github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-24 03:06:31 +00:00
Code Issues Projects Releases Wiki Activity

new(ci): add RC/prerelease support

Browse Source 
Signed-off-by: Luca Guerra <luca@guerra.sh>
This commit is contained in:
Luca Guerra 2023-05-04 15:36:36 +00:00 committed by poiana
parent f25c057ce8
commit d4fa8d6d91
3 changed files with 61 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
.github/workflows/release.yaml vendored
View File

@ -2,7 +2,8 @@ name: Release Packages and Docker images
on: on:
push: push:
tags: tags:
- '[0-9]+.[0-9]+.[0-9]+' - '[0-9]+.[0-9]+.[0-9]+' # final release
- '[0-9]+.[0-9]+.[0-9]+-*' # prerelease/RC
# Checks if any concurrent jobs is running for release CI and eventually cancel it. # Checks if any concurrent jobs is running for release CI and eventually cancel it.
concurrency: concurrency:
@ -10,6 +11,36 @@ concurrency:
cancel-in-progress: true cancel-in-progress: true
jobs: jobs:
release-settings:
runs-on: ubuntu-latest
steps:
- name: Get latest release
uses: rez0n/actions-github-release@v2.0
id: latest_release
env:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.repository }}
type: "stable"
- name: Get settings for this release
id: get_settings
shell: python
run: |
import os
is_prerelease = '-' in '${{ github.ref_name }}'
# Safeguard: you need to both set "latest" in GH and not have suffixes to overwrite latest
is_latest = '${{ steps.latest_release.outputs.release }}' == '${{ github.ref_name }}' and not is_prerelease
bucket_suffix = '-dev' if is_prerelease else ''
with open(os.environ['GITHUB_OUTPUT'], 'a') as ofp:
print(f'is_latest={is_latest}'.lower(), file=ofp)
print(f'bucket_suffix={bucket_suffix}', file=ofp)
outputs:
is_latest: ${{ steps.get_settings.outputs.is_latest }}
bucket_suffix: ${{ steps.get_settings.outputs.bucket_suffix }}
build-packages: build-packages:
uses: falcosecurity/falco/.github/workflows/reusable_build_packages.yaml@master uses: falcosecurity/falco/.github/workflows/reusable_build_packages.yaml@master
with: with:
@ -26,6 +57,7 @@ jobs:
needs: [build-packages, build-packages-arm64] needs: [build-packages, build-packages-arm64]
uses: falcosecurity/falco/.github/workflows/reusable_publish_packages.yaml@master uses: falcosecurity/falco/.github/workflows/reusable_publish_packages.yaml@master
with: with:
bucket_suffix: ${{ steps.get_settings.outputs.bucket_suffix }}
version: ${{ needs.build-packages.outputs.version }} version: ${{ needs.build-packages.outputs.version }}
secrets: inherit secrets: inherit
@ -35,6 +67,8 @@ jobs:
uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master
with: with:
arch: x86_64 arch: x86_64
is_latest: ${{ needs.release-settings.outputs.is_latest == 'true' }}
bucket_suffix: ${{ steps.get_settings.outputs.bucket_suffix }}
version: ${{ needs.build-packages.outputs.version }} version: ${{ needs.build-packages.outputs.version }}
secrets: inherit secrets: inherit
@ -43,6 +77,8 @@ jobs:
uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master
with: with:
arch: aarch64 arch: aarch64
is_latest: ${{ needs.release-settings.outputs.is_latest == 'true' }}
bucket_suffix: ${{ steps.get_settings.outputs.bucket_suffix }}
version: ${{ needs.build-packages.outputs.version }} version: ${{ needs.build-packages.outputs.version }}
secrets: inherit secrets: inherit
@ -50,4 +86,5 @@ jobs:
needs: [build-docker, build-docker-arm64] needs: [build-docker, build-docker-arm64]
uses: falcosecurity/falco/.github/workflows/reusable_publish_docker.yaml@master uses: falcosecurity/falco/.github/workflows/reusable_publish_docker.yaml@master
secrets: inherit secrets: inherit
with:
is_latest: ${{ needs.release-settings.outputs.is_latest == 'true' }}

11
.github/workflows/reusable_build_docker.yaml vendored
View File

@ -15,6 +15,11 @@ on:
description: 'Falco version extracted from userspace/falco/config_falco.h' description: 'Falco version extracted from userspace/falco/config_falco.h'
required: true required: true
type: string type: string
is_latest:
description: Update the latest tag with the new image
required: false
type: boolean
default: false
# Here we just build all docker images as tarballs, # Here we just build all docker images as tarballs,
# then we upload all the tarballs to be later downloaded by reusable_publish_docker workflow. # then we upload all the tarballs to be later downloaded by reusable_publish_docker workflow.
@ -69,7 +74,7 @@ jobs:
outputs: type=docker,dest=/tmp/falco-driver-loader-${{ inputs.arch }}.tar outputs: type=docker,dest=/tmp/falco-driver-loader-${{ inputs.arch }}.tar
- name: Build no-driver latest image - name: Build no-driver latest image
if: ${{ github.ref_name != 'master' }} if: ${{ inputs.is_latest }}
uses: docker/build-push-action@v3 uses: docker/build-push-action@v3
with: with:
context: ${{ github.workspace }}/docker/no-driver/ context: ${{ github.workspace }}/docker/no-driver/
@ -84,7 +89,7 @@ jobs:
outputs: type=docker,dest=/tmp/falco-no-driver-latest-${{ inputs.arch }}.tar outputs: type=docker,dest=/tmp/falco-no-driver-latest-${{ inputs.arch }}.tar
- name: Build falco latest image - name: Build falco latest image
if: ${{ github.ref_name != 'master' }} if: ${{ inputs.is_latest }}
uses: docker/build-push-action@v3 uses: docker/build-push-action@v3
with: with:
context: ${{ github.workspace }}/docker/falco/ context: ${{ github.workspace }}/docker/falco/
@ -97,7 +102,7 @@ jobs:
outputs: type=docker,dest=/tmp/falco-latest-${{ inputs.arch }}.tar outputs: type=docker,dest=/tmp/falco-latest-${{ inputs.arch }}.tar
- name: Build falco-driver-loader latest image - name: Build falco-driver-loader latest image
if: ${{ github.ref_name != 'master' }} if: ${{ inputs.is_latest }}
uses: docker/build-push-action@v3 uses: docker/build-push-action@v3
with: with:
context: ${{ github.workspace }}/docker/driver-loader/ context: ${{ github.workspace }}/docker/driver-loader/

22
.github/workflows/reusable_publish_docker.yaml vendored
View File

@ -1,6 +1,12 @@
# This is a reusable workflow used by master and release CI # This is a reusable workflow used by master and release CI
on: on:
workflow_call: workflow_call:
inputs:
is_latest:
description: Update the latest tag with the new image
required: false
type: boolean
default: false
permissions: permissions:
id-token: write id-token: write
@ -70,7 +76,7 @@ jobs:
push: true push: true
- name: Create and push no-driver latest manifest - name: Create and push no-driver latest manifest
if: ${{ github.ref_name != 'master' }} if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1 uses: Noelware/docker-manifest-action@0.3.1
with: with:
inputs: falcosecurity/falco-no-driver:latest inputs: falcosecurity/falco-no-driver:latest
@ -78,7 +84,7 @@ jobs:
push: true push: true
- name: Create and push slim latest manifest - name: Create and push slim latest manifest
if: ${{ github.ref_name != 'master' }} if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1 uses: Noelware/docker-manifest-action@0.3.1
with: with:
inputs: falcosecurity/falco:latest-slim inputs: falcosecurity/falco:latest-slim
@ -86,7 +92,7 @@ jobs:
push: true push: true
- name: Create and push no-driver latest manifest for ecr - name: Create and push no-driver latest manifest for ecr
if: ${{ github.ref_name != 'master' }} if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1 uses: Noelware/docker-manifest-action@0.3.1
with: with:
inputs: public.ecr.aws/falcosecurity/falco-no-driver:latest inputs: public.ecr.aws/falcosecurity/falco-no-driver:latest
@ -94,7 +100,7 @@ jobs:
push: true push: true
- name: Create and push slim latest manifest for ecr - name: Create and push slim latest manifest for ecr
if: ${{ github.ref_name != 'master' }} if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1 uses: Noelware/docker-manifest-action@0.3.1
with: with:
inputs: public.ecr.aws/falcosecurity/falco:latest-slim inputs: public.ecr.aws/falcosecurity/falco:latest-slim
@ -116,7 +122,7 @@ jobs:
push: true push: true
- name: Create and push falco latest manifest - name: Create and push falco latest manifest
if: ${{ github.ref_name != 'master' }} if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1 uses: Noelware/docker-manifest-action@0.3.1
with: with:
inputs: falcosecurity/falco:latest inputs: falcosecurity/falco:latest
@ -124,7 +130,7 @@ jobs:
push: true push: true
- name: Create and push falco latest manifest for ecr - name: Create and push falco latest manifest for ecr
if: ${{ github.ref_name != 'master' }} if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1 uses: Noelware/docker-manifest-action@0.3.1
with: with:
inputs: public.ecr.aws/falcosecurity/falco:latest inputs: public.ecr.aws/falcosecurity/falco:latest
@ -146,7 +152,7 @@ jobs:
push: true push: true
- name: Create and push falco-driver-loader latest manifest - name: Create and push falco-driver-loader latest manifest
if: ${{ github.ref_name != 'master' }} if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1 uses: Noelware/docker-manifest-action@0.3.1
with: with:
inputs: falcosecurity/falco-driver-loader:latest inputs: falcosecurity/falco-driver-loader:latest
@ -154,7 +160,7 @@ jobs:
push: true push: true
- name: Create and push falco-driver-loader latest manifest for ecr - name: Create and push falco-driver-loader latest manifest for ecr
if: ${{ github.ref_name != 'master' }} if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1 uses: Noelware/docker-manifest-action@0.3.1
with: with:
inputs: public.ecr.aws/falcosecurity/falco-driver-loader:latest inputs: public.ecr.aws/falcosecurity/falco-driver-loader:latest