Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(CI): publish KubeArmor tars to dockerhub #1764

Merged
merged 3 commits into from
May 23, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/ci-latest-helm-chart-release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ permissions: read-all
jobs:
publish-chart:
name: Update Stable Helm Chart With Latest Changes
if: ${{ (github.repository == 'kubearmor/kubearmor') && (!contains(github.event.head_commit.message, '[skip ci]')) }}
if: ${{ (github.repository == 'kubearmor/kubearmor') }}
runs-on: ubuntu-20.04
permissions:
contents: write
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/ci-latest-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ jobs:
if: github.repository == 'kubearmor/kubearmor' && (needs.check.outputs.kubearmor == 'true' || ${{ github.ref }} != 'refs/heads/main')
runs-on: ubuntu-latest-16-cores
permissions:
id-token: write
id-token: write
timeout-minutes: 120
steps:
- uses: actions/checkout@v3
Expand Down Expand Up @@ -81,7 +81,7 @@ jobs:
run: |
make docker-build TAG=${{ steps.vars.outputs.tag }}

- name: deploy pre existing pod
- name: deploy pre existing pod
run: |
kubectl apply -f ./tests/k8s_env/ksp/pre-run-pod.yaml
sleep 60
Expand All @@ -93,7 +93,7 @@ jobs:
docker save kubearmor/kubearmor:${{ steps.vars.outputs.tag }} | sudo k3s ctr images import -
docker save kubearmor/kubearmor-operator:${{ steps.vars.outputs.tag }} | sudo k3s ctr images import -
docker save kubearmor/kubearmor-snitch:${{ steps.vars.outputs.tag }} | sudo k3s ctr images import -

helm upgrade --install kubearmor-operator ./deployments/helm/KubeArmorOperator -n kubearmor --create-namespace --set kubearmorOperator.image.tag=${{ steps.vars.outputs.tag }}
kubectl wait --for=condition=ready --timeout=5m -n kubearmor pod -l kubearmor-app=kubearmor-operator
kubectl get pods -A
Expand Down Expand Up @@ -145,12 +145,12 @@ jobs:
- name: Push KubeArmor images to Docker
run: GITHUB_SHA=$GITHUB_SHA ./KubeArmor/build/push_kubearmor.sh ${{ steps.vars.outputs.tag }}

- name: Install Cosign
- name: Install Cosign
uses: sigstore/cosign-installer@main

- name: Get Image Digest
id: digest
run: |
run: |
echo "imagedigest=$(jq -r '.["containerimage.digest"]' kubearmor.json)" >> $GITHUB_OUTPUT
echo "initdigest=$(jq -r '.["containerimage.digest"]' kubearmor-init.json)" >> $GITHUB_OUTPUT
echo "ubidigest=$(jq -r '.["containerimage.digest"]' kubearmor-ubi.json)" >> $GITHUB_OUTPUT
Expand Down Expand Up @@ -207,7 +207,7 @@ jobs:
regctl image copy kubearmor/kubearmor:$STABLE_VERSION kubearmor/kubearmor:stable --digest-tags
regctl image copy kubearmor/kubearmor-ubi:$STABLE_VERSION kubearmor/kubearmor-ubi:stable --digest-tags
regctl image copy kubearmor/kubearmor-controller:$STABLE_VERSION kubearmor/kubearmor-controller:stable --digest-tags

kubearmor-controller-release:
name: Build & Push KubeArmorController
needs: check
Expand All @@ -223,7 +223,7 @@ jobs:
- uses: actions/setup-go@v5
with:
go-version-file: 'KubeArmor/go.mod'

- name: Set up QEMU
uses: docker/setup-qemu-action@v2

Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/ci-marketplace-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ on:
- "STABLE-RELEASE"
- ".github/workflows/ci-marketplace-release.yml"

# Declare default permissions as read only.
permissions: read-all

jobs:
certify-images-on-redhat:
runs-on: ubuntu-latest
Expand Down Expand Up @@ -249,4 +252,4 @@ jobs:

Assignees: @kubearmor/triagers

Refer the documentation [here](https://github.com/kubearmor/KubeArmor/wiki/Update-KubeArmor-Marketplace-Releases) for update listing instructions.
Refer the documentation [here](https://github.com/kubearmor/KubeArmor/wiki/Update-KubeArmor-Marketplace-Releases) for update listing instructions.
55 changes: 50 additions & 5 deletions .github/workflows/ci-systemd-release.yml
Original file line number Diff line number Diff line change
@@ -1,10 +1,19 @@
name: ci-systemd-release

on:
workflow_dispatch:
inputs:
tag:
description: "Release tag which has to be updated"
type: "string"
required: true
push:
tags:
- "*"

# Declare default permissions as read only.
permissions: read-all

jobs:
goreleaser:
runs-on: ubuntu-20.04
Expand All @@ -16,34 +25,70 @@ jobs:
- uses: actions/checkout@v3
with:
submodules: true
fetch-depth: 0

- uses: actions/setup-go@v5
with:
go-version-file: 'KubeArmor/go.mod'


- name: Install the latest LLVM toolchain
run: ./.github/workflows/install-llvm.sh

- name: Compile libbpf
run: ./.github/workflows/install-libbpf.sh

- name: Install Cosign
uses: sigstore/cosign-installer@main

- name: Install karmor
run: curl -sfL https://raw.githubusercontent.com/kubearmor/kubearmor-client/main/install.sh | sudo sh -s -- -b .
working-directory: KubeArmor

- name: Build KubeArmor object files
run: make
run: make
working-directory: KubeArmor/BPF


- name: Log in to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_AUTHTOK }}

- name: Get release tag
id: vars
run: |
cp KubeArmor/.goreleaser.yaml /tmp/.goreleaser.yaml
if [[ ${{ github.event_name }} == "workflow_dispatch" ]]; then
# checkout branch but use goreleaser config from latest
echo "Checking out tag: ${{ inputs.tag }}"
git checkout ${{ inputs.tag }}
echo "GORELEASER_CURRENT_TAG=${{ inputs.tag }}" >> $GITHUB_OUTPUT

REF=${{ inputs.tag }}
echo "tag=${REF#v}" >> $GITHUB_OUTPUT
else
REF=${GITHUB_REF#refs/*/}
echo "tag=${REF#v}" >> $GITHUB_OUTPUT
fi

- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v5
with:
distribution: goreleaser
version: v1.25.0
args: release --clean
args: release --config=/tmp/.goreleaser.yaml
workdir: KubeArmor
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GORELEASER_CURRENT_TAG: ${{ steps.vars.outputs.GORELEASER_CURRENT_TAG }}

- name: Setup ORAS
uses: oras-project/setup-oras@v1
with:
version: 1.0.0

- name: Publish release artifacts to Dockerhub
working-directory: KubeArmor/dist
run: |
oras push docker.io/kubearmor/kubearmor-systemd:${{ steps.vars.outputs.tag }}_linux-amd64 kubearmor_${{ steps.vars.outputs.tag }}_linux-amd64.tar.gz
oras push docker.io/kubearmor/kubearmor-systemd:${{ steps.vars.outputs.tag }}_linux-arm64 kubearmor_${{ steps.vars.outputs.tag }}_linux-arm64.tar.gz
7 changes: 6 additions & 1 deletion KubeArmor/.goreleaser.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,11 @@ builds:
env:
- CGO_ENABLED=0

release:
replace_existing_artifacts: true
mode: replace
make_latest: false

signs:
- cmd: cosign
certificate: '${artifact}.cert'
Expand All @@ -22,7 +27,7 @@ signs:
- --yes
artifacts: all
output: true

archives:
- id: "kubearmor"
builds:
Expand Down
2 changes: 1 addition & 1 deletion KubeArmor/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ require (
k8s.io/apimachinery v0.29.0
k8s.io/client-go v0.29.0
k8s.io/cri-api v0.29.0
k8s.io/klog/v2 v2.120.0
k8s.io/utils v0.0.0-20240310230437-4693a0247e57
sigs.k8s.io/controller-runtime v0.15.3
)
Expand Down Expand Up @@ -130,7 +131,6 @@ require (
gotest.tools/v3 v3.4.0 // indirect
k8s.io/apiextensions-apiserver v0.29.0 // indirect
k8s.io/component-base v0.29.0 // indirect
k8s.io/klog/v2 v2.120.0 // indirect
k8s.io/kube-openapi v0.0.0-20240105020646-a37d4de58910 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
Expand Down
Loading