🐛 cnspec v9 action (#867)

* fix cnspec container action Signed-off-by: Ivan Milchev <[email protected]> * setup buildx Signed-off-by: Ivan Milchev <[email protected]> * fix repo Signed-off-by: Ivan Milchev <[email protected]> * fix multi-arch publish Signed-off-by: Ivan Milchev <[email protected]> * use docker metadata action to generate tags Signed-off-by: Ivan Milchev <[email protected]> --------- Signed-off-by: Ivan Milchev <[email protected]>
mondoohq · Sep 27, 2023 · 9a127ce · 9a127ce
1 parent de06fcb
commit 9a127ce
Showing 1 changed file with 26 additions and 49 deletions.
diff --git a/.github/workflows/cnspec.yaml b/.github/workflows/cnspec.yaml
@@ -10,7 +10,7 @@ on:
         default: 'latest'
 
 env:
-  IMAGE: ghcr.io/mondoo-operator/cnspec
+  IMAGE: ghcr.io/mondoohq/mondoo-operator/cnspec
 
 jobs:
   build-cnspec:
@@ -22,70 +22,47 @@ jobs:
 
     strategy:
       matrix:
-        os: [linux]
-        arch: [amd64, arm64, arm]
-        tag:
-          - ${{ github.event.inputs.version }}
-          - ${{ github.event.inputs.version }}-rootless
-          - ${{ github.event.inputs.version }}-ubi-rootless
-          - ${{ github.event.inputs.version }}-ubi
+        suffix:
+          - ""
+          - -rootless
+          - -ubi-rootless
+          - -ubi
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
-      - name: Log into registry ${{ env.REGISTRY }}
+      - name: Log into registry ghcr.io
         uses: docker/login-action@v2
         with:
-          registry: ${{ env.REGISTRY }}
+          registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.IMAGE }}
+          tags: |
+            type=semver,pattern={{version}},value=${{ github.event.inputs.version }}
+            type=semver,pattern={{major}},value=${{ github.event.inputs.version }}
+            type=raw,value=latest
+          flavor: |
+            suffix=${{ matrix.suffix }},onlatest=true
+
       - name: Build and push cnspec image
         id: build-and-push-operator
         uses: docker/build-push-action@v4
         with:
           context: .
           file: cnspec.Dockerfile
           build-args: VERSION=${{ github.event.inputs.version }}
-          platforms: ${{ matrix.os }}/${{ matrix.arch }}
+          platforms: linux/amd64,linux/arm64,linux/arm
           push: true
           labels: ${{ steps.meta.outputs.labels }}
-          tags: ${{ env.IMAGE }}:${{ matrix.tag }}-${{ matrix.arch }}
-
-  push-virtual-tag:
-    name: Push multi-platform virtual tag
-    runs-on: ubuntu-latest
-    needs:
-      - build-cnspec
-
-    permissions:
-      contents: read
-      packages: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      # Login against a Docker registry except on PR
-      # https://github.com/docker/login-action
-      - name: Log into registry ${{ env.REGISTRY }}
-        uses: docker/login-action@v2
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      # Extract metadata (tags, labels) for Docker
-      # https://github.com/docker/metadata-action
-      - name: Extract Docker metadata
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: ${{ env.IMAGE }}
-
-      - name: Push multi-platform virtual tag and sign
-        run: bash scripts/push-virtual-tag.sh
-        env:
-          TAGS: ${{ steps.meta.outputs.tags }}
-          CPU_ARCHS: amd64 arm64 arm
+          tags: ${{ steps.meta.outputs.tags }}