gardener · ccwienk · Mar 5, 2025 · Feb 24, 2025 · Feb 27, 2025 · Feb 27, 2025
@@ -45,7 +45,7 @@ jobs:
     outputs:
       ocm_repository: ${{ steps.params.outputs.ocm_repository }}
       ocm_releases_repository: ${{ steps.params.outputs.ocm_releases_repository }}
-      oci_repository: ${{ steps.params.outputs.oci_repository }}
+      oci-registry: ${{ steps.params.outputs.oci-registry }}
       oci_platforms: ${{ steps.params.outputs.oci_platforms }}
     steps:
       - uses: actions/checkout@v4
@@ -79,19 +79,19 @@ jobs:
 
           if ${{ inputs.release || false }}; then
             ocm_repository=${releases_repo}
-            oci_repository=${releases_repo}
+            oci_registry=${releases_repo}
           else
             ocm_repository=${snapshots_repo}
-            oci_repository=${snapshots_repo}
+            oci_registry=${snapshots_repo}
           fi
 
           echo "ocm_releases_repository=${releases_repo}"
           echo "ocm_repository=${ocm_repository}"
-          echo "oci_repository=${oci_repository}"
+          echo "oci-registry=${oci_registry}"
 
           echo "ocm_releases_repository=${releases_repo}" >> "${GITHUB_OUTPUT}"
           echo "ocm_repository=${ocm_repository}" >> "${GITHUB_OUTPUT}"
-          echo "oci_repository=${oci_repository}" >> "${GITHUB_OUTPUT}"
+          echo "oci-registry=${oci_registry}" >> "${GITHUB_OUTPUT}"
           echo "oci_platforms=linux/amd64,linux/arm64" >> "${GITHUB_OUTPUT}"
 
   version:
@@ -220,10 +220,11 @@ jobs:
         cp "${resources_file}" dist/ocm_resources.yaml
         echo "ocm_resources=dist/ocm_resources.yaml" >> "${GITHUB_OUTPUT}"
         find "${pkg_dir}"
+        tar czf distribution-packages.tar.gz dist
     - uses: actions/upload-artifact@v4
       with:
         name: distribution-packages
-        path: dist/
+        path: distribution-packages.tar.gz
 
   base-component-descriptor:
     name: Generate Base-OCM-Component-Descriptor
@@ -289,7 +290,6 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: distribution-packages
-          path: /tmp/dist
       - name: Retrieve Linting Logs
         uses: actions/download-artifact@v4
         with:
@@ -307,6 +307,9 @@ jobs:
           set -eu
           version=${{ needs.version.outputs.version }}
           ocm_repo=${{ needs.params.outputs.ocm_repository }}
+
+          tar xf distribution-packages.tar.gz -C /tmp
+
           echo "importing base-component-descriptor"
           echo "${{ needs.base-component-descriptor.outputs.component-descriptor }}" \
             > component-descriptor.yaml
@@ -352,7 +355,7 @@ jobs:
             --file component-descriptor.yaml
 
           echo "adding image-resource"
-          echo "${{ needs.images.outputs.ocm_resources }} " | \
+          echo "${{ needs.images.outputs.ocm-resource }} " | \
           python3 -m ocm append resource \
             --file component-descriptor.yaml
 
@@ -379,7 +382,6 @@ jobs:
       uses: actions/download-artifact@v4
       with:
         name: distribution-packages
-        path: /tmp/dist
     - name: lint
       run: |
         # debug
@@ -392,6 +394,7 @@ jobs:
           cat /tmp/apk.log
           exit 1
         fi
+        tar xf distribution-packages.tar.gz -C /tmp
         echo "installing linters"
         export CFLAGS='-Wno-int-conversion'
         if ! pip3 install --upgrade --break-system-packages \
@@ -440,13 +443,13 @@ jobs:
       uses: actions/download-artifact@v4
       with:
         name: distribution-packages
-        path: /tmp/dist
     - name: run-tests
       run: |
         set -eu
         echo "install dependencies for python-packages"
         apk add --no-cache $(cat gardener-cicd-libs.apk-packages)
         echo "install packages"
+        tar xf distribution-packages.tar.gz -C /tmp
         export CFLAGS='-Wno-int-conversion'
         if ! pip3 install --break-system-packages \
           --find-links /tmp/dist \
@@ -471,65 +474,40 @@ jobs:
         .ci/test
 
   images:
-    name: Build OCI Images
+    name: Build Job-Image
     needs:
       - version
-      - package
+      - package # needed indirectly (distribution-packages-artefact)
       - params
-    outputs:
-      oci_image_ref: ${{ steps.image-build.outputs.image_reference }}
-      ocm_resources: ${{ steps.image-build.outputs.ocm_resource }}
-    runs-on: ubuntu-latest
-    environment: build
     permissions:
       contents: read
       packages: write
       id-token: write
-    steps:
-      - uses: actions/checkout@v4
-      - name: Retrieve Distribution Packages
-        uses: actions/download-artifact@v4
-        with:
-          name: distribution-packages
-          path: /tmp/dist
-
-      - name: prepare build-filesystem
-        id: prepare
-        run: |
-          cp -r /tmp/dist .
-          ls -lta
-
-          setuptools_version=${{ needs.version.outputs.setuptools-version }}
-          # workaround: set repository-version to setuptools-version so installation of
-          #             packages will succeed
-          echo "${setuptools_version}" | .ci/write-version
-      - name: Authenticate against OCI-Registry
-        uses: ./.github/actions/oci-auth
-        with:
-          gh-token: ${{ secrets.GITHUB_TOKEN }}
-          oci-image-reference: ${{ needs.params.outputs.oci_repository }}
-      - name: Build OCI Image (using ocm-oci-build-action)
-        uses: ./.github/actions/ocm-oci-build
-        id: image-build
-        with:
-          name: job-image
-          repository: ${{ needs.params.outputs.oci_repository }}/cicd/job-image
-          version: ${{ needs.version.outputs.version }}
-          oci_platforms: ${{ needs.params.outputs.oci_platforms }}
-          context: . # pass modified path rather than clean checkout
-          ocm_labels: |
-            - name: cloud.gardener.cnudie/dso/scanning-hints/package-versions
-              value:
-                - name: containerd
-                  version: v1.6.15
-            - name: gardener.cloud/cve-categorisation
-              value:
-                authentication_enforced: true
-                availability_requirement: low
-                confidentiality_requirement: high
-                integrity_requirement: high
-                network_exposure: protected
-                user_interaction: gardener-operator
+    uses: ./.github/workflows/oci-ocm-multiarch.yaml
+    with:
+      name: job-image
+      oci-registry: ${{ needs.params.outputs.oci-registry }}
+      oci-repository: cicd/job-image
+      oci-platforms: ${{ needs.params.outputs.oci_platforms }}
+      version: ${{ needs.version.outputs.version }}
+      # workaround: we need to use a deviating version for setuptools
+      prebuild-hook: |
+        echo "${{ needs.version.outputs.setuptools-version }}" | .ci/write-version
+      build-ctx-artefact: distribution-packages
+      untar-build-ctx-artefact: distribution-packages.tar.gz
+      ocm-labels: |
+        - name: cloud.gardener.cnudie/dso/scanning-hints/package-versions
+          value:
+            - name: containerd
+              version: v1.6.15
+        - name: gardener.cloud/cve-categorisation
+          value:
+            authentication_enforced: true
+            availability_requirement: low
+            confidentiality_requirement: high
+            integrity_requirement: high
+            network_exposure: protected
+            user_interaction: gardener-operator
 
   documentation:
     name: Generate Documentation
@@ -545,7 +523,7 @@ jobs:
       uses: docker/setup-buildx-action@v3
     - name: Generate Documentation
       run: |
-        image_ref=${{ needs.images.outputs.oci_image_ref }}
+        image_ref=${{ needs.images.outputs.oci-reference }}
         mkdir documentation-out.d
         docker run -v$PWD:/src \
           -e GH_PAGES_PATH=/src/documentation-out.d \