109 task delete signatures of removed tags

.github/workflows/build.yaml → .github/workflows/build-and-publish.yaml

@@ -1,4 +1,4 @@
-name: Build Training
+name: Dagger Techlab Puzzle Build and Publish
 
 permissions:
   contents: read
@@ -9,6 +9,9 @@ permissions:
 on:
   pull_request:
   workflow_dispatch:
+  push:
+    branches:
+      - main
 
 env:
   REGISTRY: ghcr.io
@@ -18,6 +21,7 @@ env:
   NAMESPACE: pitc-cicd-dagger-techlab-test
   TRAINING_VERSION: ${{ github.sha }}
   PR_ENV_URL: https://dagger-techlab-pr-${{ github.event.pull_request.number }}.ocp.cloudscale.puzzle.ch
+  IMAGE_TAG: ${{ github.ref == 'refs/heads/main' && 'latest' || format('pr-{0}', github.event.pull_request.number) }}
 
 jobs:
   lint:
@@ -46,9 +50,12 @@ jobs:
       - name: Lint Markdown
         run: npm ci && npm run mdlint
 
-  build_and_push:
+
+  build_push_image:
     runs-on: ubuntu-latest
     needs: lint
+    outputs:
+      digest: ${{ steps.build-push.outputs.digest }}
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v4
@@ -64,36 +71,73 @@ jobs:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Build and push Docker pr image
-        id: build-and-push
+      - name: Push Docker image
+        id: build-push
         uses: docker/build-push-action@v6
         with:
           context: .
           file: ./Dockerfile
           push: true
           tags: |
-            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:pr-${{ github.event.pull_request.number }}
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+
+  sign_image:
+    runs-on: ubuntu-latest
+    needs: build_push_image
+    outputs:
+      digest: ${{ needs.build_push_image.outputs.digest }}
+    steps:
+      - name: Log into registry ${{ env.REGISTRY }}
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
       - name: Install cosign
         uses: sigstore/cosign-installer@v3.8.2
         with:
           cosign-release: 'v2.2.4'
       - name: Sign Docker image with cosign
         env:
-          TAG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:pr-${{ github.event.pull_request.number }}
-          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+          TAG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
+          DIGEST: ${{ needs.build_push_image.outputs.digest }}
         run: |
           COSIGN_EXPERIMENTAL=1 cosign sign --yes ${TAG}@${DIGEST}
+
+  verify_image:
+    runs-on: ubuntu-latest
+    needs: sign_image
+    outputs:
+      digest: ${{ needs.sign_image.outputs.digest }}
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: |
+            scripts
+          sparse-checkout-cone-mode: false
+          fetch-depth: 0
+      - name: Log into registry ${{ env.REGISTRY }}
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Install cosign
+        uses: sigstore/cosign-installer@v3.8.2
+        with:
+          cosign-release: 'v2.2.4'
       - name: Verify Docker image with cosign
         env:
-          TAG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:pr-${{ github.event.pull_request.number }}
-          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+          TAG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
+          DIGEST: ${{ needs.sign_image.outputs.digest }}
         run: bash ./scripts/verify_cosign.sh
 
   deploy:
     runs-on: ubuntu-latest
-    needs: build_and_push
+    needs: verify_image
     env:
       KUBE_CONFIG_PATH: '$HOME/.kube'
       KUBE_CONFIG_FILENAME: 'config'
@@ -125,12 +169,13 @@ jobs:
 
   comment:
     runs-on: ubuntu-latest
-    needs: deploy
+    needs: verify_image
     steps:
       - name: Comment PR Environments in PR
         uses: marocchino/sticky-pull-request-comment@v2
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           message: |
             🚀 PR Environment: [Open Deployment](${{ env.PR_ENV_URL }})
-            🖋️ Image Digest: `${{ steps.build-and-push.outputs.digest }}`
+            🏷️ Image Tag: `${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}`
+            🖋️ Image Digest: `${{ needs.verify_image.outputs.digest }}`

.github/workflows/pr-cleanup.yaml

@@ -17,15 +17,20 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
         with:
-          submodules: recursive
+          sparse-checkout: |
+            scripts
+          sparse-checkout-cone-mode: false
+
       - name: Install Helm
         uses: azure/setup-helm@v4
         with:
           version: 'latest'
+
       - name: Install Kubectl
         uses: azure/setup-kubectl@v4
         with:
           version: 'latest'
+
       - name: Create KUBECONFIG
         env:
           KUBE_CONFIG: '${{ secrets.KUBECONFIG_TEST_AV2 }}'

scripts/deploy_helm_release.sh

@@ -1,4 +1,3 @@
-
 #!/bin/bash
 
 set -euo pipefail
@@ -20,7 +19,6 @@ helm upgrade "$HELM_RELEASE" acend-training-chart \
   --set=app.version="$TRAINING_VERSION" \
   --repo=https://acend.github.io/helm-charts/ \
   --values=helm-chart/values.yaml \
-  --set-string=acendTraining.deployments[0].ingress.labels.public=true \
   --atomic
 
 echo "✅ Helm release '$HELM_RELEASE' deployed successfully."

scripts/redeploy_deployment.sh

@@ -16,4 +16,4 @@ kubectl rollout restart deployment/"$DEPLOYMENT_NAME" \
   --kubeconfig "$KUBE_CONFIG_PATH/$KUBE_CONFIG_FILENAME" \
   --namespace "$NAMESPACE"
 
-echo "✅ Deployment '$DEPLOYMENT_NAME' restarted successfully."
+echo "✅ Deployment '$DEPLOYMENT_NAME' restarted successfully."