diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..b25e7f8 --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,48 @@ +name: Build and Push docker images +on: + pull_request: + branches: + - main + paths: + - 'images/**' + push: + branches: + - main + paths: + - 'images/**' + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +jobs: + push-images: + strategy: + fail-fast: false + matrix: + architecture: [amd64, arm64] + runs-on: ${{ (matrix.arch == 'arm64' && 'actuated-arm64-8cpu-16gb') || 'ubuntu-22.04' }} + steps: + - name: Checkout repo + uses: actions/checkout@v3 + + - name: Login to Github Packages + if: ${{ github.event_name == 'push' }} + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Sets PUSH env var for main push + if: ${{ github.event_name == 'push' }} + run: | + echo "PUSH=true" >> $GITHUB_ENV + + - name: Build images + working-directory: ./images + run: | + make build-all + + + diff --git a/images/Makefile b/images/Makefile index 611c55c..9020d7a 100644 --- a/images/Makefile +++ b/images/Makefile @@ -1,9 +1,10 @@ DRY_RUN := false -REPOSITORY := falcosecurity/kernel-testing +PUSH := false +REPOSITORY := ghcr.io/falcosecurity/kernel-testing ARCH ?= $(shell uname -m) YAML_FILE := images.yaml -.PHONY: build-rootfs build-kernel docker-push generate-yaml build-all initrd-builder modernprobe-builder builder +.PHONY: build-rootfs build-kernel generate-yaml build-all initrd-builder modernprobe-builder builder builder: if [ "$(DRY_RUN)" = "true" ]; then \ @@ -11,6 +12,10 @@ builder: else \ echo "Building modernprobe-builder image"; \ docker build -t $(REPOSITORY)/builder:0.0.1-$(ARCH) builder; \ + if [ "$(PUSH)" = "true" ]; then \ + echo "Pushing image: $(REPOSITORY)/builder:0.0.1-$(ARCH)"; \ + docker push $(REPOSITORY)/builder:0.0.1-$(ARCH); \ + fi; \ fi modernprobe-builder: @@ -19,6 +24,10 @@ modernprobe-builder: else \ echo "Building modernprobe-builder image"; \ docker build -t $(REPOSITORY)/modernprobe-builder:0.0.1-$(ARCH) modernprobe-builder; \ + if [ "$(PUSH)" = "true" ]; then \ + echo "Pushing image: $(REPOSITORY)/modernprobe-builder:0.0.1-$(ARCH)"; \ + docker push $(REPOSITORY)/modernprobe-builder:0.0.1-$(ARCH); \ + fi; \ fi initrd-builder: @@ -39,6 +48,12 @@ build-rootfs: else \ echo "Building rootfs image: $$image"; \ docker build -t $$image $$rootfs_dir; \ + if [ "$(PUSH)" = "true" ]; then \ + echo "Pushing image: $$image"; \ + docker push $$image; \ + fi; \ + docker image rm -f $$image; \ + docker builder prune -f -a; \ fi; \ done @@ -52,16 +67,12 @@ build-kernel: initrd-builder else \ echo "Building kernel image: $$image"; \ docker build -t $$image -f $$kernel_dir/Dockerfile.kernel $$kernel_dir; \ - fi; \ - done - -docker-push: - @for image in $$(docker images --format "{{.Repository}}:{{.Tag}}" | grep "$(REPOSITORY)" | grep "$(ARCH)"); do \ - if [ "$(DRY_RUN)" = "true" ]; then \ - echo "Dry run: Pushing image: docker push $$image"; \ - else \ - echo "Pushing image: $$image"; \ - docker push $$image; \ + if [ "$(PUSH)" = "true" ]; then \ + echo "Pushing image: $$image"; \ + docker push $$image; \ + fi; \ + docker image rm -f $$image; \ + docker builder prune -f -a; \ fi; \ done @@ -79,6 +90,10 @@ docker-push: else \ echo "Building rootfs image: $$rootfs_image"; \ docker build -t $$rootfs_image $$rootfs_dir; \ + if [ "$(PUSH)" = "true" ]; then \ + echo "Pushing image: $$rootfs_image"; \ + docker push $$rootfs_image; \ + fi; \ fi; \ fi; \ if [ -n "$$kernel_dir" ]; then \ @@ -87,6 +102,10 @@ docker-push: else \ echo "Building kernel image: $$kernel_image"; \ docker build -t $$kernel_image -f $$kernel_dir/Dockerfile.kernel $$kernel_dir; \ + if [ "$(PUSH)" = "true" ]; then \ + echo "Pushing image: $$kernel_image"; \ + docker push $$kernel_image; \ + fi; \ fi; \ fi; @@ -102,4 +121,4 @@ generate-yaml: fi; \ done -build-all: build-rootfs build-kernel +build-all: build-kernel build-rootfs diff --git a/images/README.md b/images/README.md index 28cbbbb..71fa1ac 100644 --- a/images/README.md +++ b/images/README.md @@ -2,11 +2,10 @@ Makefile present in this directory is specifically designed to generate the static Docker images required by Ignite to run tests on different Linux distributions. The workflow provided by this Makefile is designed to be straightforward, consisting of three main commands: -1. `build-all`: This target builds all the necessary Docker images for the different versions and distributions required for testing with Firecracker. +1. `build-all`: This target builds all the necessary Docker images for the different versions and distributions required for testing with Firecracker. +Optionally, you can set `PUSH=true` env variable to push the resulting Docker images to a Docker Hub registry for easier distribution and access. -2. `docker-push`: Optionally, you can use this target to push the resulting Docker images to a Docker Hub registry for easier distribution and access. - -3. `generate-yaml`: This target allows you to generate a YAML file (`images.yaml`) containing the matrix of new image information. The generated YAML file can be conveniently copied to the variables file of Ansible to keep the test environment up to date. +2. `generate-yaml`: This target allows you to generate a YAML file (`images.yaml`) containing the matrix of new image information. The generated YAML file can be conveniently copied to the variables file of Ansible to keep the test environment up to date. ## Prerequisites @@ -73,6 +72,8 @@ You can customize the Makefile to suit your specific requirements. The variables - `DRY_RUN`: Set this variable to `true` for a dry run, where the build commands will be printed but not executed. +- `PUSH`: Set this variable to `true` when executing build to also push built image to remote registry. + - `REPOSITORY`: The Docker repository where the built images will be tagged and pushed. - `ARCH`: The architecture for which the images will be built. By default, it will use the output of `uname -p`.