Skip to content

Commit

Permalink
Merge pull request #1764 from DelusionalOptimist/oci-artifacts
Browse files Browse the repository at this point in the history
chore(CI): publish KubeArmor tars to dockerhub
  • Loading branch information
daemon1024 authored May 23, 2024
2 parents ae5ff26 + 25655e8 commit d9522a9
Show file tree
Hide file tree
Showing 6 changed files with 69 additions and 16 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/ci-latest-helm-chart-release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ permissions: read-all
jobs:
publish-chart:
name: Update Stable Helm Chart With Latest Changes
if: ${{ (github.repository == 'kubearmor/kubearmor') && (!contains(github.event.head_commit.message, '[skip ci]')) }}
if: ${{ (github.repository == 'kubearmor/kubearmor') }}
runs-on: ubuntu-20.04
permissions:
contents: write
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/ci-latest-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ jobs:
if: github.repository == 'kubearmor/kubearmor' && (needs.check.outputs.kubearmor == 'true' || ${{ github.ref }} != 'refs/heads/main')
runs-on: ubuntu-latest-16-cores
permissions:
id-token: write
id-token: write
timeout-minutes: 120
steps:
- uses: actions/checkout@v3
Expand Down Expand Up @@ -81,7 +81,7 @@ jobs:
run: |
make docker-build TAG=${{ steps.vars.outputs.tag }}
- name: deploy pre existing pod
- name: deploy pre existing pod
run: |
kubectl apply -f ./tests/k8s_env/ksp/pre-run-pod.yaml
sleep 60
Expand All @@ -93,7 +93,7 @@ jobs:
docker save kubearmor/kubearmor:${{ steps.vars.outputs.tag }} | sudo k3s ctr images import -
docker save kubearmor/kubearmor-operator:${{ steps.vars.outputs.tag }} | sudo k3s ctr images import -
docker save kubearmor/kubearmor-snitch:${{ steps.vars.outputs.tag }} | sudo k3s ctr images import -
helm upgrade --install kubearmor-operator ./deployments/helm/KubeArmorOperator -n kubearmor --create-namespace --set kubearmorOperator.image.tag=${{ steps.vars.outputs.tag }}
kubectl wait --for=condition=ready --timeout=5m -n kubearmor pod -l kubearmor-app=kubearmor-operator
kubectl get pods -A
Expand Down Expand Up @@ -145,12 +145,12 @@ jobs:
- name: Push KubeArmor images to Docker
run: GITHUB_SHA=$GITHUB_SHA ./KubeArmor/build/push_kubearmor.sh ${{ steps.vars.outputs.tag }}

- name: Install Cosign
- name: Install Cosign
uses: sigstore/cosign-installer@main

- name: Get Image Digest
id: digest
run: |
run: |
echo "imagedigest=$(jq -r '.["containerimage.digest"]' kubearmor.json)" >> $GITHUB_OUTPUT
echo "initdigest=$(jq -r '.["containerimage.digest"]' kubearmor-init.json)" >> $GITHUB_OUTPUT
echo "ubidigest=$(jq -r '.["containerimage.digest"]' kubearmor-ubi.json)" >> $GITHUB_OUTPUT
Expand Down Expand Up @@ -207,7 +207,7 @@ jobs:
regctl image copy kubearmor/kubearmor:$STABLE_VERSION kubearmor/kubearmor:stable --digest-tags
regctl image copy kubearmor/kubearmor-ubi:$STABLE_VERSION kubearmor/kubearmor-ubi:stable --digest-tags
regctl image copy kubearmor/kubearmor-controller:$STABLE_VERSION kubearmor/kubearmor-controller:stable --digest-tags
kubearmor-controller-release:
name: Build & Push KubeArmorController
needs: check
Expand All @@ -223,7 +223,7 @@ jobs:
- uses: actions/setup-go@v5
with:
go-version-file: 'KubeArmor/go.mod'

- name: Set up QEMU
uses: docker/setup-qemu-action@v2

Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/ci-marketplace-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ on:
- "STABLE-RELEASE"
- ".github/workflows/ci-marketplace-release.yml"

# Declare default permissions as read only.
permissions: read-all

jobs:
certify-images-on-redhat:
runs-on: ubuntu-latest
Expand Down Expand Up @@ -249,4 +252,4 @@ jobs:
Assignees: @kubearmor/triagers
Refer the documentation [here](https://github.com/kubearmor/KubeArmor/wiki/Update-KubeArmor-Marketplace-Releases) for update listing instructions.
Refer the documentation [here](https://github.com/kubearmor/KubeArmor/wiki/Update-KubeArmor-Marketplace-Releases) for update listing instructions.
55 changes: 50 additions & 5 deletions .github/workflows/ci-systemd-release.yml
Original file line number Diff line number Diff line change
@@ -1,10 +1,19 @@
name: ci-systemd-release

on:
workflow_dispatch:
inputs:
tag:
description: "Release tag which has to be updated"
type: "string"
required: true
push:
tags:
- "*"

# Declare default permissions as read only.
permissions: read-all

jobs:
goreleaser:
runs-on: ubuntu-20.04
Expand All @@ -16,34 +25,70 @@ jobs:
- uses: actions/checkout@v3
with:
submodules: true
fetch-depth: 0

- uses: actions/setup-go@v5
with:
go-version-file: 'KubeArmor/go.mod'


- name: Install the latest LLVM toolchain
run: ./.github/workflows/install-llvm.sh

- name: Compile libbpf
run: ./.github/workflows/install-libbpf.sh

- name: Install Cosign
uses: sigstore/cosign-installer@main

- name: Install karmor
run: curl -sfL https://raw.githubusercontent.com/kubearmor/kubearmor-client/main/install.sh | sudo sh -s -- -b .
working-directory: KubeArmor

- name: Build KubeArmor object files
run: make
run: make
working-directory: KubeArmor/BPF


- name: Log in to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_AUTHTOK }}

- name: Get release tag
id: vars
run: |
cp KubeArmor/.goreleaser.yaml /tmp/.goreleaser.yaml
if [[ ${{ github.event_name }} == "workflow_dispatch" ]]; then
# checkout branch but use goreleaser config from latest
echo "Checking out tag: ${{ inputs.tag }}"
git checkout ${{ inputs.tag }}
echo "GORELEASER_CURRENT_TAG=${{ inputs.tag }}" >> $GITHUB_OUTPUT
REF=${{ inputs.tag }}
echo "tag=${REF#v}" >> $GITHUB_OUTPUT
else
REF=${GITHUB_REF#refs/*/}
echo "tag=${REF#v}" >> $GITHUB_OUTPUT
fi
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v5
with:
distribution: goreleaser
version: v1.25.0
args: release --clean
args: release --config=/tmp/.goreleaser.yaml
workdir: KubeArmor
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GORELEASER_CURRENT_TAG: ${{ steps.vars.outputs.GORELEASER_CURRENT_TAG }}

- name: Setup ORAS
uses: oras-project/setup-oras@v1
with:
version: 1.0.0

- name: Publish release artifacts to Dockerhub
working-directory: KubeArmor/dist
run: |
oras push docker.io/kubearmor/kubearmor-systemd:${{ steps.vars.outputs.tag }}_linux-amd64 kubearmor_${{ steps.vars.outputs.tag }}_linux-amd64.tar.gz
oras push docker.io/kubearmor/kubearmor-systemd:${{ steps.vars.outputs.tag }}_linux-arm64 kubearmor_${{ steps.vars.outputs.tag }}_linux-arm64.tar.gz
7 changes: 6 additions & 1 deletion KubeArmor/.goreleaser.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,11 @@ builds:
env:
- CGO_ENABLED=0

release:
replace_existing_artifacts: true
mode: replace
make_latest: false

signs:
- cmd: cosign
certificate: '${artifact}.cert'
Expand All @@ -22,7 +27,7 @@ signs:
- --yes
artifacts: all
output: true

archives:
- id: "kubearmor"
builds:
Expand Down
2 changes: 1 addition & 1 deletion KubeArmor/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ require (
k8s.io/apimachinery v0.29.0
k8s.io/client-go v0.29.0
k8s.io/cri-api v0.29.0
k8s.io/klog/v2 v2.120.0
k8s.io/utils v0.0.0-20240310230437-4693a0247e57
sigs.k8s.io/controller-runtime v0.15.3
)
Expand Down Expand Up @@ -130,7 +131,6 @@ require (
gotest.tools/v3 v3.4.0 // indirect
k8s.io/apiextensions-apiserver v0.29.0 // indirect
k8s.io/component-base v0.29.0 // indirect
k8s.io/klog/v2 v2.120.0 // indirect
k8s.io/kube-openapi v0.0.0-20240105020646-a37d4de58910 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
Expand Down

0 comments on commit d9522a9

Please sign in to comment.