From 401251175e3fa682c7672bc9498b93c01c331f39 Mon Sep 17 00:00:00 2001 From: Isa Farnik Date: Thu, 9 Feb 2023 13:25:44 -0800 Subject: [PATCH 1/4] chore(gha): cleanup trailing whitespace --- .github/workflows/release.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c3cfcc4392d4..b5dc545e3b90 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -151,7 +151,7 @@ jobs: if: matrix.package == 'deb' && steps.cache-deps.outputs.cache-hit != 'true' run: | sudo apt-get update && sudo apt-get install libyaml-dev -y - + - name: Install Ubuntu Cross Build Dependencies (arm64) if: matrix.package == 'deb' && steps.cache-deps.outputs.cache-hit != 'true' && endsWith(matrix.label, 'arm64') run: | @@ -327,9 +327,9 @@ jobs: needs: [metadata, build-images] runs-on: ubuntu-22.04 if: |- - always() - && fromJSON(needs.metadata.outputs.matrix)['build-images'] != '' - && needs.build-images.result == 'success' + always() + && fromJSON(needs.metadata.outputs.matrix)['build-images'] != '' + && needs.build-images.result == 'success' && (github.event_name != 'pull_request' || (github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]')) strategy: fail-fast: false From 6fb996ad03bf00df52c600aa8a0483b84e08dfaf Mon Sep 17 00:00:00 2001 From: Isa Farnik Date: Thu, 9 Feb 2023 13:27:39 -0800 Subject: [PATCH 2/4] chore(gha): simplify release scan image as ENV --- .github/workflows/release.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b5dc545e3b90..e2582371db37 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -335,6 +335,8 @@ jobs: fail-fast: false matrix: include: "${{ fromJSON(needs.metadata.outputs.matrix)['build-images'] }}" + env: + IMAGE: ${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ github.sha }}-${{ matrix.label }} steps: - name: Install regctl uses: regclient/actions/regctl-installer@main @@ -351,9 +353,9 @@ jobs: - name: Parse Architecture Specific Image Manifest Digests id: image_manifest_metadata run: | - manifest_list_exists=$(regctl manifest get ${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ github.sha }}-${{ matrix.label }} --format raw-body --require-list -v panic &> /dev/null && echo true || echo false) - amd64_sha=$(regctl image digest ${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ github.sha }}-${{ matrix.label }} --platform linux/amd64 || echo '') - arm64_sha=$(regctl image digest ${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ github.sha }}-${{ matrix.label }} --platform linux/arm64 || echo '') + manifest_list_exists=$(regctl manifest get "${IMAGE}" --format raw-body --require-list -v panic &> /dev/null && echo true || echo false) + amd64_sha=$(regctl image digest "${IMAGE}" --platform linux/amd64 || echo '') + arm64_sha=$(regctl image digest "${IMAGE}" --platform linux/arm64 || echo '') echo "manifest_list_exists=$manifest_list_exists" echo "manifest_list_exists=$manifest_list_exists" >> $GITHUB_OUTPUT echo "amd64_sha=$amd64_sha" @@ -367,7 +369,7 @@ jobs: uses: Kong/public-shared-actions/security-actions/scan-docker-image@b2e4a29d30382e1cceeda8df1e8b8bee65bef39b with: asset_prefix: kong-${{ github.sha }}-${{ matrix.label }}-linux-amd64 - image: ${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ github.sha }}-${{ matrix.label }}@${{ steps.image_manifest_metadata.outputs.amd64_sha }} + image: ${IMAGE}@${{ steps.image_manifest_metadata.outputs.amd64_sha }} - name: Scan ARM64 Image digest if: steps.image_manifest_metadata.outputs.manifest_list_exists == 'true' && steps.image_manifest_metadata.outputs.arm64_sha != '' @@ -375,7 +377,7 @@ jobs: uses: Kong/public-shared-actions/security-actions/scan-docker-image@b2e4a29d30382e1cceeda8df1e8b8bee65bef39b with: asset_prefix: kong-${{ github.sha }}-${{ matrix.label }}-linux-arm64 - image: ${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ github.sha }}-${{ matrix.label }}@${{ steps.image_manifest_metadata.outputs.arm64_sha }} + image: ${IMAGE}@${{ steps.image_manifest_metadata.outputs.arm64_sha }} smoke-tests: name: Smoke Tests - ${{ matrix.label }} From b1736c1d574e5b35172caefd9bb8594810e949e6 Mon Sep 17 00:00:00 2001 From: Isa Farnik Date: Thu, 9 Feb 2023 13:35:50 -0800 Subject: [PATCH 3/4] chore(gha): simplify release scan logic --- .github/workflows/release.yml | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e2582371db37..fe82b2eb2b36 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -353,11 +353,18 @@ jobs: - name: Parse Architecture Specific Image Manifest Digests id: image_manifest_metadata run: | - manifest_list_exists=$(regctl manifest get "${IMAGE}" --format raw-body --require-list -v panic &> /dev/null && echo true || echo false) - amd64_sha=$(regctl image digest "${IMAGE}" --platform linux/amd64 || echo '') - arm64_sha=$(regctl image digest "${IMAGE}" --platform linux/arm64 || echo '') + manifest_list_exists="$( + if regctl manifest get "${IMAGE}" --format raw-body --require-list -v panic 2>&1 >/dev/null; then + echo true + else + echo false + fi + )" echo "manifest_list_exists=$manifest_list_exists" echo "manifest_list_exists=$manifest_list_exists" >> $GITHUB_OUTPUT + + amd64_sha="$(regctl image digest "${IMAGE}" --platform linux/amd64 || echo '')" + arm64_sha="$(regctl image digest "${IMAGE}" --platform linux/arm64 || echo '')" echo "amd64_sha=$amd64_sha" echo "amd64_sha=$amd64_sha" >> $GITHUB_OUTPUT echo "arm64_sha=$arm64_sha" From da63512344ae374a86b4d17db92910f7bf0935f8 Mon Sep 17 00:00:00 2001 From: Isa Farnik Date: Thu, 9 Feb 2023 14:03:57 -0800 Subject: [PATCH 4/4] fix(gha): release scan IMAGE context --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fe82b2eb2b36..bf060695163b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -376,7 +376,7 @@ jobs: uses: Kong/public-shared-actions/security-actions/scan-docker-image@b2e4a29d30382e1cceeda8df1e8b8bee65bef39b with: asset_prefix: kong-${{ github.sha }}-${{ matrix.label }}-linux-amd64 - image: ${IMAGE}@${{ steps.image_manifest_metadata.outputs.amd64_sha }} + image: ${{env.IMAGE}}@${{ steps.image_manifest_metadata.outputs.amd64_sha }} - name: Scan ARM64 Image digest if: steps.image_manifest_metadata.outputs.manifest_list_exists == 'true' && steps.image_manifest_metadata.outputs.arm64_sha != '' @@ -384,7 +384,7 @@ jobs: uses: Kong/public-shared-actions/security-actions/scan-docker-image@b2e4a29d30382e1cceeda8df1e8b8bee65bef39b with: asset_prefix: kong-${{ github.sha }}-${{ matrix.label }}-linux-arm64 - image: ${IMAGE}@${{ steps.image_manifest_metadata.outputs.arm64_sha }} + image: ${{env.IMAGE}}@${{ steps.image_manifest_metadata.outputs.arm64_sha }} smoke-tests: name: Smoke Tests - ${{ matrix.label }}