From d27828a0d2c71e6edfff21e127123511c20eced3 Mon Sep 17 00:00:00 2001
From: Federico Di Pierro <nierro92@gmail.com>
Date: Thu, 27 Apr 2023 10:11:30 +0200
Subject: [PATCH] chore(ci): added some comments.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Luca Guerra <luca@guerra.sh>
---
 .github/workflows/master.yaml                    | 5 +++--
 .github/workflows/release.yaml                   | 5 +++--
 .github/workflows/reusable_build_docker.yaml     | 4 ++++
 .github/workflows/reusable_build_packages.yaml   | 3 +++
 .github/workflows/reusable_publish_packages.yaml | 6 +++++-
 5 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/master.yaml b/.github/workflows/master.yaml
index a76e2423..11c76936 100644
--- a/.github/workflows/master.yaml
+++ b/.github/workflows/master.yaml
@@ -3,7 +3,7 @@ on:
   push:
     branches: [master]
 
-# Checks if any concurrent jobs under the same pull request or branch are being executed
+# Checks if any concurrent jobs is running for master CI and eventually cancel it
 concurrency:
   group: ci-master
   cancel-in-progress: true  
@@ -28,7 +28,8 @@ jobs:
       bucket: '-dev'
       version: ${{ needs.build-dev-packages.outputs.version }}
     secrets: inherit
-    
+  
+  # Both build-dev-docker and its arm64 counterpart require build-dev-packages because they use its output
   build-dev-docker:
     needs: [build-dev-packages, publish-dev-packages]
     uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 886c28d4..b1688d1f 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -4,7 +4,7 @@ on:
     tags:
       - '[0-9]+.[0-9]+.[0-9]+'
 
-# Checks if any concurrent jobs under the same pull request or branch are being executed
+# Checks if any concurrent jobs is running for release CI and eventually cancel it.
 concurrency:
   group: ci-release
   cancel-in-progress: true  
@@ -28,7 +28,8 @@ jobs:
     with:
       version: ${{ needs.build-packages.outputs.version }}
     secrets: inherit
-          
+  
+  # Both build-docker and its arm64 counterpart require build-packages because they use its output
   build-docker:
     needs: [build-packages, publish-packages]
     uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master
diff --git a/.github/workflows/reusable_build_docker.yaml b/.github/workflows/reusable_build_docker.yaml
index cd6ae7e4..af3ec72b 100644
--- a/.github/workflows/reusable_build_docker.yaml
+++ b/.github/workflows/reusable_build_docker.yaml
@@ -16,6 +16,10 @@ on:
         required: true
         type: string
 
+# Here we just build all docker images as tarballs, 
+# then we upload all the tarballs to be later downloaded by reusable_publish_docker workflow.
+# In this way, we don't need to publish any arch specific image, 
+# and this "build" workflow is actually only building images.
 jobs:
   build-docker:
     # See https://github.com/actions/runner/issues/409#issuecomment-1158849936
diff --git a/.github/workflows/reusable_build_packages.yaml b/.github/workflows/reusable_build_packages.yaml
index f821e149..330dea7b 100644
--- a/.github/workflows/reusable_build_packages.yaml
+++ b/.github/workflows/reusable_build_packages.yaml
@@ -17,6 +17,7 @@ jobs:
     runs-on: ${{ (inputs.arch == 'aarch64' && fromJSON('[ "self-hosted", "linux", "ARM64" ]')) || 'ubuntu-latest' }}
     container: fedora:latest
     steps:
+      # Always install deps before invoking checkout action, to properly perform a full clone.
       - name: Install build dependencies
         run: |
           dnf install -y bpftool ca-certificates cmake make automake gcc gcc-c++ kernel-devel clang git pkg-config autoconf automake libbpf-devel
@@ -47,6 +48,7 @@ jobs:
     outputs:
       version: ${{ steps.store_version.outputs.version }}  
     steps:
+      # Always install deps before invoking checkout action, to properly perform a full clone.
       - name: Install build dependencies
         run: |
           yum -y install centos-release-scl
@@ -132,6 +134,7 @@ jobs:
     runs-on: ubuntu-latest
     container: alpine:3.17
     steps:
+      # Always install deps before invoking checkout action, to properly perform a full clone.
       - name: Install build dependencies
         run: |
           apk add g++ gcc cmake make git bash perl linux-headers autoconf automake m4 libtool elfutils-dev libelf-static patch binutils bpftool clang
diff --git a/.github/workflows/reusable_publish_packages.yaml b/.github/workflows/reusable_publish_packages.yaml
index 36862e83..aa8a8ecf 100644
--- a/.github/workflows/reusable_publish_packages.yaml
+++ b/.github/workflows/reusable_publish_packages.yaml
@@ -34,6 +34,8 @@ jobs:
           yum install rpm-sign expect which createrepo gpg python python-pip -y
           pip install awscli==1.19.47
 
+      # Configure AWS role; see https://github.com/falcosecurity/test-infra/pull/1102
+      # Note: master CI can only push dev packages as we have 2 different roles for master and release.
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v2
         with:
@@ -91,7 +93,9 @@ jobs:
           apt update -y
           apt-get install apt-utils bzip2 gpg python python3-pip -y
           pip install awscli
-          
+      
+      # Configure AWS role; see https://github.com/falcosecurity/test-infra/pull/1102
+      # Note: master CI can only push dev packages as we have 2 different roles for master and release.
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v2
         with: