From 0783d48753484a23741e1c7266c3847c514c98af Mon Sep 17 00:00:00 2001 From: Akhil Mohan Date: Fri, 5 Mar 2021 11:39:39 +0530 Subject: [PATCH] chore(build): add support to push to multiple registries (#11) - add support to push images to multiple registries - use ubuntu-latest in the workflow - use docker build-push action instead of scripts - update alpine version to 3.12.4 to mitigate some vulnerabilities marked as HIGH severity Signed-off-by: Akhil Mohan --- .github/workflows/build.yml | 58 ++++++++++++++++++++++++++---- .github/workflows/pull_request.yml | 11 ++++-- .github/workflows/release.yml | 58 +++++++++++++++++++++++++----- Dockerfile | 2 +- 4 files changed, 110 insertions(+), 19 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b266870..97c83af 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -22,7 +22,13 @@ jobs: - name: Checkout uses: actions/checkout@v2 - - name: Set tag + - name: Set Image Org + # sets the default IMAGE_ORG to openebs + run: | + [ -z "${{ secrets.IMAGE_ORG }}" ] && IMAGE_ORG=openebs || IMAGE_ORG=${{ secrets.IMAGE_ORG}} + echo "IMAGE_ORG=${IMAGE_ORG}" >> $GITHUB_ENV + + - name: Set CI Tag run: | BRANCH="${GITHUB_REF##*/}" CI_TAG=${BRANCH#v}-ci @@ -30,7 +36,28 @@ jobs: CI_TAG="ci" fi echo "TAG=${CI_TAG}" >> $GITHUB_ENV - echo "BRANCH=${BRANCH}" >> $GITHUB_ENV + + - name: Set Build Date + id: date + run: | + echo "::set-output name=DATE::$(date -u +'%Y-%m-%dT%H:%M:%S%Z')" + + - name: Docker meta + id: docker_meta + uses: crazy-max/ghaction-docker-meta@v1 + with: + # add each registry to which the image needs to be pushed here + images: | + ${{ env.IMAGE_ORG }}/linux-utils + quay.io/${{ env.IMAGE_ORG }}/linux-utils + tag-latest: false + tag-custom-only: true + tag-custom: | + ${{ env.TAG }} + + - name: Print Tags + run: | + echo "${{ steps.docker_meta.outputs.tags }}" - name: Setup QEMU uses: docker/setup-qemu-action@v1 @@ -49,13 +76,28 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Login to Quay + uses: docker/login-action@v1 + with: + registry: quay.io + username: ${{ secrets.QUAY_USERNAME }} + password: ${{ secrets.QUAY_TOKEN }} + - name: Build & Push Image - run: | - make buildx.image - make buildx.push + uses: docker/build-push-action@v2 + with: + file: ./Dockerfile + push: true + platforms: linux/amd64, linux/arm64, linux/arm/v7, linux/ppc64le + tags: | + ${{ steps.docker_meta.outputs.tags }} + build-args: | + DBUILD_DATE=${{ steps.date.outputs.DATE }} + DBUILD_REPO_URL=https://github.com/openebs/linux-utils + DBUILD_SITE_URL=https://openebs.io trivy: - runs-on: ubuntu-18.04 + runs-on: ubuntu-latest needs: ['linux-utils'] steps: - name: Checkout code @@ -64,7 +106,9 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: openebs/linux-utils:${{ env.TAG }} + # the tag will be always ci since only master branch is present + # in this repository + image-ref: 'openebs/linux-utils:ci' format: 'table' exit-code: '1' ignore-unfixed: true diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index c610487..ed2f5cd 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -40,9 +40,14 @@ jobs: version: v0.5.1 - name: Build Image - env: - IMG_RESULT: load - run: make buildx.image + uses: docker/build-push-action@v2 + with: + file: ./Dockerfile + push: false + load: true + platforms: linux/amd64 + tags: | + openebs/linux-utils:ci - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8a174db..e459071 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,12 +25,39 @@ jobs: - name: Checkout uses: actions/checkout@v1 - - name: Set Tag + - name: Set Image Org + # sets the default IMAGE_ORG to openebs + run: | + [ -z "${{ secrets.IMAGE_ORG }}" ] && IMAGE_ORG=openebs || IMAGE_ORG=${{ secrets.IMAGE_ORG}} + echo "IMAGE_ORG=${IMAGE_ORG}" >> $GITHUB_ENV + + - name: Set Release Tag run: | TAG="${GITHUB_REF#refs/*/v}" - echo "TAG=${TAG}" >> $GITHUB_ENV echo "RELEASE_TAG=${TAG}" >> $GITHUB_ENV + - name: Set Build Date + id: date + run: | + echo "::set-output name=DATE::$(date -u +'%Y-%m-%dT%H:%M:%S%Z')" + + - name: Docker meta + id: docker_meta + uses: crazy-max/ghaction-docker-meta@v1 + with: + # add each registry to which the image needs to be pushed here + images: | + ${{ env.IMAGE_ORG }}/linux-utils + quay.io/${{ env.IMAGE_ORG }}/linux-utils + tag-latest: true + tag-semver: | + {{version}} + + - name: Print Tags + run: | + echo "${{ steps.docker_meta.outputs.tags }}" + echo "RELEASE TAG: ${RELEASE_TAG}" + - name: Setup QEMU uses: docker/setup-qemu-action@v1 with: @@ -48,22 +75,37 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Login to Quay + uses: docker/login-action@v1 + with: + registry: quay.io + username: ${{ secrets.QUAY_USERNAME }} + password: ${{ secrets.QUAY_TOKEN }} + - name: Build & Push Image - run: | - make buildx.image - make buildx.push + uses: docker/build-push-action@v2 + with: + file: ./Dockerfile + push: true + platforms: linux/amd64, linux/arm64, linux/arm/v7, linux/ppc64le + tags: | + ${{ steps.docker_meta.outputs.tags }} + build-args: | + DBUILD_DATE=${{ steps.date.outputs.DATE }} + DBUILD_REPO_URL=https://github.com/openebs/linux-utils + DBUILD_SITE_URL=https://openebs.io + RELEASE_TAG=${RELEASE_TAG} trivy: - runs-on: ubuntu-18.04 + runs-on: ubuntu-latest needs: ['linux-utils'] steps: - name: Checkout code uses: actions/checkout@v2 - - name: Set Tag + - name: Set Release Tag run: | TAG="${GITHUB_REF#refs/*/v}" - echo "TAG=${TAG}" >> $GITHUB_ENV echo "RELEASE_TAG=${TAG}" >> $GITHUB_ENV - name: Run Trivy vulnerability scanner diff --git a/Dockerfile b/Dockerfile index 842613f..a746fe8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.12.0 +FROM alpine:3.12.4 RUN apk add --no-cache util-linux ARG DBUILD_DATE