github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-21 09:59:40 +00:00
Code Issues Projects Releases Wiki Activity

fix(ci): simplify and fix multi-arch image publishing process

Browse Source 
Signed-off-by: Luca Guerra <luca@guerra.sh>
This commit is contained in:
Luca Guerra 2023-05-11 17:09:19 +00:00 committed by poiana
parent e83dbe85f7
commit ea0b44dc56
3 changed files with 50 additions and 162 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/release.yaml vendored
View File

@ -80,7 +80,6 @@ jobs:
uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master
with: with:
arch: x86_64 arch: x86_64
is_latest: ${{ needs.release-settings.outputs.is_latest == 'true' }}
bucket_suffix: ${{ needs.release-settings.outputs.bucket_suffix }} bucket_suffix: ${{ needs.release-settings.outputs.bucket_suffix }}
version: ${{ github.event.release.tag_name }} version: ${{ github.event.release.tag_name }}
tag: ${{ github.event.release.tag_name }} tag: ${{ github.event.release.tag_name }}
@ -91,7 +90,6 @@ jobs:
uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master
with: with:
arch: aarch64 arch: aarch64
is_latest: ${{ needs.release-settings.outputs.is_latest == 'true' }}
bucket_suffix: ${{ needs.release-settings.outputs.bucket_suffix }} bucket_suffix: ${{ needs.release-settings.outputs.bucket_suffix }}
version: ${{ github.event.release.tag_name }} version: ${{ github.event.release.tag_name }}
tag: ${{ github.event.release.tag_name }} tag: ${{ github.event.release.tag_name }}

56
.github/workflows/reusable_build_docker.yaml vendored
View File

@ -19,11 +19,6 @@ on:
description: The tag to use (e.g. "master" or "0.35.0") description: The tag to use (e.g. "master" or "0.35.0")
required: true required: true
type: string type: string
is_latest:
description: Update the latest tag with the new image
required: false
type: boolean
default: false
# Here we just build all docker images as tarballs, # Here we just build all docker images as tarballs,
# then we upload all the tarballs to be later downloaded by reusable_publish_docker workflow. # then we upload all the tarballs to be later downloaded by reusable_publish_docker workflow.
@ -48,10 +43,7 @@ jobs:
VERSION_BUCKET=bin${{ inputs.bucket_suffix }} VERSION_BUCKET=bin${{ inputs.bucket_suffix }}
FALCO_VERSION=${{ inputs.version }} FALCO_VERSION=${{ inputs.version }}
tags: | tags: |
falcosecurity/falco-no-driver:${{ inputs.arch }}-${{ inputs.tag }} docker.io/falcosecurity/falco-no-driver:${{ inputs.arch }}-${{ inputs.tag }}
falcosecurity/falco:${{ inputs.arch }}-${{ inputs.tag }}-slim
public.ecr.aws/falcosecurity/falco-no-driver:${{ inputs.arch }}-${{ inputs.tag }}
public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-${{ inputs.tag }}-slim
outputs: type=docker,dest=/tmp/falco-no-driver-${{ inputs.arch }}.tar outputs: type=docker,dest=/tmp/falco-no-driver-${{ inputs.arch }}.tar
- name: Build falco image - name: Build falco image
@ -62,8 +54,7 @@ jobs:
VERSION_BUCKET=deb${{ inputs.bucket_suffix }} VERSION_BUCKET=deb${{ inputs.bucket_suffix }}
FALCO_VERSION=${{ inputs.version }} FALCO_VERSION=${{ inputs.version }}
tags: | tags: |
falcosecurity/falco:${{ inputs.arch }}-${{ inputs.tag }} docker.io/falcosecurity/falco:${{ inputs.arch }}-${{ inputs.tag }}
public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-${{ inputs.tag }}
outputs: type=docker,dest=/tmp/falco-${{ inputs.arch }}.tar outputs: type=docker,dest=/tmp/falco-${{ inputs.arch }}.tar
- name: Build falco-driver-loader image - name: Build falco-driver-loader image
@ -73,50 +64,9 @@ jobs:
build-args: | build-args: |
FALCO_IMAGE_TAG=${{ inputs.arch }}-${{ inputs.tag }} FALCO_IMAGE_TAG=${{ inputs.arch }}-${{ inputs.tag }}
tags: | tags: |
falcosecurity/falco-driver-loader:${{ inputs.arch }}-${{ inputs.tag }} docker.io/falcosecurity/falco-driver-loader:${{ inputs.arch }}-${{ inputs.tag }}
public.ecr.aws/falcosecurity/falco-driver-loader:${{ inputs.arch }}-${{ inputs.tag }}
outputs: type=docker,dest=/tmp/falco-driver-loader-${{ inputs.arch }}.tar outputs: type=docker,dest=/tmp/falco-driver-loader-${{ inputs.arch }}.tar
- name: Build no-driver latest image
if: ${{ inputs.is_latest }}
uses: docker/build-push-action@v3
with:
context: ${{ github.workspace }}/docker/no-driver/
build-args: |
VERSION_BUCKET=bin
FALCO_VERSION=${{ inputs.version }}
tags: |
falcosecurity/falco-no-driver:${{ inputs.arch }}-latest
falcosecurity/falco:${{ inputs.arch }}-latest-slim
public.ecr.aws/falcosecurity/falco-no-driver:${{ inputs.arch }}-latest
public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-latest-slim
outputs: type=docker,dest=/tmp/falco-no-driver-latest-${{ inputs.arch }}.tar
- name: Build falco latest image
if: ${{ inputs.is_latest }}
uses: docker/build-push-action@v3
with:
context: ${{ github.workspace }}/docker/falco/
build-args: |
VERSION_BUCKET=deb
FALCO_VERSION=${{ inputs.version }}
tags: |
falcosecurity/falco:${{ inputs.arch }}-latest
public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-latest
outputs: type=docker,dest=/tmp/falco-latest-${{ inputs.arch }}.tar
- name: Build falco-driver-loader latest image
if: ${{ inputs.is_latest }}
uses: docker/build-push-action@v3
with:
context: ${{ github.workspace }}/docker/driver-loader/
build-args: |
FALCO_IMAGE_TAG=${{ inputs.arch }}-latest
tags: |
falcosecurity/falco-driver-loader:${{ inputs.arch }}-latest
public.ecr.aws/falcosecurity/falco-driver-loader:${{ inputs.arch }}-latest
outputs: type=docker,dest=/tmp/falco-driver-loader-latest-${{ inputs.arch }}.tar
- name: Upload images tarballs - name: Upload images tarballs
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@v3
with: with:

150
.github/workflows/reusable_publish_docker.yaml vendored
View File

@ -51,122 +51,62 @@ jobs:
with: with:
registry-type: public registry-type: public
- name: Create and push no-driver manifest - name: Setup Crane
uses: imjasonh/setup-crane@v0.3
with:
version: v0.15.1
# We're pushing the arch-specific manifests to Docker Hub so that we'll be able to easily create the index/multiarch later
- name: Push arch-specific images to Docker Hub
run: |
docker push docker.io/falcosecurity/falco-no-driver:aarch64-${{ inputs.tag }}
docker push docker.io/falcosecurity/falco-no-driver:x86_64-${{ inputs.tag }}
docker push docker.io/falcosecurity/falco:aarch64-${{ inputs.tag }}
docker push docker.io/falcosecurity/falco:x86_64-${{ inputs.tag }}
docker push docker.io/falcosecurity/falco-driver-loader:aarch64-${{ inputs.tag }}
docker push docker.io/falcosecurity/falco-driver-loader:x86_64-${{ inputs.tag }}
- name: Create no-driver manifest on Docker Hub
uses: Noelware/docker-manifest-action@0.3.1 uses: Noelware/docker-manifest-action@0.3.1
with: with:
inputs: falcosecurity/falco-no-driver:${{ inputs.tag }} inputs: docker.io/falcosecurity/falco-no-driver:${{ inputs.tag }}
images: falcosecurity/falco-no-driver:aarch64-${{ inputs.tag }},falcosecurity/falco-no-driver:x86_64-${{ inputs.tag }} images: docker.io/falcosecurity/falco-no-driver:aarch64-${{ inputs.tag }},docker.io/falcosecurity/falco-no-driver:x86_64-${{ inputs.tag }}
push: true push: true
- name: Create and push slim manifest - name: Tag slim manifest on Docker Hub
run: |
crane tag docker.io/falcosecurity/falco-no-driver:${{ inputs.tag }} docker.io/falcosecurity/falco:${{ inputs.tag }}-slim
- name: Create falco manifest on Docker Hub
uses: Noelware/docker-manifest-action@0.3.1 uses: Noelware/docker-manifest-action@0.3.1
with: with:
inputs: falcosecurity/falco:${{ inputs.tag }}-slim inputs: docker.io/falcosecurity/falco:${{ inputs.tag }}
images: falcosecurity/falco:aarch64-${{ inputs.tag }}-slim,falcosecurity/falco:x86_64-${{ inputs.tag }}-slim images: docker.io/falcosecurity/falco:aarch64-${{ inputs.tag }},docker.io/falcosecurity/falco:x86_64-${{ inputs.tag }}
push: true push: true
- name: Create and push no-driver manifest for ecr - name: Create falco-driver-loader manifest on Docker Hub
uses: Noelware/docker-manifest-action@0.3.1 uses: Noelware/docker-manifest-action@0.3.1
with: with:
inputs: public.ecr.aws/falcosecurity/falco-no-driver:${{ inputs.tag }} inputs: docker.io/falcosecurity/falco-driver-loader:${{ inputs.tag }}
images: public.ecr.aws/falcosecurity/falco-no-driver:aarch64-${{ inputs.tag }},public.ecr.aws/falcosecurity/falco-no-driver:x86_64-${{ inputs.tag }} images: docker.io/falcosecurity/falco-driver-loader:aarch64-${{ inputs.tag }},docker.io/falcosecurity/falco-driver-loader:x86_64-${{ inputs.tag }}
push: true push: true
- name: Create and push slim manifest for ecr - name: Publish images to ECR
uses: Noelware/docker-manifest-action@0.3.1 run: |
with: crane copy docker.io/falcosecurity/falco-no-driver:${{ inputs.tag }} public.ecr.aws/falcosecurity/falco-no-driver:${{ inputs.tag }}
inputs: public.ecr.aws/falcosecurity/falco:${{ inputs.tag }}-slim crane copy docker.io/falcosecurity/falco:${{ inputs.tag }} public.ecr.aws/falcosecurity/falco:${{ inputs.tag }}
images: public.ecr.aws/falcosecurity/falco:aarch64-${{ inputs.tag }}-slim,public.ecr.aws/falcosecurity/falco:x86_64-${{ inputs.tag }}-slim crane copy docker.io/falcosecurity/falco-driver-loader:${{ inputs.tag }} public.ecr.aws/falcosecurity/falco-driver-loader:${{ inputs.tag }}
push: true crane tag public.ecr.aws/falcosecurity/falco-no-driver:${{ inputs.tag }} public.ecr.aws/falcosecurity/falco:${{ inputs.tag }}-slim
- name: Create and push no-driver latest manifest - name: Tag latest on Docker Hub and ECR
if: ${{ inputs.is_latest }} if: inputs.is_latest
uses: Noelware/docker-manifest-action@0.3.1 run: |
with: crane tag docker.io/falcosecurity/falco-no-driver:${{ inputs.tag }} latest
inputs: falcosecurity/falco-no-driver:latest crane tag docker.io/falcosecurity/falco:${{ inputs.tag }} latest
images: falcosecurity/falco-no-driver:aarch64-latest,falcosecurity/falco-no-driver:x86_64-latest crane tag docker.io/falcosecurity/falco-driver-loader:${{ inputs.tag }} latest
push: true crane tag docker.io/falcosecurity/falco:${{ inputs.tag }}-slim latest-slim
- name: Create and push slim latest manifest crane tag public.ecr.aws/falcosecurity/falco-no-driver:${{ inputs.tag }} latest
if: ${{ inputs.is_latest }} crane tag public.ecr.aws/falcosecurity/falco:${{ inputs.tag }} latest
uses: Noelware/docker-manifest-action@0.3.1 crane tag public.ecr.aws/falcosecurity/falco-driver-loader:${{ inputs.tag }} latest
with: crane tag public.ecr.aws/falcosecurity/falco:${{ inputs.tag }}-slim latest-slim
inputs: falcosecurity/falco:latest-slim
images: falcosecurity/falco:aarch64-latest-slim,falcosecurity/falco:x86_64-latest-slim
push: true
- name: Create and push no-driver latest manifest for ecr
if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1
with:
inputs: public.ecr.aws/falcosecurity/falco-no-driver:latest
images: public.ecr.aws/falcosecurity/falco-no-driver:aarch64-latest,public.ecr.aws/falcosecurity/falco-no-driver:x86_64-latest
push: true
- name: Create and push slim latest manifest for ecr
if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1
with:
inputs: public.ecr.aws/falcosecurity/falco:latest-slim
images: public.ecr.aws/falcosecurity/falco:aarch64-latest-slim,public.ecr.aws/falcosecurity/falco:x86_64-latest-slim
push: true
- name: Create and push falco manifest
uses: Noelware/docker-manifest-action@0.3.1
with:
inputs: falcosecurity/falco:${{ inputs.tag }}
images: falcosecurity/falco:aarch64-${{ inputs.tag }},falcosecurity/falco:x86_64-${{ inputs.tag }}
push: true
- name: Create and push falco manifest for ecr
uses: Noelware/docker-manifest-action@0.3.1
with:
inputs: public.ecr.aws/falcosecurity/falco:${{ inputs.tag }}
images: public.ecr.aws/falcosecurity/falco:aarch64-${{ inputs.tag }},public.ecr.aws/falcosecurity/falco:x86_64-${{ inputs.tag }}
push: true
- name: Create and push falco latest manifest
if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1
with:
inputs: falcosecurity/falco:latest
images: falcosecurity/falco:aarch64-latest,falcosecurity/falco:x86_64-latest
push: true
- name: Create and push falco latest manifest for ecr
if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1
with:
inputs: public.ecr.aws/falcosecurity/falco:latest
images: public.ecr.aws/falcosecurity/falco:aarch64-latest,public.ecr.aws/falcosecurity/falco:x86_64-latest
push: true
- name: Create and push falco-driver-loader manifest
uses: Noelware/docker-manifest-action@0.3.1
with:
inputs: falcosecurity/falco-driver-loader:${{ inputs.tag }}
images: falcosecurity/falco-driver-loader:aarch64-${{ inputs.tag }},falcosecurity/falco-driver-loader:x86_64-${{ inputs.tag }}
push: true
- name: Create and push falco-driver-loader manifest for ecr
uses: Noelware/docker-manifest-action@0.3.1
with:
inputs: public.ecr.aws/falcosecurity/falco-driver-loader:${{ inputs.tag }}
images: public.ecr.aws/falcosecurity/falco-driver-loader:aarch64-${{ inputs.tag }},public.ecr.aws/falcosecurity/falco-driver-loader:x86_64-${{ inputs.tag }}
push: true
- name: Create and push falco-driver-loader latest manifest
if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1
with:
inputs: falcosecurity/falco-driver-loader:latest
images: falcosecurity/falco-driver-loader:aarch64-latest,falcosecurity/falco-driver-loader:x86_64-latest
push: true
- name: Create and push falco-driver-loader latest manifest for ecr
if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1
with:
inputs: public.ecr.aws/falcosecurity/falco-driver-loader:latest
images: public.ecr.aws/falcosecurity/falco-driver-loader:aarch64-latest,public.ecr.aws/falcosecurity/falco-driver-loader:x86_64-latest
push: true