2020-12-27 07:43:30 +00:00
|
|
|
---
|
2020-12-21 11:10:02 +00:00
|
|
|
name: Publish
|
|
|
|
on:
|
2021-01-21 09:48:48 +00:00
|
|
|
workflow_dispatch:
|
2020-12-21 11:10:02 +00:00
|
|
|
push:
|
|
|
|
tags:
|
|
|
|
- "v*"
|
2020-12-27 07:43:30 +00:00
|
|
|
env:
|
|
|
|
ALIAS: aquasecurity
|
2021-01-21 10:22:28 +00:00
|
|
|
DOCKERHUB_ALIAS: aquasec
|
2020-12-27 07:43:30 +00:00
|
|
|
REP: kube-bench
|
2024-06-26 12:53:57 +00:00
|
|
|
|
2020-12-21 11:10:02 +00:00
|
|
|
jobs:
|
|
|
|
publish:
|
|
|
|
name: Publish
|
2023-04-05 10:02:36 +00:00
|
|
|
runs-on: ubuntu-latest
|
2020-12-21 11:10:02 +00:00
|
|
|
steps:
|
|
|
|
- name: Check Out Repo
|
2023-12-04 12:18:41 +00:00
|
|
|
uses: actions/checkout@v4
|
2020-12-21 11:10:02 +00:00
|
|
|
- name: Set up QEMU
|
2023-10-27 18:35:49 +00:00
|
|
|
uses: docker/setup-qemu-action@v3
|
2020-12-27 07:43:30 +00:00
|
|
|
- name: Set up Docker Buildx
|
|
|
|
id: buildx
|
2023-12-10 12:07:09 +00:00
|
|
|
uses: docker/setup-buildx-action@v3
|
2020-12-21 11:10:02 +00:00
|
|
|
- name: Cache Docker layers
|
2024-01-26 11:40:45 +00:00
|
|
|
uses: actions/cache@v4
|
2020-12-21 11:10:02 +00:00
|
|
|
with:
|
|
|
|
path: /tmp/.buildx-cache
|
2020-12-27 07:43:30 +00:00
|
|
|
key: ${{ runner.os }}-buildxarch-${{ github.sha }}
|
2020-12-21 11:10:02 +00:00
|
|
|
restore-keys: |
|
2020-12-27 07:43:30 +00:00
|
|
|
${{ runner.os }}-buildxarch-
|
2020-12-21 11:10:02 +00:00
|
|
|
- name: Login to Docker Hub
|
2023-12-19 06:42:25 +00:00
|
|
|
uses: docker/login-action@v3
|
2020-12-21 11:10:02 +00:00
|
|
|
with:
|
2020-12-27 07:43:30 +00:00
|
|
|
username: ${{ secrets.DOCKERHUB_USER }}
|
|
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
|
|
- name: Login to ECR
|
2023-12-19 06:42:25 +00:00
|
|
|
uses: docker/login-action@v3
|
2020-12-27 07:43:30 +00:00
|
|
|
with:
|
|
|
|
registry: public.ecr.aws
|
|
|
|
username: ${{ secrets.ECR_ACCESS_KEY_ID }}
|
|
|
|
password: ${{ secrets.ECR_SECRET_ACCESS_KEY }}
|
|
|
|
- name: Get version
|
|
|
|
id: get_version
|
2023-09-30 16:34:22 +00:00
|
|
|
uses: crazy-max/ghaction-docker-meta@v5
|
2020-12-21 11:10:02 +00:00
|
|
|
with:
|
2020-12-27 07:43:30 +00:00
|
|
|
images: ${{ env.REP }}
|
2020-12-21 11:10:02 +00:00
|
|
|
tag-semver: |
|
|
|
|
{{version}}
|
2024-06-26 12:53:57 +00:00
|
|
|
- name: Extract variables from makefile (kubectl)
|
|
|
|
id: extract_vars
|
|
|
|
run: |
|
|
|
|
echo "KUBECTL_VERSION=$(grep -oP '^KUBECTL_VERSION\s*\?=\s*\K.*' makefile)" >> $GITHUB_ENV
|
2020-12-27 07:43:30 +00:00
|
|
|
- name: Build and push - Docker/ECR
|
2020-12-21 11:10:02 +00:00
|
|
|
id: docker_build
|
2024-10-21 17:30:31 +00:00
|
|
|
uses: docker/build-push-action@v6
|
2020-12-21 11:10:02 +00:00
|
|
|
with:
|
2020-12-27 07:43:30 +00:00
|
|
|
context: .
|
2022-02-23 07:07:51 +00:00
|
|
|
platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x
|
2020-12-21 11:10:02 +00:00
|
|
|
builder: ${{ steps.buildx.outputs.name }}
|
|
|
|
push: true
|
2021-11-08 12:06:44 +00:00
|
|
|
build-args: |
|
|
|
|
KUBEBENCH_VERSION=${{ steps.get_version.outputs.version }}
|
2024-06-26 12:53:57 +00:00
|
|
|
KUBECTL_VERSION=${{ env.KUBECTL_VERSION }}
|
2020-12-21 11:10:02 +00:00
|
|
|
tags: |
|
2021-01-21 10:27:46 +00:00
|
|
|
${{ env.DOCKERHUB_ALIAS }}/${{ env.REP }}:${{ steps.get_version.outputs.version }}
|
2020-12-27 07:43:30 +00:00
|
|
|
public.ecr.aws/${{ env.ALIAS }}/${{ env.REP }}:${{ steps.get_version.outputs.version }}
|
2021-01-21 10:27:46 +00:00
|
|
|
${{ env.DOCKERHUB_ALIAS }}/${{ env.REP }}:latest
|
2020-12-27 07:43:30 +00:00
|
|
|
public.ecr.aws/${{ env.ALIAS }}/${{ env.REP }}:latest
|
|
|
|
cache-from: type=local,src=/tmp/.buildx-cache/release
|
|
|
|
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache/release
|
2023-04-05 10:02:36 +00:00
|
|
|
|
|
|
|
- name: Build and push ubi image - Docker/ECR
|
|
|
|
id: docker_build_ubi
|
2024-10-21 17:30:31 +00:00
|
|
|
uses: docker/build-push-action@v6
|
2023-04-05 10:02:36 +00:00
|
|
|
with:
|
|
|
|
context: .
|
|
|
|
platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x
|
|
|
|
builder: ${{ steps.buildx.outputs.name }}
|
|
|
|
push: true
|
|
|
|
file: Dockerfile.ubi
|
|
|
|
build-args: |
|
|
|
|
KUBEBENCH_VERSION=${{ steps.get_version.outputs.version }}
|
2024-06-26 12:53:57 +00:00
|
|
|
KUBECTL_VERSION=${{ env.KUBECTL_VERSION }}
|
2023-04-05 10:02:36 +00:00
|
|
|
tags: |
|
|
|
|
${{ env.DOCKERHUB_ALIAS }}/${{ env.REP }}:${{ steps.get_version.outputs.version }}-ubi
|
|
|
|
public.ecr.aws/${{ env.ALIAS }}/${{ env.REP }}:${{ steps.get_version.outputs.version }}-ubi
|
|
|
|
cache-from: type=local,src=/tmp/.buildx-cache/release
|
|
|
|
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache/release
|
2020-12-21 11:10:02 +00:00
|
|
|
- name: Image digest
|
|
|
|
run: echo ${{ steps.docker_build.outputs.digest }}
|
2023-07-24 07:02:19 +00:00
|
|
|
|
|
|
|
- name: Build and push fips ubi image - Docker/ECR
|
|
|
|
id: docker_build_fips_ubi
|
2024-10-21 17:30:31 +00:00
|
|
|
uses: docker/build-push-action@v6
|
2023-07-24 07:02:19 +00:00
|
|
|
with:
|
|
|
|
context: .
|
|
|
|
platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x
|
|
|
|
builder: ${{ steps.buildx.outputs.name }}
|
|
|
|
push: true
|
|
|
|
file: Dockerfile.fips.ubi
|
|
|
|
build-args: |
|
|
|
|
KUBEBENCH_VERSION=${{ steps.get_version.outputs.version }}
|
2024-06-26 12:53:57 +00:00
|
|
|
KUBECTL_VERSION=${{ env.KUBECTL_VERSION }}
|
2023-07-24 07:02:19 +00:00
|
|
|
tags: |
|
|
|
|
${{ env.DOCKERHUB_ALIAS }}/${{ env.REP }}:${{ steps.get_version.outputs.version }}-ubi-fips
|
|
|
|
public.ecr.aws/${{ env.ALIAS }}/${{ env.REP }}:${{ steps.get_version.outputs.version }}-ubi-fips
|
|
|
|
cache-from: type=local,src=/tmp/.buildx-cache/release
|
|
|
|
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache/release
|
|
|
|
- name: Image digest
|
|
|
|
run: echo ${{ steps.docker_build.outputs.digest }}
|