feat: update workflows after moving to buildx

Signed-off-by: Carlos Salas <carlos.salas@suse.com>

.github/workflows/nightly-chart-and-image-publish.yaml

@@ -32,7 +32,7 @@ jobs:
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
     - name: Build docker image
-      run: make docker-build-all TAG=${{ env.TAG }} ORG=${{ env.PROD_ORG }}
+      run: make docker-build TAG=${{ env.TAG }} ORG=${{ env.PROD_ORG }}
     - name: Push docker image
       run: make docker-push-all TAG=${{ env.TAG }} ORG=${{ env.PROD_ORG }}
 

.github/workflows/nightly-test-release.yaml

@@ -4,6 +4,9 @@ on:
   schedule:
     - cron: "0 0 * * *" # Run every day at midnight (UTC)
   workflow_dispatch: # Allow running manually on demand
+  push:
+    branches:
+      - migrate-to-buildx
 
 env:
   RELEASE_TAG: t9.9.9-fake
@@ -17,7 +20,8 @@ jobs:
     steps:
       - uses: actions/checkout@v4.1.7
         with:
-          ref: main
+          ref: migrate-to-buildx
+          #ref: main
           fetch-depth: 0
       - name: Set and push fake tag for release
         run: |
@@ -39,11 +43,11 @@ jobs:
     strategy:
       matrix:
         destination: [ghcr]
-        arch: [amd64, arm64]
         include:
         - destination: ghcr
           registry: ghcr.io
-          username: ${{ github.actor }}
+          #username: ${{ github.actor }}
+          username: salasberryfin
           password: GITHUB_TOKEN
           image: GHCR_IMAGE
           secret_registry: false
@@ -53,7 +57,6 @@ jobs:
       username: ${{ matrix.username }}
       registry: ${{ matrix.registry }}
       tag: t9.9.9-fake
-      arch: ${{ matrix.arch }}
       image: ${{ matrix.image }}
       secret_registry: ${{ matrix.secret_registry }}
     secrets: inherit

.github/workflows/release-workflow.yml

@@ -25,22 +25,17 @@ on:
         description: Destination registry for image push
         required: true
 
-
       tag:
         type: string
         description: Tag for the built image
         required: true
 
-      arch:
-        type: string
-        description: Architecture for the image
-        required: true
-
       org:
         type: string
         description: Organization part of the image name
         required: false
-        default: "rancher"
+        default: "salasberryfin"
+        #default: "rancher"
 
 jobs:
   build:
@@ -62,7 +57,6 @@ jobs:
         id: image
         uses: ./.github/workflows/release_build
         with:
-          arch: ${{ inputs.arch }}
           tag: ${{ inputs.tag }}
           org: ${{ inputs.org }}
           registry: ${{ inputs.secret_registry && secrets[inputs.registry] || inputs.registry }}
@@ -85,24 +79,11 @@ jobs:
       - name: Sign image with cosign
         uses: ./.github/workflows/release_sign
         with:
-          image: ${{ format('{0}-{1}', vars[inputs.image], inputs.arch) }}
+          image: ${{ vars[inputs.image] }}
           digest: ${{ needs.build.outputs.digest }}
-          identity: https://github.com/${{ inputs.org }}/turtles/.github/workflows/release-workflow.yml@${{ github.ref }}
+          identity: https://github.com/${{ inputs.org }}/rancher-turtles/.github/workflows/release-workflow.yml@${{ github.ref }}
+          #identity: https://github.com/${{ inputs.org }}/turtles/.github/workflows/release-workflow.yml@${{ github.ref }}
           oids-issuer: https://token.actions.githubusercontent.com
           registry: ${{ inputs.secret_registry && secrets[inputs.registry] || inputs.registry }}
           username: ${{ inputs.secret_registry && secrets[inputs.username] || inputs.username }}
           password: ${{ secrets[inputs.password] }}
-
-  provenance:
-    needs: [sign, build]
-    permissions:
-      actions: read
-      id-token: write
-      packages: write
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.10.0
-    with:
-      digest: ${{ needs.build.outputs.digest }}
-      image: ${{ format('{0}-{1}', vars[inputs.image], inputs.arch) }}
-    secrets:
-      registry-username: ${{ inputs.secret_registry && secrets[inputs.username] || inputs.username }}
-      registry-password: ${{ secrets[inputs.password] }}

.github/workflows/release_build/action.yaml

@@ -1,18 +1,15 @@
 name: "Build release"
 description: "Builds release image and pushes to the registry"
 inputs:
-  arch:
-    description: "Architecture of the built image"
-    required: true
-    type: string
   tag:
     description: "Image tag"
     type: string
     default: "github-actions"
   org:
     description: "Organization part of the image path"
     required: false
-    default: "rancher"
+    default: "salasberryfin"
+    #default: "rancher"
     type: string
   registry:
     description: "The registry to login"
@@ -47,12 +44,9 @@ runs:
         registry: ${{ inputs.registry }}
         username: ${{ inputs.username }}
         password: ${{ inputs.password }}
-    - name: Build docker image
-      shell: bash
-      run: make docker-build-${{ inputs.arch }} TAG=${{ inputs.tag }} REGISTRY=${{ inputs.registry }} ORG=${{ inputs.org }}
-    - name: Push docker image to registry
+    - name: Build & Push docker image
       shell: bash
-      run: make docker-push-${{ inputs.arch }} TAG=${{ inputs.tag }} REGISTRY=${{ inputs.registry }} ORG=${{ inputs.org }}
+      run: make docker-build TAG=${{ inputs.tag }} REGISTRY=${{ inputs.registry }} ORG=${{ inputs.org }}
     - name: Store image and digest
       shell: bash
       id: image_info

.github/workflows/test_chart.yaml

@@ -44,7 +44,7 @@ jobs:
           go-version: '=1.22.0'
 
       - name: Build docker image
-        run: make docker-build
+        run: make docker-build-local
 
       - name: Add CAPI operator chart repo
         run: helm repo add capi-operator https://kubernetes-sigs.github.io/cluster-api-operator

.github/workflows/trivy.yml

@@ -24,7 +24,7 @@ jobs:
         uses: actions/checkout@v4.1.7
       - name: Build an image
         run: |
-          TAG=${{ github.sha }} ARCH=amd64 make docker-build
+          TAG=${{ github.sha }} ARCH=amd64 make docker-build-local
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d
         with: