new(ci): added github action workflows for dev and release CI (packages + docker images publish).

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

.github/workflows/dev.yaml

@@ -0,0 +1,63 @@
+name: Dev Packages
+on:
+  push:
+    branches: [master]
+  workflow_dispatch:
+
+jobs:
+  build-dev-packages:
+    uses: falcosecurity/falco/.github/workflows/reusable_build_packages.yaml@main
+    with:
+      arch: x86_64
+    secrets: inherit
+  
+  build-dev-packages-arm64:
+    uses: falcosecurity/falco/.github/workflows/reusable_build_packages.yaml@main
+    with:
+      arch: aarch64
+    secrets: inherit
+    
+  publish-dev-packages:
+    needs: [build-dev-packages, build-dev-packages-arm64]
+    outputs:
+      version: ${{ steps.expose_version.outputs.version }}
+    
+    steps:
+      - name: Publish packages
+        uses: falcosecurity/falco/.github/workflows/reusable_publish_packages.yaml@main
+        with:
+          bucket: '-dev'
+          version: ${{ needs.build-dev-packages.outputs.version }}
+        secrets: inherit
+      
+      - name: Expose FALCO_VERSION
+        id: expose_version
+        run: |
+          echo "version=${{ needs.build-dev-packages.outputs.version }}" >> $GITHUB_OUTPUT
+    
+  build-dev-docker:
+    needs: publish-dev-packages
+    uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@main
+    with:
+      arch: x86_64
+      tagname: master
+      bucket: '-dev'
+      version: ${{ needs.publish-dev-packages.outputs.version }}
+    secrets: inherit
+    
+  build-dev-docker-arm64:
+    needs: publish-dev-packages
+    uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@main
+    with:
+      arch: aarch64
+      tagname: master
+      bucket: '-dev'
+      version: ${{ needs.publish-dev-packages.outputs.version }}
+    secrets: inherit
+    
+  publish-dev-docker:
+    needs: [build-dev-docker, build-dev-docker-arm64]
+    uses: falcosecurity/falco/.github/workflows/reusable_publish_docker.yaml@main
+    with:
+      tagname: master
+    secrets: inherit

.github/workflows/release.yaml

@@ -0,0 +1,61 @@
+name: Release Packages
+on:
+  push:
+    tags:
+      - '[0-9]+.[0-9]+.[0-9]+'
+
+jobs:
+  build-packages:
+    uses: falcosecurity/falco/.github/workflows/reusable_build_packages.yaml@main
+    with:
+      arch: x86_64
+    secrets: inherit
+
+  build-packages-arm64:
+    uses: falcosecurity/falco/.github/workflows/reusable_build_packages.yaml@main
+    with:
+      arch: aarch64
+    secrets: inherit
+    
+  publish-packages:
+    needs: [build-packages, build-packages-arm64]
+    outputs:
+      version: ${{ steps.expose_version.outputs.version }}
+    
+    steps:
+      - name: Publish packages
+        uses: falcosecurity/falco/.github/workflows/reusable_publish_packages.yaml@main
+        with:
+          version: ${{ needs.build-packages.outputs.version }}
+        secrets: inherit
+      
+      - name: Expose FALCO_VERSION
+        id: expose_version
+        run: |
+          echo "version=${{ needs.build-packages.outputs.version }}" >> $GITHUB_OUTPUT
+          
+  build-docker:
+    needs: publish-packages
+    uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@main
+    with:
+      arch: x86_64
+      tagname: ${{ github.ref_name }}
+      version: ${{ needs.publish-packages.outputs.version }}
+    secrets: inherit
+    
+  build-docker-arm64:
+    needs: publish-dev-packages
+    uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@main
+    with:
+      arch: aarch64
+      tagname: ${{ github.ref_name }}
+      version: ${{ needs.publish-packages.outputs.version }}
+    secrets: inherit
+
+  publish-docker:
+    needs: [build-docker, build-docker-arm64]
+    uses: falcosecurity/falco/.github/workflows/reusable_publish_docker.yaml@main
+    with:
+      tagname: ${{ github.ref_name }}
+    secrets: inherit
+    

.github/workflows/reusable_build_docker.yaml

@@ -0,0 +1,131 @@
+# This is a reusable workflow used by dev_packages and release_packages
+on:
+  workflow_call:
+    inputs:
+      arch:
+        description: x86_64 or aarch64
+        required: true
+        type: string
+      tagname:
+        description: master or tag name
+        required: true
+        type: string
+      bucket:
+        description: bucket suffix for packages
+        required: false
+        default: ''
+        type: string
+      version:
+        description: 'Falco version extracted from userspace/falco/config_falco.h'
+        required: true
+        type: string
+
+jobs:
+  build-docker:
+    # See https://github.com/actions/runner/issues/409#issuecomment-1158849936
+    runs-on: ${{ (inputs.arch == "aarch64") && fromJSON('[ "self-hosted", "linux", "ARM64" ]') || 'ubuntu-latest' }}
+    container:
+      image: ubuntu:22.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          
+      - name: Install deps
+        run: |
+          apt update
+          DEBIAN_FRONTEND=noninteractive apt install docker awscli -y
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_SECRET }}
+      
+      - name: Login to Amazon ECR Public
+        run: |
+          aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/falcosecurity
+          
+      - name: Build and publish no-driver
+        uses: docker/build-push-action@v3
+        with:
+          context: ${{ github.workspace }}/docker/no-driver/
+          push: true
+          provenance: false # https://github.com/Noelware/docker-manifest-action/issues/131
+          build-args: |
+            VERSION_BUCKET=bin${{ inputs.bucket }}
+            FALCO_VERSION=${{ inputs.version }}
+          tags: |
+            falcosecurity/falco-no-driver:${{ inputs.arch }}-${{ inputs.tagname }}
+            falcosecurity/falco:${{ inputs.arch }}-${{ inputs.tagname }}-slim
+            public.ecr.aws/falcosecurity/falco-no-driver:${{ inputs.arch }}-${{ inputs.tagname }}
+            public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-${{ inputs.tagname }}-slim
+            
+      - name: Build and publish falco
+        uses: docker/build-push-action@v3
+        with:
+          context: ${{ github.workspace }}/docker/falco/
+          push: true
+          provenance: false # https://github.com/Noelware/docker-manifest-action/issues/131
+          build-args: |
+            VERSION_BUCKET=deb${{ inputs.bucket }}
+            FALCO_VERSION=${{ inputs.version }}
+          tags: |
+            falcosecurity/falco:${{ inputs.arch }}-${{ inputs.tagname }}
+            public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-${{ inputs.tagname }}
+            
+      - name: Build and publish falco-driver-loader
+        uses: docker/build-push-action@v3
+        with:
+          context: ${{ github.workspace }}/docker/driver-loader/
+          push: true
+          provenance: false # https://github.com/Noelware/docker-manifest-action/issues/131
+          build-args: |
+            FALCO_IMAGE_TAG=${{ inputs.arch }}-${{ inputs.tagname }}
+          tags: |
+            falcosecurity/falco-driver-loader:${{ inputs.arch }}-${{ inputs.tagname }}
+            public.ecr.aws/falcosecurity/falco-driver-loader:${{ inputs.arch }}-${{ inputs.tagname }}
+            
+      - name: Build and publish no-driver latest
+        if: ${{ inputs.tagname != 'master' }}
+        uses: docker/build-push-action@v3
+        with:
+          context: ${{ github.workspace }}/docker/no-driver/
+          push: true
+          provenance: false # https://github.com/Noelware/docker-manifest-action/issues/131
+          build-args: |
+            VERSION_BUCKET=bin
+            FALCO_VERSION=${{ inputs.tagname }}
+          tags: |
+            falcosecurity/falco-no-driver:${{ inputs.arch }}-latest
+            falcosecurity/falco:${{ inputs.arch }}-latest-slim
+            public.ecr.aws/falcosecurity/falco-no-driver:${{ inputs.arch }}-latest
+            public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-latest-slim
+            
+      - name: Build and publish falco latest
+        if: ${{ inputs.tagname != 'master' }}
+        uses: docker/build-push-action@v3
+        with:
+          context: ${{ github.workspace }}/docker/falco/
+          push: true
+          provenance: false # https://github.com/Noelware/docker-manifest-action/issues/131
+          build-args: |
+            VERSION_BUCKET=deb
+            FALCO_VERSION=${{ inputs.tagname }}
+          tags: |
+            falcosecurity/falco:${{ inputs.arch }}-latest
+            public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-latest
+            
+      - name: Build and publish falco-driver-loader latest
+        if: ${{ inputs.tagname != 'master' }}
+        uses: docker/build-push-action@v3
+        with:
+          context: ${{ github.workspace }}/docker/driver-loader/
+          push: true
+          provenance: false # https://github.com/Noelware/docker-manifest-action/issues/131
+          build-args: |
+            FALCO_IMAGE_TAG=${{ inputs.arch }}-latest
+          tags: |
+            falcosecurity/falco-driver-loader:${{ inputs.arch }}-latest
+            public.ecr.aws/falcosecurity/falco-driver-loader:${{ inputs.arch }}-latest     

.github/workflows/reusable_build_packages.yaml

@@ -0,0 +1,143 @@
+# This is a reusable workflow used by master_packages and release_packages
+on:
+  workflow_call:
+    inputs:
+      arch:
+        description: x86_64 or aarch64
+        required: true
+        type: string
+    outputs:
+      version:
+        description: 'Falco version extracted from config_falco.h'
+        value: ${{ jobs.build-packages.outputs.version }}    
+
+jobs:
+  build-packages:
+    # See https://github.com/actions/runner/issues/409#issuecomment-1158849936
+    runs-on: ${{ (inputs.arch == "aarch64") && fromJSON('[ "self-hosted", "linux", "ARM64" ]') || 'ubuntu-latest' }}
+    container:
+      image: ubuntu:22.04
+    # Map the job outputs to step outputs
+    outputs:
+      version: ${{ steps.store_version.outputs.version }}  
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          path: source
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Install build dependencies
+        run: |
+          mkdir deps
+          pushd deps
+          apt update -y
+          DEBIAN_FRONTEND=noninteractive apt install -y --no-install-recommends ca-certificates cmake build-essential clang-14 git pkg-config autoconf automake libelf-dev
+          update-alternatives --install /usr/bin/clang clang /usr/bin/clang-14 90
+          update-alternatives --install /usr/bin/llvm-strip llvm-strip /usr/bin/llvm-strip-14 90
+          git clone https://github.com/libbpf/bpftool.git --branch v7.0.0 --single-branch
+          cd bpftool
+          git submodule update --init
+          cd src && make install
+          popd
+
+      - name: Build modern BPF skeleton
+        run: |
+          pushd source
+          mkdir skeleton-build
+          pushd skeleton-build
+          cmake -DUSE_BUNDLED_DEPS=ON -DBUILD_FALCO_MODERN_BPF=ON -DCREATE_TEST_TARGETS=Off ..
+          make ProbeSkeleton
+          popd
+          popd
+
+      - name: Build Falco packages
+        run: |
+          mkdir -p source/build
+          DOCKER_BUILDKIT=1 docker build \
+            -f ${{ github.workspace }}/source/docker/builder/modern-falco-builder.Dockerfile \
+            --output type=local,dest=${{ github.workspace }}/source/build \
+            --build-arg CMAKE_OPTIONS="\
+              -DCMAKE_BUILD_TYPE=Release \
+              -DUSE_BUNDLED_DEPS=On \
+              -DFALCO_ETC_DIR=/etc/falco \
+              -DBUILD_FALCO_MODERN_BPF=ON \
+              -DMODERN_BPF_SKEL_DIR=/source/skeleton-build/skel_dir \
+              -DBUILD_DRIVER=Off \
+              -DBUILD_BPF=Off" \
+            --build-arg DEST_BUILD_DIR=${{ github.workspace }}/source/build \
+            ${{ github.workspace }}/source
+            
+      - name: Load and store Falco version output
+        id: store_version
+        run: |
+          FALCO_VERSION=$(cat ${{ github.workspace }}/source/build/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//')
+          echo "version=${FALCO_VERSION}" >> $GITHUB_OUTPUT     
+
+      - name: Upload Falco tar.gz package
+        uses: actions/upload-artifact@v3
+        with:
+          name: falco-${{ steps.store_version.outputs.version }}-${{ inputs.arch }}.tar.gz
+          path: |
+            ${{ github.workspace }}/source/build/packages/falco-*.tar.gz
+            
+      - name: Upload Falco deb package
+        uses: actions/upload-artifact@v3
+        with:
+          name: falco-${{ steps.store_version.outputs.version }}-${{ inputs.arch }}.deb
+          path: |
+            ${{ github.workspace }}/source/build/packages/falco-*.deb
+      
+      - name: Upload Falco rpm package
+        uses: actions/upload-artifact@v3
+        with:
+          name: falco-${{ steps.store_version.outputs.version }}-${{ inputs.arch }}.rpm
+          path: |
+            ${{ github.workspace }}/source/build/packages/falco-*.rpm
+            
+  build-musl-package:
+    needs: build-packages
+    # x86_64 only for now
+    if: ${{ inputs.arch == 'x86_64' }}
+    runs-on: ubuntu-latest
+    container:
+      image: alpine:3.17
+    
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          path: source
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Install build dependencies
+        run: |
+          apk add g++ gcc cmake make git bash perl linux-headers autoconf automake m4 libtool elfutils-dev libelf-static patch binutils bpftool clang
+          
+      - name: Prepare project
+        run: |
+          mkdir build
+          pushd build
+          cmake -DCPACK_GENERATOR=TGZ -DBUILD_BPF=Off -DBUILD_DRIVER=Off -DCMAKE_BUILD_TYPE=Release -DUSE_BUNDLED_DEPS=On -DUSE_BUNDLED_LIBELF=Off -DBUILD_LIBSCAP_MODERN_BPF=ON -DMUSL_OPTIMIZED_BUILD=On -DFALCO_ETC_DIR=/etc/falco /source-static/falco
+          popd
+          
+      - name: Build project
+        run: |
+          pushd build
+          make -j6 all
+          popd
+      
+      - name: Build packages
+        run: |
+          pushd build
+          make -j6 package
+          popd
+          
+      - name: Upload Falco static package
+        uses: actions/upload-artifact@v3
+        with:
+          name: falco-${{ needs.build-packages.outputs.version }}-static-x86_64.tar.gz
+          path: |
+            ${{ github.workspace }}/build/falco-*.tar.gz

.github/workflows/reusable_publish_docker.yaml

@@ -0,0 +1,142 @@
+# This is a reusable workflow used by dev_packages and release_packages
+on:
+  workflow_call:
+    inputs:
+      tagname:
+        description: master or tag name
+        required: true
+        type: string
+
+jobs:
+  publish-docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_SECRET }}
+          
+      - name: Login to Amazon ECR Public
+        run: |
+          aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/falcosecurity
+          
+      - name: Create and push no-driver manifest
+        uses: Noelware/docker-manifest-action@master
+        with:
+          inputs: falcosecurity/falco-no-driver:${{ inputs.tagname }}
+          images: falcosecurity/falco-no-driver:aarch64-${{ inputs.tagname }},falcosecurity/falco-no-driver:x86_64-${{ inputs.tagname }}
+          push: true
+          
+      - name: Create and push slim manifest
+        uses: Noelware/docker-manifest-action@master
+        with:
+          inputs: falcosecurity/falco:${{ inputs.tagname }}-slim
+          images: falcosecurity/falco:aarch64-${{ inputs.tagname }}-slim,falcosecurity/falco:x86_64-${{ inputs.tagname }}-slim
+          push: true     
+          
+      - name: Create and push no-driver manifest for ecr
+        uses: Noelware/docker-manifest-action@master
+        with:
+          inputs: public.ecr.aws/falcosecurity/falco-no-driver:${{ inputs.tagname }}
+          images: public.ecr.aws/falcosecurity/falco-no-driver:aarch64-${{ inputs.tagname }},public.ecr.aws/falcosecurity/falco-no-driver:x86_64-${{ inputs.tagname }}
+          push: true
+          
+      - name: Create and push slim manifest for ecr
+        uses: Noelware/docker-manifest-action@master
+        with:
+          inputs: public.ecr.aws/falcosecurity/falco:${{ inputs.tagname }}-slim
+          images: public.ecr.aws/falcosecurity/falco:aarch64-${{ inputs.tagname }}-slim,public.ecr.aws/falcosecurity/falco:x86_64-${{ inputs.tagname }}-slim
+          push: true      
+
+      - name: Create and push no-driver latest manifest
+        if: ${{ inputs.tagname != 'master' }}
+        uses: Noelware/docker-manifest-action@master
+        with:
+          inputs: falcosecurity/falco-no-driver:latest
+          images: falcosecurity/falco-no-driver:aarch64-latest,falcosecurity/falco-no-driver:x86_64-latest
+          push: true
+          
+      - name: Create and push slim latest manifest
+        if: ${{ inputs.tagname != 'master' }}
+        uses: Noelware/docker-manifest-action@master
+        with:
+          inputs: falcosecurity/falco:latest-slim
+          images: falcosecurity/falco:aarch64-latest-slim,falcosecurity/falco:x86_64-latest-slim
+          push: true
+          
+      - name: Create and push no-driver latest manifest for ecr
+        if: ${{ inputs.tagname != 'master' }}
+        uses: Noelware/docker-manifest-action@master
+        with:
+          inputs: public.ecr.aws/falcosecurity/falco-no-driver:latest
+          images: public.ecr.aws/falcosecurity/falco-no-driver:aarch64-latest,public.ecr.aws/falcosecurity/falco-no-driver:x86_64-latest
+          push: true
+          
+      - name: Create and push slim latest manifest for ecr
+        if: ${{ inputs.tagname != 'master' }}
+        uses: Noelware/docker-manifest-action@master
+        with:
+          inputs: public.ecr.aws/falcosecurity/falco:latest-slim
+          images: public.ecr.aws/falcosecurity/falco:aarch64-latest-slim,public.ecr.aws/falcosecurity/falco:x86_64-latest-slim
+          push: true        
+    
+      - name: Create and push falco manifest
+        uses: Noelware/docker-manifest-action@master
+        with:
+          inputs: falcosecurity/falco:${{ inputs.tagname }}
+          images: falcosecurity/falco:aarch64-${{ inputs.tagname }},falcosecurity/falco:x86_64-${{ inputs.tagname }}
+          push: true
+          
+      - name: Create and push falco manifest for ecr
+        uses: Noelware/docker-manifest-action@master
+        with:
+          inputs: public.ecr.aws/falcosecurity/falco:${{ inputs.tagname }}
+          images: public.ecr.aws/falcosecurity/falco:aarch64-${{ inputs.tagname }},public.ecr.aws/falcosecurity/falco:x86_64-${{ inputs.tagname }}
+          push: true    
+      
+      - name: Create and push falco latest manifest
+        if: ${{ inputs.tagname != 'master' }}
+        uses: Noelware/docker-manifest-action@master
+        with:
+          inputs: falcosecurity/falco:latest
+          images: falcosecurity/falco:aarch64-latest,falcosecurity/falco:x86_64-latest
+          push: true
+          
+      - name: Create and push falco latest manifest for ecr
+        if: ${{ inputs.tagname != 'master' }}
+        uses: Noelware/docker-manifest-action@master
+        with:
+          inputs: public.ecr.aws/falcosecurity/falco:latest
+          images: public.ecr.aws/falcosecurity/falco:aarch64-latest,public.ecr.aws/falcosecurity/falco:x86_64-latest
+          push: true  
+          
+      - name: Create and push falco-driver-loader manifest
+        uses: Noelware/docker-manifest-action@master
+        with:
+          inputs: falcosecurity/falco-driver-loader:${{ inputs.tagname }}
+          images: falcosecurity/falco-driver-loader:aarch64-${{ inputs.tagname }},falcosecurity/falco-driver-loader:x86_64-${{ inputs.tagname }}
+          push: true
+          
+      - name: Create and push falco-driver-loader manifest for ecr
+        uses: Noelware/docker-manifest-action@master
+        with:
+          inputs: public.ecr.aws/falcosecurity/falco-driver-loader:${{ inputs.tagname }}
+          images: public.ecr.aws/falcosecurity/falco-driver-loader:aarch64-${{ inputs.tagname }},public.ecr.aws/falcosecurity/falco-driver-loader:x86_64-${{ inputs.tagname }}
+          push: true    
+      
+      - name: Create and push falco-driver-loader latest manifest
+        if: ${{ inputs.tagname != 'master' }}
+        uses: Noelware/docker-manifest-action@master
+        with:
+          inputs: falcosecurity/falco-driver-loader:latest
+          images: falcosecurity/falco-driver-loader:aarch64-latest,falcosecurity/falco-driver-loader:x86_64-latest
+          push: true
+          
+      - name: Create and push falco-driver-loader latest manifest for ecr
+        if: ${{ inputs.tagname != 'master' }}
+        uses: Noelware/docker-manifest-action@master
+        with:
+          inputs: public.ecr.aws/falcosecurity/falco-driver-loader:latest
+          images: public.ecr.aws/falcosecurity/falco-driver-loader:aarch64-latest,public.ecr.aws/falcosecurity/falco-driver-loader:x86_64-latest
+          push: true      

.github/workflows/reusable_publish_packages.yaml

@@ -0,0 +1,105 @@
+# This is a reusable workflow used by dev_packages and release_packages
+on:
+  workflow_call:
+    inputs:
+      version:
+        description: 'Falco version extracted from userspace/falco/config_falco.h'
+        required: true
+        type: string
+      bucket:
+        description: bucket suffix for packages
+        required: false
+        default: ''
+        type: string
+
+jobs:
+  publish-packages:
+    runs-on: ubuntu-latest
+    container:
+      image: docker.io/centos:7
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          path: source
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.sha }}
+    
+      - name: Install dependencies
+        run: |
+          yum install epel-release -y
+          yum update -y
+          yum install rpm-sign expect which createrepo gpg python python-pip -y
+          pip install awscli==1.19.47
+      
+      - name: Download all artifacts
+        uses: actions/download-artifact@v3
+        with:
+          path: $RUNNER_TEMP
+        
+      - name: Import gpg key 
+        run: |
+          echo $GPG_KEY | base64 -d | gpg --import
+        
+      - name: Sign rpms
+        run: |
+          echo "%_signature gpg" > ~/.rpmmacros
+          echo "%_gpg_name  Falcosecurity Package Signing" >> ~/.rpmmacros
+          echo "%__gpg_sign_cmd %{__gpg} --force-v3-sigs --batch --no-armor --passphrase-fd 3 --no-secmem-warning -u \"%{_gpg_name}\" -sb --digest-algo sha256 %{__plaintext_filename}'" >> ~/.rpmmacros
+          cat > ~/sign \<<EOF
+          #!/usr/bin/expect -f
+          spawn rpmsign --addsign {*}\$argv
+          expect -exact "Enter pass phrase: "
+          send -- "\n"
+          expect eof
+          EOF
+          chmod +x ~/sign
+          ~/sign $RUNNER_TEMP/falco-*.rpm
+          rpm --qf %{SIGPGP:pgpsig} -qp $RUNNER_TEMP/falco-*.rpm | grep SHA256
+          
+      - name: Publish rpm
+        run: |
+          ./scripts/publish-rpm -f $RUNNER_TEMP/falco-${{ inputs.version }}-x86_64.rpm -f $RUNNER_TEMP/falco-${{ inputs.version }}-aarch64.rpm -r rpm${{ inputs.bucket }}
+      
+      - name: Publish bin
+        run: |
+          ./scripts/publish-bin -f $RUNNER_TEMP/falco-${{ inputs.version }}-x86_64.tar.gz -r bin${{ inputs.bucket }} -a x86_64
+          ./scripts/publish-bin -f $RUNNER_TEMP/falco-${{ inputs.version }}-aarch64.tar.gz -r bin${{ inputs.bucket }} -a aarch64
+          
+      - name: Publish static
+        run: |
+          ./scripts/publish-bin -f $RUNNER_TEMP/falco-${{ inputs.version }}-static-x86_64.tar.gz -r bin${{ inputs.bucket }} -a x86_64
+          
+  publish-packages-deb:
+    runs-on: ubuntu-latest
+    container:
+      image: docker.io/debian:stable
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          path: source
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.sha }}
+    
+      - name: Install dependencies
+        run: |
+          apt update -y
+          apt-get install apt-utils bzip2 gpg python python3-pip -y
+          pip install awscli
+      
+      - name: Download deb artifacts
+        uses: actions/download-artifact@v3
+        with:
+          name: falco-${{ inputs.version }}-*.deb
+          path: $RUNNER_TEMP
+        
+      - name: Import gpg key 
+        run: |
+          echo $GPG_KEY | base64 -d | gpg --import
+          
+      - name: Publish deb
+        run: |
+          ./scripts/publish-deb -f $RUNNER_TEMP/falco-${{ inputs.version }}-x86_64.deb -f $RUNNER_TEMP/falco-${{ inputs.version }}-aarch64.deb -r deb${{ inputs.bucket }}
+          
+