mirror of
https://github.com/falcosecurity/falco.git
synced 2025-07-19 17:16:53 +00:00
new(ci): add RC/prerelease support
Signed-off-by: Luca Guerra <luca@guerra.sh>
This commit is contained in:
Luca Guerra
poiana
parent
f25c057ce8
commit
d4fa8d6d91
41
.github/workflows/release.yaml
vendored
41
.github/workflows/release.yaml
vendored
@ -2,7 +2,8 @@ name: Release Packages and Docker images
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- '[0-9]+.[0-9]+.[0-9]+'
|
||||
- '[0-9]+.[0-9]+.[0-9]+' # final release
|
||||
- '[0-9]+.[0-9]+.[0-9]+-*' # prerelease/RC
|
||||
|
||||
# Checks if any concurrent jobs is running for release CI and eventually cancel it.
|
||||
concurrency:
|
||||
@ -10,6 +11,36 @@ concurrency:
|
||||
cancel-in-progress: true
|
||||
|
||||
jobs:
|
||||
release-settings:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Get latest release
|
||||
uses: rez0n/actions-github-release@v2.0
|
||||
id: latest_release
|
||||
env:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
repository: ${{ github.repository }}
|
||||
type: "stable"
|
||||
|
||||
- name: Get settings for this release
|
||||
id: get_settings
|
||||
shell: python
|
||||
run: |
|
||||
import os
|
||||
is_prerelease = '-' in '${{ github.ref_name }}'
|
||||
|
||||
# Safeguard: you need to both set "latest" in GH and not have suffixes to overwrite latest
|
||||
is_latest = '${{ steps.latest_release.outputs.release }}' == '${{ github.ref_name }}' and not is_prerelease
|
||||
|
||||
bucket_suffix = '-dev' if is_prerelease else ''
|
||||
|
||||
with open(os.environ['GITHUB_OUTPUT'], 'a') as ofp:
|
||||
print(f'is_latest={is_latest}'.lower(), file=ofp)
|
||||
print(f'bucket_suffix={bucket_suffix}', file=ofp)
|
||||
outputs:
|
||||
is_latest: ${{ steps.get_settings.outputs.is_latest }}
|
||||
bucket_suffix: ${{ steps.get_settings.outputs.bucket_suffix }}
|
||||
|
||||
build-packages:
|
||||
uses: falcosecurity/falco/.github/workflows/reusable_build_packages.yaml@master
|
||||
with:
|
||||
@ -26,6 +57,7 @@ jobs:
|
||||
needs: [build-packages, build-packages-arm64]
|
||||
uses: falcosecurity/falco/.github/workflows/reusable_publish_packages.yaml@master
|
||||
with:
|
||||
bucket_suffix: ${{ steps.get_settings.outputs.bucket_suffix }}
|
||||
version: ${{ needs.build-packages.outputs.version }}
|
||||
secrets: inherit
|
||||
|
||||
@ -35,6 +67,8 @@ jobs:
|
||||
uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master
|
||||
with:
|
||||
arch: x86_64
|
||||
is_latest: ${{ needs.release-settings.outputs.is_latest == 'true' }}
|
||||
bucket_suffix: ${{ steps.get_settings.outputs.bucket_suffix }}
|
||||
version: ${{ needs.build-packages.outputs.version }}
|
||||
secrets: inherit
|
||||
|
||||
@ -43,6 +77,8 @@ jobs:
|
||||
uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master
|
||||
with:
|
||||
arch: aarch64
|
||||
is_latest: ${{ needs.release-settings.outputs.is_latest == 'true' }}
|
||||
bucket_suffix: ${{ steps.get_settings.outputs.bucket_suffix }}
|
||||
version: ${{ needs.build-packages.outputs.version }}
|
||||
secrets: inherit
|
||||
|
||||
@ -50,4 +86,5 @@ jobs:
|
||||
needs: [build-docker, build-docker-arm64]
|
||||
uses: falcosecurity/falco/.github/workflows/reusable_publish_docker.yaml@master
|
||||
secrets: inherit
|
||||
|
||||
with:
|
||||
is_latest: ${{ needs.release-settings.outputs.is_latest == 'true' }}
|
||||
|
||||
11
.github/workflows/reusable_build_docker.yaml
vendored
11
.github/workflows/reusable_build_docker.yaml
vendored
@ -15,6 +15,11 @@ on:
|
||||
description: 'Falco version extracted from userspace/falco/config_falco.h'
|
||||
required: true
|
||||
type: string
|
||||
is_latest:
|
||||
description: Update the latest tag with the new image
|
||||
required: false
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
# Here we just build all docker images as tarballs,
|
||||
# then we upload all the tarballs to be later downloaded by reusable_publish_docker workflow.
|
||||
@ -69,7 +74,7 @@ jobs:
|
||||
outputs: type=docker,dest=/tmp/falco-driver-loader-${{ inputs.arch }}.tar
|
||||
|
||||
- name: Build no-driver latest image
|
||||
if: ${{ github.ref_name != 'master' }}
|
||||
if: ${{ inputs.is_latest }}
|
||||
uses: docker/build-push-action@v3
|
||||
with:
|
||||
context: ${{ github.workspace }}/docker/no-driver/
|
||||
@ -84,7 +89,7 @@ jobs:
|
||||
outputs: type=docker,dest=/tmp/falco-no-driver-latest-${{ inputs.arch }}.tar
|
||||
|
||||
- name: Build falco latest image
|
||||
if: ${{ github.ref_name != 'master' }}
|
||||
if: ${{ inputs.is_latest }}
|
||||
uses: docker/build-push-action@v3
|
||||
with:
|
||||
context: ${{ github.workspace }}/docker/falco/
|
||||
@ -97,7 +102,7 @@ jobs:
|
||||
outputs: type=docker,dest=/tmp/falco-latest-${{ inputs.arch }}.tar
|
||||
|
||||
- name: Build falco-driver-loader latest image
|
||||
if: ${{ github.ref_name != 'master' }}
|
||||
if: ${{ inputs.is_latest }}
|
||||
uses: docker/build-push-action@v3
|
||||
with:
|
||||
context: ${{ github.workspace }}/docker/driver-loader/
|
||||
|
||||
22
.github/workflows/reusable_publish_docker.yaml
vendored
22
.github/workflows/reusable_publish_docker.yaml
vendored
@ -1,6 +1,12 @@
|
||||
# This is a reusable workflow used by master and release CI
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
is_latest:
|
||||
description: Update the latest tag with the new image
|
||||
required: false
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
permissions:
|
||||
id-token: write
|
||||
@ -70,7 +76,7 @@ jobs:
|
||||
push: true
|
||||
|
||||
- name: Create and push no-driver latest manifest
|
||||
if: ${{ github.ref_name != 'master' }}
|
||||
if: ${{ inputs.is_latest }}
|
||||
uses: Noelware/docker-manifest-action@0.3.1
|
||||
with:
|
||||
inputs: falcosecurity/falco-no-driver:latest
|
||||
@ -78,7 +84,7 @@ jobs:
|
||||
push: true
|
||||
|
||||
- name: Create and push slim latest manifest
|
||||
if: ${{ github.ref_name != 'master' }}
|
||||
if: ${{ inputs.is_latest }}
|
||||
uses: Noelware/docker-manifest-action@0.3.1
|
||||
with:
|
||||
inputs: falcosecurity/falco:latest-slim
|
||||
@ -86,7 +92,7 @@ jobs:
|
||||
push: true
|
||||
|
||||
- name: Create and push no-driver latest manifest for ecr
|
||||
if: ${{ github.ref_name != 'master' }}
|
||||
if: ${{ inputs.is_latest }}
|
||||
uses: Noelware/docker-manifest-action@0.3.1
|
||||
with:
|
||||
inputs: public.ecr.aws/falcosecurity/falco-no-driver:latest
|
||||
@ -94,7 +100,7 @@ jobs:
|
||||
push: true
|
||||
|
||||
- name: Create and push slim latest manifest for ecr
|
||||
if: ${{ github.ref_name != 'master' }}
|
||||
if: ${{ inputs.is_latest }}
|
||||
uses: Noelware/docker-manifest-action@0.3.1
|
||||
with:
|
||||
inputs: public.ecr.aws/falcosecurity/falco:latest-slim
|
||||
@ -116,7 +122,7 @@ jobs:
|
||||
push: true
|
||||
|
||||
- name: Create and push falco latest manifest
|
||||
if: ${{ github.ref_name != 'master' }}
|
||||
if: ${{ inputs.is_latest }}
|
||||
uses: Noelware/docker-manifest-action@0.3.1
|
||||
with:
|
||||
inputs: falcosecurity/falco:latest
|
||||
@ -124,7 +130,7 @@ jobs:
|
||||
push: true
|
||||
|
||||
- name: Create and push falco latest manifest for ecr
|
||||
if: ${{ github.ref_name != 'master' }}
|
||||
if: ${{ inputs.is_latest }}
|
||||
uses: Noelware/docker-manifest-action@0.3.1
|
||||
with:
|
||||
inputs: public.ecr.aws/falcosecurity/falco:latest
|
||||
@ -146,7 +152,7 @@ jobs:
|
||||
push: true
|
||||
|
||||
- name: Create and push falco-driver-loader latest manifest
|
||||
if: ${{ github.ref_name != 'master' }}
|
||||
if: ${{ inputs.is_latest }}
|
||||
uses: Noelware/docker-manifest-action@0.3.1
|
||||
with:
|
||||
inputs: falcosecurity/falco-driver-loader:latest
|
||||
@ -154,7 +160,7 @@ jobs:
|
||||
push: true
|
||||
|
||||
- name: Create and push falco-driver-loader latest manifest for ecr
|
||||
if: ${{ github.ref_name != 'master' }}
|
||||
if: ${{ inputs.is_latest }}
|
||||
uses: Noelware/docker-manifest-action@0.3.1
|
||||
with:
|
||||
inputs: public.ecr.aws/falcosecurity/falco-driver-loader:latest
|
||||
|
||||
Loading…
Reference in New Issue
Block a user