diff --git a/.github/workflows/reusable_build_docker.yaml b/.github/workflows/reusable_build_docker.yaml index ee3acaaf..2d793cc1 100644 --- a/.github/workflows/reusable_build_docker.yaml +++ b/.github/workflows/reusable_build_docker.yaml @@ -24,26 +24,13 @@ jobs: - name: Checkout uses: actions/checkout@v3 - - name: Install deps - run: | - pip install awscli - - - name: Login to Docker Hub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKERHUB_USER }} - password: ${{ secrets.DOCKERHUB_SECRET }} - - - name: Login to Amazon ECR Public - run: | - aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/falcosecurity + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 - - name: Build and publish no-driver + - name: Build no-driver image uses: docker/build-push-action@v3 with: context: ${{ github.workspace }}/docker/no-driver/ - push: true - provenance: false # https://github.com/Noelware/docker-manifest-action/issues/131 build-args: | VERSION_BUCKET=bin${{ inputs.bucket }} FALCO_VERSION=${{ inputs.version }} @@ -52,39 +39,36 @@ jobs: falcosecurity/falco:${{ inputs.arch }}-${{ github.ref_name }}-slim public.ecr.aws/falcosecurity/falco-no-driver:${{ inputs.arch }}-${{ github.ref_name }} public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-${{ github.ref_name }}-slim + outputs: type=docker,dest=/tmp/falco-no-driver-${{ inputs.arch }}.tar - - name: Build and publish falco + - name: Build falco image uses: docker/build-push-action@v3 with: context: ${{ github.workspace }}/docker/falco/ - push: true - provenance: false # https://github.com/Noelware/docker-manifest-action/issues/131 build-args: | VERSION_BUCKET=deb${{ inputs.bucket }} FALCO_VERSION=${{ inputs.version }} tags: | falcosecurity/falco:${{ inputs.arch }}-${{ github.ref_name }} public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-${{ github.ref_name }} + outputs: type=docker,dest=/tmp/falco-${{ inputs.arch }}.tar - - name: Build and publish falco-driver-loader + - name: Build falco-driver-loader image uses: docker/build-push-action@v3 with: context: ${{ github.workspace }}/docker/driver-loader/ - push: true - provenance: false # https://github.com/Noelware/docker-manifest-action/issues/131 build-args: | FALCO_IMAGE_TAG=${{ inputs.arch }}-${{ github.ref_name }} tags: | falcosecurity/falco-driver-loader:${{ inputs.arch }}-${{ github.ref_name }} public.ecr.aws/falcosecurity/falco-driver-loader:${{ inputs.arch }}-${{ github.ref_name }} + outputs: type=docker,dest=/tmp/falco-driver-loader-${{ inputs.arch }}.tar - - name: Build and publish no-driver latest + - name: Build no-driver latest image if: ${{ github.ref_name != 'master' }} uses: docker/build-push-action@v3 with: context: ${{ github.workspace }}/docker/no-driver/ - push: true - provenance: false # https://github.com/Noelware/docker-manifest-action/issues/131 build-args: | VERSION_BUCKET=bin FALCO_VERSION=${{ github.ref_name }} @@ -93,30 +77,35 @@ jobs: falcosecurity/falco:${{ inputs.arch }}-latest-slim public.ecr.aws/falcosecurity/falco-no-driver:${{ inputs.arch }}-latest public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-latest-slim + outputs: type=docker,dest=/tmp/falco-no-driver-latest-${{ inputs.arch }}.tar - - name: Build and publish falco latest + - name: Build falco latest image if: ${{ github.ref_name != 'master' }} uses: docker/build-push-action@v3 with: context: ${{ github.workspace }}/docker/falco/ - push: true - provenance: false # https://github.com/Noelware/docker-manifest-action/issues/131 build-args: | VERSION_BUCKET=deb FALCO_VERSION=${{ github.ref_name }} tags: | falcosecurity/falco:${{ inputs.arch }}-latest public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-latest + outputs: type=docker,dest=/tmp/falco-latest-${{ inputs.arch }}.tar - - name: Build and publish falco-driver-loader latest + - name: Build falco-driver-loader latest image if: ${{ github.ref_name != 'master' }} uses: docker/build-push-action@v3 with: context: ${{ github.workspace }}/docker/driver-loader/ - push: true - provenance: false # https://github.com/Noelware/docker-manifest-action/issues/131 build-args: | FALCO_IMAGE_TAG=${{ inputs.arch }}-latest tags: | falcosecurity/falco-driver-loader:${{ inputs.arch }}-latest - public.ecr.aws/falcosecurity/falco-driver-loader:${{ inputs.arch }}-latest + public.ecr.aws/falcosecurity/falco-driver-loader:${{ inputs.arch }}-latest + outputs: type=docker,dest=/tmp/falco-driver-loader-latest-${{ inputs.arch }}.tar + + - name: Upload images tarballs + uses: actions/upload-artifact@v3 + with: + name: falco-images + path: /tmp/falco-*.tar diff --git a/.github/workflows/reusable_publish_docker.yaml b/.github/workflows/reusable_publish_docker.yaml index b4cc300c..ed5a113e 100644 --- a/.github/workflows/reusable_publish_docker.yaml +++ b/.github/workflows/reusable_publish_docker.yaml @@ -6,6 +6,19 @@ jobs: publish-docker: runs-on: ubuntu-latest steps: + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Download images tarballs + uses: actions/download-artifact@v3 + with: + name: falco-images + path: /tmp + + - name: Load all images + run: | + for img in /tmp/falco-images/falco-*.tar; do docker load --input $img; done + - name: Login to Docker Hub uses: docker/login-action@v2 with: