chore(ci): added some comments.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com> Co-authored-by: Luca Guerra <luca@guerra.sh>
2025-06-28 15:47:25 +00:00 · 2023-04-27 10:11:30 +02:00 · 2023-04-27 10:11:30 +02:00 · d27828a0d2
commit d27828a0d2
parent 89f29e6d4b
5 changed files with 18 additions and 5 deletions
--- a/.github/workflows/master.yaml
+++ b/.github/workflows/master.yaml
@ -3,7 +3,7 @@ on:
  push:
    branches: [master]

-# Checks if any concurrent jobs under the same pull request or branch are being executed
+# Checks if any concurrent jobs is running for master CI and eventually cancel it
 concurrency:
  group: ci-master
  cancel-in-progress: true  
@ -28,7 +28,8 @@ jobs:
      bucket: '-dev'
      version: ${{ needs.build-dev-packages.outputs.version }}
    secrets: inherit
-    
+  
+  # Both build-dev-docker and its arm64 counterpart require build-dev-packages because they use its output
  build-dev-docker:
    needs: [build-dev-packages, publish-dev-packages]
    uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@ -4,7 +4,7 @@ on:
    tags:
      - '[0-9]+.[0-9]+.[0-9]+'

-# Checks if any concurrent jobs under the same pull request or branch are being executed
+# Checks if any concurrent jobs is running for release CI and eventually cancel it.
 concurrency:
  group: ci-release
  cancel-in-progress: true  
@ -28,7 +28,8 @@ jobs:
    with:
      version: ${{ needs.build-packages.outputs.version }}
    secrets: inherit
-          
+  
+  # Both build-docker and its arm64 counterpart require build-packages because they use its output
  build-docker:
    needs: [build-packages, publish-packages]
    uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master
--- a/.github/workflows/reusable_build_docker.yaml
+++ b/.github/workflows/reusable_build_docker.yaml
@ -16,6 +16,10 @@ on:
        required: true
        type: string

+# Here we just build all docker images as tarballs, 
+# then we upload all the tarballs to be later downloaded by reusable_publish_docker workflow.
+# In this way, we don't need to publish any arch specific image, 
+# and this "build" workflow is actually only building images.
 jobs:
  build-docker:
    # See https://github.com/actions/runner/issues/409#issuecomment-1158849936
--- a/.github/workflows/reusable_build_packages.yaml
+++ b/.github/workflows/reusable_build_packages.yaml
@ -17,6 +17,7 @@ jobs:
    runs-on: ${{ (inputs.arch == 'aarch64' && fromJSON('[ "self-hosted", "linux", "ARM64" ]')) || 'ubuntu-latest' }}
    container: fedora:latest
    steps:
+      # Always install deps before invoking checkout action, to properly perform a full clone.
      - name: Install build dependencies
        run: |
          dnf install -y bpftool ca-certificates cmake make automake gcc gcc-c++ kernel-devel clang git pkg-config autoconf automake libbpf-devel
@ -47,6 +48,7 @@ jobs:
    outputs:
      version: ${{ steps.store_version.outputs.version }}  
    steps:
+      # Always install deps before invoking checkout action, to properly perform a full clone.
      - name: Install build dependencies
        run: |
          yum -y install centos-release-scl
@ -132,6 +134,7 @@ jobs:
    runs-on: ubuntu-latest
    container: alpine:3.17
    steps:
+      # Always install deps before invoking checkout action, to properly perform a full clone.
      - name: Install build dependencies
        run: |
          apk add g++ gcc cmake make git bash perl linux-headers autoconf automake m4 libtool elfutils-dev libelf-static patch binutils bpftool clang
--- a/.github/workflows/reusable_publish_packages.yaml
+++ b/.github/workflows/reusable_publish_packages.yaml
@ -34,6 +34,8 @@ jobs:
          yum install rpm-sign expect which createrepo gpg python python-pip -y
          pip install awscli==1.19.47

+      # Configure AWS role; see https://github.com/falcosecurity/test-infra/pull/1102
+      # Note: master CI can only push dev packages as we have 2 different roles for master and release.
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v2
        with:
@ -91,7 +93,9 @@ jobs:
          apt update -y
          apt-get install apt-utils bzip2 gpg python python3-pip -y
          pip install awscli
-          
+      
+      # Configure AWS role; see https://github.com/falcosecurity/test-infra/pull/1102
+      # Note: master CI can only push dev packages as we have 2 different roles for master and release.
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v2
        with: