From b3b4f4a431c2e2dc222720ff3f6cedfe4833f3f5 Mon Sep 17 00:00:00 2001 From: Luca Guerra Date: Mon, 4 Sep 2023 15:51:38 +0000 Subject: [PATCH] update(build): build and release falco-distroless Signed-off-by: Luca Guerra Co-authored-by: Leonardo Grasso --- .github/workflows/reusable_build_docker.yaml | 10 ++++++++++ .github/workflows/reusable_publish_docker.yaml | 15 +++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/.github/workflows/reusable_build_docker.yaml b/.github/workflows/reusable_build_docker.yaml index f7f227e9..e1a4665b 100644 --- a/.github/workflows/reusable_build_docker.yaml +++ b/.github/workflows/reusable_build_docker.yaml @@ -46,6 +46,16 @@ jobs: --build-arg TARGETARCH=${TARGETARCH} \ . docker save docker.io/falcosecurity/falco-no-driver:${{ inputs.arch }}-${{ inputs.tag }} --output /tmp/falco-no-driver-${{ inputs.arch }}.tar + + - name: Build distroless image + run: | + cd ${{ github.workspace }}/docker/no-driver/ + docker build -f Dockerfile.distroless -t docker.io/falcosecurity/falco-distroless:${{ inputs.arch }}-${{ inputs.tag }} \ + --build-arg VERSION_BUCKET=bin${{ inputs.bucket_suffix }} \ + --build-arg FALCO_VERSION=${{ inputs.version }} \ + --build-arg TARGETARCH=${TARGETARCH} \ + . + docker save docker.io/falcosecurity/falco-distroless:${{ inputs.arch }}-${{ inputs.tag }} --output /tmp/falco-distroless-${{ inputs.arch }}.tar - name: Build falco image run: | diff --git a/.github/workflows/reusable_publish_docker.yaml b/.github/workflows/reusable_publish_docker.yaml index 685356e9..e43e4cfd 100644 --- a/.github/workflows/reusable_publish_docker.yaml +++ b/.github/workflows/reusable_publish_docker.yaml @@ -66,6 +66,8 @@ jobs: run: | docker push docker.io/falcosecurity/falco-no-driver:aarch64-${{ inputs.tag }} docker push docker.io/falcosecurity/falco-no-driver:x86_64-${{ inputs.tag }} + docker push docker.io/falcosecurity/falco-distroless:aarch64-${{ inputs.tag }} + docker push docker.io/falcosecurity/falco-distroless:x86_64-${{ inputs.tag }} docker push docker.io/falcosecurity/falco:aarch64-${{ inputs.tag }} docker push docker.io/falcosecurity/falco:x86_64-${{ inputs.tag }} docker push docker.io/falcosecurity/falco-driver-loader:aarch64-${{ inputs.tag }} @@ -79,6 +81,13 @@ jobs: inputs: docker.io/falcosecurity/falco-no-driver:${{ inputs.tag }} images: docker.io/falcosecurity/falco-no-driver:aarch64-${{ inputs.tag }},docker.io/falcosecurity/falco-no-driver:x86_64-${{ inputs.tag }} push: true + + - name: Create distroless manifest on Docker Hub + uses: Noelware/docker-manifest-action@0.3.1 + with: + inputs: docker.io/falcosecurity/falco-distroless:${{ inputs.tag }} + images: docker.io/falcosecurity/falco-distroless:aarch64-${{ inputs.tag }},docker.io/falcosecurity/falco-distroless:x86_64-${{ inputs.tag }} + push: true - name: Tag slim manifest on Docker Hub run: | @@ -109,6 +118,7 @@ jobs: id: digests run: | echo "falco-no-driver=$(crane digest docker.io/falcosecurity/falco-no-driver:${{ inputs.tag }})" >> $GITHUB_OUTPUT + echo "falco-distroless=$(crane digest docker.io/falcosecurity/falco-distroless:${{ inputs.tag }})" >> $GITHUB_OUTPUT echo "falco=$(crane digest docker.io/falcosecurity/falco:${{ inputs.tag }})" >> $GITHUB_OUTPUT echo "falco-driver-loader=$(crane digest docker.io/falcosecurity/falco-driver-loader:${{ inputs.tag }})" >> $GITHUB_OUTPUT echo "falco-driver-loader-legacy=$(crane digest docker.io/falcosecurity/falco-driver-loader-legacy:${{ inputs.tag }})" >> $GITHUB_OUTPUT @@ -116,6 +126,7 @@ jobs: - name: Publish images to ECR run: | crane copy docker.io/falcosecurity/falco-no-driver:${{ inputs.tag }} public.ecr.aws/falcosecurity/falco-no-driver:${{ inputs.tag }} + crane copy docker.io/falcosecurity/falco-distroless:${{ inputs.tag }} public.ecr.aws/falcosecurity/falco-distroless:${{ inputs.tag }} crane copy docker.io/falcosecurity/falco:${{ inputs.tag }} public.ecr.aws/falcosecurity/falco:${{ inputs.tag }} crane copy docker.io/falcosecurity/falco-driver-loader:${{ inputs.tag }} public.ecr.aws/falcosecurity/falco-driver-loader:${{ inputs.tag }} crane copy docker.io/falcosecurity/falco-driver-loader-legacy:${{ inputs.tag }} public.ecr.aws/falcosecurity/falco-driver-loader-legacy:${{ inputs.tag }} @@ -125,12 +136,14 @@ jobs: if: inputs.is_latest run: | crane tag docker.io/falcosecurity/falco-no-driver:${{ inputs.tag }} latest + crane tag docker.io/falcosecurity/falco-distroless:${{ inputs.tag }} latest crane tag docker.io/falcosecurity/falco:${{ inputs.tag }} latest crane tag docker.io/falcosecurity/falco-driver-loader:${{ inputs.tag }} latest crane tag docker.io/falcosecurity/falco-driver-loader-legacy:${{ inputs.tag }} latest crane tag docker.io/falcosecurity/falco:${{ inputs.tag }}-slim latest-slim crane tag public.ecr.aws/falcosecurity/falco-no-driver:${{ inputs.tag }} latest + crane tag public.ecr.aws/falcosecurity/falco-distroless:${{ inputs.tag }} latest crane tag public.ecr.aws/falcosecurity/falco:${{ inputs.tag }} latest crane tag public.ecr.aws/falcosecurity/falco-driver-loader:${{ inputs.tag }} latest crane tag public.ecr.aws/falcosecurity/falco-driver-loader-legacy:${{ inputs.tag }} latest @@ -149,11 +162,13 @@ jobs: COSIGN_YES: "true" run: | cosign sign docker.io/falcosecurity/falco-no-driver@${{ steps.digests.outputs.falco-no-driver }} + cosign sign docker.io/falcosecurity/falco-distroless@${{ steps.digests.outputs.falco-distroless }} cosign sign docker.io/falcosecurity/falco@${{ steps.digests.outputs.falco }} cosign sign docker.io/falcosecurity/falco-driver-loader@${{ steps.digests.outputs.falco-driver-loader }} cosign sign docker.io/falcosecurity/falco-driver-loader-legacy@${{ steps.digests.outputs.falco-driver-loader-legacy }} cosign sign public.ecr.aws/falcosecurity/falco-no-driver@${{ steps.digests.outputs.falco-no-driver }} + cosign sign public.ecr.aws/falcosecurity/falco-distroless@${{ steps.digests.outputs.falco-distroless }} cosign sign public.ecr.aws/falcosecurity/falco@${{ steps.digests.outputs.falco }} cosign sign public.ecr.aws/falcosecurity/falco-driver-loader@${{ steps.digests.outputs.falco-driver-loader }} cosign sign public.ecr.aws/falcosecurity/falco-driver-loader-legacy@${{ steps.digests.outputs.falco-driver-loader-legacy }}