Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

new(ci): add RC/prerelease support #2533

Merged
merged 9 commits into from
May 10, 2023
+203 −121
Merged

new(ci): add RC/prerelease support #2533

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
4a65ed1
new(ci): add RC/prerelease support
LucaGuerra May 4, 2023
c4ccbed
update(ci): react to release publishing, rewire variables
LucaGuerra May 8, 2023
51c79f8
update(ci): move release outputs declaration
LucaGuerra May 8, 2023
014b159
update(ci): move version computation logic to main jobs master/release
LucaGuerra May 8, 2023
25b7fdb
update(readme): add pre-release instructions to RELEASE.md
LucaGuerra May 8, 2023
282c243
update(docs): clarify release checking in the readme
LucaGuerra May 9, 2023
03f398b
update(ci): explicit branch name in action
LucaGuerra May 9, 2023
1c83531
update(ci): update needs for build docker
LucaGuerra May 9, 2023
227252e
update(ci): fail on non-semver release
LucaGuerra May 10, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 39 additions & 2 deletions .github/workflows/release.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,45 @@ name: Release Packages and Docker images
on:
push:
tags:
- '[0-9]+.[0-9]+.[0-9]+'
- '[0-9]+.[0-9]+.[0-9]+' # final release
- '[0-9]+.[0-9]+.[0-9]+-*' # prerelease/RC

# Checks if any concurrent jobs is running for release CI and eventually cancel it.
concurrency:
group: ci-release
cancel-in-progress: true

jobs:
release-settings:
runs-on: ubuntu-latest
steps:
- name: Get latest release
uses: rez0n/actions-github-release@v2.0
FedeDP marked this conversation as resolved.
Show resolved Hide resolved
id: latest_release
env:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.repository }}
type: "stable"

- name: Get settings for this release
id: get_settings
shell: python
run: |
LucaGuerra marked this conversation as resolved.
Show resolved Hide resolved
import os
is_prerelease = '-' in '${{ github.ref_name }}'

# Safeguard: you need to both set "latest" in GH and not have suffixes to overwrite latest
is_latest = '${{ steps.latest_release.outputs.release }}' == '${{ github.ref_name }}' and not is_prerelease

bucket_suffix = '-dev' if is_prerelease else ''

with open(os.environ['GITHUB_OUTPUT'], 'a') as ofp:
print(f'is_latest={is_latest}'.lower(), file=ofp)
print(f'bucket_suffix={bucket_suffix}', file=ofp)
outputs:
LucaGuerra marked this conversation as resolved.
Show resolved Hide resolved
is_latest: ${{ steps.get_settings.outputs.is_latest }}
FedeDP marked this conversation as resolved.
Show resolved Hide resolved
bucket_suffix: ${{ steps.get_settings.outputs.bucket_suffix }}

build-packages:
uses: falcosecurity/falco/.github/workflows/reusable_build_packages.yaml@master
with:
Expand All @@ -26,6 +57,7 @@ jobs:
needs: [build-packages, build-packages-arm64]
uses: falcosecurity/falco/.github/workflows/reusable_publish_packages.yaml@master
with:
bucket_suffix: ${{ steps.get_settings.outputs.bucket_suffix }}
LucaGuerra marked this conversation as resolved.
Show resolved Hide resolved
version: ${{ needs.build-packages.outputs.version }}
secrets: inherit

Expand All @@ -35,6 +67,8 @@ jobs:
uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master
with:
arch: x86_64
is_latest: ${{ needs.release-settings.outputs.is_latest == 'true' }}
bucket_suffix: ${{ steps.get_settings.outputs.bucket_suffix }}
version: ${{ needs.build-packages.outputs.version }}
secrets: inherit

Expand All @@ -43,11 +77,14 @@ jobs:
uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master
with:
arch: aarch64
is_latest: ${{ needs.release-settings.outputs.is_latest == 'true' }}
bucket_suffix: ${{ steps.get_settings.outputs.bucket_suffix }}
version: ${{ needs.build-packages.outputs.version }}
secrets: inherit

publish-docker:
needs: [build-docker, build-docker-arm64]
uses: falcosecurity/falco/.github/workflows/reusable_publish_docker.yaml@master
secrets: inherit

with:
is_latest: ${{ needs.release-settings.outputs.is_latest == 'true' }}
11 changes: 8 additions & 3 deletions .github/workflows/reusable_build_docker.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,11 @@ on:
description: 'Falco version extracted from userspace/falco/config_falco.h'
required: true
type: string
is_latest:
description: Update the latest tag with the new image
required: false
type: boolean
default: false

# Here we just build all docker images as tarballs,
# then we upload all the tarballs to be later downloaded by reusable_publish_docker workflow.
Expand Down Expand Up @@ -69,7 +74,7 @@ jobs:
outputs: type=docker,dest=/tmp/falco-driver-loader-${{ inputs.arch }}.tar

- name: Build no-driver latest image
if: ${{ github.ref_name != 'master' }}
if: ${{ inputs.is_latest }}
uses: docker/build-push-action@v3
with:
context: ${{ github.workspace }}/docker/no-driver/
Expand All @@ -84,7 +89,7 @@ jobs:
outputs: type=docker,dest=/tmp/falco-no-driver-latest-${{ inputs.arch }}.tar

- name: Build falco latest image
if: ${{ github.ref_name != 'master' }}
if: ${{ inputs.is_latest }}
uses: docker/build-push-action@v3
with:
context: ${{ github.workspace }}/docker/falco/
Expand All @@ -97,7 +102,7 @@ jobs:
outputs: type=docker,dest=/tmp/falco-latest-${{ inputs.arch }}.tar

- name: Build falco-driver-loader latest image
if: ${{ github.ref_name != 'master' }}
if: ${{ inputs.is_latest }}
uses: docker/build-push-action@v3
with:
context: ${{ github.workspace }}/docker/driver-loader/
Expand Down
22 changes: 14 additions & 8 deletions .github/workflows/reusable_publish_docker.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,12 @@
# This is a reusable workflow used by master and release CI
on:
workflow_call:
inputs:
is_latest:
description: Update the latest tag with the new image
required: false
type: boolean
default: false

permissions:
id-token: write
Expand Down Expand Up @@ -70,31 +76,31 @@ jobs:
push: true

- name: Create and push no-driver latest manifest
if: ${{ github.ref_name != 'master' }}
if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1
with:
inputs: falcosecurity/falco-no-driver:latest
images: falcosecurity/falco-no-driver:aarch64-latest,falcosecurity/falco-no-driver:x86_64-latest
push: true

- name: Create and push slim latest manifest
if: ${{ github.ref_name != 'master' }}
if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1
with:
inputs: falcosecurity/falco:latest-slim
images: falcosecurity/falco:aarch64-latest-slim,falcosecurity/falco:x86_64-latest-slim
push: true

- name: Create and push no-driver latest manifest for ecr
if: ${{ github.ref_name != 'master' }}
if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1
with:
inputs: public.ecr.aws/falcosecurity/falco-no-driver:latest
images: public.ecr.aws/falcosecurity/falco-no-driver:aarch64-latest,public.ecr.aws/falcosecurity/falco-no-driver:x86_64-latest
push: true

- name: Create and push slim latest manifest for ecr
if: ${{ github.ref_name != 'master' }}
if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1
with:
inputs: public.ecr.aws/falcosecurity/falco:latest-slim
Expand All @@ -116,15 +122,15 @@ jobs:
push: true

- name: Create and push falco latest manifest
if: ${{ github.ref_name != 'master' }}
if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1
with:
inputs: falcosecurity/falco:latest
images: falcosecurity/falco:aarch64-latest,falcosecurity/falco:x86_64-latest
push: true

- name: Create and push falco latest manifest for ecr
if: ${{ github.ref_name != 'master' }}
if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1
with:
inputs: public.ecr.aws/falcosecurity/falco:latest
Expand All @@ -146,15 +152,15 @@ jobs:
push: true

- name: Create and push falco-driver-loader latest manifest
if: ${{ github.ref_name != 'master' }}
if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1
with:
inputs: falcosecurity/falco-driver-loader:latest
images: falcosecurity/falco-driver-loader:aarch64-latest,falcosecurity/falco-driver-loader:x86_64-latest
push: true

- name: Create and push falco-driver-loader latest manifest for ecr
if: ${{ github.ref_name != 'master' }}
if: ${{ inputs.is_latest }}
uses: Noelware/docker-manifest-action@0.3.1
with:
inputs: public.ecr.aws/falcosecurity/falco-driver-loader:latest
Expand Down