diff --git a/.github/workflows/master.yaml b/.github/workflows/master.yaml index d1bbc8ee..99949138 100644 --- a/.github/workflows/master.yaml +++ b/.github/workflows/master.yaml @@ -14,8 +14,31 @@ jobs: echo "RELEASE_VERSION=master" >> $GITHUB_ENV echo "RELEASE_COMMIT=$(git rev-parse --verify HEAD)" >> $GITHUB_ENV echo "RELEASE_DATE=$(date --iso-8601=seconds)" >> $GITHUB_ENV - - name: docker build - run: make docker-build-operator IMG=humio/humio-operator:${{ env.RELEASE_VERSION }} IMG_BUILD_ARGS="--label version=${{ env.RELEASE_VERSION }} --label release=${{ github.run_id }} --build-arg RELEASE_VERSION=${{ env.RELEASE_VERSION }} --build-arg RELEASE_COMMIT=${{ env.RELEASE_COMMIT }} --build-arg RELEASE_DATE=${{ env.RELEASE_DATE }}" + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Build but don't push + uses: docker/build-push-action@v5 + with: + context: . + # Because we use a container scanner pre-push we don't specify platform here so only the runner platform builds + # platforms: linux/amd64,linux/arm64 + load: true + tags: ${{ github.repository_owner }}/humio-operator:${{ env.RELEASE_VERSION }} + labels: | + version=${{ env.RELEASE_VERSION }} + release=${{ github.run_id }} + build-args: | + RELEASE_VERSION=${{ env.RELEASE_VERSION }} + RELEASE_COMMIT=${{ env.RELEASE_COMMIT }} + RELEASE_DATE=${{ env.RELEASE_DATE }} + cache-to: type=local,type=registry,type=gha - name: Set up Python uses: actions/setup-python@v5 - name: Install dependencies @@ -25,24 +48,32 @@ jobs: python -m pip install --upgrade retry pip install retry - name: CrowdStrike Container Image Scan Operator + if: github.repository_owner == 'humio' uses: crowdstrike/container-image-scan-action@v1 with: falcon_client_id: 1cd30708cb31442f85a6eec83279fe7b - container_repository: humio/humio-operator + container_repository: ${{ github.repository_owner }}/humio-operator container_tag: ${{ env.RELEASE_VERSION }} env: FALCON_CLIENT_SECRET: "${{ secrets.FALCON_CLIENT_SECRET }}" - - name: Login to DockerHub - uses: docker/login-action@v3 + - name: Build and push + uses: docker/build-push-action@v5 with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - name: docker tag - run: docker tag humio/humio-operator:${{ env.RELEASE_VERSION }} humio/humio-operator:${{ env.RELEASE_COMMIT }} - - name: docker push - run: | - make docker-push IMG=humio/humio-operator:${{ env.RELEASE_VERSION }} - make docker-push IMG=humio/humio-operator:${{ env.RELEASE_COMMIT }} + context: . + platforms: linux/amd64,linux/arm64 + push: true + tags: | + ${{ github.repository_owner }}/humio-operator:${{ env.RELEASE_VERSION }} + ${{ github.repository_owner }}/humio-operator:${{ env.RELEASE_COMMIT }} + labels: | + version=${{ env.RELEASE_VERSION }} + release=${{ github.run_id }} + build-args: | + RELEASE_VERSION=${{ env.RELEASE_VERSION }} + RELEASE_COMMIT=${{ env.RELEASE_COMMIT }} + RELEASE_DATE=${{ env.RELEASE_DATE }} + cache-from: type=gha, mode=max + cache-to: type=gha build-and-publish-helper: name: Build and Publish Helperimage runs-on: ubuntu-latest @@ -54,7 +85,7 @@ jobs: echo "RELEASE_COMMIT=$(git rev-parse --verify HEAD)" >> $GITHUB_ENV echo "RELEASE_DATE=$(date --iso-8601=seconds)" >> $GITHUB_ENV - name: docker build - run: make docker-build-helper IMG=humio/humio-operator-helper:${{ env.RELEASE_VERSION }} IMG_BUILD_ARGS="--label version=${{ env.RELEASE_VERSION }} --label release=${{ github.run_id }} --build-arg RELEASE_VERSION=${{ env.RELEASE_VERSION }} --build-arg RELEASE_COMMIT=${{ env.RELEASE_COMMIT }} --build-arg RELEASE_DATE=${{ env.RELEASE_DATE }}" + run: make docker-build-helper IMG=${{ github.repository_owner }}/humio-operator-helper:${{ env.RELEASE_VERSION }} IMG_BUILD_ARGS="--label version=${{ env.RELEASE_VERSION }} --label release=${{ github.run_id }} --build-arg RELEASE_VERSION=${{ env.RELEASE_VERSION }} --build-arg RELEASE_COMMIT=${{ env.RELEASE_COMMIT }} --build-arg RELEASE_DATE=${{ env.RELEASE_DATE }}" - name: Set up Python uses: actions/setup-python@v5 - name: Install dependencies @@ -64,10 +95,11 @@ jobs: python -m pip install --upgrade retry pip install retry - name: CrowdStrike Container Image Scan Operator Helper + if: github.repository_owner == 'humio' uses: crowdstrike/container-image-scan-action@v1 with: falcon_client_id: 1cd30708cb31442f85a6eec83279fe7b - container_repository: humio/humio-operator-helper + container_repository: ${{ github.repository_owner }}/humio-operator-helper container_tag: ${{ env.RELEASE_VERSION }} env: FALCON_CLIENT_SECRET: "${{ secrets.FALCON_CLIENT_SECRET }}" @@ -77,8 +109,8 @@ jobs: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: docker tag - run: docker tag humio/humio-operator-helper:${{ env.RELEASE_VERSION }} humio/humio-operator-helper:${{ env.RELEASE_COMMIT }} + run: docker tag ${{ github.repository_owner }}/humio-operator-helper:${{ env.RELEASE_VERSION }} ${{ github.repository_owner }}/humio-operator-helper:${{ env.RELEASE_COMMIT }} - name: docker push run: | - make docker-push IMG=humio/humio-operator-helper:${{ env.RELEASE_VERSION }} - make docker-push IMG=humio/humio-operator-helper:${{ env.RELEASE_COMMIT }} + make docker-push IMG=${{ github.repository_owner }}/humio-operator-helper:${{ env.RELEASE_VERSION }} + make docker-push IMG=${{ github.repository_owner }}/humio-operator-helper:${{ env.RELEASE_COMMIT }} diff --git a/.github/workflows/release-container-image.yaml b/.github/workflows/release-container-image.yaml index 9bc78539..6a55da2d 100644 --- a/.github/workflows/release-container-image.yaml +++ b/.github/workflows/release-container-image.yaml @@ -9,6 +9,8 @@ jobs: build-and-publish: name: Test, Build and Publish runs-on: ubuntu-latest + permissions: + contents: write steps: - uses: actions/checkout@v4 - name: Set version information @@ -16,13 +18,31 @@ jobs: echo "RELEASE_VERSION=$(cat VERSION)" >> $GITHUB_ENV echo "RELEASE_COMMIT=$(git rev-parse --verify HEAD)" >> $GITHUB_ENV echo "RELEASE_DATE=$(date --iso-8601=seconds)" >> $GITHUB_ENV - - name: Login to DockerHub + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Login to Docker Hub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - - name: docker build - run: make docker-build-operator IMG=humio/humio-operator:${{ env.RELEASE_VERSION }} IMG_BUILD_ARGS="--label version=${{ env.RELEASE_VERSION }} --label release=${{ github.run_id }} --build-arg RELEASE_VERSION=${{ env.RELEASE_VERSION }} --build-arg RELEASE_COMMIT=${{ env.RELEASE_COMMIT }} --build-arg RELEASE_DATE=${{ env.RELEASE_DATE }}" + - name: Build but don't push + uses: docker/build-push-action@v5 + with: + context: . + # Because we use a container scanner pre-push we don't specify platform here so only the runner platform builds + # platforms: linux/amd64,linux/arm64 + load: true + tags: ${{ github.repository_owner }}/humio-operator:${{ env.RELEASE_VERSION }} + labels: | + version=${{ env.RELEASE_VERSION }} + release=${{ github.run_id }} + build-args: | + RELEASE_VERSION=${{ env.RELEASE_VERSION }} + RELEASE_COMMIT=${{ env.RELEASE_COMMIT }} + RELEASE_DATE=${{ env.RELEASE_DATE }} + cache-to: type=local,type=registry,type=gha - name: Set up Python uses: actions/setup-python@v5 - name: Install dependencies @@ -32,18 +52,35 @@ jobs: python -m pip install --upgrade retry pip install retry - name: CrowdStrike Container Image Scan Operator + if: github.repository_owner == 'humio' uses: crowdstrike/container-image-scan-action@v1 with: falcon_client_id: 1cd30708cb31442f85a6eec83279fe7b - container_repository: humio/humio-operator + container_repository: ${{ github.repository_owner }}/humio-operator container_tag: ${{ env.RELEASE_VERSION }} env: FALCON_CLIENT_SECRET: "${{ secrets.FALCON_CLIENT_SECRET }}" - - name: docker push - run: make docker-push IMG=humio/humio-operator:${{ env.RELEASE_VERSION }} + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: . + platforms: linux/amd64,linux/arm64 + push: true + tags: ${{ github.repository_owner }}/humio-operator:${{ env.RELEASE_VERSION }} + labels: | + version=${{ env.RELEASE_VERSION }} + release=${{ github.run_id }} + build-args: | + RELEASE_VERSION=${{ env.RELEASE_VERSION }} + RELEASE_COMMIT=${{ env.RELEASE_COMMIT }} + RELEASE_DATE=${{ env.RELEASE_DATE }} + cache-from: type=gha, mode=max + cache-to: type=gha gh-release: name: Create GitHub Release runs-on: ubuntu-latest + permissions: + contents: write steps: - uses: actions/checkout@v4 - name: Get release version @@ -55,6 +92,6 @@ jobs: tag_name: operator-${{ env.RELEASE_VERSION }} release_name: Operator Release ${{ env.RELEASE_VERSION }} body: | - **Image:** `humio/humio-operator:${{ env.RELEASE_VERSION }}` + **Image:** `${{ github.repository_owner }}/humio-operator:${{ env.RELEASE_VERSION }}` **Upgrade notes:** https://library.humio.com/falcon-logscale-self-hosted/installation-kubernetes-operator-upgrade.html#installation-containers-kubernetes-operator-upgrade-notes prerelease: true diff --git a/Dockerfile b/Dockerfile index f948d077..c0c05001 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,7 +20,7 @@ COPY controllers/ controllers/ COPY pkg/ pkg/ # Build -RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -ldflags="-s -w -X 'main.version=$RELEASE_VERSION' -X 'main.commit=$RELEASE_COMMIT' -X 'main.date=$RELEASE_DATE'" -a -o manager main.go +RUN CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH GO111MODULE=on go build -ldflags="-s -w -X 'main.version=$RELEASE_VERSION' -X 'main.commit=$RELEASE_COMMIT' -X 'main.date=$RELEASE_DATE'" -a -o manager main.go # Use ubi8 as base image to package the manager binary to comply with Red Hat image certification requirements FROM scratch