From 76b6bcc316344e470375ff6f7d9d617141ab297b Mon Sep 17 00:00:00 2001 From: Mauro Morales Date: Thu, 7 Dec 2023 10:30:15 +0100 Subject: [PATCH 1/2] Fix release of framework image Signed-off-by: Mauro Morales --- .github/workflows/image.yaml | 5 ++--- .../workflows/reusable-build-framework.yaml | 5 ++++- Earthfile | 20 ++++++++++--------- 3 files changed, 17 insertions(+), 13 deletions(-) diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 520207b5b..d64f191e6 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -89,9 +89,8 @@ jobs: strategy: fail-fast: false matrix: - include: - - security_profile: "generic" - - security_profile: "fips" + security_profile: [generic, fips] + framework_version: [master] install: uses: ./.github/workflows/reusable-install-test.yaml with: diff --git a/.github/workflows/reusable-build-framework.yaml b/.github/workflows/reusable-build-framework.yaml index 3b742e8e8..2033c4100 100644 --- a/.github/workflows/reusable-build-framework.yaml +++ b/.github/workflows/reusable-build-framework.yaml @@ -6,6 +6,9 @@ on: security_profile: required: true type: string + framework_version: + required: false + type: string jobs: build: @@ -47,7 +50,7 @@ jobs: http = true EOF # Push with earthly so it pushes the multi-arch properly - earthly --push +multi-build-framework-image --SECURITY_PROFILE=${{ inputs.security_profile }} --VERSION=master + earthly --push +multi-build-framework-image --SECURITY_PROFILE=${{ inputs.security_profile }} --FRAMEWORK_VERSION=${{ inputs.framework_version }} # Fetch the RepoDigests for the mutli-arch image docker pull "$ARTIFACT" cosign sign $(docker image inspect --format='{{index .RepoDigests 0}}' "$ARTIFACT") diff --git a/Earthfile b/Earthfile index c0304e92e..5bcbc1c13 100644 --- a/Earthfile +++ b/Earthfile @@ -309,6 +309,7 @@ multi-build-framework-image: build-framework-image: FROM alpine ARG SECURITY_PROFILE + ARG FRAMEWORK_VERSION IF [ "$SECURITY_PROFILE" = "fips" ] ARG _SECURITY_PROFILE=fips @@ -321,13 +322,13 @@ build-framework-image: ARG VERSION=$(cat ./GIT_VERSION) - IF [[ "$VERSION" =~ "v\d+\.\d+\.\d+$" ]] - ARG FRAMEWORK_VERSION=$VERSION + IF [ "$FRAMEWORK_VERSION" = "" ] + ARG _FRAMEWORK_VERSION=$VERSION ELSE - ARG FRAMEWORK_VERSION=master + ARG _FRAMEWORK_VERSION=$FRAMEWORK_VERSION END - ARG _IMG="$IMAGE_REPOSITORY_ORG/framework:${FRAMEWORK_VERSION}_${_SECURITY_PROFILE}" + ARG _IMG="$IMAGE_REPOSITORY_ORG/framework:${_FRAMEWORK_VERSION}_${_SECURITY_PROFILE}" RUN echo $_IMG > FRAMEWORK_IMAGE SAVE ARTIFACT FRAMEWORK_IMAGE AS LOCAL build/FRAMEWORK_IMAGE @@ -336,7 +337,7 @@ build-framework-image: COPY (+framework/framework --SECURITY_PROFILE=$_SECURITY_PROFILE) / - SAVE IMAGE --push $IMAGE_REPOSITORY_ORG/framework:${FRAMEWORK_VERSION}_${_SECURITY_PROFILE} + SAVE IMAGE --push $IMAGE_REPOSITORY_ORG/framework:${_FRAMEWORK_VERSION}_${_SECURITY_PROFILE} kairos-dockerfile: ARG --required FAMILY @@ -357,16 +358,17 @@ base-image: ARG --required MODEL ARG --required BASE_IMAGE # BASE_IMAGE is the image to apply the strategy (aka FLAVOR) on. E.g. ubuntu:20.04 ARG K3S_VERSION + ARG FRAMEWORK_VERSION # TODO for the framework image. Do we call the last stable version available or master? ARG K3S_VERSION DO +GIT_VERSION ARG KAIROS_VERSION=$(cat ./GIT_VERSION) - IF [[ "$KAIROS_VERSION" =~ "v\d+\.\d+\.\d+$" ]] - ARG FRAMEWORK_VERSION=$KAIROS_VERSION + IF [ "$FRAMEWORK_VERSION" = "" ] + ARG _FRAMEWORK_VERSION=$VERSION ELSE - ARG FRAMEWORK_VERSION=master + ARG _FRAMEWORK_VERSION=$FRAMEWORK_VERSION END RUN cat +kairos-dockerfile/Dockerfile @@ -378,7 +380,7 @@ base-image: --build-arg VARIANT=$VARIANT \ --build-arg VERSION=$KAIROS_VERSION \ --build-arg K3S_VERSION=$K3S_VERSION \ - --build-arg FRAMEWORK_VERSION=$FRAMEWORK_VERSION \ + --build-arg FRAMEWORK_VERSION=$_FRAMEWORK_VERSION \ -f +kairos-dockerfile/Dockerfile \ ./images From 18de56cb695a3a1edc7415764d3d481fbb4b2a02 Mon Sep 17 00:00:00 2001 From: Mauro Morales Date: Thu, 7 Dec 2023 11:09:02 +0100 Subject: [PATCH 2/2] have a git option Signed-off-by: Mauro Morales --- .github/workflows/release.yaml | 2 +- Earthfile | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 3f6da3d83..7a07e3b74 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -92,7 +92,7 @@ jobs: insecure = true http = true EOF - earthly +multi-build-framework-image --SECURITY_PROFILE=${{ matrix.security_profile }} + earthly +multi-build-framework-image --SECURITY_PROFILE=${{ matrix.security_profile }} --FRAMEWORK_VERSION="git" - name: Push to quay env: COSIGN_YES: true diff --git a/Earthfile b/Earthfile index 5bcbc1c13..5352324eb 100644 --- a/Earthfile +++ b/Earthfile @@ -323,6 +323,8 @@ build-framework-image: ARG VERSION=$(cat ./GIT_VERSION) IF [ "$FRAMEWORK_VERSION" = "" ] + ARG _FRAMEWORK_VERSION=master + ELSE IF [ "$FRAMEWORK_VERSION" = "git" ] ARG _FRAMEWORK_VERSION=$VERSION ELSE ARG _FRAMEWORK_VERSION=$FRAMEWORK_VERSION @@ -366,6 +368,8 @@ base-image: ARG KAIROS_VERSION=$(cat ./GIT_VERSION) IF [ "$FRAMEWORK_VERSION" = "" ] + ARG _FRAMEWORK_VERSION=master + ELSE IF [ "$FRAMEWORK_VERSION" = "git" ] ARG _FRAMEWORK_VERSION=$VERSION ELSE ARG _FRAMEWORK_VERSION=$FRAMEWORK_VERSION