Update cgr.dev/chainguard/static:latest Docker digest to 853bfd4 #1681
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
jobs: | |
build: | |
name: Build | |
runs-on: ubuntu-24.04 | |
if: ${{ github.event.head_commit.message != '[Release] Update Chart.yaml' }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Get head sha | |
id: parse-commit-sha | |
run: | | |
head=$(git rev-parse HEAD) | |
echo "head_commit_sha=${head}" >> $GITHUB_ENV | |
echo "Head commit sha ${head}" | |
- name: Get merge request latest commit | |
id: parse-commit | |
if: ${{ github.event_name == 'pull_request' }} | |
run: | | |
msg=$(git show -s --format=%s) | |
echo "head_commit_message=${msg}" >> $GITHUB_ENV | |
echo "Latest commit: ${msg}" | |
echo "Env commit ${{env.head_commit_message}}" | |
echo "Contains msg ${{ contains(env.head_commit_message, '#skip-lint') }}" | |
- name: Secret Scanning | |
uses: trufflesecurity/trufflehog@main | |
with: | |
extra_args: --only-verified | |
- name: Setup Go | |
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 | |
with: | |
go-version-file: "go.mod" | |
- name: Build agent go binary amd64 | |
run: UNAME_M=x86_64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-agent | |
- name: Build controller go binary amd64 | |
run: UNAME_M=x86_64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-controller | |
- name: Build image-scanner go binary amd64 | |
run: UNAME_M=x86_64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-image-scanner | |
- name: Build linter go binary amd64 | |
run: UNAME_M=x86_64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-linter | |
- name: Run golangci-lint | |
# You may pin to the exact commit or the version. | |
# uses: golangci/golangci-lint-action@537aa1903e5d359d0b27dbc19ddd22c5087f3fbc | |
if: ${{ github.event_name == 'pull_request' && !contains(env.head_commit_message, '#skip-lint') }} | |
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 | |
with: | |
args: -v --timeout=5m | |
version: v1.60.3 | |
- name: Test | |
if: ${{ github.event_name == 'pull_request' && !contains(env.head_commit_message, '#skip-test') }} | |
run: go test -race -short ./... | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Docker build and push pr (controller) | |
if: ${{ github.event_name == 'pull_request' }} | |
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6 | |
with: | |
context: . | |
file: ./Dockerfile.controller | |
platforms: linux/amd64 | |
push: true | |
tags: ghcr.io/castai/kvisor/kvisor-controller:${{ env.head_commit_sha }} | |
- name: Docker build and push pr (agent) | |
if: ${{ github.event_name == 'pull_request' }} | |
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6 | |
with: | |
context: . | |
file: ./Dockerfile.agent | |
platforms: linux/amd64 | |
push: true | |
tags: ghcr.io/castai/kvisor/kvisor-agent:${{ env.head_commit_sha }} | |
- name: Docker build and push pr (scanners) | |
if: ${{ github.event_name == 'pull_request' }} | |
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6 | |
with: | |
context: . | |
file: ./Dockerfile.scanners | |
platforms: linux/amd64 | |
push: true | |
tags: ghcr.io/castai/kvisor/kvisor-scanners:${{ env.head_commit_sha }} | |
- name: Docker build and push main (controller) | |
if: ${{ github.event_name != 'pull_request' && github.event_name != 'release'}} | |
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6 | |
with: | |
context: . | |
file: ./Dockerfile.controller | |
platforms: linux/amd64 | |
push: true | |
tags: ghcr.io/castai/kvisor/kvisor-controller:${{ env.head_commit_sha }},ghcr.io/castai/kvisor/kvisor-controller:latest | |
- name: Docker build and push main (agent) | |
if: ${{ github.event_name != 'pull_request' && github.event_name != 'release'}} | |
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6 | |
with: | |
context: . | |
file: ./Dockerfile.agent | |
platforms: linux/amd64 | |
push: true | |
tags: ghcr.io/castai/kvisor/kvisor-agent:${{ env.head_commit_sha }},ghcr.io/castai/kvisor/kvisor-agent:latest | |
- name: Docker build and push main (scanners) | |
if: ${{ github.event_name != 'pull_request' && github.event_name != 'release'}} | |
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6 | |
with: | |
context: . | |
file: ./Dockerfile.scanners | |
platforms: linux/amd64 | |
push: true | |
tags: ghcr.io/castai/kvisor/kvisor-scanners:${{ env.head_commit_sha }},ghcr.io/castai/kvisor/kvisor-scanners:latest | |
- name: Summary | |
run: | | |
echo "**Pushed docker images:**" >> $GITHUB_STEP_SUMMARY | |
echo "ghcr.io/castai/kvisor/kvisor-controller:${{ env.head_commit_sha }}" >> $GITHUB_STEP_SUMMARY | |
echo "" >> $GITHUB_STEP_SUMMARY | |
echo "ghcr.io/castai/kvisor/kvisor-agent:${{ env.head_commit_sha }}" >> $GITHUB_STEP_SUMMARY | |
echo "" >> $GITHUB_STEP_SUMMARY | |
echo "ghcr.io/castai/kvisor/kvisor-scanners:${{ env.head_commit_sha }}" >> $GITHUB_STEP_SUMMARY | |
echo "" >> $GITHUB_STEP_SUMMARY | |
echo "**Upgrade with helm:**" >> $GITHUB_STEP_SUMMARY | |
echo "helm upgrade castai-kvisor castai-helm/castai-kvisor -n castai-agent --reuse-values --set image.tag=${{ env.head_commit_sha }}" >> $GITHUB_STEP_SUMMARY | |
# TODO: we might want to run the tests both in ubuntu-22.04, as well as ubuntu-20.04 to test | |
# if we everything is working with cgroups v1 and v2 | |
e2e: | |
name: E2E | |
runs-on: ubuntu-24.04 | |
if: ${{ github.event_name == 'pull_request' }} | |
needs: build | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Get head sha | |
id: parse-commit-sha | |
run: | | |
head=$(git rev-parse HEAD) | |
echo "head_commit_sha=${head}" >> $GITHUB_ENV | |
echo "Head commit sha ${head}" | |
- name: Setup Go | |
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 | |
with: | |
go-version-file: "go.mod" | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Create kind cluster | |
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 | |
with: | |
config: ./e2e/kind-config.yaml | |
cluster_name: kvisor-e2e | |
- name: Run e2e | |
shell: bash | |
run: | | |
KIND_CONTEXT=kvisor-e2e IMAGE_TAG=${{ env.head_commit_sha }} ./e2e/run.sh |