Update Strelka Docker Images #63
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Update Strelka Docker Images | |
on: | |
release: | |
types: [published] | |
jobs: | |
push_to_registry: | |
name: Build & Push to Registries | |
strategy: | |
matrix: | |
# GitHub doesn't have ARM runners so we must use BuildJet. QEMU emulation is too slow and will fail on the base | |
# build at least. We'll use BuildJet for AMD too because we can use a slightly faster runner for cheap, but | |
# this could be switched to ubuntu-latest if needed. | |
arch: [arm64, amd64] | |
include: | |
- arch: arm64 | |
runner: buildjet-4vcpu-ubuntu-2204-arm | |
- arch: amd64 | |
runner: buildjet-4vcpu-ubuntu-2204 | |
runs-on: ${{ matrix.runner }} | |
environment: production | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v2 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2.2.0 | |
continue-on-error: true | |
with: | |
role-to-assume: ${{ secrets.ECR_REPO_ROLE }} | |
role-duration-seconds: 7200 # 2 hours | |
aws-region: us-east-1 | |
- name: 2nd Attempt Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2.2.0 | |
if: ${{ env.AWS_ACCESS_KEY_ID == '' }} | |
with: | |
role-to-assume: ${{ secrets.ECR_REPO_ROLE }} | |
role-duration-seconds: 7200 # 2 hours | |
aws-region: us-east-1 | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Determine the version from the tag | |
id: get_ver | |
run: | | |
SEM_VER=$(echo "${{ github.ref }}" | grep -E -o "[0-9]+\.[0-9]+\.[0-9]*") | |
test -n "$SEM_VER" | |
echo "::set-output name=SEM_VER::$SEM_VER" | |
- name: Login to DockerHub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v1 | |
with: | |
driver: docker | |
- name: Build FrontEnd | |
uses: docker/build-push-action@v2 | |
with: | |
file: build/go/frontend/Dockerfile | |
context: . | |
platforms: linux/${{ matrix.arch }} | |
load: true | |
tags: | | |
sublimesec/strelka-frontend:${{ matrix.arch }}-${{ steps.get_ver.outputs.SEM_VER }} | |
${{ steps.login-ecr.outputs.registry }}/strelka-frontend:${{ matrix.arch }}-${{ steps.get_ver.outputs.SEM_VER }} | |
- name: Build BackEnd | |
uses: docker/build-push-action@v2 | |
with: | |
file: build/python/backend/Dockerfile | |
context: . | |
platforms: linux/${{ matrix.arch }} | |
load: true | |
tags: | | |
sublimesec/strelka-backend:${{ matrix.arch }}-${{ steps.get_ver.outputs.SEM_VER }} | |
${{ steps.login-ecr.outputs.registry }}/strelka-backend:${{ matrix.arch }}-${{ steps.get_ver.outputs.SEM_VER }} | |
- name: Build Manager | |
uses: docker/build-push-action@v2 | |
with: | |
file: build/go/manager/Dockerfile | |
context: . | |
platforms: linux/${{ matrix.arch }} | |
load: true | |
tags: | | |
sublimesec/strelka-manager:${{ matrix.arch }}-${{ steps.get_ver.outputs.SEM_VER }} | |
${{ steps.login-ecr.outputs.registry }}/strelka-manager:${{ matrix.arch }}-${{ steps.get_ver.outputs.SEM_VER }} | |
- name: Push FrontEnd | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
run: | | |
docker push --all-tags $ECR_REGISTRY/strelka-frontend | |
docker push --all-tags sublimesec/strelka-frontend | |
- name: Push BackEnd | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
run: | | |
docker push --all-tags $ECR_REGISTRY/strelka-backend | |
docker push --all-tags sublimesec/strelka-backend | |
- name: Push Manager | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
run: | | |
docker push --all-tags $ECR_REGISTRY/strelka-manager | |
docker push --all-tags sublimesec/strelka-manager | |
manifest_image: | |
name: Build Manifest Image and Push | |
needs: push_to_registry | |
runs-on: ubuntu-20.04 | |
environment: production | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2.2.0 | |
continue-on-error: true | |
with: | |
role-to-assume: ${{ secrets.ECR_REPO_ROLE }} | |
role-duration-seconds: 7200 # 2 hours | |
aws-region: us-east-1 | |
- name: 2nd Attempt Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2.2.0 | |
if: ${{ env.AWS_ACCESS_KEY_ID == '' }} | |
with: | |
role-to-assume: ${{ secrets.ECR_REPO_ROLE }} | |
role-duration-seconds: 7200 # 2 hours | |
aws-region: us-east-1 | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Login to DockerHub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Determine the version from the tag | |
id: get_ver | |
run: | | |
SEM_VER=$(echo "${{ github.ref }}" | grep -E -o "[0-9]+\.[0-9]+\.[0-9]*") | |
test -n "$SEM_VER" | |
echo "::set-output name=SEM_VER::$SEM_VER" | |
- name: Build and Push Final Manifests to ECR & DockerHub | |
env: | |
SEM_VER: ${{ steps.get_ver.outputs.SEM_VER }} | |
MINOR_VERSION: ${{ steps.get_ver.outputs.MINOR_VERSION }} | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
run: | | |
amd_tag=amd64-$SEM_VER | |
arm_tag=arm64-$SEM_VER | |
# Backend | |
docker_hub=sublimesec/strelka-backend | |
ecr=$ECR_REGISTRY/strelka-backend | |
docker manifest create $docker_hub:$SEM_VER \ | |
$docker_hub:$amd_tag \ | |
$docker_hub:$arm_tag | |
docker manifest create $ecr:$SEM_VER \ | |
$ecr:$amd_tag \ | |
$ecr:$arm_tag | |
docker manifest push $docker_hub:$SEM_VER | |
docker manifest push $ecr:$SEM_VER | |
# Frontend | |
docker_hub=sublimesec/strelka-frontend | |
ecr=$ECR_REGISTRY/strelka-frontend | |
docker manifest create $docker_hub:$SEM_VER \ | |
$docker_hub:$amd_tag \ | |
$docker_hub:$arm_tag | |
docker manifest create $ecr:$SEM_VER \ | |
$ecr:$amd_tag \ | |
$ecr:$arm_tag | |
docker manifest push $docker_hub:$SEM_VER | |
docker manifest push $ecr:$SEM_VER | |
# Manager | |
docker_hub=sublimesec/strelka-manager | |
ecr=$ECR_REGISTRY/strelka-manager | |
docker manifest create $docker_hub:$SEM_VER \ | |
$docker_hub:$amd_tag \ | |
$docker_hub:$arm_tag | |
docker manifest create $ecr:$SEM_VER \ | |
$ecr:$amd_tag \ | |
$ecr:$arm_tag | |
docker manifest push $docker_hub:$SEM_VER | |
docker manifest push $ecr:$SEM_VER | |
validate_x_region_replication: | |
name: Validate that ECR Images Have Propagated to All Regions | |
runs-on: ubuntu-latest | |
environment: production | |
permissions: | |
id-token: write | |
contents: read | |
needs: manifest_image | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v2 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2.2.0 | |
continue-on-error: true | |
with: | |
role-to-assume: ${{ secrets.ECR_REPO_ROLE }} | |
role-duration-seconds: 7200 # 2 hours | |
aws-region: us-east-1 | |
- name: 2nd Attempt Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2.2.0 | |
if: ${{ env.AWS_ACCESS_KEY_ID == '' }} | |
with: | |
role-to-assume: ${{ secrets.ECR_REPO_ROLE }} | |
role-duration-seconds: 7200 # 2 hours | |
aws-region: us-east-1 | |
- name: Validate All X-Region Replication | |
run: | | |
SEM_VER=$(echo "${{ github.ref }}" | grep -E -o "[0-9]+\.[0-9]+.[0-9]*") | |
.github/workflows/check_images_x_region.sh $SEM_VER | |
if [ $? != 0 ]; then | |
exit 1 | |
fi | |
- name: Slack Notification | |
uses: rtCamp/action-slack-notify@v2 | |
env: | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_Z_LOG_DOCKER_BUILDS }} | |
SLACK_TITLE: Strelka Images Updated |