chore(ci): avoid publishing images in reusable_build_docker.yaml workflow.

Instead, store image tarballs as artifact and download them in `reusable_publish_docker.yaml` workflow, to be finally merged in multi-arch images and pushed. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
2025-08-28 10:51:24 +00:00 · 2023-04-19 15:11:52 +02:00 · 2023-04-19 15:11:52 +02:00 · b9c0ca3abe
commit b9c0ca3abe
parent 008d908ee0
2 changed files with 34 additions and 32 deletions
--- a/.github/workflows/reusable_build_docker.yaml
+++ b/.github/workflows/reusable_build_docker.yaml
@ -24,26 +24,13 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v3
        
-      - name: Install deps
-        run: |
-          pip install awscli
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
          
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USER }}
-          password: ${{ secrets.DOCKERHUB_SECRET }}
-      
-      - name: Login to Amazon ECR Public
-        run: |
-          aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/falcosecurity
-          
-      - name: Build and publish no-driver
+      - name: Build no-driver image
        uses: docker/build-push-action@v3
        with:
          context: ${{ github.workspace }}/docker/no-driver/
-          push: true
-          provenance: false # https://github.com/Noelware/docker-manifest-action/issues/131
          build-args: |
            VERSION_BUCKET=bin${{ inputs.bucket }}
            FALCO_VERSION=${{ inputs.version }}
@ -52,39 +39,36 @@ jobs:
            falcosecurity/falco:${{ inputs.arch }}-${{ github.ref_name }}-slim
            public.ecr.aws/falcosecurity/falco-no-driver:${{ inputs.arch }}-${{ github.ref_name }}
            public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-${{ github.ref_name }}-slim
+          outputs: type=docker,dest=/tmp/falco-no-driver-${{ inputs.arch }}.tar
            
-      - name: Build and publish falco
+      - name: Build falco image
        uses: docker/build-push-action@v3
        with:
          context: ${{ github.workspace }}/docker/falco/
-          push: true
-          provenance: false # https://github.com/Noelware/docker-manifest-action/issues/131
          build-args: |
            VERSION_BUCKET=deb${{ inputs.bucket }}
            FALCO_VERSION=${{ inputs.version }}
          tags: |
            falcosecurity/falco:${{ inputs.arch }}-${{ github.ref_name }}
            public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-${{ github.ref_name }}
+          outputs: type=docker,dest=/tmp/falco-${{ inputs.arch }}.tar
            
-      - name: Build and publish falco-driver-loader
+      - name: Build falco-driver-loader image
        uses: docker/build-push-action@v3
        with:
          context: ${{ github.workspace }}/docker/driver-loader/
-          push: true
-          provenance: false # https://github.com/Noelware/docker-manifest-action/issues/131
          build-args: |
            FALCO_IMAGE_TAG=${{ inputs.arch }}-${{ github.ref_name }}
          tags: |
            falcosecurity/falco-driver-loader:${{ inputs.arch }}-${{ github.ref_name }}
            public.ecr.aws/falcosecurity/falco-driver-loader:${{ inputs.arch }}-${{ github.ref_name }}
+          outputs: type=docker,dest=/tmp/falco-driver-loader-${{ inputs.arch }}.tar  
            
-      - name: Build and publish no-driver latest
+      - name: Build no-driver latest image
        if: ${{ github.ref_name != 'master' }}
        uses: docker/build-push-action@v3
        with:
          context: ${{ github.workspace }}/docker/no-driver/
-          push: true
-          provenance: false # https://github.com/Noelware/docker-manifest-action/issues/131
          build-args: |
            VERSION_BUCKET=bin
            FALCO_VERSION=${{ github.ref_name }}
@ -93,30 +77,35 @@ jobs:
            falcosecurity/falco:${{ inputs.arch }}-latest-slim
            public.ecr.aws/falcosecurity/falco-no-driver:${{ inputs.arch }}-latest
            public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-latest-slim
+          outputs: type=docker,dest=/tmp/falco-no-driver-latest-${{ inputs.arch }}.tar
            
-      - name: Build and publish falco latest
+      - name: Build falco latest image
        if: ${{ github.ref_name != 'master' }}
        uses: docker/build-push-action@v3
        with:
          context: ${{ github.workspace }}/docker/falco/
-          push: true
-          provenance: false # https://github.com/Noelware/docker-manifest-action/issues/131
          build-args: |
            VERSION_BUCKET=deb
            FALCO_VERSION=${{ github.ref_name }}
          tags: |
            falcosecurity/falco:${{ inputs.arch }}-latest
            public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-latest
+          outputs: type=docker,dest=/tmp/falco-latest-${{ inputs.arch }}.tar
            
-      - name: Build and publish falco-driver-loader latest
+      - name: Build falco-driver-loader latest image
        if: ${{ github.ref_name != 'master' }}
        uses: docker/build-push-action@v3
        with:
          context: ${{ github.workspace }}/docker/driver-loader/
-          push: true
-          provenance: false # https://github.com/Noelware/docker-manifest-action/issues/131
          build-args: |
            FALCO_IMAGE_TAG=${{ inputs.arch }}-latest
          tags: |
            falcosecurity/falco-driver-loader:${{ inputs.arch }}-latest
            public.ecr.aws/falcosecurity/falco-driver-loader:${{ inputs.arch }}-latest
+          outputs: type=docker,dest=/tmp/falco-driver-loader-latest-${{ inputs.arch }}.tar
+       
+      - name: Upload images tarballs
+        uses: actions/upload-artifact@v3
+        with:
+          name: falco-images
+          path: /tmp/falco-*.tar
--- a/.github/workflows/reusable_publish_docker.yaml
+++ b/.github/workflows/reusable_publish_docker.yaml
@ -6,6 +6,19 @@ jobs:
  publish-docker:
    runs-on: ubuntu-latest
    steps:
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+    
+      - name: Download images tarballs
+        uses: actions/download-artifact@v3
+        with:
+          name: falco-images
+          path: /tmp
+      
+      - name: Load all images
+        run: |
+          for img in /tmp/falco-images/falco-*.tar; do docker load --input $img; done
+    
      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with: