From 96c6b385eff7e06e57d8fa60c1e5f575a8ee0a7c Mon Sep 17 00:00:00 2001 From: Devendra Turkar Date: Wed, 5 Apr 2023 15:32:36 +0530 Subject: [PATCH] chore: publish ubi based image (#1412) * chore: publish ubi based image - added publish step to publish ubi image - updated base image for alpine based dockerfile * chore: update pipeline image to ubuntu-latest --- .github/workflows/build.yml | 8 ++++---- .github/workflows/mkdocs-deploy.yaml | 2 +- .github/workflows/publish.yml | 21 +++++++++++++++++++-- .github/workflows/release.yml | 2 +- Dockerfile | 2 +- Dockerfile.ubi8 => Dockerfile.ubi | 4 ++-- makefile | 7 +++++++ 7 files changed, 35 insertions(+), 11 deletions(-) rename Dockerfile.ubi8 => Dockerfile.ubi (93%) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3498419..c60bdfa 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -21,7 +21,7 @@ env: jobs: lint: name: Lint - runs-on: ubuntu-18.04 + runs-on: ubuntu-latest steps: - name: Setup Go uses: actions/setup-go@v3 @@ -38,7 +38,7 @@ jobs: args: --verbose unit: name: Unit tests - runs-on: ubuntu-18.04 + runs-on: ubuntu-latest steps: - name: Setup Go uses: actions/setup-go@v3 @@ -54,7 +54,7 @@ jobs: file: ./coverage.txt e2e: name: E2e tests - runs-on: ubuntu-18.04 + runs-on: ubuntu-latest steps: - name: Setup Go uses: actions/setup-go@v3 @@ -83,7 +83,7 @@ jobs: expected_result: PASSED release: name: Release snapshot - runs-on: ubuntu-18.04 + runs-on: ubuntu-latest needs: [e2e, unit] steps: - name: Setup Go diff --git a/.github/workflows/mkdocs-deploy.yaml b/.github/workflows/mkdocs-deploy.yaml index 8e22cc7..a7bf4e2 100644 --- a/.github/workflows/mkdocs-deploy.yaml +++ b/.github/workflows/mkdocs-deploy.yaml @@ -13,7 +13,7 @@ on: jobs: deploy: name: Deploy documentation - runs-on: ubuntu-18.04 + runs-on: ubuntu-latest steps: - name: Checkout main uses: actions/checkout@v3 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index c32ff3a..bbf94eb 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -12,7 +12,7 @@ env: jobs: publish: name: Publish - runs-on: ubuntu-18.04 + runs-on: ubuntu-latest steps: - name: Check Out Repo uses: actions/checkout@v3 @@ -49,7 +49,7 @@ jobs: - name: Build and push - Docker/ECR id: docker_build - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v4 with: context: . platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x @@ -64,5 +64,22 @@ jobs: public.ecr.aws/${{ env.ALIAS }}/${{ env.REP }}:latest cache-from: type=local,src=/tmp/.buildx-cache/release cache-to: type=local,mode=max,dest=/tmp/.buildx-cache/release + + - name: Build and push ubi image - Docker/ECR + id: docker_build_ubi + uses: docker/build-push-action@v4 + with: + context: . + platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x + builder: ${{ steps.buildx.outputs.name }} + push: true + file: Dockerfile.ubi + build-args: | + KUBEBENCH_VERSION=${{ steps.get_version.outputs.version }} + tags: | + ${{ env.DOCKERHUB_ALIAS }}/${{ env.REP }}:${{ steps.get_version.outputs.version }}-ubi + public.ecr.aws/${{ env.ALIAS }}/${{ env.REP }}:${{ steps.get_version.outputs.version }}-ubi + cache-from: type=local,src=/tmp/.buildx-cache/release + cache-to: type=local,mode=max,dest=/tmp/.buildx-cache/release - name: Image digest run: echo ${{ steps.docker_build.outputs.digest }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0ec4cde..519fdbc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,7 +12,7 @@ env: jobs: release: name: Release - runs-on: ubuntu-18.04 + runs-on: ubuntu-latest steps: - name: Setup Go uses: actions/setup-go@v3 diff --git a/Dockerfile b/Dockerfile index ef86754..4533825 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,7 @@ COPY internal/ internal/ ARG KUBEBENCH_VERSION RUN make build && cp kube-bench /go/bin/kube-bench -FROM alpine:3.17.0 AS run +FROM alpine:3.17 AS run WORKDIR /opt/kube-bench/ # add GNU ps for -C, -o cmd, and --no-headers support # https://github.com/aquasecurity/kube-bench/issues/109 diff --git a/Dockerfile.ubi8 b/Dockerfile.ubi similarity index 93% rename from Dockerfile.ubi8 rename to Dockerfile.ubi index 8c84ca0..5f790c3 100644 --- a/Dockerfile.ubi8 +++ b/Dockerfile.ubi @@ -11,9 +11,9 @@ RUN make build && cp kube-bench /go/bin/kube-bench # ubi8-minimal base image for build with ubi standards -FROM registry.access.redhat.com/ubi8/ubi-minimal:8.7 as run +FROM registry.access.redhat.com/ubi8/ubi-minimal as run -RUN microdnf install yum findutils openssl\ +RUN microdnf install -y yum findutils openssl \ && yum -y update-minimal --security --sec-severity=Moderate --sec-severity=Important --sec-severity=Critical \ && yum update -y \ && yum install -y glibc \ diff --git a/makefile b/makefile index 61b5b54..4049c55 100644 --- a/makefile +++ b/makefile @@ -4,6 +4,7 @@ DOCKER_ORG ?= aquasec VERSION ?= $(shell git rev-parse --short=7 HEAD) KUBEBENCH_VERSION ?= $(shell git describe --tags --abbrev=0) IMAGE_NAME ?= $(DOCKER_ORG)/$(BINARY):$(VERSION) +IMAGE_NAME_UBI ?= $(DOCKER_ORG)/$(BINARY):$(VERSION)-ubi GOOS ?= linux BUILD_OS := linux uname := $(shell uname -s) @@ -45,6 +46,12 @@ build-docker: --build-arg KUBEBENCH_VERSION=$(KUBEBENCH_VERSION) \ -t $(IMAGE_NAME) . +build-docker-ubi: + docker build -f Dockerfile.ubi --build-arg BUILD_DATE=$(shell date -u +"%Y-%m-%dT%H:%M:%SZ") \ + --build-arg VCS_REF=$(VERSION) \ + --build-arg KUBEBENCH_VERSION=$(KUBEBENCH_VERSION) \ + -t $(IMAGE_NAME_UBI) . + # unit tests tests: GO111MODULE=on go test -vet all -short -race -timeout 30s -coverprofile=coverage.txt -covermode=atomic ./...