diff --git a/.github/actions/docker-build/action.yaml b/.github/actions/docker-build/action.yaml new file mode 100644 index 0000000000..1f95828308 --- /dev/null +++ b/.github/actions/docker-build/action.yaml @@ -0,0 +1,115 @@ +name: 'Build Docker images' +description: 'Build Docker images and publish them' +inputs: + target: + description: 'build target' + required: true + default: 'base' + builder: + description: 'buildx builder name' + required: true + default: '' + platforms: + description: 'if it is specified, specified platforms will be used.' + required: false + default: '' +outputs: + IMAGE_NAME: + description: "image name" + value: ${{ steps.image_name.outputs.IMAGE_NAME }} + ALTER_IMAGE_NAME: + description: "alter image name" + value: ${{ steps.image_name.outputs.ALTER_IMAGE_NAME }} + PRIMARY_TAG: + description: "primary tag" + value: ${{ steps.determine_tag_name.outputs.PRIMARY_TAG }} + PLATFORMS: + description: "target platforms" + value: ${{ steps.determine_platforms.outputs.PLATFORMS }} + EXTRA_TAGS: + description: "extra tags" + value: ${{ steps.add_extra_tags.outputs.EXTRA_TAGS }} +runs: + using: "composite" + steps: + - name: Image name + shell: bash + id: image_name + run: | + image_name=`make docker/name/${TARGET}` + alter_org=`make docker/name/org/alter` + alter_image_name=`make ORG="${alter_org}" docker/name/${TARGET}` + echo "IMAGE_NAME is: ${image_name}" + echo "ALTER_IMAGE_NAME is: ${alter_image_name}" + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=ALTER_IMAGE_NAME::${alter_image_name}" + env: + TARGET: ${{ inputs.target }} + - name: Determine tag name + shell: bash + id: determine_tag_name + run: | + if [[ "$GITHUB_REF" =~ ^refs/tags/.* ]]; then + tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` + primary_tag="${tag_name}" + elif [ "$GITHUB_REF" = "refs/heads/master" ]; then + echo "nightly" > versions/VALD_VERSION + primary_tag="nightly" + elif [ "${{ github.event_name }}" = "pull_request" ]; then + pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` + echo "PR-${pr_num}" > versions/VALD_VERSION + primary_tag="pr-${pr_num}" + else + primary_tag="unknown" + fi + echo "PRIMARY_TAG is determined: ${primary_tag}" + echo "::set-output name=PRIMARY_TAG::${primary_tag}" + - name: Determine platforms + shell: bash + id: determine_platforms + run: | + if [ "${TARGET_PLATFORMS}" = "" ]; then + if [ "${{ github.event_name }}" = "pull_request" ]; then + platforms="linux/amd64" + else + platforms=`make docker/platforms` + fi + else + platforms="${TARGET_PLATFORMS}" + fi + echo "PLATFORMS is determined: ${platforms}" + echo "::set-output name=PLATFORMS::${platforms}" + env: + TARGET_PLATFORMS: ${{ inputs.platforms }} + - name: Add extra tags + shell: bash + id: add_extra_tags + run: | + extra_tags="-t ${ALTER_IMAGE_NAME}:${PRIMARY_TAG}" + if [[ "$GITHUB_REF" =~ ^refs/tags/.* ]]; then + latest_tags="-t ${IMAGE_NAME}:latest -t ${ALTER_IMAGE_NAME}:latest" + extra_tags="${extra_tags} ${latest_tags}" + fi + echo "EXTRA_TAGS is determined: ${extra_tags}" + echo "::set-output name=EXTRA_TAGS::${extra_tags}" + env: + IMAGE_NAME: ${{ steps.image_name.outputs.IMAGE_NAME }} + ALTER_IMAGE_NAME: ${{ steps.image_name.outputs.ALTER_IMAGE_NAME }} + PRIMARY_TAG: ${{ steps.determine_tag_name.outputs.PRIMARY_TAG }} + - name: Build and Push + shell: bash + id: build_and_push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${LABEL_OPTS} ${EXTRA_TAGS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/${TARGET} + env: + TARGET: ${{ inputs.target }} + DOCKER_BUILDKIT: "1" + PLATFORMS: ${{ steps.determine_platforms.outputs.PLATFORMS }} + BUILDER: ${{ inputs.builder }} + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + EXTRA_TAGS: ${{ steps.add_extra_tags.outputs.EXTRA_TAGS }} + PRIMARY_TAG: ${{ steps.determine_tag_name.outputs.PRIMARY_TAG }} diff --git a/.github/workflows/dockers-agent-ngt-image.yml b/.github/workflows/dockers-agent-ngt-image.yml index 31faf9bd4b..c966c92d5a 100644 --- a/.github/workflows/dockers-agent-ngt-image.yml +++ b/.github/workflows/dockers-agent-ngt-image.yml @@ -67,13 +67,6 @@ jobs: uses: docker/setup-buildx-action@v1 with: buildkitd-flags: "--debug" - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-agent-ngt-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-agent-ngt- - name: Login to DockerHub uses: docker/login-action@v1 with: @@ -85,65 +78,12 @@ jobs: registry: ghcr.io username: ${{ secrets.PACKAGE_USER }} password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/agent-ngt` - alter_org=`make docker/name/org/alter` - alter_image_name=`make ORG="${alter_org}" docker/name/agent-ngt` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "ALTER_IMAGE_NAME=${alter_image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "nightly" > versions/VALD_VERSION - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64 - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Add extra tags - run: | - EXTRA_TAGS="-t ${ALTER_IMAGE_NAME}:${PRIMARY_TAG}" - echo "EXTRA_TAGS=${EXTRA_TAGS}" >> $GITHUB_ENV - - name: Add latest tags - if: startsWith( github.ref, 'refs/tags/') - run: | - LATEST_TAGS="-t ${IMAGE_NAME}:latest -t ${ALTER_IMAGE_NAME}:latest" - echo "LATEST_TAGS=${LATEST_TAGS}" >> $GITHUB_ENV - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} ${EXTRA_TAGS} ${LATEST_TAGS} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/agent-ngt - env: - DOCKER_BUILDKIT: 1 - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Build and Publish + id: build_and_publish + uses: ./.github/actions/docker-build + with: + target: agent-ngt + builder: ${{ steps.buildx.outputs.name }} - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -151,13 +91,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "table" - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "template" template: "@/contrib/sarif.tpl" output: "trivy-results.sarif" diff --git a/.github/workflows/dockers-agent-sidecar-image.yml b/.github/workflows/dockers-agent-sidecar-image.yml index 7977d85485..432f459e4b 100644 --- a/.github/workflows/dockers-agent-sidecar-image.yml +++ b/.github/workflows/dockers-agent-sidecar-image.yml @@ -67,13 +67,6 @@ jobs: uses: docker/setup-buildx-action@v1 with: buildkitd-flags: "--debug" - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-agent-sidecar-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-agent-sidecar- - name: Login to DockerHub uses: docker/login-action@v1 with: @@ -85,65 +78,12 @@ jobs: registry: ghcr.io username: ${{ secrets.PACKAGE_USER }} password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/agent-sidecar` - alter_org=`make docker/name/org/alter` - alter_image_name=`make ORG="${alter_org}" docker/name/agent-sidecar` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "ALTER_IMAGE_NAME=${alter_image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "nightly" > versions/VALD_VERSION - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64 - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Add extra tags - run: | - EXTRA_TAGS="-t ${ALTER_IMAGE_NAME}:${PRIMARY_TAG}" - echo "EXTRA_TAGS=${EXTRA_TAGS}" >> $GITHUB_ENV - - name: Add latest tags - if: startsWith( github.ref, 'refs/tags/') - run: | - LATEST_TAGS="-t ${IMAGE_NAME}:latest -t ${ALTER_IMAGE_NAME}:latest" - echo "LATEST_TAGS=${LATEST_TAGS}" >> $GITHUB_ENV - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} ${EXTRA_TAGS} ${LATEST_TAGS} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/agent-sidecar - env: - DOCKER_BUILDKIT: 1 - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Build and Publish + id: build_and_publish + uses: ./.github/actions/docker-build + with: + target: agent-sidecar + builder: ${{ steps.buildx.outputs.name }} - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -151,13 +91,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "table" - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "template" template: "@/contrib/sarif.tpl" output: "trivy-results.sarif" diff --git a/.github/workflows/dockers-backup-manager-cassandra-image.yml b/.github/workflows/dockers-backup-manager-cassandra-image.yml index 9414a026c3..1cadc3576c 100644 --- a/.github/workflows/dockers-backup-manager-cassandra-image.yml +++ b/.github/workflows/dockers-backup-manager-cassandra-image.yml @@ -69,13 +69,6 @@ jobs: uses: docker/setup-buildx-action@v1 with: buildkitd-flags: "--debug" - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-manager-backup-cassandra-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-manager-backup-cassandra- - name: Login to DockerHub uses: docker/login-action@v1 with: @@ -87,65 +80,12 @@ jobs: registry: ghcr.io username: ${{ secrets.PACKAGE_USER }} password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/backup-manager-cassandra` - alter_org=`make docker/name/org/alter` - alter_image_name=`make ORG="${alter_org}" docker/name/backup-manager-cassandra` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "ALTER_IMAGE_NAME=${alter_image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "nightly" > versions/VALD_VERSION - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64 - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Add extra tags - run: | - EXTRA_TAGS="-t ${ALTER_IMAGE_NAME}:${PRIMARY_TAG}" - echo "EXTRA_TAGS=${EXTRA_TAGS}" >> $GITHUB_ENV - - name: Add latest tags - if: startsWith( github.ref, 'refs/tags/') - run: | - LATEST_TAGS="-t ${IMAGE_NAME}:latest -t ${ALTER_IMAGE_NAME}:latest" - echo "LATEST_TAGS=${LATEST_TAGS}" >> $GITHUB_ENV - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} ${EXTRA_TAGS} ${LATEST_TAGS} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/backup-manager-cassandra - env: - DOCKER_BUILDKIT: 1 - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Build and Publish + id: build_and_publish + uses: ./.github/actions/docker-build + with: + target: backup-manager-cassandra + builder: ${{ steps.buildx.outputs.name }} - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -153,13 +93,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "table" - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "template" template: "@/contrib/sarif.tpl" output: "trivy-results.sarif" diff --git a/.github/workflows/dockers-backup-manager-mysql-image.yml b/.github/workflows/dockers-backup-manager-mysql-image.yml index fa88429156..5315256cc8 100644 --- a/.github/workflows/dockers-backup-manager-mysql-image.yml +++ b/.github/workflows/dockers-backup-manager-mysql-image.yml @@ -67,13 +67,6 @@ jobs: uses: docker/setup-buildx-action@v1 with: buildkitd-flags: "--debug" - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-manager-backup-mysql-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-manager-backup-mysql- - name: Login to DockerHub uses: docker/login-action@v1 with: @@ -85,65 +78,12 @@ jobs: registry: ghcr.io username: ${{ secrets.PACKAGE_USER }} password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/backup-manager-mysql` - alter_org=`make docker/name/org/alter` - alter_image_name=`make ORG="${alter_org}" docker/name/backup-manager-mysql` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "ALTER_IMAGE_NAME=${alter_image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "nightly" > versions/VALD_VERSION - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64 - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Add extra tags - run: | - EXTRA_TAGS="-t ${ALTER_IMAGE_NAME}:${PRIMARY_TAG}" - echo "EXTRA_TAGS=${EXTRA_TAGS}" >> $GITHUB_ENV - - name: Add latest tags - if: startsWith( github.ref, 'refs/tags/') - run: | - LATEST_TAGS="-t ${IMAGE_NAME}:latest -t ${ALTER_IMAGE_NAME}:latest" - echo "LATEST_TAGS=${LATEST_TAGS}" >> $GITHUB_ENV - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} ${EXTRA_TAGS} ${LATEST_TAGS} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/backup-manager-mysql - env: - DOCKER_BUILDKIT: 1 - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Build and Publish + id: build_and_publish + uses: ./.github/actions/docker-build + with: + target: backup-manager-mysql + builder: ${{ steps.buildx.outputs.name }} - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -151,13 +91,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "table" - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "template" template: "@/contrib/sarif.tpl" output: "trivy-results.sarif" diff --git a/.github/workflows/dockers-base-image.yml b/.github/workflows/dockers-base-image.yml index 624b8d0edf..9aa829218c 100644 --- a/.github/workflows/dockers-base-image.yml +++ b/.github/workflows/dockers-base-image.yml @@ -46,13 +46,6 @@ jobs: uses: docker/setup-buildx-action@v1 with: buildkitd-flags: "--debug" - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-base- - name: Login to DockerHub uses: docker/login-action@v1 with: @@ -64,53 +57,15 @@ jobs: registry: ghcr.io username: ${{ secrets.PACKAGE_USER }} password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name + - name: Specify platforms + id: specify_platforms run: | - image_name=`make docker/name/base` - alter_org=`make docker/name/org/alter` - alter_image_name=`make ORG="${alter_org}" docker/name/base` base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "ALTER_IMAGE_NAME=${alter_image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "PRIMARY_TAG=latest" >> $GITHUB_ENV - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - - name: Add extra tags - run: | - EXTRA_TAGS="-t ${ALTER_IMAGE_NAME}:${PRIMARY_TAG}" - echo "EXTRA_TAGS=${EXTRA_TAGS}" >> $GITHUB_ENV - - name: Add latest tags - if: startsWith( github.ref, 'refs/tags/') - run: | - LATEST_TAGS="-t ${IMAGE_NAME}:latest -t ${ALTER_IMAGE_NAME}:latest" - echo "LATEST_TAGS=${LATEST_TAGS}" >> $GITHUB_ENV - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} ${EXTRA_TAGS} ${LATEST_TAGS} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/base - env: - DOCKER_BUILDKIT: 1 - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Build and Publish + id: build_and_publish + uses: ./.github/actions/docker-build + with: + target: base + builder: ${{ steps.buildx.outputs.name }} + platforms: ${{ steps.specify_platforms.outputs.BASE_PLATFORMS }} diff --git a/.github/workflows/dockers-ci-container-image.yml b/.github/workflows/dockers-ci-container-image.yml index 28f133ce28..dd995bc8ca 100644 --- a/.github/workflows/dockers-ci-container-image.yml +++ b/.github/workflows/dockers-ci-container-image.yml @@ -42,13 +42,6 @@ jobs: uses: docker/setup-buildx-action@v1 with: buildkitd-flags: "--debug" - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-ci-container-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-ci-container- - name: Login to DockerHub uses: docker/login-action@v1 with: @@ -60,51 +53,10 @@ jobs: registry: ghcr.io username: ${{ secrets.PACKAGE_USER }} password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/ci-container` - alter_org=`make docker/name/org/alter` - alter_image_name=`make ORG="${alter_org}" docker/name/ci-container` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "ALTER_IMAGE_NAME=${alter_image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - - name: Add extra tags - run: | - EXTRA_TAGS="-t ${ALTER_IMAGE_NAME}:${PRIMARY_TAG}" - echo "EXTRA_TAGS=${EXTRA_TAGS}" >> $GITHUB_ENV - - name: Add latest tags - if: startsWith( github.ref, 'refs/tags/') - run: | - LATEST_TAGS="-t ${IMAGE_NAME}:latest -t ${ALTER_IMAGE_NAME}:latest" - echo "LATEST_TAGS=${LATEST_TAGS}" >> $GITHUB_ENV - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} ${EXTRA_TAGS} ${LATEST_TAGS} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/ci-container - env: - DOCKER_BUILDKIT: 1 - PLATFORMS: linux/amd64 - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Build and Publish + id: build_and_publish + uses: ./.github/actions/docker-build + with: + target: ci-container + builder: ${{ steps.buildx.outputs.name }} + platforms: linux/amd64 diff --git a/.github/workflows/dockers-dev-container-image.yml b/.github/workflows/dockers-dev-container-image.yml index f01896baa5..2adf7429a3 100644 --- a/.github/workflows/dockers-dev-container-image.yml +++ b/.github/workflows/dockers-dev-container-image.yml @@ -42,13 +42,6 @@ jobs: uses: docker/setup-buildx-action@v1 with: buildkitd-flags: "--debug" - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-dev-container-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-dev-container- - name: Login to DockerHub uses: docker/login-action@v1 with: @@ -60,51 +53,10 @@ jobs: registry: ghcr.io username: ${{ secrets.PACKAGE_USER }} password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/dev-container` - alter_org=`make docker/name/org/alter` - alter_image_name=`make ORG="${alter_org}" docker/name/dev-container` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "ALTER_IMAGE_NAME=${alter_image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - - name: Add extra tags - run: | - EXTRA_TAGS="-t ${ALTER_IMAGE_NAME}:${PRIMARY_TAG}" - echo "EXTRA_TAGS=${EXTRA_TAGS}" >> $GITHUB_ENV - - name: Add latest tags - if: startsWith( github.ref, 'refs/tags/') - run: | - LATEST_TAGS="-t ${IMAGE_NAME}:latest -t ${ALTER_IMAGE_NAME}:latest" - echo "LATEST_TAGS=${LATEST_TAGS}" >> $GITHUB_ENV - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} ${EXTRA_TAGS} ${LATEST_TAGS} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/dev-container - env: - DOCKER_BUILDKIT: 1 - PLATFORMS: linux/amd64 - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Build and Publish + id: build_and_publish + uses: ./.github/actions/docker-build + with: + target: dev-container + builder: ${{ steps.buildx.outputs.name }} + platforms: linux/amd64 diff --git a/.github/workflows/dockers-discoverer-k8s-image.yml b/.github/workflows/dockers-discoverer-k8s-image.yml index 21cbb91bff..03342d5a6f 100644 --- a/.github/workflows/dockers-discoverer-k8s-image.yml +++ b/.github/workflows/dockers-discoverer-k8s-image.yml @@ -63,13 +63,6 @@ jobs: uses: docker/setup-buildx-action@v1 with: buildkitd-flags: "--debug" - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-discoverer-k8s-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-discoverer-k8s- - name: Login to DockerHub uses: docker/login-action@v1 with: @@ -81,65 +74,12 @@ jobs: registry: ghcr.io username: ${{ secrets.PACKAGE_USER }} password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/discoverer-k8s` - alter_org=`make docker/name/org/alter` - alter_image_name=`make ORG="${alter_org}" docker/name/discoverer-k8s` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "ALTER_IMAGE_NAME=${alter_image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "nightly" > versions/VALD_VERSION - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64 - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Add extra tags - run: | - EXTRA_TAGS="-t ${ALTER_IMAGE_NAME}:${PRIMARY_TAG}" - echo "EXTRA_TAGS=${EXTRA_TAGS}" >> $GITHUB_ENV - - name: Add latest tags - if: startsWith( github.ref, 'refs/tags/') - run: | - LATEST_TAGS="-t ${IMAGE_NAME}:latest -t ${ALTER_IMAGE_NAME}:latest" - echo "LATEST_TAGS=${LATEST_TAGS}" >> $GITHUB_ENV - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} ${EXTRA_TAGS} ${LATEST_TAGS} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/discoverer-k8s - env: - DOCKER_BUILDKIT: 1 - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Build and Publish + id: build_and_publish + uses: ./.github/actions/docker-build + with: + target: discoverer-k8s + builder: ${{ steps.buildx.outputs.name }} - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -147,13 +87,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "table" - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "template" template: "@/contrib/sarif.tpl" output: "trivy-results.sarif" diff --git a/.github/workflows/dockers-gateway-backup-image.yml b/.github/workflows/dockers-gateway-backup-image.yml index 0425fc4e34..768ac9e4ba 100644 --- a/.github/workflows/dockers-gateway-backup-image.yml +++ b/.github/workflows/dockers-gateway-backup-image.yml @@ -69,13 +69,6 @@ jobs: uses: docker/setup-buildx-action@v1 with: buildkitd-flags: "--debug" - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-gateway-backup-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-gateway-backup- - name: Login to DockerHub uses: docker/login-action@v1 with: @@ -87,65 +80,12 @@ jobs: registry: ghcr.io username: ${{ secrets.PACKAGE_USER }} password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/gateway-backup` - alter_org=`make docker/name/org/alter` - alter_image_name=`make ORG="${alter_org}" docker/name/gateway-backup` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "ALTER_IMAGE_NAME=${alter_image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "nightly" > versions/VALD_VERSION - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64 - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Add extra tags - run: | - EXTRA_TAGS="-t ${ALTER_IMAGE_NAME}:${PRIMARY_TAG}" - echo "EXTRA_TAGS=${EXTRA_TAGS}" >> $GITHUB_ENV - - name: Add latest tags - if: startsWith( github.ref, 'refs/tags/') - run: | - LATEST_TAGS="-t ${IMAGE_NAME}:latest -t ${ALTER_IMAGE_NAME}:latest" - echo "LATEST_TAGS=${LATEST_TAGS}" >> $GITHUB_ENV - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} ${EXTRA_TAGS} ${LATEST_TAGS} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/gateway-backup - env: - DOCKER_BUILDKIT: 1 - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Build and Publish + id: build_and_publish + uses: ./.github/actions/docker-build + with: + target: gateway-backup + builder: ${{ steps.buildx.outputs.name }} - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -153,13 +93,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "table" - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "template" template: "@/contrib/sarif.tpl" output: "trivy-results.sarif" diff --git a/.github/workflows/dockers-gateway-filter-image.yml b/.github/workflows/dockers-gateway-filter-image.yml index e0010d1f91..8d7c02f33a 100644 --- a/.github/workflows/dockers-gateway-filter-image.yml +++ b/.github/workflows/dockers-gateway-filter-image.yml @@ -87,65 +87,12 @@ jobs: registry: ghcr.io username: ${{ secrets.PACKAGE_USER }} password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/gateway-filter` - alter_org=`make docker/name/org/alter` - alter_image_name=`make ORG="${alter_org}" docker/name/gateway-filter` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "ALTER_IMAGE_NAME=${alter_image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "nightly" > versions/VALD_VERSION - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64 - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Add extra tags - run: | - EXTRA_TAGS="-t ${ALTER_IMAGE_NAME}:${PRIMARY_TAG}" - echo "EXTRA_TAGS=${EXTRA_TAGS}" >> $GITHUB_ENV - - name: Add latest tags - if: startsWith( github.ref, 'refs/tags/') - run: | - LATEST_TAGS="-t ${IMAGE_NAME}:latest -t ${ALTER_IMAGE_NAME}:latest" - echo "LATEST_TAGS=${LATEST_TAGS}" >> $GITHUB_ENV - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} ${EXTRA_TAGS} ${LATEST_TAGS} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/gateway-filter - env: - DOCKER_BUILDKIT: 1 - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Build and Publish + id: build_and_publish + uses: ./.github/actions/docker-build + with: + target: gateway-filter + builder: ${{ steps.buildx.outputs.name }} - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -153,13 +100,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "table" - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "template" template: "@/contrib/sarif.tpl" output: "trivy-results.sarif" diff --git a/.github/workflows/dockers-gateway-lb-image.yml b/.github/workflows/dockers-gateway-lb-image.yml index 1a9ea774d5..774adcbc2d 100644 --- a/.github/workflows/dockers-gateway-lb-image.yml +++ b/.github/workflows/dockers-gateway-lb-image.yml @@ -69,13 +69,6 @@ jobs: uses: docker/setup-buildx-action@v1 with: buildkitd-flags: "--debug" - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-gateway-lb-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-gateway-lb- - name: Login to DockerHub uses: docker/login-action@v1 with: @@ -87,65 +80,12 @@ jobs: registry: ghcr.io username: ${{ secrets.PACKAGE_USER }} password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/gateway-lb` - alter_org=`make docker/name/org/alter` - alter_image_name=`make ORG="${alter_org}" docker/name/gateway-lb` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "ALTER_IMAGE_NAME=${alter_image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "nightly" > versions/VALD_VERSION - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64 - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Add extra tags - run: | - EXTRA_TAGS="-t ${ALTER_IMAGE_NAME}:${PRIMARY_TAG}" - echo "EXTRA_TAGS=${EXTRA_TAGS}" >> $GITHUB_ENV - - name: Add latest tags - if: startsWith( github.ref, 'refs/tags/') - run: | - LATEST_TAGS="-t ${IMAGE_NAME}:latest -t ${ALTER_IMAGE_NAME}:latest" - echo "LATEST_TAGS=${LATEST_TAGS}" >> $GITHUB_ENV - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} ${EXTRA_TAGS} ${LATEST_TAGS} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/gateway-lb - env: - DOCKER_BUILDKIT: 1 - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Build and Publish + id: build_and_publish + uses: ./.github/actions/docker-build + with: + target: gateway-lb + builder: ${{ steps.buildx.outputs.name }} - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -153,13 +93,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "table" - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "template" template: "@/contrib/sarif.tpl" output: "trivy-results.sarif" diff --git a/.github/workflows/dockers-gateway-meta-image.yml b/.github/workflows/dockers-gateway-meta-image.yml index 1060f61be5..9d40155257 100644 --- a/.github/workflows/dockers-gateway-meta-image.yml +++ b/.github/workflows/dockers-gateway-meta-image.yml @@ -69,13 +69,6 @@ jobs: uses: docker/setup-buildx-action@v1 with: buildkitd-flags: "--debug" - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-gateway-meta-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-gateway-meta- - name: Login to DockerHub uses: docker/login-action@v1 with: @@ -87,65 +80,12 @@ jobs: registry: ghcr.io username: ${{ secrets.PACKAGE_USER }} password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/gateway-meta` - alter_org=`make docker/name/org/alter` - alter_image_name=`make ORG="${alter_org}" docker/name/gateway-meta` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "ALTER_IMAGE_NAME=${alter_image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "nightly" > versions/VALD_VERSION - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64 - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Add extra tags - run: | - EXTRA_TAGS="-t ${ALTER_IMAGE_NAME}:${PRIMARY_TAG}" - echo "EXTRA_TAGS=${EXTRA_TAGS}" >> $GITHUB_ENV - - name: Add latest tags - if: startsWith( github.ref, 'refs/tags/') - run: | - LATEST_TAGS="-t ${IMAGE_NAME}:latest -t ${ALTER_IMAGE_NAME}:latest" - echo "LATEST_TAGS=${LATEST_TAGS}" >> $GITHUB_ENV - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} ${EXTRA_TAGS} ${LATEST_TAGS} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/gateway-meta - env: - DOCKER_BUILDKIT: 1 - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Build and Publish + id: build_and_publish + uses: ./.github/actions/docker-build + with: + target: gateway-meta + builder: ${{ steps.buildx.outputs.name }} - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -153,13 +93,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "table" - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "template" template: "@/contrib/sarif.tpl" output: "trivy-results.sarif" diff --git a/.github/workflows/dockers-gateway-vald-image.yml b/.github/workflows/dockers-gateway-vald-image.yml index 87ab5e18fb..a73b744c89 100644 --- a/.github/workflows/dockers-gateway-vald-image.yml +++ b/.github/workflows/dockers-gateway-vald-image.yml @@ -65,13 +65,6 @@ jobs: uses: docker/setup-buildx-action@v1 with: buildkitd-flags: "--debug" - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-gateway-vald-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-gateway-vald- - name: Login to DockerHub uses: docker/login-action@v1 with: @@ -83,65 +76,12 @@ jobs: registry: ghcr.io username: ${{ secrets.PACKAGE_USER }} password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/gateway-vald` - alter_org=`make docker/name/org/alter` - alter_image_name=`make ORG="${alter_org}" docker/name/gateway-vald` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "ALTER_IMAGE_NAME=${alter_image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "nightly" > versions/VALD_VERSION - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64 - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Add extra tags - run: | - EXTRA_TAGS="-t ${ALTER_IMAGE_NAME}:${PRIMARY_TAG}" - echo "EXTRA_TAGS=${EXTRA_TAGS}" >> $GITHUB_ENV - - name: Add latest tags - if: startsWith( github.ref, 'refs/tags/') - run: | - LATEST_TAGS="-t ${IMAGE_NAME}:latest -t ${ALTER_IMAGE_NAME}:latest" - echo "LATEST_TAGS=${LATEST_TAGS}" >> $GITHUB_ENV - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} ${EXTRA_TAGS} ${LATEST_TAGS} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/gateway-vald - env: - DOCKER_BUILDKIT: 1 - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Build and Publish + id: build_and_publish + uses: ./.github/actions/docker-build + with: + target: gateway-vald + builder: ${{ steps.buildx.outputs.name }} - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -149,13 +89,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "table" - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "template" template: "@/contrib/sarif.tpl" output: "trivy-results.sarif" diff --git a/.github/workflows/dockers-helm-operator-image.yml b/.github/workflows/dockers-helm-operator-image.yml index 6520d76e61..3b25f8c401 100644 --- a/.github/workflows/dockers-helm-operator-image.yml +++ b/.github/workflows/dockers-helm-operator-image.yml @@ -57,13 +57,6 @@ jobs: uses: docker/setup-buildx-action@v1 with: buildkitd-flags: "--debug" - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-helm-operator-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-helm-operator- - name: Login to DockerHub uses: docker/login-action@v1 with: @@ -75,65 +68,12 @@ jobs: registry: ghcr.io username: ${{ secrets.PACKAGE_USER }} password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/operator/helm` - alter_org=`make docker/name/org/alter` - alter_image_name=`make ORG="${alter_org}" docker/name/operator/helm` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "ALTER_IMAGE_NAME=${alter_image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "nightly" > versions/VALD_VERSION - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64,linux/arm64 - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Add extra tags - run: | - EXTRA_TAGS="-t ${ALTER_IMAGE_NAME}:${PRIMARY_TAG}" - echo "EXTRA_TAGS=${EXTRA_TAGS}" >> $GITHUB_ENV - - name: Add latest tags - if: startsWith( github.ref, 'refs/tags/') - run: | - LATEST_TAGS="-t ${IMAGE_NAME}:latest -t ${ALTER_IMAGE_NAME}:latest" - echo "LATEST_TAGS=${LATEST_TAGS}" >> $GITHUB_ENV - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} ${EXTRA_TAGS} ${LATEST_TAGS} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/operator/helm - env: - DOCKER_BUILDKIT: 1 - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Build and Publish + id: build_and_publish + uses: ./.github/actions/docker-build + with: + target: operator/helm + builder: ${{ steps.buildx.outputs.name }} - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -141,13 +81,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "table" - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "template" template: "@/contrib/sarif.tpl" output: "trivy-results.sarif" diff --git a/.github/workflows/dockers-loadtest-image.yml b/.github/workflows/dockers-loadtest-image.yml index b306e6a794..8f101d228b 100644 --- a/.github/workflows/dockers-loadtest-image.yml +++ b/.github/workflows/dockers-loadtest-image.yml @@ -65,13 +65,6 @@ jobs: uses: docker/setup-buildx-action@v1 with: buildkitd-flags: "--debug" - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-loadtest-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-loadtest- - name: Login to DockerHub uses: docker/login-action@v1 with: @@ -83,55 +76,13 @@ jobs: registry: ghcr.io username: ${{ secrets.PACKAGE_USER }} password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/loadtest` - alter_org=`make docker/name/org/alter` - alter_image_name=`make ORG="${alter_org}" docker/name/loadtest` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "ALTER_IMAGE_NAME=${alter_image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "nightly" > versions/VALD_VERSION - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - - name: Add extra tags - run: | - EXTRA_TAGS="-t ${ALTER_IMAGE_NAME}:${PRIMARY_TAG}" - echo "EXTRA_TAGS=${EXTRA_TAGS}" >> $GITHUB_ENV - - name: Add latest tags - if: startsWith( github.ref, 'refs/tags/') - run: | - LATEST_TAGS="-t ${IMAGE_NAME}:latest -t ${ALTER_IMAGE_NAME}:latest" - echo "LATEST_TAGS=${LATEST_TAGS}" >> $GITHUB_ENV - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} ${EXTRA_TAGS} ${LATEST_TAGS} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/loadtest - env: - DOCKER_BUILDKIT: 1 - PLATFORMS: linux/amd64 - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Build and Publish + id: build_and_publish + uses: ./.github/actions/docker-build + with: + target: loadtest + builder: ${{ steps.buildx.outputs.name }} + platforms: linux/amd64 - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -139,13 +90,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "table" - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "template" template: "@/contrib/sarif.tpl" output: "trivy-results.sarif" diff --git a/.github/workflows/dockers-manager-compressor-image.yml b/.github/workflows/dockers-manager-compressor-image.yml index 59b58bc3c6..e3d51aec59 100644 --- a/.github/workflows/dockers-manager-compressor-image.yml +++ b/.github/workflows/dockers-manager-compressor-image.yml @@ -65,13 +65,6 @@ jobs: uses: docker/setup-buildx-action@v1 with: buildkitd-flags: "--debug" - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-manager-compressor-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-manager-compressor- - name: Login to DockerHub uses: docker/login-action@v1 with: @@ -83,65 +76,12 @@ jobs: registry: ghcr.io username: ${{ secrets.PACKAGE_USER }} password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/manager-compressor` - alter_org=`make docker/name/org/alter` - alter_image_name=`make ORG="${alter_org}" docker/name/manager-compressor` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "ALTER_IMAGE_NAME=${alter_image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "nightly" > versions/VALD_VERSION - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64 - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Add extra tags - run: | - EXTRA_TAGS="-t ${ALTER_IMAGE_NAME}:${PRIMARY_TAG}" - echo "EXTRA_TAGS=${EXTRA_TAGS}" >> $GITHUB_ENV - - name: Add latest tags - if: startsWith( github.ref, 'refs/tags/') - run: | - LATEST_TAGS="-t ${IMAGE_NAME}:latest -t ${ALTER_IMAGE_NAME}:latest" - echo "LATEST_TAGS=${LATEST_TAGS}" >> $GITHUB_ENV - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} ${EXTRA_TAGS} ${LATEST_TAGS} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/manager-compressor - env: - DOCKER_BUILDKIT: 1 - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Build and Publish + id: build_and_publish + uses: ./.github/actions/docker-build + with: + target: manager-compressor + builder: ${{ steps.buildx.outputs.name }} - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -149,13 +89,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "table" - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "template" template: "@/contrib/sarif.tpl" output: "trivy-results.sarif" diff --git a/.github/workflows/dockers-manager-index-image.yml b/.github/workflows/dockers-manager-index-image.yml index bf75e25fb7..f33a5e77da 100644 --- a/.github/workflows/dockers-manager-index-image.yml +++ b/.github/workflows/dockers-manager-index-image.yml @@ -65,13 +65,6 @@ jobs: uses: docker/setup-buildx-action@v1 with: buildkitd-flags: "--debug" - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-manager-index-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-manager-index- - name: Login to DockerHub uses: docker/login-action@v1 with: @@ -83,65 +76,12 @@ jobs: registry: ghcr.io username: ${{ secrets.PACKAGE_USER }} password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/manager-index` - alter_org=`make docker/name/org/alter` - alter_image_name=`make ORG="${alter_org}" docker/name/manager-index` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "ALTER_IMAGE_NAME=${alter_image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "nightly" > versions/VALD_VERSION - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64 - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Add extra tags - run: | - EXTRA_TAGS="-t ${ALTER_IMAGE_NAME}:${PRIMARY_TAG}" - echo "EXTRA_TAGS=${EXTRA_TAGS}" >> $GITHUB_ENV - - name: Add latest tags - if: startsWith( github.ref, 'refs/tags/') - run: | - LATEST_TAGS="-t ${IMAGE_NAME}:latest -t ${ALTER_IMAGE_NAME}:latest" - echo "LATEST_TAGS=${LATEST_TAGS}" >> $GITHUB_ENV - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} ${EXTRA_TAGS} ${LATEST_TAGS} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/manager-index - env: - DOCKER_BUILDKIT: 1 - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Build and Publish + id: build_and_publish + uses: ./.github/actions/docker-build + with: + target: manager-index + builder: ${{ steps.buildx.outputs.name }} - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -149,13 +89,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "table" - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "template" template: "@/contrib/sarif.tpl" output: "trivy-results.sarif" diff --git a/.github/workflows/dockers-meta-cassandra-image.yml b/.github/workflows/dockers-meta-cassandra-image.yml index 85e01b808e..ab808eb37e 100644 --- a/.github/workflows/dockers-meta-cassandra-image.yml +++ b/.github/workflows/dockers-meta-cassandra-image.yml @@ -67,13 +67,6 @@ jobs: uses: docker/setup-buildx-action@v1 with: buildkitd-flags: "--debug" - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-meta-cassandra-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-meta-cassandra- - name: Login to DockerHub uses: docker/login-action@v1 with: @@ -85,65 +78,12 @@ jobs: registry: ghcr.io username: ${{ secrets.PACKAGE_USER }} password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/meta-cassandra` - alter_org=`make docker/name/org/alter` - alter_image_name=`make ORG="${alter_org}" docker/name/meta-cassandra` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "ALTER_IMAGE_NAME=${alter_image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "nightly" > versions/VALD_VERSION - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64 - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Add extra tags - run: | - EXTRA_TAGS="-t ${ALTER_IMAGE_NAME}:${PRIMARY_TAG}" - echo "EXTRA_TAGS=${EXTRA_TAGS}" >> $GITHUB_ENV - - name: Add latest tags - if: startsWith( github.ref, 'refs/tags/') - run: | - LATEST_TAGS="-t ${IMAGE_NAME}:latest -t ${ALTER_IMAGE_NAME}:latest" - echo "LATEST_TAGS=${LATEST_TAGS}" >> $GITHUB_ENV - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} ${EXTRA_TAGS} ${LATEST_TAGS} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/meta-cassandra - env: - DOCKER_BUILDKIT: 1 - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Build and Publish + id: build_and_publish + uses: ./.github/actions/docker-build + with: + target: meta-cassandra + builder: ${{ steps.buildx.outputs.name }} - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -151,13 +91,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "table" - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "template" template: "@/contrib/sarif.tpl" output: "trivy-results.sarif" diff --git a/.github/workflows/dockers-meta-redis-image.yml b/.github/workflows/dockers-meta-redis-image.yml index 9ce8350980..2d798e0b31 100644 --- a/.github/workflows/dockers-meta-redis-image.yml +++ b/.github/workflows/dockers-meta-redis-image.yml @@ -67,13 +67,6 @@ jobs: uses: docker/setup-buildx-action@v1 with: buildkitd-flags: "--debug" - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-meta-redis-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-meta-redis- - name: Login to DockerHub uses: docker/login-action@v1 with: @@ -85,65 +78,12 @@ jobs: registry: ghcr.io username: ${{ secrets.PACKAGE_USER }} password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/meta-redis` - alter_org=`make docker/name/org/alter` - alter_image_name=`make ORG="${alter_org}" docker/name/meta-redis` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "ALTER_IMAGE_NAME=${alter_image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "nightly" > versions/VALD_VERSION - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64 - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - - name: Add extra tags - run: | - EXTRA_TAGS="-t ${ALTER_IMAGE_NAME}:${PRIMARY_TAG}" - echo "EXTRA_TAGS=${EXTRA_TAGS}" >> $GITHUB_ENV - - name: Add latest tags - if: startsWith( github.ref, 'refs/tags/') - run: | - LATEST_TAGS="-t ${IMAGE_NAME}:latest -t ${ALTER_IMAGE_NAME}:latest" - echo "LATEST_TAGS=${LATEST_TAGS}" >> $GITHUB_ENV - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} ${EXTRA_TAGS} ${LATEST_TAGS} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/meta-redis - env: - DOCKER_BUILDKIT: 1 - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Build and Publish + id: build_and_publish + uses: ./.github/actions/docker-build + with: + target: meta-redis + builder: ${{ steps.buildx.outputs.name }} - name: Initialize CodeQL if: startsWith( github.ref, 'refs/tags/') uses: github/codeql-action/init@v1 @@ -151,13 +91,13 @@ jobs: if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "table" - name: Run vulnerability scanner (sarif) if: startsWith( github.ref, 'refs/tags/') uses: aquasecurity/trivy-action@master with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}" format: "template" template: "@/contrib/sarif.tpl" output: "trivy-results.sarif"