Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(ci): simplify and fix multi-arch image publishing process #2542

Merged
merged 1 commit into from
May 12, 2023
Merged

fix(ci): simplify and fix multi-arch image publishing process #2542

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions .github/workflows/release.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,6 @@ jobs:
uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master
with:
arch: x86_64
is_latest: ${{ needs.release-settings.outputs.is_latest == 'true' }}
bucket_suffix: ${{ needs.release-settings.outputs.bucket_suffix }}
version: ${{ github.event.release.tag_name }}
tag: ${{ github.event.release.tag_name }}
Expand All @@ -91,7 +90,6 @@ jobs:
uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master
with:
arch: aarch64
is_latest: ${{ needs.release-settings.outputs.is_latest == 'true' }}
bucket_suffix: ${{ needs.release-settings.outputs.bucket_suffix }}
version: ${{ github.event.release.tag_name }}
tag: ${{ github.event.release.tag_name }}
Expand Down
56 changes: 3 additions & 53 deletions .github/workflows/reusable_build_docker.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,6 @@ on:
description: The tag to use (e.g. "master" or "0.35.0")
required: true
type: string
is_latest:
description: Update the latest tag with the new image
required: false
type: boolean
default: false

# Here we just build all docker images as tarballs,
# then we upload all the tarballs to be later downloaded by reusable_publish_docker workflow.
Expand All @@ -48,10 +43,7 @@ jobs:
VERSION_BUCKET=bin${{ inputs.bucket_suffix }}
FALCO_VERSION=${{ inputs.version }}
tags: |
falcosecurity/falco-no-driver:${{ inputs.arch }}-${{ inputs.tag }}
falcosecurity/falco:${{ inputs.arch }}-${{ inputs.tag }}-slim
public.ecr.aws/falcosecurity/falco-no-driver:${{ inputs.arch }}-${{ inputs.tag }}
public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-${{ inputs.tag }}-slim
docker.io/falcosecurity/falco-no-driver:${{ inputs.arch }}-${{ inputs.tag }}
outputs: type=docker,dest=/tmp/falco-no-driver-${{ inputs.arch }}.tar

- name: Build falco image
Expand All @@ -62,8 +54,7 @@ jobs:
VERSION_BUCKET=deb${{ inputs.bucket_suffix }}
FALCO_VERSION=${{ inputs.version }}
tags: |
falcosecurity/falco:${{ inputs.arch }}-${{ inputs.tag }}
public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-${{ inputs.tag }}
docker.io/falcosecurity/falco:${{ inputs.arch }}-${{ inputs.tag }}
outputs: type=docker,dest=/tmp/falco-${{ inputs.arch }}.tar

- name: Build falco-driver-loader image
Expand All @@ -73,50 +64,9 @@ jobs:
build-args: |
FALCO_IMAGE_TAG=${{ inputs.arch }}-${{ inputs.tag }}
tags: |
falcosecurity/falco-driver-loader:${{ inputs.arch }}-${{ inputs.tag }}
public.ecr.aws/falcosecurity/falco-driver-loader:${{ inputs.arch }}-${{ inputs.tag }}
docker.io/falcosecurity/falco-driver-loader:${{ inputs.arch }}-${{ inputs.tag }}
outputs: type=docker,dest=/tmp/falco-driver-loader-${{ inputs.arch }}.tar

- name: Build no-driver latest image
if: ${{ inputs.is_latest }}
uses: docker/build-push-action@v3
with:
context: ${{ github.workspace }}/docker/no-driver/
build-args: |
VERSION_BUCKET=bin
FALCO_VERSION=${{ inputs.version }}
tags: |
falcosecurity/falco-no-driver:${{ inputs.arch }}-latest
falcosecurity/falco:${{ inputs.arch }}-latest-slim
public.ecr.aws/falcosecurity/falco-no-driver:${{ inputs.arch }}-latest
public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-latest-slim
outputs: type=docker,dest=/tmp/falco-no-driver-latest-${{ inputs.arch }}.tar

- name: Build falco latest image
if: ${{ inputs.is_latest }}
uses: docker/build-push-action@v3
with:
context: ${{ github.workspace }}/docker/falco/
build-args: |
VERSION_BUCKET=deb
FALCO_VERSION=${{ inputs.version }}
tags: |
falcosecurity/falco:${{ inputs.arch }}-latest
public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-latest
outputs: type=docker,dest=/tmp/falco-latest-${{ inputs.arch }}.tar

- name: Build falco-driver-loader latest image
if: ${{ inputs.is_latest }}
uses: docker/build-push-action@v3
with:
context: ${{ github.workspace }}/docker/driver-loader/
build-args: |
FALCO_IMAGE_TAG=${{ inputs.arch }}-latest
tags: |
falcosecurity/falco-driver-loader:${{ inputs.arch }}-latest
public.ecr.aws/falcosecurity/falco-driver-loader:${{ inputs.arch }}-latest
outputs: type=docker,dest=/tmp/falco-driver-loader-latest-${{ inputs.arch }}.tar

- name: Upload images tarballs
uses: actions/upload-artifact@v3
with:
Expand Down
154 changes: 47 additions & 107 deletions .github/workflows/reusable_publish_docker.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,123 +50,63 @@ jobs:
uses: aws-actions/amazon-ecr-login@2f9f10ea3fa2eed41ac443fee8bfbd059af2d0a4 # v1.6.0
with:
registry-type: public

- name: Create and push no-driver manifest
uses: Noelware/[email protected]
with:
inputs: falcosecurity/falco-no-driver:${{ inputs.tag }}
images: falcosecurity/falco-no-driver:aarch64-${{ inputs.tag }},falcosecurity/falco-no-driver:x86_64-${{ inputs.tag }}
push: true

- name: Create and push slim manifest
uses: Noelware/[email protected]
with:
inputs: falcosecurity/falco:${{ inputs.tag }}-slim
images: falcosecurity/falco:aarch64-${{ inputs.tag }}-slim,falcosecurity/falco:x86_64-${{ inputs.tag }}-slim
push: true

- name: Create and push no-driver manifest for ecr
uses: Noelware/[email protected]
with:
inputs: public.ecr.aws/falcosecurity/falco-no-driver:${{ inputs.tag }}
images: public.ecr.aws/falcosecurity/falco-no-driver:aarch64-${{ inputs.tag }},public.ecr.aws/falcosecurity/falco-no-driver:x86_64-${{ inputs.tag }}
push: true

- name: Create and push slim manifest for ecr
uses: Noelware/[email protected]

- name: Setup Crane
uses: imjasonh/[email protected]
with:
inputs: public.ecr.aws/falcosecurity/falco:${{ inputs.tag }}-slim
images: public.ecr.aws/falcosecurity/falco:aarch64-${{ inputs.tag }}-slim,public.ecr.aws/falcosecurity/falco:x86_64-${{ inputs.tag }}-slim
push: true
version: v0.15.1

- name: Create and push no-driver latest manifest
if: ${{ inputs.is_latest }}
uses: Noelware/[email protected]
with:
inputs: falcosecurity/falco-no-driver:latest
images: falcosecurity/falco-no-driver:aarch64-latest,falcosecurity/falco-no-driver:x86_64-latest
push: true

- name: Create and push slim latest manifest
if: ${{ inputs.is_latest }}
uses: Noelware/[email protected]
with:
inputs: falcosecurity/falco:latest-slim
images: falcosecurity/falco:aarch64-latest-slim,falcosecurity/falco:x86_64-latest-slim
push: true

- name: Create and push no-driver latest manifest for ecr
if: ${{ inputs.is_latest }}
uses: Noelware/[email protected]
with:
inputs: public.ecr.aws/falcosecurity/falco-no-driver:latest
images: public.ecr.aws/falcosecurity/falco-no-driver:aarch64-latest,public.ecr.aws/falcosecurity/falco-no-driver:x86_64-latest
push: true

- name: Create and push slim latest manifest for ecr
if: ${{ inputs.is_latest }}
uses: Noelware/[email protected]
with:
inputs: public.ecr.aws/falcosecurity/falco:latest-slim
images: public.ecr.aws/falcosecurity/falco:aarch64-latest-slim,public.ecr.aws/falcosecurity/falco:x86_64-latest-slim
push: true

- name: Create and push falco manifest
uses: Noelware/[email protected]
with:
inputs: falcosecurity/falco:${{ inputs.tag }}
images: falcosecurity/falco:aarch64-${{ inputs.tag }},falcosecurity/falco:x86_64-${{ inputs.tag }}
push: true

- name: Create and push falco manifest for ecr
uses: Noelware/[email protected]
with:
inputs: public.ecr.aws/falcosecurity/falco:${{ inputs.tag }}
images: public.ecr.aws/falcosecurity/falco:aarch64-${{ inputs.tag }},public.ecr.aws/falcosecurity/falco:x86_64-${{ inputs.tag }}
push: true

- name: Create and push falco latest manifest
if: ${{ inputs.is_latest }}
# We're pushing the arch-specific manifests to Docker Hub so that we'll be able to easily create the index/multiarch later
- name: Push arch-specific images to Docker Hub
run: |
docker push docker.io/falcosecurity/falco-no-driver:aarch64-${{ inputs.tag }}
docker push docker.io/falcosecurity/falco-no-driver:x86_64-${{ inputs.tag }}
docker push docker.io/falcosecurity/falco:aarch64-${{ inputs.tag }}
docker push docker.io/falcosecurity/falco:x86_64-${{ inputs.tag }}
docker push docker.io/falcosecurity/falco-driver-loader:aarch64-${{ inputs.tag }}
docker push docker.io/falcosecurity/falco-driver-loader:x86_64-${{ inputs.tag }}

- name: Create no-driver manifest on Docker Hub
uses: Noelware/[email protected]
with:
inputs: falcosecurity/falco:latest
images: falcosecurity/falco:aarch64-latest,falcosecurity/falco:x86_64-latest
inputs: docker.io/falcosecurity/falco-no-driver:${{ inputs.tag }}
images: docker.io/falcosecurity/falco-no-driver:aarch64-${{ inputs.tag }},docker.io/falcosecurity/falco-no-driver:x86_64-${{ inputs.tag }}
push: true

- name: Create and push falco latest manifest for ecr
if: ${{ inputs.is_latest }}
uses: Noelware/[email protected]
with:
inputs: public.ecr.aws/falcosecurity/falco:latest
images: public.ecr.aws/falcosecurity/falco:aarch64-latest,public.ecr.aws/falcosecurity/falco:x86_64-latest
push: true

- name: Create and push falco-driver-loader manifest
- name: Tag slim manifest on Docker Hub
run: |
crane tag docker.io/falcosecurity/falco-no-driver:${{ inputs.tag }} docker.io/falcosecurity/falco:${{ inputs.tag }}-slim

- name: Create falco manifest on Docker Hub
uses: Noelware/[email protected]
with:
inputs: falcosecurity/falco-driver-loader:${{ inputs.tag }}
images: falcosecurity/falco-driver-loader:aarch64-${{ inputs.tag }},falcosecurity/falco-driver-loader:x86_64-${{ inputs.tag }}
inputs: docker.io/falcosecurity/falco:${{ inputs.tag }}
images: docker.io/falcosecurity/falco:aarch64-${{ inputs.tag }},docker.io/falcosecurity/falco:x86_64-${{ inputs.tag }}
push: true

- name: Create and push falco-driver-loader manifest for ecr
- name: Create falco-driver-loader manifest on Docker Hub
uses: Noelware/[email protected]
with:
inputs: public.ecr.aws/falcosecurity/falco-driver-loader:${{ inputs.tag }}
images: public.ecr.aws/falcosecurity/falco-driver-loader:aarch64-${{ inputs.tag }},public.ecr.aws/falcosecurity/falco-driver-loader:x86_64-${{ inputs.tag }}
push: true

- name: Create and push falco-driver-loader latest manifest
if: ${{ inputs.is_latest }}
uses: Noelware/[email protected]
with:
inputs: falcosecurity/falco-driver-loader:latest
images: falcosecurity/falco-driver-loader:aarch64-latest,falcosecurity/falco-driver-loader:x86_64-latest
inputs: docker.io/falcosecurity/falco-driver-loader:${{ inputs.tag }}
images: docker.io/falcosecurity/falco-driver-loader:aarch64-${{ inputs.tag }},docker.io/falcosecurity/falco-driver-loader:x86_64-${{ inputs.tag }}
push: true

- name: Create and push falco-driver-loader latest manifest for ecr
if: ${{ inputs.is_latest }}
uses: Noelware/[email protected]
with:
inputs: public.ecr.aws/falcosecurity/falco-driver-loader:latest
images: public.ecr.aws/falcosecurity/falco-driver-loader:aarch64-latest,public.ecr.aws/falcosecurity/falco-driver-loader:x86_64-latest
push: true

- name: Publish images to ECR
run: |
crane copy docker.io/falcosecurity/falco-no-driver:${{ inputs.tag }} public.ecr.aws/falcosecurity/falco-no-driver:${{ inputs.tag }}
crane copy docker.io/falcosecurity/falco:${{ inputs.tag }} public.ecr.aws/falcosecurity/falco:${{ inputs.tag }}
crane copy docker.io/falcosecurity/falco-driver-loader:${{ inputs.tag }} public.ecr.aws/falcosecurity/falco-driver-loader:${{ inputs.tag }}
crane tag public.ecr.aws/falcosecurity/falco-no-driver:${{ inputs.tag }} public.ecr.aws/falcosecurity/falco:${{ inputs.tag }}-slim

- name: Tag latest on Docker Hub and ECR
if: inputs.is_latest
run: |
crane tag docker.io/falcosecurity/falco-no-driver:${{ inputs.tag }} latest
crane tag docker.io/falcosecurity/falco:${{ inputs.tag }} latest
crane tag docker.io/falcosecurity/falco-driver-loader:${{ inputs.tag }} latest
crane tag docker.io/falcosecurity/falco:${{ inputs.tag }}-slim latest-slim

crane tag public.ecr.aws/falcosecurity/falco-no-driver:${{ inputs.tag }} latest
crane tag public.ecr.aws/falcosecurity/falco:${{ inputs.tag }} latest
crane tag public.ecr.aws/falcosecurity/falco-driver-loader:${{ inputs.tag }} latest
crane tag public.ecr.aws/falcosecurity/falco:${{ inputs.tag }}-slim latest-slim