ci: Use fih-test container from GHCR

davidvincze · davidvincze · commit 9942fe18f2e8 · 2025-09-12T12:39:41.000+02:00
Change-Id: I29b308594f53562ad1a04faf280555b83dc7d903
Signed-off-by: David Vincze &lt;david.vincze@arm.com&gt;
diff --git a/.github/workflows/fih_tests.yaml b/.github/workflows/fih_tests.yaml
@@ -47,6 +47,12 @@ jobs:
       if: ${{ github.event_name == 'pull_request' }}
       run: |
         ./ci/check-signed-off-by.sh
+    - name: Authenticate to GH Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
     - name: FIH hardening test install
       run: |
         ./ci/fih-tests_install.sh
diff --git a/ci/fih-tests_config.sh b/ci/fih-tests_config.sh
@@ -0,0 +1,15 @@
+#!/bin/bash -x
+
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Copyright (c) 2025 Arm Limited
+#
+
+FIH_IMAGE_VERSION=0.0.3
+
+FIH_IMAGE_NAME=mcuboot-fih-test
+
+FIH_IMAGE=$FIH_IMAGE_NAME:$FIH_IMAGE_VERSION
+
+CONTAINER_REGISTRY=ghcr.io/mcu-tools
diff --git a/ci/fih-tests_install.sh b/ci/fih-tests_install.sh
@@ -1,6 +1,6 @@
 #!/bin/bash -x
 
-# Copyright (c) 2020 Arm Limited
+# Copyright (c) 2020-2025 Arm Limited
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -16,19 +16,17 @@
 
 set -e
 
-source $(dirname "$0")/fih-tests_version.sh
+source $(dirname "$0")/fih-tests_config.sh
 
 DOCKER_DIR=docker
 
-IMAGE=fih-test:$FIH_IMAGE_VERSION
-
-CACHED_IMAGE=$DOCKER_DIR/$IMAGE
+CACHED_IMAGE=$DOCKER_DIR/$FIH_IMAGE
 
 [[ -f $CACHED_IMAGE ]] && (gzip -dc $CACHED_IMAGE | docker load)
 
 if [[ $? -ne 0 ]]; then
-    docker pull mcuboot/$IMAGE
+    docker pull $CONTAINER_REGISTRY/$FIH_IMAGE
     if [[ $GITHUB_ACTIONS != true ]]; then
-        docker save mcuboot/$IMAGE | gzip > $CACHED_IMAGE
+        docker save $CONTAINER_REGISTRY/$FIH_IMAGE | gzip > $CACHED_IMAGE
     fi
 fi
diff --git a/ci/fih-tests_run.sh b/ci/fih-tests_run.sh
@@ -1,6 +1,6 @@
 #!/bin/bash -x
 
-# Copyright (c) 2020-2024 Arm Limited
+# Copyright (c) 2020-2025 Arm Limited
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -16,7 +16,7 @@
 
 set -e
 
-source $(dirname "$0")/fih-tests_version.sh
+source $(dirname "$0")/fih-tests_config.sh
 
 # Note that we are pulling from a github mirror of these repos, not direct upstream.  If the sha
 # checked out below changes, the mirrors might need to be updated.
@@ -54,7 +54,7 @@ if [[ $GITHUB_ACTIONS == true ]]; then
 fi
 
 if test -z "$FIH_LEVEL"; then
-    docker run --rm -v $(pwd):/root/work/tfm:rw,z mcuboot/fih-test:$FIH_IMAGE_VERSION /bin/sh -c '/root/work/tfm/mcuboot/ci/fih_test_docker/execute_test.sh $0 $1 $2' $SKIP_SIZE $BUILD_TYPE $DAMAGE_TYPE
+    docker run --rm -v $(pwd):/root/work/tfm:rw,z $CONTAINER_REGISTRY/$FIH_IMAGE /bin/sh -c '/root/work/tfm/mcuboot/ci/fih_test_docker/execute_test.sh $0 $1 $2' $SKIP_SIZE $BUILD_TYPE $DAMAGE_TYPE
 else
-    docker run --rm -v $(pwd):/root/work/tfm:rw,z mcuboot/fih-test:$FIH_IMAGE_VERSION /bin/sh -c '/root/work/tfm/mcuboot/ci/fih_test_docker/execute_test.sh $0 $1 $2 $3' $SKIP_SIZE $BUILD_TYPE $DAMAGE_TYPE $FIH_LEVEL
+    docker run --rm -v $(pwd):/root/work/tfm:rw,z $CONTAINER_REGISTRY/$FIH_IMAGE /bin/sh -c '/root/work/tfm/mcuboot/ci/fih_test_docker/execute_test.sh $0 $1 $2 $3' $SKIP_SIZE $BUILD_TYPE $DAMAGE_TYPE $FIH_LEVEL
 fi
diff --git a/ci/fih-tests_version.sh b/ci/fih-tests_version.sh
