diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d49c3899..531ddd3a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -30,6 +30,12 @@ jobs: with: install-only: true + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Run Mage uses: magefile/mage-action@v2 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 18513033..bdfc48f8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -30,13 +30,7 @@ jobs: uses: goreleaser/goreleaser-action@v4 with: install-only: true - - - name: Login to Docker Hub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - + - name: Run Mage uses: magefile/mage-action@v2 with: @@ -44,3 +38,20 @@ jobs: args: release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + + - name: Push images to Dockerhub + run: | + docker manifest push --purge issif/falco-talon:latest \ No newline at end of file diff --git a/deployment/helm/values.yaml b/deployment/helm/values.yaml index 4b711f0e..f6ef2e5b 100644 --- a/deployment/helm/values.yaml +++ b/deployment/helm/values.yaml @@ -7,7 +7,7 @@ replicaCount: 2 image: registry: docker.io repository: issif/falco-talon - tag: v0.1.0-rc2 + tag: latest pullPolicy: Always podSecurityPolicy: diff --git a/mageFile.go b/mageFile.go index 5d79f142..ce817957 100644 --- a/mageFile.go +++ b/mageFile.go @@ -53,8 +53,10 @@ func BuildImages() error { } func Build() error { + mg.Deps(Test) + exportLDFlags() - return sh.RunV("goreleaser", "release", "--clean", "--snapshot", "--skip-sbom", "--skip-publish") + return sh.RunV("goreleaser", "release", "--clean", "--snapshot", "--skip-sign", "--skip-sbom", "--skip-publish") } func Release() error { diff --git a/rules.yaml b/rules.yaml index 46c184f7..7f04acb6 100644 --- a/rules.yaml +++ b/rules.yaml @@ -1,29 +1,11 @@ -- name: Rule Script - match: - rules: - - Test Script - action: - name: kubernetes:script - parameters: - script: |- - date - curl https://httpbin.org/ip -- name: Rule Label - match: - rules: - - Test Label - action: - name: kubernetes:labelize - parameters: - labels: - suspicious: "true" -- name: Rule Terminate - match: - rules: - - Test Terminate - action: - name: kubernetes:terminate - parameters: - minHealthyReplicas: "1" - ignoreDaemonsets: true - ignoreStatefulsets: true \ No newline at end of file +- name: Rule Test NetworkPolicy + match: + rules: + - DANGER UNWANTED outbound connection destination + priority: "Critical" + action: + name: kubernetes:networkpolicy + parameters: + continue: true + notifiers: + - slack \ No newline at end of file