Skip to content

Commit

Permalink
chore(CI): publish KubeArmor tars to dockerhub
Browse files Browse the repository at this point in the history
Currently OS and arch is stored in the tag however once oras CLI
starts to support pushing multi-arch artifacts, we'll use that.
Ref - oras-project/oras#1053

Signed-off-by: Rudraksh Pareek <rudraksh@accuknox.com>
  • Loading branch information
DelusionalOptimist committed May 23, 2024
1 parent ae5ff26 commit 25ce14a
Show file tree
Hide file tree
Showing 4 changed files with 61 additions and 14 deletions.
14 changes: 7 additions & 7 deletions .github/workflows/ci-latest-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ jobs:
if: github.repository == 'kubearmor/kubearmor' && (needs.check.outputs.kubearmor == 'true' || ${{ github.ref }} != 'refs/heads/main')
runs-on: ubuntu-latest-16-cores
permissions:
id-token: write
id-token: write
timeout-minutes: 120
steps:
- uses: actions/checkout@v3
Expand Down Expand Up @@ -81,7 +81,7 @@ jobs:
run: |
make docker-build TAG=${{ steps.vars.outputs.tag }}
- name: deploy pre existing pod
- name: deploy pre existing pod
run: |
kubectl apply -f ./tests/k8s_env/ksp/pre-run-pod.yaml
sleep 60
Expand All @@ -93,7 +93,7 @@ jobs:
docker save kubearmor/kubearmor:${{ steps.vars.outputs.tag }} | sudo k3s ctr images import -
docker save kubearmor/kubearmor-operator:${{ steps.vars.outputs.tag }} | sudo k3s ctr images import -
docker save kubearmor/kubearmor-snitch:${{ steps.vars.outputs.tag }} | sudo k3s ctr images import -
helm upgrade --install kubearmor-operator ./deployments/helm/KubeArmorOperator -n kubearmor --create-namespace --set kubearmorOperator.image.tag=${{ steps.vars.outputs.tag }}
kubectl wait --for=condition=ready --timeout=5m -n kubearmor pod -l kubearmor-app=kubearmor-operator
kubectl get pods -A
Expand Down Expand Up @@ -145,12 +145,12 @@ jobs:
- name: Push KubeArmor images to Docker
run: GITHUB_SHA=$GITHUB_SHA ./KubeArmor/build/push_kubearmor.sh ${{ steps.vars.outputs.tag }}

- name: Install Cosign
- name: Install Cosign
uses: sigstore/cosign-installer@main

- name: Get Image Digest
id: digest
run: |
run: |
echo "imagedigest=$(jq -r '.["containerimage.digest"]' kubearmor.json)" >> $GITHUB_OUTPUT
echo "initdigest=$(jq -r '.["containerimage.digest"]' kubearmor-init.json)" >> $GITHUB_OUTPUT
echo "ubidigest=$(jq -r '.["containerimage.digest"]' kubearmor-ubi.json)" >> $GITHUB_OUTPUT
Expand Down Expand Up @@ -207,7 +207,7 @@ jobs:
regctl image copy kubearmor/kubearmor:$STABLE_VERSION kubearmor/kubearmor:stable --digest-tags
regctl image copy kubearmor/kubearmor-ubi:$STABLE_VERSION kubearmor/kubearmor-ubi:stable --digest-tags
regctl image copy kubearmor/kubearmor-controller:$STABLE_VERSION kubearmor/kubearmor-controller:stable --digest-tags
kubearmor-controller-release:
name: Build & Push KubeArmorController
needs: check
Expand All @@ -223,7 +223,7 @@ jobs:
- uses: actions/setup-go@v5
with:
go-version-file: 'KubeArmor/go.mod'

- name: Set up QEMU
uses: docker/setup-qemu-action@v2

Expand Down
52 changes: 47 additions & 5 deletions .github/workflows/ci-systemd-release.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,12 @@
name: ci-systemd-release

on:
workflow_dispatch:
inputs:
tag:
description: "Release tag which has to be updated"
type: "string"
required: true
push:
tags:
- "*"
Expand All @@ -16,34 +22,70 @@ jobs:
- uses: actions/checkout@v3
with:
submodules: true
fetch-depth: 0

- uses: actions/setup-go@v5
with:
go-version-file: 'KubeArmor/go.mod'


- name: Install the latest LLVM toolchain
run: ./.github/workflows/install-llvm.sh

- name: Compile libbpf
run: ./.github/workflows/install-libbpf.sh

- name: Install Cosign
uses: sigstore/cosign-installer@main

- name: Install karmor
run: curl -sfL https://raw.githubusercontent.com/kubearmor/kubearmor-client/main/install.sh | sudo sh -s -- -b .
working-directory: KubeArmor

- name: Build KubeArmor object files
run: make
run: make
working-directory: KubeArmor/BPF


- name: Log in to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_AUTHTOK }}

- name: Get release tag
id: vars
run: |
cp KubeArmor/.goreleaser.yaml /tmp/.goreleaser.yaml
if [[ ${{ github.event_name }} == "workflow_dispatch" ]]; then
# checkout branch but use goreleaser config from latest
echo "Checking out tag: ${{ inputs.tag }}"
git checkout ${{ inputs.tag }}
echo "GORELEASER_CURRENT_TAG=${{ inputs.tag }}" >> $GITHUB_OUTPUT
REF=${{ inputs.tag }}
echo "tag=${REF#v}" >> $GITHUB_OUTPUT
else
REF=${GITHUB_REF#refs/*/}
echo "tag=${REF#v}" >> $GITHUB_OUTPUT
fi
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v5
with:
distribution: goreleaser
version: v1.25.0
args: release --clean
args: release --config=/tmp/.goreleaser.yaml
workdir: KubeArmor
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GORELEASER_CURRENT_TAG: ${{ steps.vars.outputs.GORELEASER_CURRENT_TAG }}

- name: Setup ORAS
uses: oras-project/setup-oras@v1
with:
version: 1.0.0

- name: Publish release artifacts to Dockerhub
working-directory: KubeArmor/dist
run: |
oras push docker.io/kubearmor/kubearmor-systemd:${{ steps.vars.outputs.tag }}_linux-amd64 kubearmor_${{ steps.vars.outputs.tag }}_linux-amd64.tar.gz
oras push docker.io/kubearmor/kubearmor-systemd:${{ steps.vars.outputs.tag }}_linux-arm64 kubearmor_${{ steps.vars.outputs.tag }}_linux-arm64.tar.gz
7 changes: 6 additions & 1 deletion KubeArmor/.goreleaser.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,11 @@ builds:
env:
- CGO_ENABLED=0

release:
replace_existing_artifacts: true
mode: replace
make_latest: false

signs:
- cmd: cosign
certificate: '${artifact}.cert'
Expand All @@ -22,7 +27,7 @@ signs:
- --yes
artifacts: all
output: true

archives:
- id: "kubearmor"
builds:
Expand Down
2 changes: 1 addition & 1 deletion KubeArmor/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ require (
k8s.io/apimachinery v0.29.0
k8s.io/client-go v0.29.0
k8s.io/cri-api v0.29.0
k8s.io/klog/v2 v2.120.0
k8s.io/utils v0.0.0-20240310230437-4693a0247e57
sigs.k8s.io/controller-runtime v0.15.3
)
Expand Down Expand Up @@ -130,7 +131,6 @@ require (
gotest.tools/v3 v3.4.0 // indirect
k8s.io/apiextensions-apiserver v0.29.0 // indirect
k8s.io/component-base v0.29.0 // indirect
k8s.io/klog/v2 v2.120.0 // indirect
k8s.io/kube-openapi v0.0.0-20240105020646-a37d4de58910 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
Expand Down

0 comments on commit 25ce14a

Please sign in to comment.