diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index d73cb84..a2d9cc6 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -1,20 +1,18 @@ name: ansible-lint on: - pull_request: + pull_request: jobs: - build: - name: Ansible Lint - runs-on: ubuntu-latest + build: + name: Ansible Lint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + with: + fetch-depth: 0 - steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - with: - fetch-depth: 0 - - - name: Run ansible-lint - # replace `main` with any valid ref, or tags like `v6` - uses: ansible/ansible-lint-action@v6.3.0 # the latest version has a bug that does not run in online mode - with: - path: "ansible-playbooks/" + - name: Run ansible-lint + uses: ansible/ansible-lint-action@v6.3.0 # the latest version has a bug that does not run in online mode + with: + path: "ansible-playbooks/" diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e62a697..d918deb 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,10 +1,5 @@ -name: Build and Push docker images +name: Main CI on: - pull_request: - branches: - - main - paths: - - 'images/**' push: branches: - main @@ -12,46 +7,14 @@ on: - 'images/**' concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + group: main_push_images cancel-in-progress: true jobs: - # Job responsible to test the build of the images and, only on main CI, to push them too. push-images: - strategy: - fail-fast: false - matrix: - arch: [amd64, arm64] - runs-on: ${{ (matrix.arch == 'arm64' && 'actuated-arm64-8cpu-16gb') || 'ubuntu-22.04' }} - steps: - - name: Checkout repo - uses: actions/checkout@v3 - - - name: Login to Github Packages - if: ${{ github.event_name == 'push' }} - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Sets PUSH env var for main push - if: ${{ github.event_name == 'push' }} - run: | - echo "PUSH=true" >> $GITHUB_ENV - - - name: Build images - working-directory: ./images - run: | - touch failed.txt - make build-all - - - name: Check failures - working-directory: ./images - run: | - if [ -s failed.txt ]; then - cat failed.txt - exit 1; - fi - - + uses: ./.github/workflows/reusable_build_images.yml + with: + push: true + is_latest: false + version: 'main' + secrets: inherit diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml new file mode 100644 index 0000000..cb393a1 --- /dev/null +++ b/.github/workflows/pr.yml @@ -0,0 +1,20 @@ +name: PR CI +on: + pull_request: + branches: + - main + paths: + - 'images/**' + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +jobs: + build-images: + uses: ./.github/workflows/reusable_build_images.yml + with: + push: false + is_latest: false + version: '${{ github.run_id }}' + secrets: inherit diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..84ef2b5 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,17 @@ +name: Release CI +on: + release: + types: [published] + +concurrency: + group: release_push_images + cancel-in-progress: true + +jobs: + release-images: + uses: ./.github/workflows/reusable_build_images.yml + with: + push: true + is_latest: true + version: ${{ github.event.release.tag_name }} + secrets: inherit diff --git a/.github/workflows/reusable_build_images.yml b/.github/workflows/reusable_build_images.yml new file mode 100644 index 0000000..0f49231 --- /dev/null +++ b/.github/workflows/reusable_build_images.yml @@ -0,0 +1,69 @@ +name: Build and Push docker images +on: + workflow_call: + inputs: + version: + description: 'docker images version to be built/tagged' + type: string + required: false + default: 'main' + push: + description: 'whether to push images or build only' + type: boolean + required: false + default: false + is_latest: + description: 'whether we need to also push latest images' + type: boolean + required: false + default: false + +jobs: + # Job responsible to test the build of the images and, only on main CI, to push them too. + build-images: + strategy: + fail-fast: false + matrix: + arch: [amd64, arm64] + runs-on: ${{ (matrix.arch == 'arm64' && 'actuated-arm64-8cpu-16gb') || 'ubuntu-22.04' }} + steps: + - name: Checkout repo + uses: actions/checkout@v3 + + - name: Login to Github Packages + if: inputs.push + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set PUSH env var + if: inputs.push + run: | + echo "PUSH=true" >> $GITHUB_ENV + + - name: Set LATEST env var + if: inputs.is_latest + run: | + echo "LATEST=true" >> $GITHUB_ENV + + - name: Set TAG env var + run: | + echo "TAG=${{ inputs.version }}" >> $GITHUB_ENV + + - name: Build images + working-directory: ./images + run: | + touch failed.txt + make build-all + + - name: Check failures + working-directory: ./images + run: | + if [ -s failed.txt ]; then + cat failed.txt + exit 1; + fi + + diff --git a/ansible-playbooks/group_vars/all/vars.yml b/ansible-playbooks/group_vars/all/vars.yml index 8dc3aeb..aceb149 100644 --- a/ansible-playbooks/group_vars/all/vars.yml +++ b/ansible-playbooks/group_vars/all/vars.yml @@ -10,43 +10,46 @@ user: root # Machine Configuration # ######################### +# Images version to be used. +version: main + # Each machine entry requires the following fields # name: the name given to the vm; # kernel: reference to an OCI image containing a kernel; # rootfs: reference to an OCI image used as base rootfs for the vm. # arch: architecture of the kernel and base images. (x86_64/aarch64). machines: - - {name: "amazonlinux2022-5.15", kernel: "therealbobo/amazonlinux2022-kernel:5.15-x86_64", rootfs: "therealbobo/amazonlinux2022-image:5.15-x86_64", arch: "x86_64"} # noqa: yaml[line-length] - - {name: "amazonlinux2023-6.1", kernel: "therealbobo/amazonlinux2023-kernel:6.1-x86_64", rootfs: "therealbobo/amazonlinux2023-image:6.1-x86_64", arch: "x86_64"} # noqa: yaml[line-length] - - {name: "amazonlinux2-4.19", kernel: "therealbobo/amazonlinux2-kernel:4.19-x86_64", rootfs: "therealbobo/amazonlinux2-image:4.19-x86_64", arch: "x86_64"} - - {name: "amazonlinux2-5.10", kernel: "therealbobo/amazonlinux2-kernel:5.10-x86_64", rootfs: "therealbobo/amazonlinux2-image:5.10-x86_64", arch: "x86_64"} - - {name: "amazonlinux2-5.15", kernel: "therealbobo/amazonlinux2-kernel:5.15-x86_64", rootfs: "therealbobo/amazonlinux2-image:5.15-x86_64", arch: "x86_64"} - - {name: "amazonlinux2-5.4", kernel: "therealbobo/amazonlinux2-kernel:5.4-x86_64", rootfs: "therealbobo/amazonlinux2-image:5.4-x86_64", arch: "x86_64"} - - {name: "archlinux-6.0", kernel: "therealbobo/archlinux-kernel:6.0-x86_64", rootfs: "therealbobo/archlinux-image:6.0-x86_64", arch: "x86_64"} - - {name: "centos-3.10", kernel: "therealbobo/centos-kernel:3.10-x86_64", rootfs: "therealbobo/centos-image:3.10-x86_64", arch: "x86_64"} - - {name: "centos-4.18", kernel: "therealbobo/centos-kernel:4.18-x86_64", rootfs: "therealbobo/centos-image:4.18-x86_64", arch: "x86_64"} - - {name: "centos-5.14", kernel: "therealbobo/centos-kernel:5.14-x86_64", rootfs: "therealbobo/centos-image:5.14-x86_64", arch: "x86_64"} - - {name: "fedora-5.17", kernel: "therealbobo/fedora-kernel:5.17-x86_64", rootfs: "therealbobo/fedora-image:5.17-x86_64", arch: "x86_64"} - - {name: "fedora-5.8", kernel: "therealbobo/fedora-kernel:5.8-x86_64", rootfs: "therealbobo/fedora-image:5.8-x86_64", arch: "x86_64"} - - {name: "fedora-6.2", kernel: "therealbobo/fedora-kernel:6.2-x86_64", rootfs: "therealbobo/fedora-image:6.2-x86_64", arch: "x86_64"} - - {name: "oraclelinux-3.10", kernel: "therealbobo/oraclelinux-kernel:3.10-x86_64", rootfs: "therealbobo/oraclelinux-image:3.10-x86_64", arch: "x86_64"} - - {name: "oraclelinux-4.14", kernel: "therealbobo/oraclelinux-kernel:4.14-x86_64", rootfs: "therealbobo/oraclelinux-image:4.14-x86_64", arch: "x86_64"} - - {name: "oraclelinux-5.15", kernel: "therealbobo/oraclelinux-kernel:5.15-x86_64", rootfs: "therealbobo/oraclelinux-image:5.15-x86_64", arch: "x86_64"} - - {name: "oraclelinux-5.4", kernel: "therealbobo/oraclelinux-kernel:5.4-x86_64", rootfs: "therealbobo/oraclelinux-image:5.4-x86_64", arch: "x86_64"} - - {name: "ubuntu-4.15", kernel: "therealbobo/ubuntu-kernel:4.15-x86_64", rootfs: "therealbobo/ubuntu-image:4.15-x86_64", arch: "x86_64"} - - {name: "ubuntu-6.3", kernel: "therealbobo/ubuntu-kernel:6.3-x86_64", rootfs: "therealbobo/ubuntu-image:6.3-x86_64", arch: "x86_64"} - - {name: "amazonlinux2022-5.15", kernel: "therealbobo/amazonlinux2022-kernel:5.15-aarch64", rootfs: "therealbobo/amazonlinux2022-image:5.15-aarch64", arch: "aarch64"} # noqa: yaml[line-length] - - {name: "amazonlinux2-5.4", kernel: "therealbobo/amazonlinux2-kernel:5.4-aarch64", rootfs: "therealbobo/amazonlinux2-image:5.4-aarch64", arch: "aarch64"} - - {name: "fedora-6.2", kernel: "therealbobo/fedora-kernel:6.2-aarch64", rootfs: "therealbobo/fedora-image:6.2-aarch64", arch: "aarch64"} - - {name: "oraclelinux-4.14", kernel: "therealbobo/oraclelinux-kernel:4.14-aarch64", rootfs: "therealbobo/oraclelinux-image:4.14-aarch64", arch: "aarch64"} - - {name: "oraclelinux-5.15", kernel: "therealbobo/oraclelinux-kernel:5.15-aarch64", rootfs: "therealbobo/oraclelinux-image:5.15-aarch64", arch: "aarch64"} - - {name: "ubuntu-6.3", kernel: "therealbobo/ubuntu-kernel:6.3-aarch64", rootfs: "therealbobo/ubuntu-image:6.3-aarch64", arch: "aarch64"} + - {name: "amazonlinux2022-5.15", kernel: "therealbobo/amazonlinux2022-kernel:5.15-x86_64-{{ version }}", rootfs: "therealbobo/amazonlinux2022-image:5.15-x86_64-{{ version }}", arch: "x86_64"} # noqa: yaml[line-length] + - {name: "amazonlinux2023-6.1", kernel: "therealbobo/amazonlinux2023-kernel:6.1-x86_64-{{ version }}", rootfs: "therealbobo/amazonlinux2023-image:6.1-x86_64-{{ version }}", arch: "x86_64"} # noqa: yaml[line-length] + - {name: "amazonlinux2-4.19", kernel: "therealbobo/amazonlinux2-kernel:4.19-x86_64-{{ version }}", rootfs: "therealbobo/amazonlinux2-image:4.19-x86_64-{{ version }}", arch: "x86_64"} + - {name: "amazonlinux2-5.10", kernel: "therealbobo/amazonlinux2-kernel:5.10-x86_64-{{ version }}", rootfs: "therealbobo/amazonlinux2-image:5.10-x86_64-{{ version }}", arch: "x86_64"} + - {name: "amazonlinux2-5.15", kernel: "therealbobo/amazonlinux2-kernel:5.15-x86_64-{{ version }}", rootfs: "therealbobo/amazonlinux2-image:5.15-x86_64-{{ version }}", arch: "x86_64"} + - {name: "amazonlinux2-5.4", kernel: "therealbobo/amazonlinux2-kernel:5.4-x86_64-{{ version }}", rootfs: "therealbobo/amazonlinux2-image:5.4-x86_64-{{ version }}", arch: "x86_64"} + - {name: "archlinux-6.0", kernel: "therealbobo/archlinux-kernel:6.0-x86_64-{{ version }}", rootfs: "therealbobo/archlinux-image:6.0-x86_64-{{ version }}", arch: "x86_64"} + - {name: "centos-3.10", kernel: "therealbobo/centos-kernel:3.10-x86_64-{{ version }}", rootfs: "therealbobo/centos-image:3.10-x86_64-{{ version }}", arch: "x86_64"} + - {name: "centos-4.18", kernel: "therealbobo/centos-kernel:4.18-x86_64-{{ version }}", rootfs: "therealbobo/centos-image:4.18-x86_64-{{ version }}", arch: "x86_64"} + - {name: "centos-5.14", kernel: "therealbobo/centos-kernel:5.14-x86_64-{{ version }}", rootfs: "therealbobo/centos-image:5.14-x86_64-{{ version }}", arch: "x86_64"} + - {name: "fedora-5.17", kernel: "therealbobo/fedora-kernel:5.17-x86_64-{{ version }}", rootfs: "therealbobo/fedora-image:5.17-x86_64-{{ version }}", arch: "x86_64"} + - {name: "fedora-5.8", kernel: "therealbobo/fedora-kernel:5.8-x86_64-{{ version }}", rootfs: "therealbobo/fedora-image:5.8-x86_64-{{ version }}", arch: "x86_64"} + - {name: "fedora-6.2", kernel: "therealbobo/fedora-kernel:6.2-x86_64-{{ version }}", rootfs: "therealbobo/fedora-image:6.2-x86_64-{{ version }}", arch: "x86_64"} + - {name: "oraclelinux-3.10", kernel: "therealbobo/oraclelinux-kernel:3.10-x86_64-{{ version }}", rootfs: "therealbobo/oraclelinux-image:3.10-x86_64-{{ version }}", arch: "x86_64"} + - {name: "oraclelinux-4.14", kernel: "therealbobo/oraclelinux-kernel:4.14-x86_64-{{ version }}", rootfs: "therealbobo/oraclelinux-image:4.14-x86_64-{{ version }}", arch: "x86_64"} + - {name: "oraclelinux-5.15", kernel: "therealbobo/oraclelinux-kernel:5.15-x86_64-{{ version }}", rootfs: "therealbobo/oraclelinux-image:5.15-x86_64-{{ version }}", arch: "x86_64"} + - {name: "oraclelinux-5.4", kernel: "therealbobo/oraclelinux-kernel:5.4-x86_64-{{ version }}", rootfs: "therealbobo/oraclelinux-image:5.4-x86_64-{{ version }}", arch: "x86_64"} + - {name: "ubuntu-4.15", kernel: "therealbobo/ubuntu-kernel:4.15-x86_64-{{ version }}", rootfs: "therealbobo/ubuntu-image:4.15-x86_64-{{ version }}", arch: "x86_64"} + - {name: "ubuntu-6.3", kernel: "therealbobo/ubuntu-kernel:6.3-x86_64-{{ version }}", rootfs: "therealbobo/ubuntu-image:6.3-x86_64-{{ version }}", arch: "x86_64"} + - {name: "amazonlinux2022-5.15", kernel: "therealbobo/amazonlinux2022-kernel:5.15-aarch64-{{ version }}", rootfs: "therealbobo/amazonlinux2022-image:5.15-aarch64-{{ version }}", arch: "aarch64"} # noqa: yaml[line-length] + - {name: "amazonlinux2-5.4", kernel: "therealbobo/amazonlinux2-kernel:5.4-aarch64-{{ version }}", rootfs: "therealbobo/amazonlinux2-image:5.4-aarch64-{{ version }}", arch: "aarch64"} + - {name: "fedora-6.2", kernel: "therealbobo/fedora-kernel:6.2-aarch64-{{ version }}", rootfs: "therealbobo/fedora-image:6.2-aarch64-{{ version }}", arch: "aarch64"} + - {name: "oraclelinux-4.14", kernel: "therealbobo/oraclelinux-kernel:4.14-aarch64-{{ version }}", rootfs: "therealbobo/oraclelinux-image:4.14-aarch64-{{ version }}", arch: "aarch64"} + - {name: "oraclelinux-5.15", kernel: "therealbobo/oraclelinux-kernel:5.15-aarch64-{{ version }}", rootfs: "therealbobo/oraclelinux-image:5.15-aarch64-{{ version }}", arch: "aarch64"} + - {name: "ubuntu-6.3", kernel: "therealbobo/ubuntu-kernel:6.3-aarch64-{{ version }}", rootfs: "therealbobo/ubuntu-image:6.3-aarch64-{{ version }}", arch: "aarch64"} builders: - - {name: "centos-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "therealbobo/builder:0.0.1-x86_64", arch: "x86_64"} - - {name: "fedora-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "therealbobo/modernprobe-builder:0.0.1-x86_64", arch: "x86_64"} - - {name: "centos-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "therealbobo/builder:0.0.1-aarch64", arch: "aarch64"} - - {name: "fedora-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "therealbobo/modernprobe-builder:0.0.1-aarch64", arch: "aarch64"} + - {name: "centos-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "therealbobo/builder:0.0.1-x86_64-{{ version }}", arch: "x86_64"} + - {name: "fedora-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "therealbobo/modernprobe-builder:0.0.1-x86_64-{{ version }}", arch: "x86_64"} + - {name: "centos-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "therealbobo/builder:0.0.1-aarch64-{{ version }}", arch: "aarch64"} + - {name: "fedora-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "therealbobo/modernprobe-builder:0.0.1-aarch64-{{ version }}", arch: "aarch64"} output_dir: "~/ansible_output" # Number of cpus. diff --git a/images/Makefile b/images/Makefile index 49d9c6f..91365be 100644 --- a/images/Makefile +++ b/images/Makefile @@ -1,5 +1,7 @@ DRY_RUN := false PUSH := false +LATEST := false +TAG ?= main REPOSITORY := ghcr.io/falcosecurity/kernel-testing ARCH ?= $(shell uname -m) YAML_FILE := images.yaml @@ -8,28 +10,41 @@ YAML_FILE := images.yaml builder: if [ "$(DRY_RUN)" = "true" ]; then \ - echo "Dry run: Building builder image: docker build -t $(REPOSITORY)/builder:0.0.1-$(ARCH) builder"; \ + echo "Dry run: Building builder image: docker build -t $(REPOSITORY)/builder:$(ARCH)-$(TAG)"; \ else \ echo "Building modernprobe-builder image"; \ - docker build -t $(REPOSITORY)/builder:0.0.1-$(ARCH) builder || echo "FAIL: builder" >> failed.txt; \ + image=$(REPOSITORY)/builder:$(ARCH); \ + docker build -t $$image-$(TAG) builder || echo "FAIL: $$image-$(TAG)" >> failed.txt; \ if [ "$(PUSH)" = "true" ]; then \ - echo "Pushing image: $(REPOSITORY)/builder:0.0.1-$(ARCH)"; \ - docker push $(REPOSITORY)/builder:0.0.1-$(ARCH); \ + echo "Pushing image: $$image-$(TAG)"; \ + docker push $$image-$(TAG); \ + if [ "$(LATEST)" = "true" ]; then \ + echo "Pushing image: $$image-latest"; \ + docker tag $$image-$(TAG) $$image-latest; \ + docker push $$image-latest; \ + fi; \ fi; \ fi modernprobe-builder: if [ "$(DRY_RUN)" = "true" ]; then \ - echo "Dry run: Building modernprobe-builder image: docker build -t $(REPOSITORY)/modernprobe-builder:0.0.1-$(ARCH) modernprobe-builder"; \ + echo "Dry run: Building modernprobe-builder image: docker build -t $(REPOSITORY)/modernprobe-builder:$(TAG)-$(ARCH) modernprobe-builder"; \ else \ echo "Building modernprobe-builder image"; \ - docker build -t $(REPOSITORY)/modernprobe-builder:0.0.1-$(ARCH) modernprobe-builder || echo "FAIL: modernprobe-builder" >> failed.txt; \ + image=$(REPOSITORY)/modernprobe-builder:$(ARCH); \ + docker build -t $$image-$(TAG) modernprobe-builder || echo "FAIL: $$image-$(TAG)" >> failed.txt; \ if [ "$(PUSH)" = "true" ]; then \ - echo "Pushing image: $(REPOSITORY)/modernprobe-builder:0.0.1-$(ARCH)"; \ - docker push $(REPOSITORY)/modernprobe-builder:0.0.1-$(ARCH); \ + echo "Pushing image: $$image-$(TAG)"; \ + docker push $$image-$(TAG); \ + if [ "$(LATEST)" = "true" ]; then \ + echo "Pushing image: $$image-latest"; \ + docker tag $$image-$(TAG) $$image-latest; \ + docker push $$image-latest; \ + fi; \ fi; \ fi +# No need to push intrd-builder image; it is just used locally as base to other images. initrd-builder: if [ "$(DRY_RUN)" = "true" ]; then \ echo "Dry run: Building initrd-builder image: docker build -t initrd-builder:0.0.1 initrd-builder"; \ @@ -44,15 +59,21 @@ build-rootfs: distro=$$(basename $$(dirname $$rootfs_dir)); \ image=$(REPOSITORY)/$$distro-image:$$version-$(ARCH); \ if [ "$(DRY_RUN)" = "true" ]; then \ - echo "Dry run: Building rootfs image: docker build -t $$image $$rootfs_dir"; \ + echo "Dry run: Building rootfs image: docker build -t $$image-$(TAG) $$rootfs_dir"; \ else \ - echo "Building rootfs image: $$image"; \ - docker build -t $$image $$rootfs_dir || echo "FAIL: $$image" >> failed.txt; \ + echo "Building rootfs image: $$image-$(TAG)"; \ + docker build -t $$image-$(TAG) $$rootfs_dir || echo "FAIL: $$image-$(TAG)" >> failed.txt; \ if [ "$(PUSH)" = "true" ]; then \ - echo "Pushing image: $$image"; \ - docker push $$image; \ + echo "Pushing image: $$image-$(TAG)"; \ + docker push $$image-$(TAG); \ + if [ "$(LATEST)" = "true" ]; then \ + echo "Pushing image: $$image-latest"; \ + docker tag $$image-$(TAG) $$image-latest; \ + docker push $$image-latest; \ + fi; \ fi; \ - docker image rm -f $$image; \ + docker image rm -f $$image-$(TAG); \ + docker image rm -f $$image-latest; \ docker builder prune -f -a; \ fi; \ done @@ -63,15 +84,21 @@ build-kernel: initrd-builder distro=$$(basename $$(dirname $$kernel_dir)); \ image=$(REPOSITORY)/$$distro-kernel:$$version-$(ARCH); \ if [ "$(DRY_RUN)" = "true" ]; then \ - echo "Dry run: Building kernel image: docker build -t $$image -f $$kernel_dir/Dockerfile.kernel $$kernel_dir"; \ + echo "Dry run: Building kernel image: docker build -t $$image-$(TAG) -f $$kernel_dir/Dockerfile.kernel $$kernel_dir"; \ else \ - echo "Building kernel image: $$image"; \ - docker build -t $$image -f $$kernel_dir/Dockerfile.kernel $$kernel_dir || echo "FAIL: $$image" >> failed.txt; \ + echo "Building kernel image: $$image-$(TAG)"; \ + docker build -t $$image-$(TAG) -f $$kernel_dir/Dockerfile.kernel $$kernel_dir || echo "FAIL: $$image-$(TAG)" >> failed.txt; \ if [ "$(PUSH)" = "true" ]; then \ - echo "Pushing image: $$image"; \ - docker push $$image; \ + echo "Pushing image: $$image-$(TAG)"; \ + docker push $$image-$(TAG); \ + if [ "$(LATEST)" = "true" ]; then \ + echo "Pushing image: $$image-latest"; \ + docker tag $$image-$(TAG) $$image-latest; \ + docker push $$image-latest; \ + fi; \ fi; \ - docker image rm -f $$image; \ + docker image rm -f $$image-$(TAG); \ + docker image rm -f $$image-latest; \ docker builder prune -f -a; \ fi; \ done