diff --git a/.github/workflows/push_image.yml b/.github/workflows/push_image.yml index f2f1846bc17ccd9f66719e287f1150959ea78615..d101385b3590b251915bbd047b8063b5d558b8b0 100644 --- a/.github/workflows/push_image.yml +++ b/.github/workflows/push_image.yml @@ -1,14 +1,13 @@ name: Build and push to quay.io on: push: - branches: [ main ] + branches: [ main, workflow-test ] env: - REGISTRY_USER: netobserv+github_ci - REGISTRY: quay.io/netobserv - IMAGE: netobserv-ebpf-agent - ORG: netobserv - VERSION: main + WF_REGISTRY_USER: netobserv+github_ci + WF_ORG: netobserv + WF_MULTIARCH_TARGETS: amd64 arm64 ppc64le + WF_VERSION: ${{ github.ref_name }} jobs: push-image: @@ -29,10 +28,12 @@ jobs: - name: docker login to quay.io uses: docker/login-action@v2 with: - username: ${{ env.REGISTRY_USER }} + username: ${{ env.WF_REGISTRY_USER }} password: ${{ secrets.QUAY_SECRET }} registry: quay.io + - name: get short sha + run: echo "short_sha=$(git rev-parse --short HEAD)" >> $GITHUB_ENV - name: build and push manifest with images - run: IMAGE_ORG=${{ env.ORG }} VERSION=${{ env.VERSION }} make ci - - name: print image url - run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}" \ No newline at end of file + run: | + MULTIARCH_TARGETS="${{ env.WF_MULTIARCH_TARGETS }}" IMAGE_ORG=${{ env.WF_ORG }} VERSION=${{ env.WF_VERSION }} make images + MULTIARCH_TARGETS="${{ env.WF_MULTIARCH_TARGETS }}" IMAGE_ORG=${{ env.WF_ORG }} VERSION=${{ env.short_sha }} OCI_BUILD_OPTS="--label quay.expires-after=2w" make images diff --git a/.github/workflows/push_image_pr.yml b/.github/workflows/push_image_pr.yml index 812e52f7cfbcff6810fee658b38f91cb6705f520..f670434aa44873a98044a2df8893ae7f89126168 100644 --- a/.github/workflows/push_image_pr.yml +++ b/.github/workflows/push_image_pr.yml @@ -4,10 +4,10 @@ on: types: [labeled] env: - REGISTRY_USER: netobserv+github_ci - REGISTRY: quay.io/netobserv - IMAGE: netobserv-ebpf-agent - ORG: netobserv + WF_REGISTRY_USER: netobserv+github_ci + WF_REGISTRY: quay.io/netobserv + WF_IMAGE: netobserv-ebpf-agent + WF_ORG: netobserv jobs: push-pr-image: @@ -31,15 +31,13 @@ jobs: - name: docker login to quay.io uses: docker/login-action@v2 with: - username: ${{ env.REGISTRY_USER }} + username: ${{ env.WF_REGISTRY_USER }} password: ${{ secrets.QUAY_SECRET }} registry: quay.io - name: get short sha run: echo "short_sha=$(git rev-parse --short HEAD)" >> $GITHUB_ENV - - name: build and push images - run: IMAGE_ORG=${{ env.ORG }} IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.short_sha }} make images - - name: build and push manifest - run: IMAGE_ORG=${{ env.ORG }} IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.short_sha }} make ci-manifest + - name: build and push manifest with images + run: OCI_BUILD_OPTS="--label quay.expires-after=2w" IMAGE_ORG=${{ env.WF_ORG }} IMAGE=${{ env.WF_REGISTRY }}/${{ env.WF_IMAGE }}:${{ env.short_sha }} make images - uses: actions/github-script@v6 with: github-token: ${{secrets.GITHUB_TOKEN}} @@ -48,5 +46,5 @@ jobs: issue_number: context.issue.number, owner: context.repo.owner, repo: context.repo.repo, - body: 'New image: ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.short_sha }}. It will expire after two weeks.' + body: 'New image: ${{ env.WF_REGISTRY }}/${{ env.WF_IMAGE }}:${{ env.short_sha }}. It will expire after two weeks.' }) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ea18a8ca404aa0117f2d8b4c43009bba7c14203b..d9e1d6568d0da95d9e1ee36fe984376ce73c63f1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,16 +4,14 @@ on: tags: [v*] env: - REGISTRY_USER: netobserv+github_ci - REGISTRY_PASSWORD: ${{ secrets.QUAY_SECRET }} - REGISTRY: quay.io/netobserv - IMAGE: netobserv-ebpf-agent - IMAGE_ORG: netobserv + WF_REGISTRY_USER: netobserv+github_ci + WF_ORG: netobserv + WF_MULTIARCH_TARGETS: amd64 arm64 ppc64le jobs: push-image: name: push image - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest strategy: matrix: go: ['1.19'] @@ -40,10 +38,8 @@ jobs: - name: docker login to quay.io uses: docker/login-action@v2 with: - username: ${{ env.REGISTRY_USER }} - password: ${{ env.REGISTRY_PASSWORD }} + username: ${{ env.WF_REGISTRY_USER }} + password: ${{ secrets.QUAY_SECRET }} registry: quay.io - - name: build and push images - run: VERSION="${{ env.tag }}" make images - - name: print image url - run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}" + - name: build and push manifest with images + run: MULTIARCH_TARGETS="${{ env.WF_MULTIARCH_TARGETS }}" IMAGE_ORG=${{ env.WF_ORG }} VERSION=${{ env.tag }} make images diff --git a/.mk/shortcuts.mk b/.mk/shortcuts.mk index cea71037b061e8a9f6b4ce30ccde18a90c0f329b..a72a9d5a4512acfb741b4378f30f8f0e806f6620 100644 --- a/.mk/shortcuts.mk +++ b/.mk/shortcuts.mk @@ -17,15 +17,3 @@ push-manifest: manifest-push ## Push MULTIARCH_TARGETS manifest .PHONY: images images: image-build image-push manifest-build manifest-push ## Build and push MULTIARCH_TARGETS images and related manifest - -.PHONY: build-ci-manifest -build-ci-manifest: ci-manifest-build ## Build CI manifest - -.PHONY: push-ci-manifest -push-ci-manifest: ci-manifest-push ## Push CI manifest - -.PHONY: ci-manifest -ci-manifest: ci-manifest-build ci-manifest-push ## Build and push CI manifest - -.PHONY: ci -ci: images ci-manifest ## Build and push CI images and manifest \ No newline at end of file diff --git a/Makefile b/Makefile index 7229d47c9988ae53a7ff892a0e7a7d89c153355a..72d595b70d51d8e82676719d0d1f5ca00d963587 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ endif # Go architecture and targets images to build GOARCH ?= amd64 -MULTIARCH_TARGETS ?= amd64 arm64 ppc64le +MULTIARCH_TARGETS ?= amd64 # In CI, to be replaced by `netobserv` IMAGE_ORG ?= $(USER) @@ -28,10 +28,10 @@ IMAGE_TAG_BASE ?= quay.io/$(IMAGE_ORG)/netobserv-ebpf-agent # Image URL to use all building/pushing image targets IMAGE ?= $(IMAGE_TAG_BASE):$(VERSION) -IMAGE_SHA = $(IMAGE_TAG_BASE):$(BUILD_SHA) +OCI_BUILD_OPTS ?= -# Image building tool (docker / podman) -OCI_BIN_PATH := $(shell which podman || which docker) +# Image building tool (docker / podman) - docker is preferred in CI +OCI_BIN_PATH := $(shell which docker || which podman) OCI_BIN ?= $(shell basename ${OCI_BIN_PATH}) LOCAL_GENERATOR_IMAGE ?= ebpf-generator:latest @@ -49,7 +49,7 @@ EXCLUDE_COVERAGE_FILES="(/cmd/)|(bpf_bpfe)|(/examples/)|(/pkg/pbflow/)" # build a single arch target provided as argument define build_target echo 'building image for arch $(1)'; \ - DOCKER_BUILDKIT=1 $(OCI_BIN) buildx build --load --build-arg TARGETPLATFORM=linux/$(1) --build-arg TARGETARCH=$(1) --build-arg BUILDPLATFORM=linux/amd64 -t ${IMAGE}-$(1) -f Dockerfile .; + DOCKER_BUILDKIT=1 $(OCI_BIN) buildx build --load --build-arg TARGETPLATFORM=linux/$(1) --build-arg TARGETARCH=$(1) --build-arg BUILDPLATFORM=linux/amd64 ${OCI_BUILD_OPTS} -t ${IMAGE}-$(1) -f Dockerfile .; endef # push a single arch target image @@ -59,9 +59,9 @@ define push_target endef # manifest create a single arch target provided as argument -define manifest_create_target - echo 'manifest create for arch $(1)'; \ - DOCKER_BUILDKIT=1 $(OCI_BIN) manifest add ${IMAGE} ${IMAGE}-$(target); +define manifest_add_target + echo 'manifest add target $(1)'; \ + DOCKER_BUILDKIT=1 $(OCI_BIN) manifest add ${IMAGE} ${IMAGE}-$(1); endef ##@ General @@ -181,7 +181,7 @@ ifeq (${OCI_BIN}, docker) else trap 'exit' INT; \ DOCKER_BUILDKIT=1 $(OCI_BIN) manifest create ${IMAGE} ||: - $(foreach target,$(MULTIARCH_TARGETS),$(call manifest_create_target,$(target))) + $(foreach target,$(MULTIARCH_TARGETS),$(call manifest_add_target,$(target))) endif .PHONY: manifest-push @@ -193,21 +193,4 @@ else DOCKER_BUILDKIT=1 $(OCI_BIN) manifest push ${IMAGE} docker://${IMAGE}; endif -.PHONY: ci-manifest-build -ci-manifest-build: manifest-build ## Build CI manifest - $(OCI_BIN) build --build-arg BASE_IMAGE=$(IMAGE) -t $(IMAGE_SHA) -f scripts/shortlived.Dockerfile . -ifeq ($(VERSION), main) -# Also tag "latest" only for branch "main" - $(OCI_BIN) build -t $(IMAGE) -t $(IMAGE_TAG_BASE):latest -f scripts/shortlived.Dockerfile . -endif - -.PHONY: ci-manifest-push -ci-manifest-push: ## Push CI manifest - $(OCI_BIN) push $(IMAGE_SHA) -ifeq ($(VERSION), main) -# Also tag "latest" only for branch "main" - $(OCI_BIN) push ${IMAGE} - $(OCI_BIN) push $(IMAGE_TAG_BASE):latest -endif - include .mk/shortcuts.mk diff --git a/scripts/README.md b/scripts/README.md index 210dcf8371c06bfbc3e6e13028fd508c078ee524..fd589c0839d0f7f55f2364f86d41fee11086476a 100644 --- a/scripts/README.md +++ b/scripts/README.md @@ -9,10 +9,3 @@ to run this script unless you want to e.g. update any of them to a newer version Dockerfile for the eBPF binaries and Protobuf implementation generator. It is invoked from the root `Makefile`, in the `make docker-generate` target. - -## `shortlived.Dockerfile` - -Dockerfile to generate a short-lived image of the agent that corresponds to the commits in the -`main` branch of the project Git. - -The published images expire after 2 weeks. \ No newline at end of file diff --git a/scripts/shortlived.Dockerfile b/scripts/shortlived.Dockerfile deleted file mode 100644 index f9a62fca1fce17f421b6ff6a7441ba853643b1a6..0000000000000000000000000000000000000000 --- a/scripts/shortlived.Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -ARG BASE_IMAGE=quay.io/netobserv/netobserv-ebpf-agent:main -FROM $BASE_IMAGE -LABEL quay.expires-after=2w \ No newline at end of file