Skip to content

Update Strelka Docker Images #63

Update Strelka Docker Images

Update Strelka Docker Images #63

Workflow file for this run

name: Update Strelka Docker Images
on:
release:
types: [published]
jobs:
push_to_registry:
name: Build & Push to Registries
strategy:
matrix:
# GitHub doesn't have ARM runners so we must use BuildJet. QEMU emulation is too slow and will fail on the base
# build at least. We'll use BuildJet for AMD too because we can use a slightly faster runner for cheap, but
# this could be switched to ubuntu-latest if needed.
arch: [arm64, amd64]
include:
- arch: arm64
runner: buildjet-4vcpu-ubuntu-2204-arm
- arch: amd64
runner: buildjet-4vcpu-ubuntu-2204
runs-on: ${{ matrix.runner }}
environment: production
permissions:
id-token: write
contents: read
steps:
- name: Check out the repo
uses: actions/checkout@v2
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2.2.0
continue-on-error: true
with:
role-to-assume: ${{ secrets.ECR_REPO_ROLE }}
role-duration-seconds: 7200 # 2 hours
aws-region: us-east-1
- name: 2nd Attempt Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2.2.0
if: ${{ env.AWS_ACCESS_KEY_ID == '' }}
with:
role-to-assume: ${{ secrets.ECR_REPO_ROLE }}
role-duration-seconds: 7200 # 2 hours
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Determine the version from the tag
id: get_ver
run: |
SEM_VER=$(echo "${{ github.ref }}" | grep -E -o "[0-9]+\.[0-9]+\.[0-9]*")
test -n "$SEM_VER"
echo "::set-output name=SEM_VER::$SEM_VER"
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
with:
driver: docker
- name: Build FrontEnd
uses: docker/build-push-action@v2
with:
file: build/go/frontend/Dockerfile
context: .
platforms: linux/${{ matrix.arch }}
load: true
tags: |
sublimesec/strelka-frontend:${{ matrix.arch }}-${{ steps.get_ver.outputs.SEM_VER }}
${{ steps.login-ecr.outputs.registry }}/strelka-frontend:${{ matrix.arch }}-${{ steps.get_ver.outputs.SEM_VER }}
- name: Build BackEnd
uses: docker/build-push-action@v2
with:
file: build/python/backend/Dockerfile
context: .
platforms: linux/${{ matrix.arch }}
load: true
tags: |
sublimesec/strelka-backend:${{ matrix.arch }}-${{ steps.get_ver.outputs.SEM_VER }}
${{ steps.login-ecr.outputs.registry }}/strelka-backend:${{ matrix.arch }}-${{ steps.get_ver.outputs.SEM_VER }}
- name: Build Manager
uses: docker/build-push-action@v2
with:
file: build/go/manager/Dockerfile
context: .
platforms: linux/${{ matrix.arch }}
load: true
tags: |
sublimesec/strelka-manager:${{ matrix.arch }}-${{ steps.get_ver.outputs.SEM_VER }}
${{ steps.login-ecr.outputs.registry }}/strelka-manager:${{ matrix.arch }}-${{ steps.get_ver.outputs.SEM_VER }}
- name: Push FrontEnd
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
run: |
docker push --all-tags $ECR_REGISTRY/strelka-frontend
docker push --all-tags sublimesec/strelka-frontend
- name: Push BackEnd
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
run: |
docker push --all-tags $ECR_REGISTRY/strelka-backend
docker push --all-tags sublimesec/strelka-backend
- name: Push Manager
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
run: |
docker push --all-tags $ECR_REGISTRY/strelka-manager
docker push --all-tags sublimesec/strelka-manager
manifest_image:
name: Build Manifest Image and Push
needs: push_to_registry
runs-on: ubuntu-20.04
environment: production
permissions:
id-token: write
contents: read
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2.2.0
continue-on-error: true
with:
role-to-assume: ${{ secrets.ECR_REPO_ROLE }}
role-duration-seconds: 7200 # 2 hours
aws-region: us-east-1
- name: 2nd Attempt Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2.2.0
if: ${{ env.AWS_ACCESS_KEY_ID == '' }}
with:
role-to-assume: ${{ secrets.ECR_REPO_ROLE }}
role-duration-seconds: 7200 # 2 hours
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Determine the version from the tag
id: get_ver
run: |
SEM_VER=$(echo "${{ github.ref }}" | grep -E -o "[0-9]+\.[0-9]+\.[0-9]*")
test -n "$SEM_VER"
echo "::set-output name=SEM_VER::$SEM_VER"
- name: Build and Push Final Manifests to ECR & DockerHub
env:
SEM_VER: ${{ steps.get_ver.outputs.SEM_VER }}
MINOR_VERSION: ${{ steps.get_ver.outputs.MINOR_VERSION }}
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
run: |
amd_tag=amd64-$SEM_VER
arm_tag=arm64-$SEM_VER
# Backend
docker_hub=sublimesec/strelka-backend
ecr=$ECR_REGISTRY/strelka-backend
docker manifest create $docker_hub:$SEM_VER \
$docker_hub:$amd_tag \
$docker_hub:$arm_tag
docker manifest create $ecr:$SEM_VER \
$ecr:$amd_tag \
$ecr:$arm_tag
docker manifest push $docker_hub:$SEM_VER
docker manifest push $ecr:$SEM_VER
# Frontend
docker_hub=sublimesec/strelka-frontend
ecr=$ECR_REGISTRY/strelka-frontend
docker manifest create $docker_hub:$SEM_VER \
$docker_hub:$amd_tag \
$docker_hub:$arm_tag
docker manifest create $ecr:$SEM_VER \
$ecr:$amd_tag \
$ecr:$arm_tag
docker manifest push $docker_hub:$SEM_VER
docker manifest push $ecr:$SEM_VER
# Manager
docker_hub=sublimesec/strelka-manager
ecr=$ECR_REGISTRY/strelka-manager
docker manifest create $docker_hub:$SEM_VER \
$docker_hub:$amd_tag \
$docker_hub:$arm_tag
docker manifest create $ecr:$SEM_VER \
$ecr:$amd_tag \
$ecr:$arm_tag
docker manifest push $docker_hub:$SEM_VER
docker manifest push $ecr:$SEM_VER
validate_x_region_replication:
name: Validate that ECR Images Have Propagated to All Regions
runs-on: ubuntu-latest
environment: production
permissions:
id-token: write
contents: read
needs: manifest_image
steps:
- name: Check out the repo
uses: actions/checkout@v2
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2.2.0
continue-on-error: true
with:
role-to-assume: ${{ secrets.ECR_REPO_ROLE }}
role-duration-seconds: 7200 # 2 hours
aws-region: us-east-1
- name: 2nd Attempt Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2.2.0
if: ${{ env.AWS_ACCESS_KEY_ID == '' }}
with:
role-to-assume: ${{ secrets.ECR_REPO_ROLE }}
role-duration-seconds: 7200 # 2 hours
aws-region: us-east-1
- name: Validate All X-Region Replication
run: |
SEM_VER=$(echo "${{ github.ref }}" | grep -E -o "[0-9]+\.[0-9]+.[0-9]*")
.github/workflows/check_images_x_region.sh $SEM_VER
if [ $? != 0 ]; then
exit 1
fi
- name: Slack Notification
uses: rtCamp/action-slack-notify@v2
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_Z_LOG_DOCKER_BUILDS }}
SLACK_TITLE: Strelka Images Updated