diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 520207b5b..d64f191e6 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -89,9 +89,8 @@ jobs: strategy: fail-fast: false matrix: - include: - - security_profile: "generic" - - security_profile: "fips" + security_profile: [generic, fips] + framework_version: [master] install: uses: ./.github/workflows/reusable-install-test.yaml with: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 3f6da3d83..7a07e3b74 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -92,7 +92,7 @@ jobs: insecure = true http = true EOF - earthly +multi-build-framework-image --SECURITY_PROFILE=${{ matrix.security_profile }} + earthly +multi-build-framework-image --SECURITY_PROFILE=${{ matrix.security_profile }} --FRAMEWORK_VERSION="git" - name: Push to quay env: COSIGN_YES: true diff --git a/.github/workflows/reusable-build-framework.yaml b/.github/workflows/reusable-build-framework.yaml index 3b742e8e8..2033c4100 100644 --- a/.github/workflows/reusable-build-framework.yaml +++ b/.github/workflows/reusable-build-framework.yaml @@ -6,6 +6,9 @@ on: security_profile: required: true type: string + framework_version: + required: false + type: string jobs: build: @@ -47,7 +50,7 @@ jobs: http = true EOF # Push with earthly so it pushes the multi-arch properly - earthly --push +multi-build-framework-image --SECURITY_PROFILE=${{ inputs.security_profile }} --VERSION=master + earthly --push +multi-build-framework-image --SECURITY_PROFILE=${{ inputs.security_profile }} --FRAMEWORK_VERSION=${{ inputs.framework_version }} # Fetch the RepoDigests for the mutli-arch image docker pull "$ARTIFACT" cosign sign $(docker image inspect --format='{{index .RepoDigests 0}}' "$ARTIFACT") diff --git a/Earthfile b/Earthfile index c0304e92e..5352324eb 100644 --- a/Earthfile +++ b/Earthfile @@ -309,6 +309,7 @@ multi-build-framework-image: build-framework-image: FROM alpine ARG SECURITY_PROFILE + ARG FRAMEWORK_VERSION IF [ "$SECURITY_PROFILE" = "fips" ] ARG _SECURITY_PROFILE=fips @@ -321,13 +322,15 @@ build-framework-image: ARG VERSION=$(cat ./GIT_VERSION) - IF [[ "$VERSION" =~ "v\d+\.\d+\.\d+$" ]] - ARG FRAMEWORK_VERSION=$VERSION + IF [ "$FRAMEWORK_VERSION" = "" ] + ARG _FRAMEWORK_VERSION=master + ELSE IF [ "$FRAMEWORK_VERSION" = "git" ] + ARG _FRAMEWORK_VERSION=$VERSION ELSE - ARG FRAMEWORK_VERSION=master + ARG _FRAMEWORK_VERSION=$FRAMEWORK_VERSION END - ARG _IMG="$IMAGE_REPOSITORY_ORG/framework:${FRAMEWORK_VERSION}_${_SECURITY_PROFILE}" + ARG _IMG="$IMAGE_REPOSITORY_ORG/framework:${_FRAMEWORK_VERSION}_${_SECURITY_PROFILE}" RUN echo $_IMG > FRAMEWORK_IMAGE SAVE ARTIFACT FRAMEWORK_IMAGE AS LOCAL build/FRAMEWORK_IMAGE @@ -336,7 +339,7 @@ build-framework-image: COPY (+framework/framework --SECURITY_PROFILE=$_SECURITY_PROFILE) / - SAVE IMAGE --push $IMAGE_REPOSITORY_ORG/framework:${FRAMEWORK_VERSION}_${_SECURITY_PROFILE} + SAVE IMAGE --push $IMAGE_REPOSITORY_ORG/framework:${_FRAMEWORK_VERSION}_${_SECURITY_PROFILE} kairos-dockerfile: ARG --required FAMILY @@ -357,16 +360,19 @@ base-image: ARG --required MODEL ARG --required BASE_IMAGE # BASE_IMAGE is the image to apply the strategy (aka FLAVOR) on. E.g. ubuntu:20.04 ARG K3S_VERSION + ARG FRAMEWORK_VERSION # TODO for the framework image. Do we call the last stable version available or master? ARG K3S_VERSION DO +GIT_VERSION ARG KAIROS_VERSION=$(cat ./GIT_VERSION) - IF [[ "$KAIROS_VERSION" =~ "v\d+\.\d+\.\d+$" ]] - ARG FRAMEWORK_VERSION=$KAIROS_VERSION + IF [ "$FRAMEWORK_VERSION" = "" ] + ARG _FRAMEWORK_VERSION=master + ELSE IF [ "$FRAMEWORK_VERSION" = "git" ] + ARG _FRAMEWORK_VERSION=$VERSION ELSE - ARG FRAMEWORK_VERSION=master + ARG _FRAMEWORK_VERSION=$FRAMEWORK_VERSION END RUN cat +kairos-dockerfile/Dockerfile @@ -378,7 +384,7 @@ base-image: --build-arg VARIANT=$VARIANT \ --build-arg VERSION=$KAIROS_VERSION \ --build-arg K3S_VERSION=$K3S_VERSION \ - --build-arg FRAMEWORK_VERSION=$FRAMEWORK_VERSION \ + --build-arg FRAMEWORK_VERSION=$_FRAMEWORK_VERSION \ -f +kairos-dockerfile/Dockerfile \ ./images