=2; AFNElJ+MWLkC4XCqMj1+/Z8qcUIYOjzue41R8gWCexDBqpt7mZ2CdbsZS5iQHkFlXLSqmVb2yXMI@ilbers.de
X-Gm-Message-State: AOJu0Yxsjbj4addC040+32oHOMS4ESOGg8pEqi2pgrr9ycDReHd4NnNv
	/PCeJqK2QsDWgQWBG4lGk0Lbx+2sTSofx/vdkV7A6DYpatBdcQWGZjfD
X-Received: by 2002:a05:600c:4f0b:b0:489:1ba8:5bf0 with SMTP id 5b1f17b1804b1-490426c5b05mr38152595e9.21.1779445156572;
        Fri, 22 May 2026 03:19:16 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com; h="AUV6zMMLsucXTOhMPMBEYzYoltR8tzneNZjKerbUrRIak1Y9wQ=="
Received: by 2002:a05:600c:aca:b0:487:1839:ece9 with SMTP id
 5b1f17b1804b1-48fdb1cd5afls59932415e9.1.-pod-prod-08-eu; Fri, 22 May 2026
 03:19:12 -0700 (PDT)
X-Forwarded-Encrypted: i=2; AFNElJ/V0NBqu0SBvj/Kkt0hVnOy2P7Y+gmOwuGN9vAlKmAxLSRPSwcLZJ6r8IaX/FxtqGrf+u0c3zaHnH5l@googlegroups.com
X-Received: by 2002:a05:600c:4510:b0:48f:e230:c3fa with SMTP id 5b1f17b1804b1-490428ddc9fmr38014135e9.32.1779445152503;
        Fri, 22 May 2026 03:19:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1779445152; cv=none;
        d=google.com; s=arc-20240605;
        b=ZDjzdoJhKL/tUMtEaPMLTNlVhnFHeIKlhk6ebrh9PKY19JlBdKiTHP6mkkQmgvmJ5p
         MWv3asz8des0cbckGqZyu6IQPXh67XxXRsJzkVH021JTq6p3m8op4HotGtVkcVabmiTt
         rOJA9lbVJhIIvC2Y1m3bK+yblRNFHKU5ldSHr7/GACJw5IRVXe3gGEU/QFead8NHkq2F
         ExVgBvKSFNYpT3fiuog+AJAxHEZYMkkvbW2Ak9dab330mEC9H+ANMrh+HaB2P5Bzv5IE
         ned1Qjjzt30/eL9XotJvUzPIpPnSopRVZ1SjXoPIjFreUkZ8FTctvciiSay3ObiNcJt/
         0gQw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:cc:to:subject:user-agent:mime-version:date:message-id;
        bh=TiM3V4RxnBHI5vnYYyfMvR6/cw15QajiZTofv79N/Zs=;
        fh=8XA1Ja/VUWd1Y9aplZoB+WHnxwIfztNWNhNOqtywICg=;
        b=NeJlYSUHIWSkSQxTn5aQznKIKtvapLYSsIoJFueIg+pqw/IczNmjZk92X80NUKUttm
         zWqNI80Eb4yt2Q44uxKhIMzrfGcAnABrhbe7z4oSDmm3V+MzakCfAKiwZTXwZF0QtCwg
         h1T0iipRS+QI4ecj//qg+a3XzqOTxJUp5jQbqx46Ovu880fs2j7w1p57l5h9fIEQmbR0
         MtpZfZsl5oy63t7sCiYsGxsbcv0S7sWtWrTad0FuJjzi77e2eCb7O6YfCktGewDYL1F7
         J/pjnQqwaDA26PIA0WqBGJg4oE66SYEjNveSGQ9PPIbe4QUDb3AAx3YzkuXo6POIP6kz
         aMww==;
        dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of wzh@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=wzh@ilbers.de
Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166])
        by gmr-mx.google.com with ESMTPS id 5b1f17b1804b1-490454f0d8csi267905e9.1.2026.05.22.03.19.12
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
        Fri, 22 May 2026 03:19:12 -0700 (PDT)
Received-SPF: pass (google.com: domain of wzh@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166;
Received: from [192.168.178.148] ([88.130.203.42])
	(authenticated bits=0)
	by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPSA id 64MAJAFk004408
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Fri, 22 May 2026 12:19:10 +0200
Message-ID: <be315930-58fa-4d8f-9c61-cd6a320c0123@ilbers.de>
Date: Fri, 22 May 2026 12:19:09 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH 5/9] ci: Add github workflow for building and deploying
 test-container
To: Jan Kiszka <jan.kiszka@siemens.com>,
        isar-users <isar-users@googlegroups.com>
Cc: Felix Moessbauer <felix.moessbauer@siemens.com>,
        Cedric Hombourger <cedric.hombourger@siemens.com>
References: <cover.1774254639.git.jan.kiszka@siemens.com>
 <0d31a55008c43a72c8afcba35319ddb894c49012.1774254639.git.jan.kiszka@siemens.com>
Content-Language: en-US
From: Zhihang Wei <wzh@ilbers.de>
In-Reply-To: <0d31a55008c43a72c8afcba35319ddb894c49012.1774254639.git.jan.kiszka@siemens.com>
Content-Type: text/plain; charset="UTF-8"; format=flowed
X-Spam-Status: No, score=-4.6 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,
	RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS
	autolearn=unavailable autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-Original-Sender: wzh@ilbers.de
X-Original-Authentication-Results: gmr-mx.google.com;       spf=pass
 (google.com: domain of wzh@ilbers.de designates 85.214.156.166 as permitted
 sender) smtp.mailfrom=wzh@ilbers.de
Precedence: list
Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com
List-ID: <isar-users.googlegroups.com>
X-Spam-Checked-In-Group: isar-users@googlegroups.com
X-Google-Group-Id: 914930254986
List-Post: <https://groups.google.com/group/isar-users/post>, <mailto:isar-users@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:isar-users+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/isar-users
List-Subscribe: <https://groups.google.com/group/isar-users/subscribe>, <mailto:isar-users+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+914930254986+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/isar-users/subscribe>
X-TUID: f4tVJGeQCA4g


On 3/23/26 09:30, 'Jan Kiszka' via isar-users wrote:
> From: Jan Kiszka <jan.kiszka@siemens.com>
>
> Trigger a container build if the registery does not yet contain the
> version of the test-container described by testsuite/dockerdata/version.
>
> This obsoletes the need for manual build and deployment. Drop the
> related README.md.
>
> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
> ---
>   .github/workflows/main.yml     | 72 ++++++++++++++++++++++++++++++++++
>   testsuite/dockerdata/README.md | 22 -----------
>   2 files changed, 72 insertions(+), 22 deletions(-)
>   create mode 100644 .github/workflows/main.yml
>   delete mode 100644 testsuite/dockerdata/README.md
>
> diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
> new file mode 100644
> index 00000000..e9dd039e
> --- /dev/null
> +++ b/.github/workflows/main.yml
> @@ -0,0 +1,72 @@
> +# Copyright (c) Siemens AG, 2026
> +# SPDX-License-Identifier: MIT
> +
> +name: CI
> +
> +on: [push]
> +
> +env:
> +  CONTAINER_BASENAME: ${{ vars.CONTAINER_BASENAME || 'ghcr.io/ilbers/isar' }}
> +
> +jobs:
> +  container:
> +    name: Refresh test-container
> +    runs-on: ubuntu-latest
> +    permissions:
> +      id-token: write
> +      packages: write
> +      contents: read
> +      attestations: write
> +      artifact-metadata: write
> +    if: github.ref == 'refs/heads/next'
> +    steps:
> +      - name: Check out repo
> +        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
> +
> +      - name: Check for pre-existing container version
> +        run: |
> +          TEST_CONTAINER_VERSION=$(cat testsuite/dockerdata/version)
> +          echo "TEST_CONTAINER_VERSION=$TEST_CONTAINER_VERSION" >> $GITHUB_ENV

Hi,

To trigger a new build of this test-container image, we need to increase the
number in testsuite/dockerdata/version, right?

> +          if ! docker manifest inspect ${CONTAINER_BASENAME}/test-container:$TEST_CONTAINER_VERSION >/dev/null 2>&1; then
> +              eval $(grep "^KAS_CONTAINER_SCRIPT_VERSION=" kas/kas-container)
> +              echo "KAS_VERSION=$KAS_CONTAINER_SCRIPT_VERSION" >> $GITHUB_ENV

How about tagging the test-container image with the same version number as
$KAS_CONTAINER_SCRIPT_VERSION? The current docker-isar image already 
does this.

Other than this, we have tested p1-p8 and LGTM.

Zhihang

> +              echo "BUILD_CONTAINER=true" >> $GITHUB_ENV
> +          fi
> +
> +      - name: Set up QEMU
> +        uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a  # v4.0.0
> +        with:
> +          platforms: linux/amd64,linux/arm64
> +        if: ${{ env.BUILD_CONTAINER }}
> +      - name: Set up Docker Buildx
> +        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd  # v4.0.0
> +        if: ${{ env.BUILD_CONTAINER }}
> +      - name: Login to ghcr.io
> +        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2  # v4.0.0
> +        with:
> +          registry: ghcr.io
> +          username: ${{ github.actor }}
> +          password: ${{ secrets.GITHUB_TOKEN }}
> +        if: ${{ env.BUILD_CONTAINER }}
> +
> +      - name: Build and deploy container
> +        uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294  #v7.0.0
> +        id: push
> +        with:
> +          platforms: linux/amd64,linux/arm64
> +          file: testsuite/dockerdata/Dockerfile
> +          build-args: KAS_VERSION=${{ env.KAS_VERSION }}
> +          provenance: false
> +          outputs: type=registry
> +          tags: |
> +            ${{ env.CONTAINER_BASENAME }}/test-container:latest
> +            ${{ env.CONTAINER_BASENAME }}/test-container:${{ env.TEST_CONTAINER_VERSION }}
> +          annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}
> +        if: ${{ env.BUILD_CONTAINER }}
> +      - name: Attest container image
> +        uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26  # v4.1.0
> +        with:
> +          subject-name: ${{ env.CONTAINER_BASENAME }}/test-container
> +          subject-digest: ${{ steps.push.outputs.digest }}
> +          push-to-registry: true
> +        if: ${{ env.BUILD_CONTAINER }}
> diff --git a/testsuite/dockerdata/README.md b/testsuite/dockerdata/README.md
> deleted file mode 100644
> index 54a78187..00000000
> --- a/testsuite/dockerdata/README.md
> +++ /dev/null
> @@ -1,22 +0,0 @@
> -# Creating image
> -
> -- Make sure `testsuite/dockerdata/version` is bumped for new images, also
> -  after updating `kas/kas-container`.
> -
> -- Run:
> -
> -```
> -testsuite/dockerdata/build.sh
> -```
> -
> -# Pushing the image to docker hub
> -
> -- Configure github token (classic) with `write:packages` permissions.
> -
> -- Use it for uploading docker image:
> -
> -```
> -docker push ghcr.io/ilbers/isar/test-container:$(cat testsuite/dockerdata/version)
> -```
> -
> -- Make the uploaded package public

-- 
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/be315930-58fa-4d8f-9c61-cd6a320c0123%40ilbers.de.