Skip to content

Commit

Permalink
new(ci): add RC/prerelease support
Browse files Browse the repository at this point in the history
Signed-off-by: Luca Guerra <luca@guerra.sh>
  • Loading branch information
LucaGuerra committed May 5, 2023
1 parent f25c057 commit 4a65ed1
Show file tree
Hide file tree
Showing 3 changed files with 61 additions and 13 deletions.
41 changes: 39 additions & 2 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,45 @@ name: Release Packages and Docker images
on:
push:
tags:
- '[0-9]+.[0-9]+.[0-9]+'
- '[0-9]+.[0-9]+.[0-9]+' # final release
- '[0-9]+.[0-9]+.[0-9]+-*' # prerelease/RC

# Checks if any concurrent jobs is running for release CI and eventually cancel it.
concurrency:
group: ci-release
cancel-in-progress: true

jobs:
release-settings:
runs-on: ubuntu-latest
steps:
- name: Get latest release
uses: rez0n/actions-github-release@v2.0
id: latest_release
env:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.repository }}
type: "stable"

- name: Get settings for this release
id: get_settings
shell: python
run: |
import os
is_prerelease = '-' in '${{ github.ref_name }}'
# Safeguard: you need to both set "latest" in GH and not have suffixes to overwrite latest
is_latest = '${{ steps.latest_release.outputs.release }}' == '${{ github.ref_name }}' and not is_prerelease
bucket_suffix = '-dev' if is_prerelease else ''
with open(os.environ['GITHUB_OUTPUT'], 'a') as ofp:
print(f'is_latest={is_latest}'.lower(), file=ofp)
print(f'bucket_suffix={bucket_suffix}', file=ofp)
outputs:
is_latest: ${{ steps.get_settings.outputs.is_latest }}
bucket_suffix: ${{ steps.get_settings.outputs.bucket_suffix }}

build-packages:
uses: falcosecurity/falco/.github/workflows/reusable_build_packages.yaml@master
with:
Expand All @@ -26,6 +57,7 @@ jobs:
needs: [build-packages, build-packages-arm64]
uses: falcosecurity/falco/.github/workflows/reusable_publish_packages.yaml@master
with:
bucket_suffix: ${{ steps.get_settings.outputs.bucket_suffix }}
version: ${{ needs.build-packages.outputs.version }}
secrets: inherit

Expand All @@ -35,6 +67,8 @@ jobs:
uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master
with:
arch: x86_64
is_latest: ${{ needs.release-settings.outputs.is_latest == 'true' }}
bucket_suffix: ${{ steps.get_settings.outputs.bucket_suffix }}
version: ${{ needs.build-packages.outputs.version }}
secrets: inherit

Expand All @@ -43,11 +77,14 @@ jobs:
uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master
with:
arch: aarch64
is_latest: ${{ needs.release-settings.outputs.is_latest == 'true' }}
bucket_suffix: ${{ steps.get_settings.outputs.bucket_suffix }}
version: ${{ needs.build-packages.outputs.version }}
secrets: inherit

publish-docker:
needs: [build-docker, build-docker-arm64]
uses: falcosecurity/falco/.github/workflows/reusable_publish_docker.yaml@master
secrets: inherit

with:
is_latest: ${{ needs.release-settings.outputs.is_latest == 'true' }}
11 changes: 8 additions & 3 deletions .github/workflows/reusable_build_docker.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,11 @@ on:
description: 'Falco version extracted from userspace/falco/config_falco.h'
required: true
type: string
is_latest:
description: Update the latest tag with the new image
required: false
type: boolean
default: false

# Here we just build all docker images as tarballs,
# then we upload all the tarballs to be later downloaded by reusable_publish_docker workflow.
Expand Down Expand Up @@ -69,7 +74,7 @@ jobs:
outputs: type=docker,dest=/tmp/falco-driver-loader-${{ inputs.arch }}.tar

- name: Build no-driver latest image
if: ${{ github.ref_name != 'master' }}
if: ${{ inputs.is_latest }}
uses: docker/build-push-action@v3
with:
context: ${{ github.workspace }}/docker/no-driver/
Expand All @@ -84,7 +89,7 @@ jobs:
outputs: type=docker,dest=/tmp/falco-no-driver-latest-${{ inputs.arch }}.tar

- name: Build falco latest image
if: ${{ github.ref_name != 'master' }}
if: ${{ inputs.is_latest }}
uses: docker/build-push-action@v3
with:
context: ${{ github.workspace }}/docker/falco/
Expand All @@ -97,7 +102,7 @@ jobs:
outputs: type=docker,dest=/tmp/falco-latest-${{ inputs.arch }}.tar

- name: Build falco-driver-loader latest image
if: ${{ github.ref_name != 'master' }}
if: ${{ inputs.is_latest }}
uses: docker/build-push-action@v3
with:
context: ${{ github.workspace }}/docker/driver-loader/
Expand Down
22 changes: 14 additions & 8 deletions .github/workflows/reusable_publish_docker.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,12 @@
# This is a reusable workflow used by master and release CI
on:
workflow_call:
inputs:
is_latest:
description: Update the latest tag with the new image
required: false
type: boolean
default: false

permissions:
id-token: write
Expand Down Expand Up @@ -70,31 +76,31 @@ jobs:
push: true

- name: Create and push no-driver latest manifest
if: ${{ github.ref_name != 'master' }}
if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1
with:
inputs: falcosecurity/falco-no-driver:latest
images: falcosecurity/falco-no-driver:aarch64-latest,falcosecurity/falco-no-driver:x86_64-latest
push: true

- name: Create and push slim latest manifest
if: ${{ github.ref_name != 'master' }}
if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1
with:
inputs: falcosecurity/falco:latest-slim
images: falcosecurity/falco:aarch64-latest-slim,falcosecurity/falco:x86_64-latest-slim
push: true

- name: Create and push no-driver latest manifest for ecr
if: ${{ github.ref_name != 'master' }}
if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1
with:
inputs: public.ecr.aws/falcosecurity/falco-no-driver:latest
images: public.ecr.aws/falcosecurity/falco-no-driver:aarch64-latest,public.ecr.aws/falcosecurity/falco-no-driver:x86_64-latest
push: true

- name: Create and push slim latest manifest for ecr
if: ${{ github.ref_name != 'master' }}
if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1
with:
inputs: public.ecr.aws/falcosecurity/falco:latest-slim
Expand All @@ -116,15 +122,15 @@ jobs:
push: true

- name: Create and push falco latest manifest
if: ${{ github.ref_name != 'master' }}
if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1
with:
inputs: falcosecurity/falco:latest
images: falcosecurity/falco:aarch64-latest,falcosecurity/falco:x86_64-latest
push: true

- name: Create and push falco latest manifest for ecr
if: ${{ github.ref_name != 'master' }}
if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1
with:
inputs: public.ecr.aws/falcosecurity/falco:latest
Expand All @@ -146,15 +152,15 @@ jobs:
push: true

- name: Create and push falco-driver-loader latest manifest
if: ${{ github.ref_name != 'master' }}
if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1
with:
inputs: falcosecurity/falco-driver-loader:latest
images: falcosecurity/falco-driver-loader:aarch64-latest,falcosecurity/falco-driver-loader:x86_64-latest
push: true

- name: Create and push falco-driver-loader latest manifest for ecr
if: ${{ github.ref_name != 'master' }}
if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1
with:
inputs: public.ecr.aws/falcosecurity/falco-driver-loader:latest
Expand Down

0 comments on commit 4a65ed1

Please sign in to comment.