github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-28 10:51:24 +00:00
Code Issues Projects Releases Wiki Activity

chore(ci): avoid publishing images in reusable_build_docker.yaml workflow.

Browse Source 
Instead, store image tarballs as artifact and download them in `reusable_publish_docker.yaml` workflow,
to be finally merged in multi-arch images and pushed.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
This commit is contained in:
Federico Di Pierro 2023-04-19 15:11:52 +02:00 committed by poiana
parent 008d908ee0
commit b9c0ca3abe
2 changed files with 34 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
.github/workflows/reusable_build_docker.yaml vendored
View File

@ -24,26 +24,13 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@v3
- name: Install deps - name: Set up Docker Buildx
run: | uses: docker/setup-buildx-action@v2
pip install awscli
- name: Login to Docker Hub - name: Build no-driver image
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_SECRET }}
- name: Login to Amazon ECR Public
run: |
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/falcosecurity
- name: Build and publish no-driver
uses: docker/build-push-action@v3 uses: docker/build-push-action@v3
with: with:
context: ${{ github.workspace }}/docker/no-driver/ context: ${{ github.workspace }}/docker/no-driver/
push: true
provenance: false # https://github.com/Noelware/docker-manifest-action/issues/131
build-args: | build-args: |
VERSION_BUCKET=bin${{ inputs.bucket }} VERSION_BUCKET=bin${{ inputs.bucket }}
FALCO_VERSION=${{ inputs.version }} FALCO_VERSION=${{ inputs.version }}
@ -52,39 +39,36 @@ jobs:
falcosecurity/falco:${{ inputs.arch }}-${{ github.ref_name }}-slim falcosecurity/falco:${{ inputs.arch }}-${{ github.ref_name }}-slim
public.ecr.aws/falcosecurity/falco-no-driver:${{ inputs.arch }}-${{ github.ref_name }} public.ecr.aws/falcosecurity/falco-no-driver:${{ inputs.arch }}-${{ github.ref_name }}
public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-${{ github.ref_name }}-slim public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-${{ github.ref_name }}-slim
outputs: type=docker,dest=/tmp/falco-no-driver-${{ inputs.arch }}.tar
- name: Build and publish falco - name: Build falco image
uses: docker/build-push-action@v3 uses: docker/build-push-action@v3
with: with:
context: ${{ github.workspace }}/docker/falco/ context: ${{ github.workspace }}/docker/falco/
push: true
provenance: false # https://github.com/Noelware/docker-manifest-action/issues/131
build-args: | build-args: |
VERSION_BUCKET=deb${{ inputs.bucket }} VERSION_BUCKET=deb${{ inputs.bucket }}
FALCO_VERSION=${{ inputs.version }} FALCO_VERSION=${{ inputs.version }}
tags: | tags: |
falcosecurity/falco:${{ inputs.arch }}-${{ github.ref_name }} falcosecurity/falco:${{ inputs.arch }}-${{ github.ref_name }}
public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-${{ github.ref_name }} public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-${{ github.ref_name }}
outputs: type=docker,dest=/tmp/falco-${{ inputs.arch }}.tar
- name: Build and publish falco-driver-loader - name: Build falco-driver-loader image
uses: docker/build-push-action@v3 uses: docker/build-push-action@v3
with: with:
context: ${{ github.workspace }}/docker/driver-loader/ context: ${{ github.workspace }}/docker/driver-loader/
push: true
provenance: false # https://github.com/Noelware/docker-manifest-action/issues/131
build-args: | build-args: |
FALCO_IMAGE_TAG=${{ inputs.arch }}-${{ github.ref_name }} FALCO_IMAGE_TAG=${{ inputs.arch }}-${{ github.ref_name }}
tags: | tags: |
falcosecurity/falco-driver-loader:${{ inputs.arch }}-${{ github.ref_name }} falcosecurity/falco-driver-loader:${{ inputs.arch }}-${{ github.ref_name }}
public.ecr.aws/falcosecurity/falco-driver-loader:${{ inputs.arch }}-${{ github.ref_name }} public.ecr.aws/falcosecurity/falco-driver-loader:${{ inputs.arch }}-${{ github.ref_name }}
outputs: type=docker,dest=/tmp/falco-driver-loader-${{ inputs.arch }}.tar
- name: Build and publish no-driver latest - name: Build no-driver latest image
if: ${{ github.ref_name != 'master' }} if: ${{ github.ref_name != 'master' }}
uses: docker/build-push-action@v3 uses: docker/build-push-action@v3
with: with:
context: ${{ github.workspace }}/docker/no-driver/ context: ${{ github.workspace }}/docker/no-driver/
push: true
provenance: false # https://github.com/Noelware/docker-manifest-action/issues/131
build-args: | build-args: |
VERSION_BUCKET=bin VERSION_BUCKET=bin
FALCO_VERSION=${{ github.ref_name }} FALCO_VERSION=${{ github.ref_name }}
@ -93,30 +77,35 @@ jobs:
falcosecurity/falco:${{ inputs.arch }}-latest-slim falcosecurity/falco:${{ inputs.arch }}-latest-slim
public.ecr.aws/falcosecurity/falco-no-driver:${{ inputs.arch }}-latest public.ecr.aws/falcosecurity/falco-no-driver:${{ inputs.arch }}-latest
public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-latest-slim public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-latest-slim
outputs: type=docker,dest=/tmp/falco-no-driver-latest-${{ inputs.arch }}.tar
- name: Build and publish falco latest - name: Build falco latest image
if: ${{ github.ref_name != 'master' }} if: ${{ github.ref_name != 'master' }}
uses: docker/build-push-action@v3 uses: docker/build-push-action@v3
with: with:
context: ${{ github.workspace }}/docker/falco/ context: ${{ github.workspace }}/docker/falco/
push: true
provenance: false # https://github.com/Noelware/docker-manifest-action/issues/131
build-args: | build-args: |
VERSION_BUCKET=deb VERSION_BUCKET=deb
FALCO_VERSION=${{ github.ref_name }} FALCO_VERSION=${{ github.ref_name }}
tags: | tags: |
falcosecurity/falco:${{ inputs.arch }}-latest falcosecurity/falco:${{ inputs.arch }}-latest
public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-latest public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-latest
outputs: type=docker,dest=/tmp/falco-latest-${{ inputs.arch }}.tar
- name: Build and publish falco-driver-loader latest - name: Build falco-driver-loader latest image
if: ${{ github.ref_name != 'master' }} if: ${{ github.ref_name != 'master' }}
uses: docker/build-push-action@v3 uses: docker/build-push-action@v3
with: with:
context: ${{ github.workspace }}/docker/driver-loader/ context: ${{ github.workspace }}/docker/driver-loader/
push: true
provenance: false # https://github.com/Noelware/docker-manifest-action/issues/131
build-args: | build-args: |
FALCO_IMAGE_TAG=${{ inputs.arch }}-latest FALCO_IMAGE_TAG=${{ inputs.arch }}-latest
tags: | tags: |
falcosecurity/falco-driver-loader:${{ inputs.arch }}-latest falcosecurity/falco-driver-loader:${{ inputs.arch }}-latest
public.ecr.aws/falcosecurity/falco-driver-loader:${{ inputs.arch }}-latest public.ecr.aws/falcosecurity/falco-driver-loader:${{ inputs.arch }}-latest
outputs: type=docker,dest=/tmp/falco-driver-loader-latest-${{ inputs.arch }}.tar
- name: Upload images tarballs
uses: actions/upload-artifact@v3
with:
name: falco-images
path: /tmp/falco-*.tar

13
.github/workflows/reusable_publish_docker.yaml vendored
View File

@ -6,6 +6,19 @@ jobs:
publish-docker: publish-docker:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Download images tarballs
uses: actions/download-artifact@v3
with:
name: falco-images
path: /tmp
- name: Load all images
run: |
for img in /tmp/falco-images/falco-*.tar; do docker load --input $img; done
- name: Login to Docker Hub - name: Login to Docker Hub
uses: docker/login-action@v2 uses: docker/login-action@v2
with: with: