mirror of
https://github.com/falcosecurity/falco.git
synced 2025-07-22 18:32:08 +00:00
new(ci): add RC/prerelease support
Signed-off-by: Luca Guerra <luca@guerra.sh>
This commit is contained in:
parent
f25c057ce8
commit
d4fa8d6d91
41
.github/workflows/release.yaml
vendored
41
.github/workflows/release.yaml
vendored
@ -2,7 +2,8 @@ name: Release Packages and Docker images
|
|||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
tags:
|
tags:
|
||||||
- '[0-9]+.[0-9]+.[0-9]+'
|
- '[0-9]+.[0-9]+.[0-9]+' # final release
|
||||||
|
- '[0-9]+.[0-9]+.[0-9]+-*' # prerelease/RC
|
||||||
|
|
||||||
# Checks if any concurrent jobs is running for release CI and eventually cancel it.
|
# Checks if any concurrent jobs is running for release CI and eventually cancel it.
|
||||||
concurrency:
|
concurrency:
|
||||||
@ -10,6 +11,36 @@ concurrency:
|
|||||||
cancel-in-progress: true
|
cancel-in-progress: true
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
|
release-settings:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Get latest release
|
||||||
|
uses: rez0n/actions-github-release@v2.0
|
||||||
|
id: latest_release
|
||||||
|
env:
|
||||||
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
repository: ${{ github.repository }}
|
||||||
|
type: "stable"
|
||||||
|
|
||||||
|
- name: Get settings for this release
|
||||||
|
id: get_settings
|
||||||
|
shell: python
|
||||||
|
run: |
|
||||||
|
import os
|
||||||
|
is_prerelease = '-' in '${{ github.ref_name }}'
|
||||||
|
|
||||||
|
# Safeguard: you need to both set "latest" in GH and not have suffixes to overwrite latest
|
||||||
|
is_latest = '${{ steps.latest_release.outputs.release }}' == '${{ github.ref_name }}' and not is_prerelease
|
||||||
|
|
||||||
|
bucket_suffix = '-dev' if is_prerelease else ''
|
||||||
|
|
||||||
|
with open(os.environ['GITHUB_OUTPUT'], 'a') as ofp:
|
||||||
|
print(f'is_latest={is_latest}'.lower(), file=ofp)
|
||||||
|
print(f'bucket_suffix={bucket_suffix}', file=ofp)
|
||||||
|
outputs:
|
||||||
|
is_latest: ${{ steps.get_settings.outputs.is_latest }}
|
||||||
|
bucket_suffix: ${{ steps.get_settings.outputs.bucket_suffix }}
|
||||||
|
|
||||||
build-packages:
|
build-packages:
|
||||||
uses: falcosecurity/falco/.github/workflows/reusable_build_packages.yaml@master
|
uses: falcosecurity/falco/.github/workflows/reusable_build_packages.yaml@master
|
||||||
with:
|
with:
|
||||||
@ -26,6 +57,7 @@ jobs:
|
|||||||
needs: [build-packages, build-packages-arm64]
|
needs: [build-packages, build-packages-arm64]
|
||||||
uses: falcosecurity/falco/.github/workflows/reusable_publish_packages.yaml@master
|
uses: falcosecurity/falco/.github/workflows/reusable_publish_packages.yaml@master
|
||||||
with:
|
with:
|
||||||
|
bucket_suffix: ${{ steps.get_settings.outputs.bucket_suffix }}
|
||||||
version: ${{ needs.build-packages.outputs.version }}
|
version: ${{ needs.build-packages.outputs.version }}
|
||||||
secrets: inherit
|
secrets: inherit
|
||||||
|
|
||||||
@ -35,6 +67,8 @@ jobs:
|
|||||||
uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master
|
uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master
|
||||||
with:
|
with:
|
||||||
arch: x86_64
|
arch: x86_64
|
||||||
|
is_latest: ${{ needs.release-settings.outputs.is_latest == 'true' }}
|
||||||
|
bucket_suffix: ${{ steps.get_settings.outputs.bucket_suffix }}
|
||||||
version: ${{ needs.build-packages.outputs.version }}
|
version: ${{ needs.build-packages.outputs.version }}
|
||||||
secrets: inherit
|
secrets: inherit
|
||||||
|
|
||||||
@ -43,6 +77,8 @@ jobs:
|
|||||||
uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master
|
uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master
|
||||||
with:
|
with:
|
||||||
arch: aarch64
|
arch: aarch64
|
||||||
|
is_latest: ${{ needs.release-settings.outputs.is_latest == 'true' }}
|
||||||
|
bucket_suffix: ${{ steps.get_settings.outputs.bucket_suffix }}
|
||||||
version: ${{ needs.build-packages.outputs.version }}
|
version: ${{ needs.build-packages.outputs.version }}
|
||||||
secrets: inherit
|
secrets: inherit
|
||||||
|
|
||||||
@ -50,4 +86,5 @@ jobs:
|
|||||||
needs: [build-docker, build-docker-arm64]
|
needs: [build-docker, build-docker-arm64]
|
||||||
uses: falcosecurity/falco/.github/workflows/reusable_publish_docker.yaml@master
|
uses: falcosecurity/falco/.github/workflows/reusable_publish_docker.yaml@master
|
||||||
secrets: inherit
|
secrets: inherit
|
||||||
|
with:
|
||||||
|
is_latest: ${{ needs.release-settings.outputs.is_latest == 'true' }}
|
||||||
|
11
.github/workflows/reusable_build_docker.yaml
vendored
11
.github/workflows/reusable_build_docker.yaml
vendored
@ -15,6 +15,11 @@ on:
|
|||||||
description: 'Falco version extracted from userspace/falco/config_falco.h'
|
description: 'Falco version extracted from userspace/falco/config_falco.h'
|
||||||
required: true
|
required: true
|
||||||
type: string
|
type: string
|
||||||
|
is_latest:
|
||||||
|
description: Update the latest tag with the new image
|
||||||
|
required: false
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
|
||||||
# Here we just build all docker images as tarballs,
|
# Here we just build all docker images as tarballs,
|
||||||
# then we upload all the tarballs to be later downloaded by reusable_publish_docker workflow.
|
# then we upload all the tarballs to be later downloaded by reusable_publish_docker workflow.
|
||||||
@ -69,7 +74,7 @@ jobs:
|
|||||||
outputs: type=docker,dest=/tmp/falco-driver-loader-${{ inputs.arch }}.tar
|
outputs: type=docker,dest=/tmp/falco-driver-loader-${{ inputs.arch }}.tar
|
||||||
|
|
||||||
- name: Build no-driver latest image
|
- name: Build no-driver latest image
|
||||||
if: ${{ github.ref_name != 'master' }}
|
if: ${{ inputs.is_latest }}
|
||||||
uses: docker/build-push-action@v3
|
uses: docker/build-push-action@v3
|
||||||
with:
|
with:
|
||||||
context: ${{ github.workspace }}/docker/no-driver/
|
context: ${{ github.workspace }}/docker/no-driver/
|
||||||
@ -84,7 +89,7 @@ jobs:
|
|||||||
outputs: type=docker,dest=/tmp/falco-no-driver-latest-${{ inputs.arch }}.tar
|
outputs: type=docker,dest=/tmp/falco-no-driver-latest-${{ inputs.arch }}.tar
|
||||||
|
|
||||||
- name: Build falco latest image
|
- name: Build falco latest image
|
||||||
if: ${{ github.ref_name != 'master' }}
|
if: ${{ inputs.is_latest }}
|
||||||
uses: docker/build-push-action@v3
|
uses: docker/build-push-action@v3
|
||||||
with:
|
with:
|
||||||
context: ${{ github.workspace }}/docker/falco/
|
context: ${{ github.workspace }}/docker/falco/
|
||||||
@ -97,7 +102,7 @@ jobs:
|
|||||||
outputs: type=docker,dest=/tmp/falco-latest-${{ inputs.arch }}.tar
|
outputs: type=docker,dest=/tmp/falco-latest-${{ inputs.arch }}.tar
|
||||||
|
|
||||||
- name: Build falco-driver-loader latest image
|
- name: Build falco-driver-loader latest image
|
||||||
if: ${{ github.ref_name != 'master' }}
|
if: ${{ inputs.is_latest }}
|
||||||
uses: docker/build-push-action@v3
|
uses: docker/build-push-action@v3
|
||||||
with:
|
with:
|
||||||
context: ${{ github.workspace }}/docker/driver-loader/
|
context: ${{ github.workspace }}/docker/driver-loader/
|
||||||
|
22
.github/workflows/reusable_publish_docker.yaml
vendored
22
.github/workflows/reusable_publish_docker.yaml
vendored
@ -1,6 +1,12 @@
|
|||||||
# This is a reusable workflow used by master and release CI
|
# This is a reusable workflow used by master and release CI
|
||||||
on:
|
on:
|
||||||
workflow_call:
|
workflow_call:
|
||||||
|
inputs:
|
||||||
|
is_latest:
|
||||||
|
description: Update the latest tag with the new image
|
||||||
|
required: false
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
id-token: write
|
id-token: write
|
||||||
@ -70,7 +76,7 @@ jobs:
|
|||||||
push: true
|
push: true
|
||||||
|
|
||||||
- name: Create and push no-driver latest manifest
|
- name: Create and push no-driver latest manifest
|
||||||
if: ${{ github.ref_name != 'master' }}
|
if: ${{ inputs.is_latest }}
|
||||||
uses: Noelware/docker-manifest-action@0.3.1
|
uses: Noelware/docker-manifest-action@0.3.1
|
||||||
with:
|
with:
|
||||||
inputs: falcosecurity/falco-no-driver:latest
|
inputs: falcosecurity/falco-no-driver:latest
|
||||||
@ -78,7 +84,7 @@ jobs:
|
|||||||
push: true
|
push: true
|
||||||
|
|
||||||
- name: Create and push slim latest manifest
|
- name: Create and push slim latest manifest
|
||||||
if: ${{ github.ref_name != 'master' }}
|
if: ${{ inputs.is_latest }}
|
||||||
uses: Noelware/docker-manifest-action@0.3.1
|
uses: Noelware/docker-manifest-action@0.3.1
|
||||||
with:
|
with:
|
||||||
inputs: falcosecurity/falco:latest-slim
|
inputs: falcosecurity/falco:latest-slim
|
||||||
@ -86,7 +92,7 @@ jobs:
|
|||||||
push: true
|
push: true
|
||||||
|
|
||||||
- name: Create and push no-driver latest manifest for ecr
|
- name: Create and push no-driver latest manifest for ecr
|
||||||
if: ${{ github.ref_name != 'master' }}
|
if: ${{ inputs.is_latest }}
|
||||||
uses: Noelware/docker-manifest-action@0.3.1
|
uses: Noelware/docker-manifest-action@0.3.1
|
||||||
with:
|
with:
|
||||||
inputs: public.ecr.aws/falcosecurity/falco-no-driver:latest
|
inputs: public.ecr.aws/falcosecurity/falco-no-driver:latest
|
||||||
@ -94,7 +100,7 @@ jobs:
|
|||||||
push: true
|
push: true
|
||||||
|
|
||||||
- name: Create and push slim latest manifest for ecr
|
- name: Create and push slim latest manifest for ecr
|
||||||
if: ${{ github.ref_name != 'master' }}
|
if: ${{ inputs.is_latest }}
|
||||||
uses: Noelware/docker-manifest-action@0.3.1
|
uses: Noelware/docker-manifest-action@0.3.1
|
||||||
with:
|
with:
|
||||||
inputs: public.ecr.aws/falcosecurity/falco:latest-slim
|
inputs: public.ecr.aws/falcosecurity/falco:latest-slim
|
||||||
@ -116,7 +122,7 @@ jobs:
|
|||||||
push: true
|
push: true
|
||||||
|
|
||||||
- name: Create and push falco latest manifest
|
- name: Create and push falco latest manifest
|
||||||
if: ${{ github.ref_name != 'master' }}
|
if: ${{ inputs.is_latest }}
|
||||||
uses: Noelware/docker-manifest-action@0.3.1
|
uses: Noelware/docker-manifest-action@0.3.1
|
||||||
with:
|
with:
|
||||||
inputs: falcosecurity/falco:latest
|
inputs: falcosecurity/falco:latest
|
||||||
@ -124,7 +130,7 @@ jobs:
|
|||||||
push: true
|
push: true
|
||||||
|
|
||||||
- name: Create and push falco latest manifest for ecr
|
- name: Create and push falco latest manifest for ecr
|
||||||
if: ${{ github.ref_name != 'master' }}
|
if: ${{ inputs.is_latest }}
|
||||||
uses: Noelware/docker-manifest-action@0.3.1
|
uses: Noelware/docker-manifest-action@0.3.1
|
||||||
with:
|
with:
|
||||||
inputs: public.ecr.aws/falcosecurity/falco:latest
|
inputs: public.ecr.aws/falcosecurity/falco:latest
|
||||||
@ -146,7 +152,7 @@ jobs:
|
|||||||
push: true
|
push: true
|
||||||
|
|
||||||
- name: Create and push falco-driver-loader latest manifest
|
- name: Create and push falco-driver-loader latest manifest
|
||||||
if: ${{ github.ref_name != 'master' }}
|
if: ${{ inputs.is_latest }}
|
||||||
uses: Noelware/docker-manifest-action@0.3.1
|
uses: Noelware/docker-manifest-action@0.3.1
|
||||||
with:
|
with:
|
||||||
inputs: falcosecurity/falco-driver-loader:latest
|
inputs: falcosecurity/falco-driver-loader:latest
|
||||||
@ -154,7 +160,7 @@ jobs:
|
|||||||
push: true
|
push: true
|
||||||
|
|
||||||
- name: Create and push falco-driver-loader latest manifest for ecr
|
- name: Create and push falco-driver-loader latest manifest for ecr
|
||||||
if: ${{ github.ref_name != 'master' }}
|
if: ${{ inputs.is_latest }}
|
||||||
uses: Noelware/docker-manifest-action@0.3.1
|
uses: Noelware/docker-manifest-action@0.3.1
|
||||||
with:
|
with:
|
||||||
inputs: public.ecr.aws/falcosecurity/falco-driver-loader:latest
|
inputs: public.ecr.aws/falcosecurity/falco-driver-loader:latest
|
||||||
|
Loading…
Reference in New Issue
Block a user