diff --git a/.github/workflows/dockers-agent-ngt-image.yml b/.github/workflows/dockers-agent-ngt-image.yml index 56ecde5842..5088e9897b 100755 --- a/.github/workflows/dockers-agent-ngt-image.yml +++ b/.github/workflows/dockers-agent-ngt-image.yml @@ -42,50 +42,97 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 with: - fetch-depth: 10 - - name: Overwrite version name - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - - name: Build the Docker image - run: | - make docker/build/agent-ngt - env: - DOCKER_BUILDKIT: 1 - - name: login to DockerHub + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers (base) + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache-base + key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-base- + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-agent-ngt-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-agent-ngt- + - name: Login to DockerHub uses: docker/login-action@v1 with: username: ${{ secrets.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_PASS }} - - name: push to DockerHub (master) + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/agent-ngt` + base_platforms=`make docker/platforms` + echo "::set-env name=IMAGE_NAME::${image_name}" + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=BASE_PLATFORMS::${base_platforms}" + - name: Determine tag name (master) if: github.ref == 'refs/heads/master' run: | - imagename=`make docker/name/agent-ngt` - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly - - name: push to DockerHub (pull request) + echo "::set-env name=PRIMARY_TAG::nightly" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64,linux/arm64 + - name: Determine tag name (pull request) if: github.event_name == 'pull_request' run: | - imagename=`make docker/name/agent-ngt` pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - docker tag ${imagename} ${imagename}:pr-${pr_num} - docker push ${imagename}:pr-${pr_num} - - name: push to DockerHub (tags) + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "::set-env name=PRIMARY_TAG::pr-${pr_num}" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64 + - name: Determine tag name (tags) if: startsWith( github.ref, 'refs/tags/') - id: push_to_dockerhub_tags + id: determine_tag run: | - imagename=`make docker/name/agent-ngt` - docker push ${imagename}:latest tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - docker tag ${imagename} ${imagename}:${tag_name} - docker push ${imagename}:${tag_name} - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly - echo "::set-output name=IMAGE_NAME::${imagename}" echo "::set-output name=TAG_NAME::${tag_name}" + echo "::set-env name=PRIMARY_TAG::${tag_name}" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64,linux/arm64 + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/agent-ngt + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/agent-ngt + env: + DOCKER_BUILDKIT: 1 + BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -93,13 +140,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}" + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" format: 'table' - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}" + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" format: 'template' template: '@/contrib/sarif.tpl' output: 'trivy-results.sarif' diff --git a/.github/workflows/dockers-agent-sidecar-image.yml b/.github/workflows/dockers-agent-sidecar-image.yml index 98bfab4bee..303a12c77d 100644 --- a/.github/workflows/dockers-agent-sidecar-image.yml +++ b/.github/workflows/dockers-agent-sidecar-image.yml @@ -42,50 +42,97 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 with: - fetch-depth: 10 - - name: Overwrite version name - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - - name: Build the Docker image - run: | - make docker/build/agent-sidecar - env: - DOCKER_BUILDKIT: 1 - - name: login to DockerHub + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers (base) + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache-base + key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-base- + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-agent-sidecar-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-agent-sidecar- + - name: Login to DockerHub uses: docker/login-action@v1 with: username: ${{ secrets.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_PASS }} - - name: push to DockerHub (master) + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/agent-sidecar` + base_platforms=`make docker/platforms` + echo "::set-env name=IMAGE_NAME::${image_name}" + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=BASE_PLATFORMS::${base_platforms}" + - name: Determine tag name (master) if: github.ref == 'refs/heads/master' run: | - imagename=`make docker/name/agent-sidecar` - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly - - name: push to DockerHub (pull request) + echo "::set-env name=PRIMARY_TAG::nightly" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64,linux/arm64 + - name: Determine tag name (pull request) if: github.event_name == 'pull_request' run: | - imagename=`make docker/name/agent-sidecar` pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - docker tag ${imagename} ${imagename}:pr-${pr_num} - docker push ${imagename}:pr-${pr_num} - - name: push to DockerHub (tags) + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "::set-env name=PRIMARY_TAG::pr-${pr_num}" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64 + - name: Determine tag name (tags) if: startsWith( github.ref, 'refs/tags/') - id: push_to_dockerhub_tags + id: determine_tag run: | - imagename=`make docker/name/agent-sidecar` - docker push ${imagename}:latest tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - docker tag ${imagename} ${imagename}:${tag_name} - docker push ${imagename}:${tag_name} - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly - echo "::set-output name=IMAGE_NAME::${imagename}" echo "::set-output name=TAG_NAME::${tag_name}" + echo "::set-env name=PRIMARY_TAG::${tag_name}" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64,linux/arm64 + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/agent-sidecar + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/agent-sidecar + env: + DOCKER_BUILDKIT: 1 + BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -93,13 +140,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}" + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" format: 'table' - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}" + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" format: 'template' template: '@/contrib/sarif.tpl' output: 'trivy-results.sarif' diff --git a/.github/workflows/dockers-backup-manager-cassandra-image.yml b/.github/workflows/dockers-backup-manager-cassandra-image.yml index e9b1b11ac8..3162fbda64 100644 --- a/.github/workflows/dockers-backup-manager-cassandra-image.yml +++ b/.github/workflows/dockers-backup-manager-cassandra-image.yml @@ -44,50 +44,97 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 with: - fetch-depth: 10 - - name: Overwrite version name - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - - name: Build the Docker image - run: | - make docker/build/backup-manager-cassandra - env: - DOCKER_BUILDKIT: 1 - - name: login to DockerHub + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers (base) + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache-base + key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-base- + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-manager-backup-cassandra-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-manager-backup-cassandra- + - name: Login to DockerHub uses: docker/login-action@v1 with: username: ${{ secrets.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_PASS }} - - name: push to DockerHub (master) + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/backup-manager-cassandra` + base_platforms=`make docker/platforms` + echo "::set-env name=IMAGE_NAME::${image_name}" + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=BASE_PLATFORMS::${base_platforms}" + - name: Determine tag name (master) if: github.ref == 'refs/heads/master' run: | - imagename=`make docker/name/backup-manager-cassandra` - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly - - name: push to DockerHub (pull request) + echo "::set-env name=PRIMARY_TAG::nightly" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64,linux/arm64 + - name: Determine tag name (pull request) if: github.event_name == 'pull_request' run: | - imagename=`make docker/name/backup-manager-cassandra` pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - docker tag ${imagename} ${imagename}:pr-${pr_num} - docker push ${imagename}:pr-${pr_num} - - name: push to DockerHub (tags) + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "::set-env name=PRIMARY_TAG::pr-${pr_num}" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64 + - name: Determine tag name (tags) if: startsWith( github.ref, 'refs/tags/') - id: push_to_dockerhub_tags + id: determine_tag run: | - imagename=`make docker/name/backup-manager-cassandra` - docker push ${imagename}:latest tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - docker tag ${imagename} ${imagename}:${tag_name} - docker push ${imagename}:${tag_name} - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly - echo "::set-output name=IMAGE_NAME::${imagename}" echo "::set-output name=TAG_NAME::${tag_name}" + echo "::set-env name=PRIMARY_TAG::${tag_name}" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64,linux/arm64 + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/backup-manager-cassandra + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/backup-manager-cassandra + env: + DOCKER_BUILDKIT: 1 + BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -95,13 +142,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}" + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" format: 'table' - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}" + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" format: 'template' template: '@/contrib/sarif.tpl' output: 'trivy-results.sarif' diff --git a/.github/workflows/dockers-backup-manager-mysql-image.yml b/.github/workflows/dockers-backup-manager-mysql-image.yml index 9306f0667a..5bde4afa05 100644 --- a/.github/workflows/dockers-backup-manager-mysql-image.yml +++ b/.github/workflows/dockers-backup-manager-mysql-image.yml @@ -42,50 +42,97 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 with: - fetch-depth: 10 - - name: Overwrite version name - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - - name: Build the Docker image - run: | - make docker/build/backup-manager-mysql - env: - DOCKER_BUILDKIT: 1 - - name: login to DockerHub + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers (base) + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache-base + key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-base- + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-manager-backup-mysql-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-manager-backup-mysql- + - name: Login to DockerHub uses: docker/login-action@v1 with: username: ${{ secrets.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_PASS }} - - name: push to DockerHub (master) + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/backup-manager-mysql` + base_platforms=`make docker/platforms` + echo "::set-env name=IMAGE_NAME::${image_name}" + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=BASE_PLATFORMS::${base_platforms}" + - name: Determine tag name (master) if: github.ref == 'refs/heads/master' run: | - imagename=`make docker/name/backup-manager-mysql` - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly - - name: push to DockerHub (pull request) + echo "::set-env name=PRIMARY_TAG::nightly" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64,linux/arm64 + - name: Determine tag name (pull request) if: github.event_name == 'pull_request' run: | - imagename=`make docker/name/backup-manager-mysql` pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - docker tag ${imagename} ${imagename}:pr-${pr_num} - docker push ${imagename}:pr-${pr_num} - - name: push to DockerHub (tags) + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "::set-env name=PRIMARY_TAG::pr-${pr_num}" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64 + - name: Determine tag name (tags) if: startsWith( github.ref, 'refs/tags/') - id: push_to_dockerhub_tags + id: determine_tag run: | - imagename=`make docker/name/backup-manager-mysql` - docker push ${imagename}:latest tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - docker tag ${imagename} ${imagename}:${tag_name} - docker push ${imagename}:${tag_name} - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly - echo "::set-output name=IMAGE_NAME::${imagename}" echo "::set-output name=TAG_NAME::${tag_name}" + echo "::set-env name=PRIMARY_TAG::${tag_name}" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64,linux/arm64 + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/backup-manager-mysql + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/backup-manager-mysql + env: + DOCKER_BUILDKIT: 1 + BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -93,13 +140,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}" + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" format: 'table' - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}" + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" format: 'template' template: '@/contrib/sarif.tpl' output: 'trivy-results.sarif' diff --git a/.github/workflows/dockers-base-image.yml b/.github/workflows/dockers-base-image.yml index 7b04089fcc..6c19915d3d 100755 --- a/.github/workflows/dockers-base-image.yml +++ b/.github/workflows/dockers-base-image.yml @@ -19,39 +19,75 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 with: - fetch-depth: 10 - - name: Build the Docker image - run: | - make docker/build/base - env: - DOCKER_BUILDKIT: 1 - - name: login to DockerHub + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-base- + - name: Login to DockerHub uses: docker/login-action@v1 with: username: ${{ secrets.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_PASS }} - - name: push to DockerHub (master) + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/base` + base_platforms=`make docker/platforms` + echo "::set-env name=IMAGE_NAME::${image_name}" + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=BASE_PLATFORMS::${base_platforms}" + - name: Determine tag name (master) if: github.ref == 'refs/heads/master' run: | - imagename=`make docker/name/base` - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly - - name: push to DockerHub (pull request) + echo "::set-env name=PRIMARY_TAG::nightly" + - name: Determine tag name (pull request) if: github.event_name == 'pull_request' run: | - imagename=`make docker/name/base` pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - docker tag ${imagename} ${imagename}:pr-${pr_num} - docker push ${imagename}:pr-${pr_num} - - name: push to DockerHub (tags) + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "::set-env name=PRIMARY_TAG::pr-${pr_num}" + - name: Determine tag name (tags) if: startsWith( github.ref, 'refs/tags/') + id: determine_tag run: | - imagename=`make docker/name/base` - docker push ${imagename}:latest tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - docker tag ${imagename} ${imagename}:${tag_name} - docker push ${imagename}:${tag_name} - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly + echo "::set-output name=TAG_NAME::${tag_name}" + echo "::set-env name=PRIMARY_TAG::${tag_name}" + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS_BASE="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/base + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS_BASE="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/base + env: + DOCKER_BUILDKIT: 1 + PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" diff --git a/.github/workflows/dockers-ci-container-image.yml b/.github/workflows/dockers-ci-container-image.yml index e220cf0bed..524ae64d00 100644 --- a/.github/workflows/dockers-ci-container-image.yml +++ b/.github/workflows/dockers-ci-container-image.yml @@ -17,69 +17,86 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 with: - fetch-depth: 10 - - name: Build the Docker image - run: | - make docker/build/ci-container - env: - DOCKER_BUILDKIT: 1 - - name: Login to GitHub package registry + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers (base) + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache-base + key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-base- + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-ci-container-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-ci-container- + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_PASS }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name run: | - echo ${GITHUB_TOKEN} | docker login docker.pkg.github.com --username ${GITHUB_USER} --password-stdin - env: - GITHUB_USER: ${{ secrets.DISPATCH_USER }} - GITHUB_TOKEN: ${{ secrets.DISPATCH_TOKEN }} - - name: push to GitHub package registry (master) + image_name=`make docker/name/ci-container` + base_platforms=`make docker/platforms` + echo "::set-env name=IMAGE_NAME::${image_name}" + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=BASE_PLATFORMS::${base_platforms}" + - name: Determine tag name (master) if: github.ref == 'refs/heads/master' run: | - originname=`make docker/name/ci-container` - imagename=`make docker/name/ci-container | sed -e 's:vdaas:docker.pkg.github.com/vdaas/vald:'` - docker tag ${originname} ${imagename}:nightly - docker push ${imagename}:nightly - - name: push to GitHub package registry (pull request) + echo "::set-env name=PRIMARY_TAG::nightly" + - name: Determine tag name (pull request) if: github.event_name == 'pull_request' run: | - originname=`make docker/name/ci-container` - imagename=`make docker/name/ci-container | sed -e 's:vdaas:docker.pkg.github.com/vdaas/vald:'` pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - docker tag ${originname} ${imagename}:pr-${pr_num} - docker push ${imagename}:pr-${pr_num} - - name: push to GitHub package registry (tags) + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "::set-env name=PRIMARY_TAG::pr-${pr_num}" + - name: Determine tag name (tags) if: startsWith( github.ref, 'refs/tags/') + id: determine_tag run: | - originname=`make docker/name/ci-container` - imagename=`make docker/name/ci-container | sed -e 's:vdaas:docker.pkg.github.com/vdaas/vald:'` - docker tag ${originname} ${imagename}:latest - docker push ${imagename}:latest - tag_name=`cat $GITHUB_REF | sed -e 's:^refs/tags/::'` - docker tag ${originname} ${imagename}:${tag_name} - docker push ${imagename}:${tag_name} - - name: Login to DockerHub + tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` + echo "::set-output name=TAG_NAME::${tag_name}" + echo "::set-env name=PRIMARY_TAG::${tag_name}" + - name: Build and Push run: | - echo ${DOCKERHUB_PASS} | docker login --username ${DOCKERHUB_USER} --password-stdin + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/ci-container + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/ci-container env: - DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }} - DOCKERHUB_PASS: ${{ secrets.DOCKERHUB_PASS }} - - name: push to DockerHub (master) - if: github.ref == 'refs/heads/master' - run: | - imagename=`make docker/name/ci-container` - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly - - name: push to DockerHub (pull request) - if: github.event_name == 'pull_request' - run: | - imagename=`make docker/name/ci-container` - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - docker tag ${imagename} ${imagename}:pr-${pr_num} - docker push ${imagename}:pr-${pr_num} - - name: push to DockerHub (tags) - if: startsWith( github.ref, 'refs/tags/') - run: | - imagename=`make docker/name/ci-container` - docker push ${imagename}:latest - tag_name=`cat $GITHUB_REF | sed -e 's:^refs/tags/::'` - docker tag ${imagename} ${imagename}:${tag_name} - docker push ${imagename}:${tag_name} + DOCKER_BUILDKIT: 1 + PLATFORMS: linux/amd64 + BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" diff --git a/.github/workflows/dockers-dev-container-image.yml b/.github/workflows/dockers-dev-container-image.yml index 7ff7ee636f..153627a9a1 100644 --- a/.github/workflows/dockers-dev-container-image.yml +++ b/.github/workflows/dockers-dev-container-image.yml @@ -17,34 +17,86 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 with: - fetch-depth: 10 - - name: Build the Docker image - run: | - make docker/build/dev-container - - name: Login to GitHub package registry + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers (base) + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache-base + key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-base- + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-dev-container-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-dev-container- + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_PASS }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name run: | - echo ${GITHUB_TOKEN} | docker login docker.pkg.github.com --username ${GITHUB_USER} --password-stdin - env: - GITHUB_USER: ${{ secrets.DISPATCH_USER }} - GITHUB_TOKEN: ${{ secrets.DISPATCH_TOKEN }} - - name: push to GitHub package registry (master) + image_name=`make docker/name/dev-container` + base_platforms=`make docker/platforms` + echo "::set-env name=IMAGE_NAME::${image_name}" + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=BASE_PLATFORMS::${base_platforms}" + - name: Determine tag name (master) if: github.ref == 'refs/heads/master' run: | - originname=`make docker/name/dev-container` - imagename=`make docker/name/dev-container | sed -e 's:vdaas:docker.pkg.github.com/vdaas/vald:'` - docker tag ${originname} ${imagename}:nightly - docker push ${imagename}:nightly - - name: Login to DockerHub + echo "::set-env name=PRIMARY_TAG::nightly" + - name: Determine tag name (pull request) + if: github.event_name == 'pull_request' run: | - echo ${DOCKERHUB_PASS} | docker login --username ${DOCKERHUB_USER} --password-stdin - env: - DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }} - DOCKERHUB_PASS: ${{ secrets.DOCKERHUB_PASS }} - - name: push to DockerHub (master) - if: github.ref == 'refs/heads/master' + pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "::set-env name=PRIMARY_TAG::pr-${pr_num}" + - name: Determine tag name (tags) + if: startsWith( github.ref, 'refs/tags/') + id: determine_tag + run: | + tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` + echo "::set-output name=TAG_NAME::${tag_name}" + echo "::set-env name=PRIMARY_TAG::${tag_name}" + - name: Build and Push run: | - imagename=`make docker/name/dev-container` - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/dev-container + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/dev-container + env: + DOCKER_BUILDKIT: 1 + PLATFORMS: linux/amd64 + BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" diff --git a/.github/workflows/dockers-discoverer-k8s-image.yml b/.github/workflows/dockers-discoverer-k8s-image.yml index c750968cc4..81a412e2bc 100755 --- a/.github/workflows/dockers-discoverer-k8s-image.yml +++ b/.github/workflows/dockers-discoverer-k8s-image.yml @@ -38,50 +38,97 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 with: - fetch-depth: 10 - - name: Overwrite version name - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - - name: Build the Docker image - run: | - make docker/build/discoverer-k8s - env: - DOCKER_BUILDKIT: 1 - - name: login to DockerHub + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers (base) + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache-base + key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-base- + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-discoverer-k8s-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-discoverer-k8s- + - name: Login to DockerHub uses: docker/login-action@v1 with: username: ${{ secrets.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_PASS }} - - name: push to DockerHub (master) + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/discoverer-k8s` + base_platforms=`make docker/platforms` + echo "::set-env name=IMAGE_NAME::${image_name}" + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=BASE_PLATFORMS::${base_platforms}" + - name: Determine tag name (master) if: github.ref == 'refs/heads/master' run: | - imagename=`make docker/name/discoverer-k8s` - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly - - name: push to DockerHub (pull request) + echo "::set-env name=PRIMARY_TAG::nightly" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64,linux/arm64 + - name: Determine tag name (pull request) if: github.event_name == 'pull_request' run: | - imagename=`make docker/name/discoverer-k8s` pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - docker tag ${imagename} ${imagename}:pr-${pr_num} - docker push ${imagename}:pr-${pr_num} - - name: push to DockerHub (tags) + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "::set-env name=PRIMARY_TAG::pr-${pr_num}" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64 + - name: Determine tag name (tags) if: startsWith( github.ref, 'refs/tags/') - id: push_to_dockerhub_tags + id: determine_tag run: | - imagename=`make docker/name/discoverer-k8s` - docker push ${imagename}:latest tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - docker tag ${imagename} ${imagename}:${tag_name} - docker push ${imagename}:${tag_name} - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly - echo "::set-output name=IMAGE_NAME::${imagename}" echo "::set-output name=TAG_NAME::${tag_name}" + echo "::set-env name=PRIMARY_TAG::${tag_name}" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64,linux/arm64 + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/discoverer-k8s + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/discoverer-k8s + env: + DOCKER_BUILDKIT: 1 + BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -89,13 +136,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}" + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" format: 'table' - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}" + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" format: 'template' template: '@/contrib/sarif.tpl' output: 'trivy-results.sarif' diff --git a/.github/workflows/dockers-gateway-vald-image.yml b/.github/workflows/dockers-gateway-vald-image.yml index 87b8f271b6..53acc543d1 100755 --- a/.github/workflows/dockers-gateway-vald-image.yml +++ b/.github/workflows/dockers-gateway-vald-image.yml @@ -40,50 +40,97 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 with: - fetch-depth: 10 - - name: Overwrite version name - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - - name: Build the Docker image - run: | - make docker/build/gateway-vald - env: - DOCKER_BUILDKIT: 1 - - name: login to DockerHub + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers (base) + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache-base + key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-base- + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-gateway-vald-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-gateway-vald- + - name: Login to DockerHub uses: docker/login-action@v1 with: username: ${{ secrets.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_PASS }} - - name: push to DockerHub (master) + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/gateway-vald` + base_platforms=`make docker/platforms` + echo "::set-env name=IMAGE_NAME::${image_name}" + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=BASE_PLATFORMS::${base_platforms}" + - name: Determine tag name (master) if: github.ref == 'refs/heads/master' run: | - imagename=`make docker/name/gateway-vald` - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly - - name: push to DockerHub (pull request) + echo "::set-env name=PRIMARY_TAG::nightly" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64,linux/arm64 + - name: Determine tag name (pull request) if: github.event_name == 'pull_request' run: | - imagename=`make docker/name/gateway-vald` pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - docker tag ${imagename} ${imagename}:pr-${pr_num} - docker push ${imagename}:pr-${pr_num} - - name: push to DockerHub (tags) + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "::set-env name=PRIMARY_TAG::pr-${pr_num}" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64 + - name: Determine tag name (tags) if: startsWith( github.ref, 'refs/tags/') - id: push_to_dockerhub_tags + id: determine_tag run: | - imagename=`make docker/name/gateway-vald` - docker push ${imagename}:latest tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - docker tag ${imagename} ${imagename}:${tag_name} - docker push ${imagename}:${tag_name} - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly - echo "::set-output name=IMAGE_NAME::${imagename}" echo "::set-output name=TAG_NAME::${tag_name}" + echo "::set-env name=PRIMARY_TAG::${tag_name}" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64,linux/arm64 + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/gateway-vald + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/gateway-vald + env: + DOCKER_BUILDKIT: 1 + BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -91,13 +138,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}" + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" format: 'table' - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}" + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" format: 'template' template: '@/contrib/sarif.tpl' output: 'trivy-results.sarif' diff --git a/.github/workflows/dockers-helm-operator-image.yml b/.github/workflows/dockers-helm-operator-image.yml index 5d04d2b626..8fb6bc38bd 100755 --- a/.github/workflows/dockers-helm-operator-image.yml +++ b/.github/workflows/dockers-helm-operator-image.yml @@ -32,45 +32,97 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 with: - fetch-depth: 10 - - name: Build the Docker image - run: | - make docker/build/operator/helm - env: - DOCKER_BUILDKIT: 1 - - name: login to DockerHub + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers (base) + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache-base + key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-base- + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-helm-operator-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-helm-operator- + - name: Login to DockerHub uses: docker/login-action@v1 with: username: ${{ secrets.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_PASS }} - - name: push to DockerHub (master) + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/operator/helm` + base_platforms=`make docker/platforms` + echo "::set-env name=IMAGE_NAME::${image_name}" + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=BASE_PLATFORMS::${base_platforms}" + - name: Determine tag name (master) if: github.ref == 'refs/heads/master' run: | - imagename=`make docker/name/operator/helm` - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly - - name: push to DockerHub (pull request) + echo "::set-env name=PRIMARY_TAG::nightly" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64,linux/arm64 + - name: Determine tag name (pull request) if: github.event_name == 'pull_request' run: | - imagename=`make docker/name/operator/helm` pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - docker tag ${imagename} ${imagename}:pr-${pr_num} - docker push ${imagename}:pr-${pr_num} - - name: push to DockerHub (tags) + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "::set-env name=PRIMARY_TAG::pr-${pr_num}" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64,linux/arm64 + - name: Determine tag name (tags) if: startsWith( github.ref, 'refs/tags/') - id: push_to_dockerhub_tags + id: determine_tag run: | - imagename=`make docker/name/operator/helm` - docker push ${imagename}:latest tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - docker tag ${imagename} ${imagename}:${tag_name} - docker push ${imagename}:${tag_name} - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly - echo "::set-output name=IMAGE_NAME::${imagename}" echo "::set-output name=TAG_NAME::${tag_name}" + echo "::set-env name=PRIMARY_TAG::${tag_name}" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64,linux/arm64 + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/operator/helm + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/operator/helm + env: + DOCKER_BUILDKIT: 1 + BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -78,13 +130,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}" + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" format: 'table' - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}" + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" format: 'template' template: '@/contrib/sarif.tpl' output: 'trivy-results.sarif' diff --git a/.github/workflows/dockers-loadtest-image.yml b/.github/workflows/dockers-loadtest-image.yml index 0478298065..5011eb89b4 100755 --- a/.github/workflows/dockers-loadtest-image.yml +++ b/.github/workflows/dockers-loadtest-image.yml @@ -40,50 +40,89 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 with: - fetch-depth: 10 - - name: Overwrite version name - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - - name: Build the Docker image - run: | - make docker/build/loadtest - env: - DOCKER_BUILDKIT: 1 - - name: login to DockerHub + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers (base) + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache-base + key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-base- + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-loadtest-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-loadtest- + - name: Login to DockerHub uses: docker/login-action@v1 with: username: ${{ secrets.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_PASS }} - - name: push to DockerHub (master) + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/loadtest` + base_platforms=`make docker/platforms` + echo "::set-env name=IMAGE_NAME::${image_name}" + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=BASE_PLATFORMS::${base_platforms}" + - name: Determine tag name (master) if: github.ref == 'refs/heads/master' run: | - imagename=`make docker/name/loadtest` - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly - - name: push to DockerHub (pull request) + echo "::set-env name=PRIMARY_TAG::nightly" + - name: Determine tag name (pull request) if: github.event_name == 'pull_request' run: | - imagename=`make docker/name/loadtest` pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - docker tag ${imagename} ${imagename}:pr-${pr_num} - docker push ${imagename}:pr-${pr_num} - - name: push to DockerHub (tags) + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "::set-env name=PRIMARY_TAG::pr-${pr_num}" + - name: Determine tag name (tags) if: startsWith( github.ref, 'refs/tags/') - id: push_to_dockerhub_tags + id: determine_tag run: | - imagename=`make docker/name/loadtest` - docker push ${imagename}:latest tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - docker tag ${imagename} ${imagename}:${tag_name} - docker push ${imagename}:${tag_name} - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly - echo "::set-output name=IMAGE_NAME::${imagename}" echo "::set-output name=TAG_NAME::${tag_name}" + echo "::set-env name=PRIMARY_TAG::${tag_name}" + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/loadtest + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/loadtest + env: + DOCKER_BUILDKIT: 1 + PLATFORMS: linux/amd64 + BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -91,13 +130,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}" + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" format: 'table' - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}" + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" format: 'template' template: '@/contrib/sarif.tpl' output: 'trivy-results.sarif' diff --git a/.github/workflows/dockers-manager-compressor-image.yml b/.github/workflows/dockers-manager-compressor-image.yml index b216e22446..04c0a9c055 100644 --- a/.github/workflows/dockers-manager-compressor-image.yml +++ b/.github/workflows/dockers-manager-compressor-image.yml @@ -40,50 +40,97 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 with: - fetch-depth: 10 - - name: Overwrite version name - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - - name: Build the Docker image - run: | - make docker/build/manager-compressor - env: - DOCKER_BUILDKIT: 1 - - name: login to DockerHub + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers (base) + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache-base + key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-base- + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-manager-compressor-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-manager-compressor- + - name: Login to DockerHub uses: docker/login-action@v1 with: username: ${{ secrets.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_PASS }} - - name: push to DockerHub (master) + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/manager-compressor` + base_platforms=`make docker/platforms` + echo "::set-env name=IMAGE_NAME::${image_name}" + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=BASE_PLATFORMS::${base_platforms}" + - name: Determine tag name (master) if: github.ref == 'refs/heads/master' run: | - imagename=`make docker/name/manager-compressor` - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly - - name: push to DockerHub (pull request) + echo "::set-env name=PRIMARY_TAG::nightly" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64,linux/arm64 + - name: Determine tag name (pull request) if: github.event_name == 'pull_request' run: | - imagename=`make docker/name/manager-compressor` pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - docker tag ${imagename} ${imagename}:pr-${pr_num} - docker push ${imagename}:pr-${pr_num} - - name: push to DockerHub (tags) + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "::set-env name=PRIMARY_TAG::pr-${pr_num}" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64 + - name: Determine tag name (tags) if: startsWith( github.ref, 'refs/tags/') - id: push_to_dockerhub_tags + id: determine_tag run: | - imagename=`make docker/name/manager-compressor` - docker push ${imagename}:latest tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - docker tag ${imagename} ${imagename}:${tag_name} - docker push ${imagename}:${tag_name} - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly - echo "::set-output name=IMAGE_NAME::${imagename}" echo "::set-output name=TAG_NAME::${tag_name}" + echo "::set-env name=PRIMARY_TAG::${tag_name}" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64,linux/arm64 + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/manager-compressor + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/manager-compressor + env: + DOCKER_BUILDKIT: 1 + BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -91,13 +138,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}" + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" format: 'table' - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}" + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" format: 'template' template: '@/contrib/sarif.tpl' output: 'trivy-results.sarif' diff --git a/.github/workflows/dockers-manager-index-image.yml b/.github/workflows/dockers-manager-index-image.yml index b791470985..adb537c516 100644 --- a/.github/workflows/dockers-manager-index-image.yml +++ b/.github/workflows/dockers-manager-index-image.yml @@ -40,50 +40,97 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 with: - fetch-depth: 10 - - name: Overwrite version name - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - - name: Build the Docker image - run: | - make docker/build/manager-index - env: - DOCKER_BUILDKIT: 1 - - name: login to DockerHub + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers (base) + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache-base + key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-base- + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-manager-index-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-manager-index- + - name: Login to DockerHub uses: docker/login-action@v1 with: username: ${{ secrets.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_PASS }} - - name: push to DockerHub (master) + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/manager-index` + base_platforms=`make docker/platforms` + echo "::set-env name=IMAGE_NAME::${image_name}" + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=BASE_PLATFORMS::${base_platforms}" + - name: Determine tag name (master) if: github.ref == 'refs/heads/master' run: | - imagename=`make docker/name/manager-index` - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly - - name: push to DockerHub (pull request) + echo "::set-env name=PRIMARY_TAG::nightly" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64,linux/arm64 + - name: Determine tag name (pull request) if: github.event_name == 'pull_request' run: | - imagename=`make docker/name/manager-index` pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - docker tag ${imagename} ${imagename}:pr-${pr_num} - docker push ${imagename}:pr-${pr_num} - - name: push to DockerHub (tags) + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "::set-env name=PRIMARY_TAG::pr-${pr_num}" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64 + - name: Determine tag name (tags) if: startsWith( github.ref, 'refs/tags/') - id: push_to_dockerhub_tags + id: determine_tag run: | - imagename=`make docker/name/manager-index` - docker push ${imagename}:latest tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - docker tag ${imagename} ${imagename}:${tag_name} - docker push ${imagename}:${tag_name} - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly - echo "::set-output name=IMAGE_NAME::${imagename}" echo "::set-output name=TAG_NAME::${tag_name}" + echo "::set-env name=PRIMARY_TAG::${tag_name}" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64,linux/arm64 + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/manager-index + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/manager-index + env: + DOCKER_BUILDKIT: 1 + BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -91,13 +138,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}" + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" format: 'table' - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}" + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" format: 'template' template: '@/contrib/sarif.tpl' output: 'trivy-results.sarif' diff --git a/.github/workflows/dockers-meta-cassandra-image.yml b/.github/workflows/dockers-meta-cassandra-image.yml index a7939e94c0..972197c2bc 100644 --- a/.github/workflows/dockers-meta-cassandra-image.yml +++ b/.github/workflows/dockers-meta-cassandra-image.yml @@ -42,50 +42,97 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 with: - fetch-depth: 10 - - name: Overwrite version name - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - - name: Build the Docker image - run: | - make docker/build/meta-cassandra - env: - DOCKER_BUILDKIT: 1 - - name: login to DockerHub + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers (base) + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache-base + key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-base- + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-meta-cassandra-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-meta-cassandra- + - name: Login to DockerHub uses: docker/login-action@v1 with: username: ${{ secrets.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_PASS }} - - name: push to DockerHub (master) + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/meta-cassandra` + base_platforms=`make docker/platforms` + echo "::set-env name=IMAGE_NAME::${image_name}" + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=BASE_PLATFORMS::${base_platforms}" + - name: Determine tag name (master) if: github.ref == 'refs/heads/master' run: | - imagename=`make docker/name/meta-cassandra` - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly - - name: push to DockerHub (pull request) + echo "::set-env name=PRIMARY_TAG::nightly" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64,linux/arm64 + - name: Determine tag name (pull request) if: github.event_name == 'pull_request' run: | - imagename=`make docker/name/meta-cassandra` pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - docker tag ${imagename} ${imagename}:pr-${pr_num} - docker push ${imagename}:pr-${pr_num} - - name: push to DockerHub (tags) + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "::set-env name=PRIMARY_TAG::pr-${pr_num}" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64 + - name: Determine tag name (tags) if: startsWith( github.ref, 'refs/tags/') - id: push_to_dockerhub_tags + id: determine_tag run: | - imagename=`make docker/name/meta-cassandra` - docker push ${imagename}:latest tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - docker tag ${imagename} ${imagename}:${tag_name} - docker push ${imagename}:${tag_name} - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly - echo "::set-output name=IMAGE_NAME::${imagename}" echo "::set-output name=TAG_NAME::${tag_name}" + echo "::set-env name=PRIMARY_TAG::${tag_name}" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64,linux/arm64 + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/meta-cassandra + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/meta-cassandra + env: + DOCKER_BUILDKIT: 1 + BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -93,13 +140,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}" + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" format: 'table' - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}" + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" format: 'template' template: '@/contrib/sarif.tpl' output: 'trivy-results.sarif' diff --git a/.github/workflows/dockers-meta-redis-image.yml b/.github/workflows/dockers-meta-redis-image.yml index 914a21d5a7..c261daa1a1 100755 --- a/.github/workflows/dockers-meta-redis-image.yml +++ b/.github/workflows/dockers-meta-redis-image.yml @@ -42,50 +42,97 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 with: - fetch-depth: 10 - - name: Overwrite version name - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - - name: Build the Docker image - run: | - make docker/build/meta-redis - env: - DOCKER_BUILDKIT: 1 - - name: login to DockerHub + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers (base) + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache-base + key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-base- + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-meta-redis-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-meta-redis- + - name: Login to DockerHub uses: docker/login-action@v1 with: username: ${{ secrets.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_PASS }} - - name: push to DockerHub (master) + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/meta-redis` + base_platforms=`make docker/platforms` + echo "::set-env name=IMAGE_NAME::${image_name}" + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=BASE_PLATFORMS::${base_platforms}" + - name: Determine tag name (master) if: github.ref == 'refs/heads/master' run: | - imagename=`make docker/name/meta-redis` - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly - - name: push to DockerHub (pull request) + echo "::set-env name=PRIMARY_TAG::nightly" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64,linux/arm64 + - name: Determine tag name (pull request) if: github.event_name == 'pull_request' run: | - imagename=`make docker/name/meta-redis` pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - docker tag ${imagename} ${imagename}:pr-${pr_num} - docker push ${imagename}:pr-${pr_num} - - name: push to DockerHub (tags) + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "::set-env name=PRIMARY_TAG::pr-${pr_num}" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64 + - name: Determine tag name (tags) if: startsWith( github.ref, 'refs/tags/') - id: push_to_dockerhub_tags + id: determine_tag run: | - imagename=`make docker/name/meta-redis` - docker push ${imagename}:latest tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - docker tag ${imagename} ${imagename}:${tag_name} - docker push ${imagename}:${tag_name} - docker tag ${imagename} ${imagename}:nightly - docker push ${imagename}:nightly - echo "::set-output name=IMAGE_NAME::${imagename}" echo "::set-output name=TAG_NAME::${tag_name}" + echo "::set-env name=PRIMARY_TAG::${tag_name}" + echo "::set-env name=PLATFORMS::${PLATFORMS}" + env: + PLATFORMS: linux/amd64,linux/arm64 + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/meta-redis + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/meta-redis + env: + DOCKER_BUILDKIT: 1 + BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -93,13 +140,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}" + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" format: 'table' - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}" + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" format: 'template' template: '@/contrib/sarif.tpl' output: 'trivy-results.sarif' diff --git a/.github/workflows/e2e-deploy.yml b/.github/workflows/e2e-deploy.yml index 5cdba5cfe2..8e2edc36c3 100644 --- a/.github/workflows/e2e-deploy.yml +++ b/.github/workflows/e2e-deploy.yml @@ -11,7 +11,7 @@ jobs: e2e-deploy: name: e2e deploy test runs-on: ubuntu-latest - timeout-minutes: 30 + timeout-minutes: 45 steps: - uses: actions/checkout@v1 - name: wait for dockers diff --git a/Makefile b/Makefile index 05a5c48444..1513896bc8 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ REPO ?= vdaas NAME = vald GOPKG = github.com/$(REPO)/$(NAME) DATETIME = $(eval DATETIME := $(shell date -u +%Y/%m/%d_%H:%M:%S%z))$(DATETIME) -TAG = $(eval TAG := $(shell date -u +%Y%m%d-%H%M%S))$(TAG) +TAG ?= latest BASE_IMAGE = $(NAME)-base AGENT_IMAGE = $(NAME)-agent-ngt AGENT_SIDECAR_IMAGE = $(NAME)-agent-sidecar @@ -87,8 +87,19 @@ PBGOS = $(PROTOS:apis/proto/%.proto=apis/grpc/%.pb.go) SWAGGERS = $(PROTOS:apis/proto/%.proto=apis/swagger/%.swagger.json) PBDOCS = apis/docs/docs.md +ifeq ($(GOARCH),amd64) CFLAGS ?= -mno-avx512f -mno-avx512dq -mno-avx512cd -mno-avx512bw -mno-avx512vl CXXFLAGS ?= $(CFLAGS) +EXTLDFLAGS ?= -m64 +else ifeq ($(GOARCH),arm64) +CFLAGS ?= +CXXFLAGS ?= $(CFLAGS) +EXTLDFLAGS ?= -march=armv8-a +else +CFLAGS ?= +CXXFLAGS ?= $(CFLAGS) +EXTLDFLAGS ?= +endif BENCH_DATASET_MD5S := $(eval BENCH_DATASET_MD5S := $(shell find $(BENCH_DATASET_MD5_DIR) -type f -regex ".*\.md5"))$(BENCH_DATASET_MD5S) BENCH_DATASETS = $(BENCH_DATASET_MD5S:$(BENCH_DATASET_MD5_DIR)/%.md5=$(BENCH_DATASET_HDF5_DIR)/%.hdf5) @@ -186,6 +197,10 @@ GO_SOURCES_INTERNAL = $(eval GO_SOURCES_INTERNAL := $(shell find \ GO_TEST_SOURCES = $(GO_SOURCES:%.go=%_test.go) GO_OPTION_TEST_SOURCES = $(GO_OPTION_SOURCES:%.go=%_test.go) +DOCKER ?= docker +DOCKER_OPTS ?= +DOCKER_OPTS_BASE ?= + DISTROLESS_IMAGE ?= gcr.io/distroless/static DISTROLESS_IMAGE_TAG ?= nonroot UPX_OPTIONS ?= -9 diff --git a/Makefile.d/build.mk b/Makefile.d/build.mk index 80a6be0cbe..0a76e4b959 100644 --- a/Makefile.d/build.mk +++ b/Makefile.d/build.mk @@ -43,7 +43,7 @@ cmd/agent/core/ngt/ngt: \ && export GO111MODULE=on \ && go build \ --ldflags "-s -w -linkmode 'external' \ - -extldflags '-static -fPIC -m64 -pthread -fopenmp -std=c++17 -lstdc++ -lm' \ + -extldflags '-static -fPIC -pthread -fopenmp -std=c++17 -lstdc++ -lm $(EXTLDFLAGS)' \ -X '$(GOPKG)/internal/info.Version=$(VERSION)' \ -X '$(GOPKG)/internal/info.GitCommit=$(GIT_COMMIT)' \ -X '$(GOPKG)/internal/info.BuildTime=$(DATETIME)' \ diff --git a/Makefile.d/docker.mk b/Makefile.d/docker.mk index bfe45573ed..a579e54591 100644 --- a/Makefile.d/docker.mk +++ b/Makefile.d/docker.mk @@ -29,6 +29,10 @@ docker/build: \ docker/build/manager-index \ docker/build/helm-operator +.PHONY: docker/platforms +docker/platforms: + @echo "linux/amd64,linux/arm64" + .PHONY: docker/name/base docker/name/base: @echo "$(REPO)/$(BASE_IMAGE)" @@ -36,7 +40,11 @@ docker/name/base: .PHONY: docker/build/base ## build base image docker/build/base: - docker build -f dockers/base/Dockerfile -t $(REPO)/$(BASE_IMAGE) . + $(DOCKER) build \ + $(DOCKER_OPTS_BASE) \ + -f dockers/base/Dockerfile \ + -t $(REPO)/$(BASE_IMAGE):$(TAG) . \ + --build-arg GO_VERSION=$(GO_VERSION) .PHONY: docker/name/agent-ngt docker/name/agent-ngt: @@ -45,9 +53,11 @@ docker/name/agent-ngt: .PHONY: docker/build/agent-ngt ## build agent-ngt image docker/build/agent-ngt: docker/build/base - docker build \ + $(DOCKER) build \ + $(DOCKER_OPTS) \ -f dockers/agent/core/ngt/Dockerfile \ - -t $(REPO)/$(AGENT_IMAGE) . \ + -t $(REPO)/$(AGENT_IMAGE):$(TAG) . \ + --build-arg BASE_TAG=$(TAG) \ --build-arg DISTROLESS_IMAGE=$(DISTROLESS_IMAGE) \ --build-arg DISTROLESS_IMAGE_TAG=$(DISTROLESS_IMAGE_TAG) \ --build-arg UPX_OPTIONS=$(UPX_OPTIONS) @@ -59,9 +69,11 @@ docker/name/agent-sidecar: .PHONY: docker/build/agent-sidecar ## build agent-sidecar image docker/build/agent-sidecar: docker/build/base - docker build \ + $(DOCKER) build \ + $(DOCKER_OPTS) \ -f dockers/agent/sidecar/Dockerfile \ - -t $(REPO)/$(AGENT_SIDECAR_IMAGE) . \ + -t $(REPO)/$(AGENT_SIDECAR_IMAGE):$(TAG) . \ + --build-arg BASE_TAG=$(TAG) \ --build-arg DISTROLESS_IMAGE=$(DISTROLESS_IMAGE) \ --build-arg DISTROLESS_IMAGE_TAG=$(DISTROLESS_IMAGE_TAG) \ --build-arg UPX_OPTIONS=$(UPX_OPTIONS) @@ -73,9 +85,11 @@ docker/name/discoverer-k8s: .PHONY: docker/build/discoverer-k8s ## build discoverer-k8s image docker/build/discoverer-k8s: docker/build/base - docker build \ + $(DOCKER) build \ + $(DOCKER_OPTS) \ -f dockers/discoverer/k8s/Dockerfile \ - -t $(REPO)/$(DISCOVERER_IMAGE) . \ + -t $(REPO)/$(DISCOVERER_IMAGE):$(TAG) . \ + --build-arg BASE_TAG=$(TAG) \ --build-arg DISTROLESS_IMAGE=$(DISTROLESS_IMAGE) \ --build-arg DISTROLESS_IMAGE_TAG=$(DISTROLESS_IMAGE_TAG) \ --build-arg UPX_OPTIONS=$(UPX_OPTIONS) @@ -87,9 +101,11 @@ docker/name/gateway-vald: .PHONY: docker/build/gateway-vald ## build gateway-vald image docker/build/gateway-vald: docker/build/base - docker build \ + $(DOCKER) build \ + $(DOCKER_OPTS) \ -f dockers/gateway/vald/Dockerfile \ - -t $(REPO)/$(GATEWAY_IMAGE) . \ + -t $(REPO)/$(GATEWAY_IMAGE):$(TAG) . \ + --build-arg BASE_TAG=$(TAG) \ --build-arg DISTROLESS_IMAGE=$(DISTROLESS_IMAGE) \ --build-arg DISTROLESS_IMAGE_TAG=$(DISTROLESS_IMAGE_TAG) \ --build-arg UPX_OPTIONS=$(UPX_OPTIONS) @@ -101,9 +117,11 @@ docker/name/meta-redis: .PHONY: docker/build/meta-redis ## build meta-redis image docker/build/meta-redis: docker/build/base - docker build \ + $(DOCKER) build \ + $(DOCKER_OPTS) \ -f dockers/meta/redis/Dockerfile \ - -t $(REPO)/$(META_REDIS_IMAGE) . \ + -t $(REPO)/$(META_REDIS_IMAGE):$(TAG) . \ + --build-arg BASE_TAG=$(TAG) \ --build-arg DISTROLESS_IMAGE=$(DISTROLESS_IMAGE) \ --build-arg DISTROLESS_IMAGE_TAG=$(DISTROLESS_IMAGE_TAG) \ --build-arg UPX_OPTIONS=$(UPX_OPTIONS) @@ -115,9 +133,11 @@ docker/name/meta-cassandra: .PHONY: docker/build/meta-cassandra ## build meta-cassandra image docker/build/meta-cassandra: docker/build/base - docker build \ + $(DOCKER) build \ + $(DOCKER_OPTS) \ -f dockers/meta/cassandra/Dockerfile \ - -t $(REPO)/$(META_CASSANDRA_IMAGE) . \ + -t $(REPO)/$(META_CASSANDRA_IMAGE):$(TAG) . \ + --build-arg BASE_TAG=$(TAG) \ --build-arg DISTROLESS_IMAGE=$(DISTROLESS_IMAGE) \ --build-arg DISTROLESS_IMAGE_TAG=$(DISTROLESS_IMAGE_TAG) \ --build-arg UPX_OPTIONS=$(UPX_OPTIONS) @@ -129,9 +149,11 @@ docker/name/backup-manager-mysql: .PHONY: docker/build/backup-manager-mysql ## build backup-manager-mysql image docker/build/backup-manager-mysql: docker/build/base - docker build \ + $(DOCKER) build \ + $(DOCKER_OPTS) \ -f dockers/manager/backup/mysql/Dockerfile \ - -t $(REPO)/$(MANAGER_BACKUP_MYSQL_IMAGE) . \ + -t $(REPO)/$(MANAGER_BACKUP_MYSQL_IMAGE):$(TAG) . \ + --build-arg BASE_TAG=$(TAG) \ --build-arg DISTROLESS_IMAGE=$(DISTROLESS_IMAGE) \ --build-arg DISTROLESS_IMAGE_TAG=$(DISTROLESS_IMAGE_TAG) \ --build-arg UPX_OPTIONS=$(UPX_OPTIONS) @@ -143,9 +165,11 @@ docker/name/backup-manager-cassandra: .PHONY: docker/build/backup-manager-cassandra ## build backup-manager-cassandra image docker/build/backup-manager-cassandra: docker/build/base - docker build \ + $(DOCKER) build \ + $(DOCKER_OPTS) \ -f dockers/manager/backup/cassandra/Dockerfile \ - -t $(REPO)/$(MANAGER_BACKUP_CASSANDRA_IMAGE) . \ + -t $(REPO)/$(MANAGER_BACKUP_CASSANDRA_IMAGE):$(TAG) . \ + --build-arg BASE_TAG=$(TAG) \ --build-arg DISTROLESS_IMAGE=$(DISTROLESS_IMAGE) \ --build-arg DISTROLESS_IMAGE_TAG=$(DISTROLESS_IMAGE_TAG) \ --build-arg UPX_OPTIONS=$(UPX_OPTIONS) @@ -157,9 +181,11 @@ docker/name/manager-compressor: .PHONY: docker/build/manager-compressor ## build manager-compressor image docker/build/manager-compressor: docker/build/base - docker build \ + $(DOCKER) build \ + $(DOCKER_OPTS) \ -f dockers/manager/compressor/Dockerfile \ - -t $(REPO)/$(MANAGER_COMPRESSOR_IMAGE) . \ + -t $(REPO)/$(MANAGER_COMPRESSOR_IMAGE):$(TAG) . \ + --build-arg BASE_TAG=$(TAG) \ --build-arg DISTROLESS_IMAGE=$(DISTROLESS_IMAGE) \ --build-arg DISTROLESS_IMAGE_TAG=$(DISTROLESS_IMAGE_TAG) \ --build-arg UPX_OPTIONS=$(UPX_OPTIONS) @@ -171,9 +197,11 @@ docker/name/manager-index: .PHONY: docker/build/manager-index ## build manager-index image docker/build/manager-index: docker/build/base - docker build \ + $(DOCKER) build \ + $(DOCKER_OPTS) \ -f dockers/manager/index/Dockerfile \ - -t $(REPO)/$(MANAGER_INDEX_IMAGE) . \ + -t $(REPO)/$(MANAGER_INDEX_IMAGE):$(TAG) . \ + --build-arg BASE_TAG=$(TAG) \ --build-arg DISTROLESS_IMAGE=$(DISTROLESS_IMAGE) \ --build-arg DISTROLESS_IMAGE_TAG=$(DISTROLESS_IMAGE_TAG) \ --build-arg UPX_OPTIONS=$(UPX_OPTIONS) @@ -185,7 +213,11 @@ docker/name/ci-container: .PHONY: docker/build/ci-container ## build ci-container image docker/build/ci-container: docker/build/base - docker build -f dockers/ci/base/Dockerfile -t $(REPO)/$(CI_CONTAINER_IMAGE) . + $(DOCKER) build \ + $(DOCKER_OPTS) \ + -f dockers/ci/base/Dockerfile \ + -t $(REPO)/$(CI_CONTAINER_IMAGE):$(TAG) . \ + --build-arg BASE_TAG=$(TAG) .PHONY: docker/name/dev-container docker/name/dev-container: @@ -194,7 +226,11 @@ docker/name/dev-container: .PHONY: docker/build/dev-container ## build dev-container image docker/build/dev-container: docker/build/ci-container - docker build -f dockers/dev/Dockerfile -t $(REPO)/$(DEV_CONTAINER_IMAGE) . + $(DOCKER) build \ + $(DOCKER_OPTS) \ + -f dockers/dev/Dockerfile \ + -t $(REPO)/$(DEV_CONTAINER_IMAGE):$(TAG) . \ + --build-arg BASE_TAG=$(TAG) .PHONY: docker/name/operator/helm docker/name/operator/helm: @@ -203,9 +239,10 @@ docker/name/operator/helm: .PHONY: docker/build/operator/helm ## build helm-operator image docker/build/operator/helm: - docker build \ + $(DOCKER) build \ + $(DOCKER_OPTS) \ -f dockers/operator/helm/Dockerfile \ - -t $(REPO)/$(HELM_OPERATOR_IMAGE) . \ + -t $(REPO)/$(HELM_OPERATOR_IMAGE):$(TAG) . \ --build-arg OPERATOR_SDK_VERSION=$(OPERATOR_SDK_VERSION) .PHONY: docker/name/loadtest @@ -215,4 +252,7 @@ docker/name/loadtest: .PHONY: docker/build/loadtest ## build loadtest image docker/build/loadtest: docker/build/base - docker build -f dockers/tools/cli/loadtest/Dockerfile -t $(REPO)/$(LOADTEST_IMAGE) . + $(DOCKER) build \ + $(DOCKER_OPTS) \ + -f dockers/tools/cli/loadtest/Dockerfile \ + -t $(REPO)/$(LOADTEST_IMAGE):$(TAG) . diff --git a/dockers/agent/core/ngt/Dockerfile b/dockers/agent/core/ngt/Dockerfile index fe5050d1a2..747a8c518d 100644 --- a/dockers/agent/core/ngt/Dockerfile +++ b/dockers/agent/core/ngt/Dockerfile @@ -14,11 +14,12 @@ # limitations under the License. # +ARG BASE_TAG=latest ARG DISTROLESS_IMAGE=gcr.io/distroless/static ARG DISTROLESS_IMAGE_TAG=nonroot ARG UPX_OPTIONS=-9 -FROM vdaas/vald-base:latest AS builder +FROM vdaas/vald-base:${BASE_TAG} AS builder ARG UPX_OPTIONS ENV ORG vdaas @@ -50,6 +51,8 @@ COPY Makefile.d . WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO} COPY Makefile . +RUN make ngt/install + COPY .git . RUN make REPO=${ORG} NAME=${REPO} cmd/${PKG}/${APP_NAME} \ diff --git a/dockers/agent/sidecar/Dockerfile b/dockers/agent/sidecar/Dockerfile index 373460da1f..746427fb58 100644 --- a/dockers/agent/sidecar/Dockerfile +++ b/dockers/agent/sidecar/Dockerfile @@ -14,11 +14,12 @@ # limitations under the License. # +ARG BASE_TAG=latest ARG DISTROLESS_IMAGE=gcr.io/distroless/static ARG DISTROLESS_IMAGE_TAG=nonroot ARG UPX_OPTIONS=-9 -FROM vdaas/vald-base:latest AS builder +FROM vdaas/vald-base:${BASE_TAG} AS builder ARG UPX_OPTIONS ENV ORG vdaas diff --git a/dockers/base/Dockerfile b/dockers/base/Dockerfile index 7f151302b9..819bee394e 100644 --- a/dockers/base/Dockerfile +++ b/dockers/base/Dockerfile @@ -13,6 +13,9 @@ # See the License for the specific language governing permissions and # limitations under the License. # +ARG GO_VERSION + +FROM golang:${GO_VERSION}-buster AS golang FROM ubuntu:devel AS builder @@ -22,6 +25,7 @@ ENV INITRD No ENV LANG en_US.UTF-8 ENV GOROOT /opt/go ENV GOPATH /go +ENV PATH ${PATH}:${GOROOT}/bin:${GOPATH}/bin RUN apt-get update && apt-get install -y --no-install-recommends \ ca-certificates \ @@ -36,14 +40,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* -WORKDIR /opt -COPY versions/GO_VERSION . -RUN export GO_VERSION="$(cat GO_VERSION)" \ - && curl -sSL -O "https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz" \ - && tar zxf "go${GO_VERSION}.linux-amd64.tar.gz" \ - && rm "go${GO_VERSION}.linux-amd64.tar.gz" \ - && ln -s /opt/go/bin/go /usr/bin/ \ - && mkdir $GOPATH +COPY --from=golang /usr/local/go $GOROOT +RUN mkdir $GOPATH WORKDIR ${GOPATH}/src/github.com/vdaas/vald diff --git a/dockers/ci/base/Dockerfile b/dockers/ci/base/Dockerfile index 983e88965b..d823dcb3b5 100644 --- a/dockers/ci/base/Dockerfile +++ b/dockers/ci/base/Dockerfile @@ -14,7 +14,9 @@ # limitations under the License. # -FROM vdaas/vald-base:latest AS builder +ARG BASE_TAG=latest + +FROM vdaas/vald-base:${BASE_TAG} AS builder ARG PROTOBUF_VERSION=3.13.0 ARG GOLANGCI_LINT_VERSION=v1.31.0 ARG REVIEWDOG_VERSION=v0.10.2 diff --git a/dockers/dev/Dockerfile b/dockers/dev/Dockerfile index 84dc8b3556..4db1bb598d 100644 --- a/dockers/dev/Dockerfile +++ b/dockers/dev/Dockerfile @@ -14,7 +14,9 @@ # limitations under the License. # -FROM vdaas/vald-ci-container:latest AS vald +ARG BASE_TAG=latest + +FROM vdaas/vald-ci-container:${BASE_TAG} AS vald FROM mcr.microsoft.com/vscode/devcontainers/go:1 AS base diff --git a/dockers/discoverer/k8s/Dockerfile b/dockers/discoverer/k8s/Dockerfile index 48297e9cb7..e30ef722ed 100644 --- a/dockers/discoverer/k8s/Dockerfile +++ b/dockers/discoverer/k8s/Dockerfile @@ -14,11 +14,12 @@ # limitations under the License. # +ARG BASE_TAG=latest ARG DISTROLESS_IMAGE=gcr.io/distroless/static ARG DISTROLESS_IMAGE_TAG=nonroot ARG UPX_OPTIONS=-9 -FROM vdaas/vald-base:latest AS builder +FROM vdaas/vald-base:${BASE_TAG} AS builder ARG UPX_OPTIONS ENV ORG vdaas diff --git a/dockers/gateway/vald/Dockerfile b/dockers/gateway/vald/Dockerfile index d45c873d86..45710bfbe2 100644 --- a/dockers/gateway/vald/Dockerfile +++ b/dockers/gateway/vald/Dockerfile @@ -14,11 +14,12 @@ # limitations under the License. # +ARG BASE_TAG=latest ARG DISTROLESS_IMAGE=gcr.io/distroless/static ARG DISTROLESS_IMAGE_TAG=nonroot ARG UPX_OPTIONS=-9 -FROM vdaas/vald-base:latest AS builder +FROM vdaas/vald-base:${BASE_TAG} AS builder ARG UPX_OPTIONS ENV ORG vdaas diff --git a/dockers/manager/backup/cassandra/Dockerfile b/dockers/manager/backup/cassandra/Dockerfile index d5a907f36f..9c43145615 100644 --- a/dockers/manager/backup/cassandra/Dockerfile +++ b/dockers/manager/backup/cassandra/Dockerfile @@ -14,11 +14,12 @@ # limitations under the License. # +ARG BASE_TAG=latest ARG DISTROLESS_IMAGE=gcr.io/distroless/static ARG DISTROLESS_IMAGE_TAG=nonroot ARG UPX_OPTIONS=-9 -FROM vdaas/vald-base:latest AS builder +FROM vdaas/vald-base:${BASE_TAG} AS builder ARG UPX_OPTIONS ENV ORG vdaas diff --git a/dockers/manager/backup/mysql/Dockerfile b/dockers/manager/backup/mysql/Dockerfile index bcacf04bfd..d6b4a8c93e 100644 --- a/dockers/manager/backup/mysql/Dockerfile +++ b/dockers/manager/backup/mysql/Dockerfile @@ -14,11 +14,12 @@ # limitations under the License. # +ARG BASE_TAG=latest ARG DISTROLESS_IMAGE=gcr.io/distroless/static ARG DISTROLESS_IMAGE_TAG=nonroot ARG UPX_OPTIONS=-9 -FROM vdaas/vald-base:latest AS builder +FROM vdaas/vald-base:${BASE_TAG} AS builder ARG UPX_OPTIONS ENV ORG vdaas diff --git a/dockers/manager/compressor/Dockerfile b/dockers/manager/compressor/Dockerfile index a7223bb05b..4a9cc93fa2 100644 --- a/dockers/manager/compressor/Dockerfile +++ b/dockers/manager/compressor/Dockerfile @@ -14,11 +14,12 @@ # limitations under the License. # +ARG BASE_TAG=latest ARG DISTROLESS_IMAGE=gcr.io/distroless/static ARG DISTROLESS_IMAGE_TAG=nonroot ARG UPX_OPTIONS=-9 -FROM vdaas/vald-base:latest AS builder +FROM vdaas/vald-base:${BASE_TAG} AS builder ARG UPX_OPTIONS ENV ORG vdaas diff --git a/dockers/manager/index/Dockerfile b/dockers/manager/index/Dockerfile index 4603697227..a8132e44b2 100644 --- a/dockers/manager/index/Dockerfile +++ b/dockers/manager/index/Dockerfile @@ -14,11 +14,12 @@ # limitations under the License. # +ARG BASE_TAG=latest ARG DISTROLESS_IMAGE=gcr.io/distroless/static ARG DISTROLESS_IMAGE_TAG=nonroot ARG UPX_OPTIONS=-9 -FROM vdaas/vald-base:latest AS builder +FROM vdaas/vald-base:${BASE_TAG} AS builder ARG UPX_OPTIONS ENV ORG vdaas diff --git a/dockers/meta/cassandra/Dockerfile b/dockers/meta/cassandra/Dockerfile index 6134e24553..fa950eb01f 100644 --- a/dockers/meta/cassandra/Dockerfile +++ b/dockers/meta/cassandra/Dockerfile @@ -14,11 +14,12 @@ # limitations under the License. # +ARG BASE_TAG=latest ARG DISTROLESS_IMAGE=gcr.io/distroless/static ARG DISTROLESS_IMAGE_TAG=nonroot ARG UPX_OPTIONS=-9 -FROM vdaas/vald-base:latest AS builder +FROM vdaas/vald-base:${BASE_TAG} AS builder ARG UPX_OPTIONS ENV ORG vdaas diff --git a/dockers/meta/redis/Dockerfile b/dockers/meta/redis/Dockerfile index 1cff3b90f2..0161b0ed42 100644 --- a/dockers/meta/redis/Dockerfile +++ b/dockers/meta/redis/Dockerfile @@ -14,11 +14,12 @@ # limitations under the License. # +ARG BASE_TAG=latest ARG DISTROLESS_IMAGE=gcr.io/distroless/static ARG DISTROLESS_IMAGE_TAG=nonroot ARG UPX_OPTIONS=-9 -FROM vdaas/vald-base:latest AS builder +FROM vdaas/vald-base:${BASE_TAG} AS builder ARG UPX_OPTIONS ENV ORG vdaas diff --git a/dockers/operator/helm/Dockerfile b/dockers/operator/helm/Dockerfile index ed6a71478d..531e7f754e 100644 --- a/dockers/operator/helm/Dockerfile +++ b/dockers/operator/helm/Dockerfile @@ -19,12 +19,13 @@ ARG GROUP="vald.vdaas.org" ARG VALD_KIND="ValdRelease" ARG VALD_HELM_OPERATOR_KIND="ValdHelmOperatorRelease" -FROM vdaas/vald-base:latest AS builder +FROM ubuntu:devel AS builder ARG OPERATOR_SDK_VERSION ARG VERSION ARG GROUP ARG VALD_KIND ARG VALD_HELM_OPERATOR_KIND + RUN { \ echo "---"; \ echo "- version: ${VERSION}"; \ @@ -40,6 +41,7 @@ RUN { \ FROM quay.io/operator-framework/helm-operator:${OPERATOR_SDK_VERSION} LABEL maintainer "Vald team " +COPY --from=builder /tmp/watches.yaml ${HOME}/watches.yaml + COPY charts/vald ${HOME}/helm-charts/vald COPY charts/vald-helm-operator ${HOME}/helm-charts/vald-helm-operator -COPY --from=builder /tmp/watches.yaml ${HOME}/watches.yaml