diff --git a/.github/workflows/_docker-image-scan.yaml b/.github/workflows/_docker-image-scan.yaml index 88ed20e6955..d71c6cdf2fd 100644 --- a/.github/workflows/_docker-image-scan.yaml +++ b/.github/workflows/_docker-image-scan.yaml @@ -21,28 +21,30 @@ on: type: string description: "Build target. e.g. `agent-ngt`" required: true - jobs: scan: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: Set Git config run: | git config --global --add safe.directory ${GITHUB_WORKSPACE} - - name: Build the Docker image id: build_image run: | - make docker/build/${TARGET} + make \ + REMOTE="false" \ + DOCKER="docker" \ + DOCKER_OPTS="${LABEL_OPTS} --label org.opencontainers.image.version=${PRIMARY_TAG} --label org.opencontainers.image.title=${TARGET}" \ + TAG="${PRIMARY_TAG}" \ + docker/build/${TARGET} imagename=`make docker/name/${TARGET}` - docker tag ${imagename} ${imagename}:${{ github.sha }} echo "IMAGE_NAME=${imagename}" >> $GITHUB_OUTPUT env: DOCKER_BUILDKIT: 1 TARGET: ${{ inputs.target }} - + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + PRIMARY_TAG: ${{ github.sha }} - name: Scan the Docker image uses: ./.github/actions/scan-docker-image with: diff --git a/.github/workflows/dockers-image-scan.yml b/.github/workflows/dockers-image-scan.yml index 20c5c01d8df..44414247c40 100644 --- a/.github/workflows/dockers-image-scan.yml +++ b/.github/workflows/dockers-image-scan.yml @@ -17,54 +17,68 @@ name: "Docker image scanning" on: schedule: - cron: "0 1 * * *" - concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref != 'refs/heads/main' && github.ref || github.sha }}-${{ github.event_name }} cancel-in-progress: true - jobs: dump-contexts-to-log: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: ./.github/actions/dump-context - agent-ngt: uses: ./.github/workflows/_docker-image-scan.yaml with: target: agent-ngt - agent-sidecar: uses: ./.github/workflows/_docker-image-scan.yaml with: target: agent-sidecar - + ci-container: + uses: ./.github/workflows/_docker-image-scan.yaml + with: + target: ci-container + dev-container: + uses: ./.github/workflows/_docker-image-scan.yaml + with: + target: dev-container discoverer-k8s: uses: ./.github/workflows/_docker-image-scan.yaml with: target: discoverer-k8s - - manager-index: + gateway-lb: uses: ./.github/workflows/_docker-image-scan.yaml with: - target: manager-index - - operator-helm: + target: gateway-lb + gateway-filter: uses: ./.github/workflows/_docker-image-scan.yaml with: - target: operator/helm - + target: gateway-filter + index-correction: + uses: ./.github/workflows/_docker-image-scan.yaml + with: + target: index-correction + index-creation: + uses: ./.github/workflows/_docker-image-scan.yaml + with: + target: index-creation + index-save: + uses: ./.github/workflows/_docker-image-scan.yaml + with: + target: index-save loadtest: uses: ./.github/workflows/_docker-image-scan.yaml with: target: loadtest - - gateway-lb: + manager-index: uses: ./.github/workflows/_docker-image-scan.yaml with: - target: gateway-lb - - gateway-filter: + target: manager-index + operator-helm: uses: ./.github/workflows/_docker-image-scan.yaml with: - target: gateway-filter + target: operator/helm + readreplica-rotate: + uses: ./.github/workflows/_docker-image-scan.yaml + with: + target: readreplica-rotate diff --git a/Makefile.d/docker.mk b/Makefile.d/docker.mk index d814a6ed9e3..9aa0c34df4e 100644 --- a/Makefile.d/docker.mk +++ b/Makefile.d/docker.mk @@ -67,7 +67,8 @@ else --build-arg DISTROLESS_IMAGE_TAG=$(DISTROLESS_IMAGE_TAG) \ --build-arg MAINTAINER=$(MAINTAINER) \ $(EXTRA_ARGS) \ - -t $(IMAGE):$(TAG) \ + -t $(CRORG)/$(IMAGE):$(TAG) \ + -t $(GHCRORG)/$(IMAGE):$(TAG) \ -f $(DOCKERFILE) . endif