From 12d97148ab7e04695992e09a70fe0ec96743a8a9 Mon Sep 17 00:00:00 2001 From: Luca Guerra Date: Thu, 4 May 2023 15:36:36 +0000 Subject: [PATCH] new(ci): add RC/prerelease support Signed-off-by: Luca Guerra --- .github/workflows/release.yaml | 41 ++++++++++++++++++- .github/workflows/reusable_build_docker.yaml | 11 +++-- .../workflows/reusable_publish_docker.yaml | 16 ++++---- 3 files changed, 55 insertions(+), 13 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index b1688d1f108..daf83d63b21 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -2,7 +2,8 @@ name: Release Packages and Docker images on: push: tags: - - '[0-9]+.[0-9]+.[0-9]+' + - '[0-9]+.[0-9]+.[0-9]+' # final release + - '[0-9]+.[0-9]+.[0-9]+-*' # prerelease/RC # Checks if any concurrent jobs is running for release CI and eventually cancel it. concurrency: @@ -10,6 +11,36 @@ concurrency: cancel-in-progress: true jobs: + release-settings: + runs-on: ubuntu-latest + steps: + - name: Get latest release + uses: rez0n/actions-github-release@v2.0 + id: latest_release + env: + token: ${{ secrets.GITHUB_TOKEN }} + repository: ${{ github.repository }} + type: "stable" + + - name: Get settings for this release + id: get_settings + shell: python + run: | + import os + is_prerelease = '-' in '${{ github.ref_name }}' + + # Safeguard: you need to both set "latest" in GH and not have suffixes to overwrite latest + is_latest = '${{ steps.latest_release.outputs.release }}' == '${{ github.ref_name }}' and not is_prerelease + + bucket_suffix = '-dev' if is_prerelease else '' + + with open(os.environ['GITHUB_OUTPUT'], 'a') as ofp: + print(f'is_latest={is_latest}'.lower(), file=ofp) + print(f'bucket_suffix={bucket_suffix}', file=ofp) + outputs: + is_latest: ${{ steps.get_settings.outputs.is_latest }} + bucket_suffix: ${{ steps.get_settings.outputs.bucket_suffix }} + build-packages: uses: falcosecurity/falco/.github/workflows/reusable_build_packages.yaml@master with: @@ -26,6 +57,7 @@ jobs: needs: [build-packages, build-packages-arm64] uses: falcosecurity/falco/.github/workflows/reusable_publish_packages.yaml@master with: + bucket_suffix: ${{ steps.get_settings.outputs.bucket_suffix }} version: ${{ needs.build-packages.outputs.version }} secrets: inherit @@ -35,6 +67,8 @@ jobs: uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master with: arch: x86_64 + is_latest: ${{ needs.release-settings.outputs.is_latest == 'true' }} + bucket_suffix: ${{ steps.get_settings.outputs.bucket_suffix }} version: ${{ needs.build-packages.outputs.version }} secrets: inherit @@ -43,6 +77,8 @@ jobs: uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master with: arch: aarch64 + is_latest: ${{ needs.release-settings.outputs.is_latest == 'true' }} + bucket_suffix: ${{ steps.get_settings.outputs.bucket_suffix }} version: ${{ needs.build-packages.outputs.version }} secrets: inherit @@ -50,4 +86,5 @@ jobs: needs: [build-docker, build-docker-arm64] uses: falcosecurity/falco/.github/workflows/reusable_publish_docker.yaml@master secrets: inherit - + with: + is_latest: ${{ needs.release-settings.outputs.is_latest == 'true' }} diff --git a/.github/workflows/reusable_build_docker.yaml b/.github/workflows/reusable_build_docker.yaml index af3ec72bfea..75a2aa5b6c9 100644 --- a/.github/workflows/reusable_build_docker.yaml +++ b/.github/workflows/reusable_build_docker.yaml @@ -15,6 +15,11 @@ on: description: 'Falco version extracted from userspace/falco/config_falco.h' required: true type: string + is_latest: + description: Update the latest tag with the new image + required: false + type: boolean + default: false # Here we just build all docker images as tarballs, # then we upload all the tarballs to be later downloaded by reusable_publish_docker workflow. @@ -69,7 +74,7 @@ jobs: outputs: type=docker,dest=/tmp/falco-driver-loader-${{ inputs.arch }}.tar - name: Build no-driver latest image - if: ${{ github.ref_name != 'master' }} + if: ${{ inputs.is_latest }} uses: docker/build-push-action@v3 with: context: ${{ github.workspace }}/docker/no-driver/ @@ -84,7 +89,7 @@ jobs: outputs: type=docker,dest=/tmp/falco-no-driver-latest-${{ inputs.arch }}.tar - name: Build falco latest image - if: ${{ github.ref_name != 'master' }} + if: ${{ inputs.is_latest }} uses: docker/build-push-action@v3 with: context: ${{ github.workspace }}/docker/falco/ @@ -97,7 +102,7 @@ jobs: outputs: type=docker,dest=/tmp/falco-latest-${{ inputs.arch }}.tar - name: Build falco-driver-loader latest image - if: ${{ github.ref_name != 'master' }} + if: ${{ inputs.is_latest }} uses: docker/build-push-action@v3 with: context: ${{ github.workspace }}/docker/driver-loader/ diff --git a/.github/workflows/reusable_publish_docker.yaml b/.github/workflows/reusable_publish_docker.yaml index 2d63b703f01..757c62b21d0 100644 --- a/.github/workflows/reusable_publish_docker.yaml +++ b/.github/workflows/reusable_publish_docker.yaml @@ -70,7 +70,7 @@ jobs: push: true - name: Create and push no-driver latest manifest - if: ${{ github.ref_name != 'master' }} + if: ${{ inputs.is_latest }} uses: Noelware/docker-manifest-action@0.3.1 with: inputs: falcosecurity/falco-no-driver:latest @@ -78,7 +78,7 @@ jobs: push: true - name: Create and push slim latest manifest - if: ${{ github.ref_name != 'master' }} + if: ${{ inputs.is_latest }} uses: Noelware/docker-manifest-action@0.3.1 with: inputs: falcosecurity/falco:latest-slim @@ -86,7 +86,7 @@ jobs: push: true - name: Create and push no-driver latest manifest for ecr - if: ${{ github.ref_name != 'master' }} + if: ${{ inputs.is_latest }} uses: Noelware/docker-manifest-action@0.3.1 with: inputs: public.ecr.aws/falcosecurity/falco-no-driver:latest @@ -94,7 +94,7 @@ jobs: push: true - name: Create and push slim latest manifest for ecr - if: ${{ github.ref_name != 'master' }} + if: ${{ inputs.is_latest }} uses: Noelware/docker-manifest-action@0.3.1 with: inputs: public.ecr.aws/falcosecurity/falco:latest-slim @@ -116,7 +116,7 @@ jobs: push: true - name: Create and push falco latest manifest - if: ${{ github.ref_name != 'master' }} + if: ${{ inputs.is_latest }} uses: Noelware/docker-manifest-action@0.3.1 with: inputs: falcosecurity/falco:latest @@ -124,7 +124,7 @@ jobs: push: true - name: Create and push falco latest manifest for ecr - if: ${{ github.ref_name != 'master' }} + if: ${{ inputs.is_latest }} uses: Noelware/docker-manifest-action@0.3.1 with: inputs: public.ecr.aws/falcosecurity/falco:latest @@ -146,7 +146,7 @@ jobs: push: true - name: Create and push falco-driver-loader latest manifest - if: ${{ github.ref_name != 'master' }} + if: ${{ inputs.is_latest }} uses: Noelware/docker-manifest-action@0.3.1 with: inputs: falcosecurity/falco-driver-loader:latest @@ -154,7 +154,7 @@ jobs: push: true - name: Create and push falco-driver-loader latest manifest for ecr - if: ${{ github.ref_name != 'master' }} + if: ${{ inputs.is_latest }} uses: Noelware/docker-manifest-action@0.3.1 with: inputs: public.ecr.aws/falcosecurity/falco-driver-loader:latest