This article continues to automate the container certification procedure using the different CI tools. In this tutorial, we will leverage GitHub Actions to automate the Red Hat Container certification tests on the ppc64le architecture.

Prerequisites:

make sure that you have:

• Created a Container application project and completed the pre-certification checklist on the Red Hat Partner Connect portal, if not then follow this.
• Project Id
• API Key (Pyxis API token)
• Built and uploaded your container image to any public registry of your choice(quay.io/docker.io)
• IBM Power resource for attaching the self-hosted runner

You can use the PowerVS service at IBM Cloud or Minicloud to get your ppc64le virtual machine. This example uses a CentOS Stream 8 ppc64le VM.

Step 0: Install nodejs on ppc64le machine

Execute the below script for installing the nodejs on your ppc64le machine which will act as a self-hosted runner.

wget https://nodejs.org/dist/latest/node-v18.7.0-linux-ppc64le.tar.gztar -xvf node-v18.7.0-linux-ppc64le.tar.gzmv node-v18.7.0-linux-ppc64le/bin/node /usr/local/bin/node --version

Step 1: Download and extract the self-hosted runner artifact

Officially ppc64le specific Github Actions Runner package is not available, so we are going to use the package available here. Execute the below script for downloading and extracting the same.

mkdir actions-runner && cd actions-runnerwget https://github.com/ChristopherHX/github-act-runner/releases/download/v0.3.0/binary-linux-ppc64le.tar.gztar xzf binary-linux-ppc64le.tar.gz

Step 2: Adding a self-hosted runner to a repository

For adding a self-hosted runner to your repository, you must be the repository owner. To add a self-hosted runner to your repository -

1. On GitHub.com, navigate to the main page of the repository.
2. Under your repository name, click Settings.
3. In the left sidebar, click Actions, then click Runners.
4. Click New self-hosted runner.
5. Select the Linux as a Runner image, you need not to worry about missing ppc6le in the listed architecture list, as we already have downloaded the ppc64le-specific GitHub Actions Runner package in step 1.
6. You will see instructions showing you how to download the runner application, configure the runner, and use it.
7. You need to follow only configure section for creating the runner and configuring it. It requires the destination URL and an automatically-generated time-limited token to authenticate the request.

$ ./config.sh --url https://github.com/user_name/repo_name --token xxxxxxxxxxxxxxxxx$ ./run.sh

Step 3: Configure the GitHub Actions Workflow

In your GitHub repository, create a .github/workflows/ directory.

Inside the .github/workflows/ directory, create a new file and add this code to it.

Step 4: Create Environment Variables for customizing your build

In our file created inside the .github/workflows/ directory, we are going to use the below variables. This will help us to customize our build according to our needs and it will help us to avoid exposing our credentials.

Go to Settings > Secrets > Actions > New repository secret and add below variables.

• USERNAME- username of your image registry(quay.io/docker.io)
• PASSWORD- password of your image registry
• IMAGE_REGISTRY- where you have uploaded your container image(quay.io/docker.io)
• IMAGE_NAMESPACE- namespace of your image registry(it may be similar to the username)
• IMAGE_NAME- the name of your container image
• IMAGE_TAG- tag attached to the container image
• PYXIS_API_TOKEN- container API key created on the connect portal
• PROJECT_ID- Container image project id

Step 5: Re-trigger the job

To use the newly created Environment Variables, re-run the workflow or commit your workflow file.

Step 6: Check the workflow

To check the status of your workflow, follow the below steps -

1. On GitHub.com, navigate to the main page of the repository.
2. Under your repository name, click Actions.
3. In the left sidebar, click the workflow you want to see, in our case we will check for the “container certification CI” workflow.
4. Under “Workflow runs”, click the name of the run you want to see, in our case again it is “container certification CI”.
5. Under Jobs or in the visualization graph, click the job you want to see, in our case it is “RH_certification”.
6. View the results of each step.

If you are facing any issue in the Check container image step then review the log information and change the container as needed. For more information, see the troubleshooting information page.

If your job status is successfully completed then test results will be submitted to the Red Hat Partner Connect portal, and Red Hat will scan the layers of your container for package vulnerabilities.

Step 7: Review your certification and vulnerability test results

To review the certification and vulnerability test results in the certification project follow the below steps-

1. Log in to the Red Hat Partner Connect portal.
2. Navigate to the Certified technology portal tile and click Log in for technology partners.
3. Enter the login credentials and click Login.
4. On the page header, select Product certification and click Manage certification projects. My Work web page displays the Product Listings and Certification Projects
5. Click on the project for which you have submitted the container certification results.
6. Navigate to the Images tab on the Container image project web page. For more information, see Viewing the image test results.

Step 8: Publishing the certified container

If the scanning for vulnerabilities is successfully completed, then the publish button will be enabled for your image. After you click the publish button, your image will be available in the Red Hat Ecosystem Catalog.

That’s it! Thanks for reading! I hope you found this tutorial helpful. Feel free to reach out in case of any queries. Happy learning!

Originally published on Medium