fix(release): properly push images in oci registries

.github/workflows/build-drivers.yaml

@@ -37,7 +37,7 @@ jobs:
 
     steps:
       - name: Checkout Sysdig
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Download DriverKit
         run: |

.github/workflows/release-draft.yaml

@@ -180,8 +180,9 @@
         with:
           file: docker/sysdig/Dockerfile
           context: .
-          tags: ${{ env.SYSDIG_IMAGE_BASE }}:${{ env.BUILD_VERSION }}-draft
+          tags: ${{ env.SYSDIG_IMAGE_BASE }}:${{ env.BUILD_VERSION }}-${{ matrix.platform }}-draft
           push: true
+          provenance: false
           build-args:
             BUILD_VERSION=${{ env.BUILD_VERSION }}
 
@@ -215,10 +216,10 @@
         run: printenv PRIVATE_KEY | gpg --import -
 
       - name: Sign DEBs
         run: debsigs --sign=origin --default-key="${{ env.KEY_ID }}" *.deb
 
       - name: Sign RPMs
         run: rpm --define "_gpg_name ${{ env.KEY_ID }}" --define "_binary_filedigest_algorithm 8" --addsign *.rpm
 
       - name: Upload Signed Packages
         uses: actions/upload-artifact@v4

.github/workflows/release-final.yaml

@@ -31,15 +31,48 @@
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Publish final docker images
+      - name: Publish final docker images (amd64)
         uses: akhilerm/tag-push-action@v2.0.0
         with:
-          src: ${{ env.SYSDIG_IMAGE_BASE }}:${{ env.RELEASE }}-draft
+          src: ${{ env.SYSDIG_IMAGE_BASE }}:${{ env.RELEASE }}-amd64-draft
           dst: |
-            ${{ env.SYSDIG_IMAGE_BASE }}:${{ env.RELEASE }}
-            ${{ env.SYSDIG_IMAGE_BASE }}:latest
-            ${{ env.SYSDIG_DOCKERHUB_IMAGE_BASE }}:${{ env.RELEASE }}
-            ${{ env.SYSDIG_DOCKERHUB_IMAGE_BASE }}:latest
+            ${{ env.SYSDIG_IMAGE_BASE }}:${{ env.RELEASE }}-amd64
+            ${{ env.SYSDIG_IMAGE_BASE }}:latest-amd64
+            ${{ env.SYSDIG_DOCKERHUB_IMAGE_BASE }}:${{ env.RELEASE }}-amd64
+            ${{ env.SYSDIG_DOCKERHUB_IMAGE_BASE }}:latest-amd64
+
+      - name: Publish final docker images (aarch64)
+        uses: akhilerm/tag-push-action@v2.0.0
+        with:
+          src: ${{ env.SYSDIG_IMAGE_BASE }}:${{ env.RELEASE }}-aarch64-draft
+          dst: |
+            ${{ env.SYSDIG_IMAGE_BASE }}:${{ env.RELEASE }}-aarch64
+            ${{ env.SYSDIG_IMAGE_BASE }}:latest-aarch64
+            ${{ env.SYSDIG_DOCKERHUB_IMAGE_BASE }}:${{ env.RELEASE }}-aarch64
+            ${{ env.SYSDIG_DOCKERHUB_IMAGE_BASE }}:latest-aarch64
+
+      - name: Create latest manifest and push
+        run: |
+          docker manifest create \
+            ${{ env.SYSDIG_IMAGE_BASE }}:${{ env.RELEASE }} \
+            --amend ${{ env.SYSDIG_IMAGE_BASE }}:${{ env.RELEASE }}-amd64 \
+            --amend ${{ env.SYSDIG_IMAGE_BASE }}:${{ env.RELEASE }}-aarch64
+          docker manifest push ${{ env.SYSDIG_IMAGE_BASE }}:${{ env.RELEASE }}
+          docker manifest create \
+            ${{ env.SYSDIG_DOCKERHUB_IMAGE_BASE }}:${{ env.RELEASE }} \
+            --amend ${{ env.SYSDIG_DOCKERHUB_IMAGE_BASE }}:${{ env.RELEASE }}-amd64 \
+            --amend ${{ env.SYSDIG_DOCKERHUB_IMAGE_BASE }}:${{ env.RELEASE }}-aarch64
+          docker manifest push ${{ env.SYSDIG_DOCKERHUB_IMAGE_BASE }}:${{ env.RELEASE }}
+          docker manifest create \
+            ${{ env.SYSDIG_IMAGE_BASE }}:latest \
+            --amend ${{ env.SYSDIG_IMAGE_BASE }}:latest-amd64 \
+            --amend ${{ env.SYSDIG_IMAGE_BASE }}:latest-aarch64
+          docker manifest push ${{ env.SYSDIG_IMAGE_BASE }}:latest
+          docker manifest create \
+            ${{ env.SYSDIG_DOCKERHUB_IMAGE_BASE }}:latest \
+            --amend ${{ env.SYSDIG_DOCKERHUB_IMAGE_BASE }}:latest-amd64 \
+            --amend ${{ env.SYSDIG_DOCKERHUB_IMAGE_BASE }}:latest-aarch64
+          docker manifest push ${{ env.SYSDIG_DOCKERHUB_IMAGE_BASE }}:latest
 
   release-rpm:
     strategy:
@@ -83,12 +116,12 @@
           ./aws/install
 
       - name: Checkout Sysdig
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           path: sysdig
 
       - name: Create directories
         run: |
           mkdir -p $REPOSITORY_DIR
           mkdir -p $PACKAGES_DIR
 
@@ -149,12 +182,12 @@
           sudo apt-get update && sudo apt-get -y install dpkg-dev gpg
 
       - name: Checkout Sysdig
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           path: sysdig
 
       - name: Create directories
         run: |
           mkdir -p $REPOSITORY_DIR
           mkdir -p $PACKAGES_DIR
 
@@ -210,12 +243,12 @@
 
     steps:
       - name: Checkout Sysdig
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           path: sysdig
 
       - name: Create directories
         run: |
           mkdir -p $REPOSITORY_DIR
           mkdir -p $PACKAGES_DIR
 

docker/sysdig/Dockerfile

@@ -2,11 +2,11 @@ FROM registry.access.redhat.com/ubi8/ubi
 
 LABEL usage="docker run --rm -i -t --privileged --net=host -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /src:/src -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro -v /etc:/host/etc:ro --name NAME IMAGE"
 
-ARG BUILD_VERSION 0.1.1dev
-ENV BUILD_VERSION ${BUILD_VERSION}
+ARG BUILD_VERSION=0.1.1dev
+ENV BUILD_VERSION=${BUILD_VERSION}
 
-ENV HOST_ROOT /host
-ENV HOME /root
+ENV HOST_ROOT=/host
+ENV HOME=/root
 
 RUN yum -y install \
     make \