From 9f9436f14a7a55ab34c4cd15876ff11129d08f37 Mon Sep 17 00:00:00 2001 From: "Sam Wang (holyspectral)" Date: Fri, 1 Nov 2024 15:39:53 -0400 Subject: [PATCH] feat: NVSHAS-9502 create standalone Dockerfile 1. Provide cross platform/standalone Dockerfile 2. Release.yml to publish SLSA-capable artifacts 3. Provide build target, test-image, build-image and push-image to sync with rancher. 4. Upgrade to BCI 15.6 --- .github/workflows/release.yml | 17 +++++++++++------ Makefile | 10 ++-------- 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 86e10d5..99b55a9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,6 +24,8 @@ jobs: uses: rancher-eio/read-vault-secrets@main with: secrets: | + secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | RANCHER_DOCKER_USERNAME ; + secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | RANCHER_DOCKER_PASSWORD ; secret/data/github/repo/${{ github.repository }}/dockerhub/neuvector/credentials username | DOCKER_USERNAME ; secret/data/github/repo/${{ github.repository }}/dockerhub/neuvector/credentials password | DOCKER_PASSWORD ; secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials registry | PRIME_REGISTRY ; @@ -33,12 +35,11 @@ jobs: run: | TARGET=${{ github.ref_name }} echo "TAG=${TARGET#v}" >> $GITHUB_ENV - - name: Publish public manifest + - name: Publish neuvector manifest uses: rancher/ecm-distro-tools/actions/publish-image@master with: push-to-public: true push-to-prime: false - make-target: push-image image: prometheus-exporter tag: ${{ env.TAG }} platforms: linux/amd64,linux/arm64 @@ -47,16 +48,20 @@ jobs: public-repo: neuvector public-username: ${{ env.DOCKER_USERNAME }} public-password: ${{ env.DOCKER_PASSWORD }} - - name: Publish prime manifest + - name: Publish rancher manifest uses: rancher/ecm-distro-tools/actions/publish-image@master + env: + IMAGE_PREFIX: neuvector- with: - push-to-public: false - push-to-prime: true - make-target: push-rancher-image image: neuvector-prometheus-exporter tag: ${{ env.TAG }} platforms: linux/amd64,linux/arm64 + public-registry: docker.io + public-repo: rancher + public-username: ${{ env.DOCKER_USERNAME }} + public-password: ${{ env.DOCKER_PASSWORD }} + prime-registry: ${{ env.PRIME_REGISTRY }} prime-repo: rancher prime-username: ${{ env.PRIME_REGISTRY_USERNAME }} diff --git a/Makefile b/Makefile index 1140c7b..48629fb 100644 --- a/Makefile +++ b/Makefile @@ -63,11 +63,5 @@ build-image: buildx-machine ## build (and load) the container image targeting th push-image: buildx-machine $(IMAGE_BUILDER) build -f package/Dockerfile \ --builder $(MACHINE) $(IMAGE_ARGS) $(IID_FILE_FLAG) $(BUILDX_ARGS) \ - --build-arg VERSION=$(VERSION) --build-arg COMMIT=$(COMMIT) --platform=$(TARGET_PLATFORMS) -t "$(REPO)/prometheus-exporter:$(TAG)" --push . - @echo "Pushed $(IMAGE)" - -push-rancher-image: buildx-machine - $(IMAGE_BUILDER) build -f package/Dockerfile \ - --builder $(MACHINE) $(IMAGE_ARGS) $(IID_FILE_FLAG) $(BUILDX_ARGS) \ - --build-arg VERSION=$(VERSION) --build-arg COMMIT=$(COMMIT) --platform=$(TARGET_PLATFORMS) -t "$(REPO)/neuvector-prometheus-exporter:$(TAG)" --push . - @echo "Pushed $(IMAGE)" + --build-arg VERSION=$(VERSION) --build-arg COMMIT=$(COMMIT) --platform=$(TARGET_PLATFORMS) -t "$(REPO)/$(IMAGE_PREFIX)prometheus-exporter:$(TAG)" --push . + @echo "Pushed $(REPO)/$(IMAGE_PREFIX)prometheus-exporter:$(TAG)"