mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-11-21 23:58:06 +00:00
chore: publish ubi based image (#1412)
* chore: publish ubi based image - added publish step to publish ubi image - updated base image for alpine based dockerfile * chore: update pipeline image to ubuntu-latest
This commit is contained in:
Devendra Turkar
GitHub
parent
9e41099cec
commit
96c6b385ef
8
.github/workflows/build.yml
vendored
8
.github/workflows/build.yml
vendored
@ -21,7 +21,7 @@ env:
|
|||||||
jobs:
|
jobs:
|
||||||
lint:
|
lint:
|
||||||
name: Lint
|
name: Lint
|
||||||
runs-on: ubuntu-18.04
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Setup Go
|
- name: Setup Go
|
||||||
uses: actions/setup-go@v3
|
uses: actions/setup-go@v3
|
||||||
@ -38,7 +38,7 @@ jobs:
|
|||||||
args: --verbose
|
args: --verbose
|
||||||
unit:
|
unit:
|
||||||
name: Unit tests
|
name: Unit tests
|
||||||
runs-on: ubuntu-18.04
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Setup Go
|
- name: Setup Go
|
||||||
uses: actions/setup-go@v3
|
uses: actions/setup-go@v3
|
||||||
@ -54,7 +54,7 @@ jobs:
|
|||||||
file: ./coverage.txt
|
file: ./coverage.txt
|
||||||
e2e:
|
e2e:
|
||||||
name: E2e tests
|
name: E2e tests
|
||||||
runs-on: ubuntu-18.04
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Setup Go
|
- name: Setup Go
|
||||||
uses: actions/setup-go@v3
|
uses: actions/setup-go@v3
|
||||||
@ -83,7 +83,7 @@ jobs:
|
|||||||
expected_result: PASSED
|
expected_result: PASSED
|
||||||
release:
|
release:
|
||||||
name: Release snapshot
|
name: Release snapshot
|
||||||
runs-on: ubuntu-18.04
|
runs-on: ubuntu-latest
|
||||||
needs: [e2e, unit]
|
needs: [e2e, unit]
|
||||||
steps:
|
steps:
|
||||||
- name: Setup Go
|
- name: Setup Go
|
||||||
|
|||||||
2
.github/workflows/mkdocs-deploy.yaml
vendored
2
.github/workflows/mkdocs-deploy.yaml
vendored
@ -13,7 +13,7 @@ on:
|
|||||||
jobs:
|
jobs:
|
||||||
deploy:
|
deploy:
|
||||||
name: Deploy documentation
|
name: Deploy documentation
|
||||||
runs-on: ubuntu-18.04
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout main
|
- name: Checkout main
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@v3
|
||||||
|
|||||||
21
.github/workflows/publish.yml
vendored
21
.github/workflows/publish.yml
vendored
@ -12,7 +12,7 @@ env:
|
|||||||
jobs:
|
jobs:
|
||||||
publish:
|
publish:
|
||||||
name: Publish
|
name: Publish
|
||||||
runs-on: ubuntu-18.04
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Check Out Repo
|
- name: Check Out Repo
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@v3
|
||||||
@ -49,7 +49,7 @@ jobs:
|
|||||||
|
|
||||||
- name: Build and push - Docker/ECR
|
- name: Build and push - Docker/ECR
|
||||||
id: docker_build
|
id: docker_build
|
||||||
uses: docker/build-push-action@v3
|
uses: docker/build-push-action@v4
|
||||||
with:
|
with:
|
||||||
context: .
|
context: .
|
||||||
platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x
|
platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x
|
||||||
@ -64,5 +64,22 @@ jobs:
|
|||||||
public.ecr.aws/${{ env.ALIAS }}/${{ env.REP }}:latest
|
public.ecr.aws/${{ env.ALIAS }}/${{ env.REP }}:latest
|
||||||
cache-from: type=local,src=/tmp/.buildx-cache/release
|
cache-from: type=local,src=/tmp/.buildx-cache/release
|
||||||
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache/release
|
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache/release
|
||||||
|
|
||||||
|
- name: Build and push ubi image - Docker/ECR
|
||||||
|
id: docker_build_ubi
|
||||||
|
uses: docker/build-push-action@v4
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x
|
||||||
|
builder: ${{ steps.buildx.outputs.name }}
|
||||||
|
push: true
|
||||||
|
file: Dockerfile.ubi
|
||||||
|
build-args: |
|
||||||
|
KUBEBENCH_VERSION=${{ steps.get_version.outputs.version }}
|
||||||
|
tags: |
|
||||||
|
${{ env.DOCKERHUB_ALIAS }}/${{ env.REP }}:${{ steps.get_version.outputs.version }}-ubi
|
||||||
|
public.ecr.aws/${{ env.ALIAS }}/${{ env.REP }}:${{ steps.get_version.outputs.version }}-ubi
|
||||||
|
cache-from: type=local,src=/tmp/.buildx-cache/release
|
||||||
|
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache/release
|
||||||
- name: Image digest
|
- name: Image digest
|
||||||
run: echo ${{ steps.docker_build.outputs.digest }}
|
run: echo ${{ steps.docker_build.outputs.digest }}
|
||||||
|
|||||||
2
.github/workflows/release.yml
vendored
2
.github/workflows/release.yml
vendored
@ -12,7 +12,7 @@ env:
|
|||||||
jobs:
|
jobs:
|
||||||
release:
|
release:
|
||||||
name: Release
|
name: Release
|
||||||
runs-on: ubuntu-18.04
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Setup Go
|
- name: Setup Go
|
||||||
uses: actions/setup-go@v3
|
uses: actions/setup-go@v3
|
||||||
|
|||||||
@ -9,7 +9,7 @@ COPY internal/ internal/
|
|||||||
ARG KUBEBENCH_VERSION
|
ARG KUBEBENCH_VERSION
|
||||||
RUN make build && cp kube-bench /go/bin/kube-bench
|
RUN make build && cp kube-bench /go/bin/kube-bench
|
||||||
|
|
||||||
FROM alpine:3.17.0 AS run
|
FROM alpine:3.17 AS run
|
||||||
WORKDIR /opt/kube-bench/
|
WORKDIR /opt/kube-bench/
|
||||||
# add GNU ps for -C, -o cmd, and --no-headers support
|
# add GNU ps for -C, -o cmd, and --no-headers support
|
||||||
# https://github.com/aquasecurity/kube-bench/issues/109
|
# https://github.com/aquasecurity/kube-bench/issues/109
|
||||||
|
|||||||
@ -11,9 +11,9 @@ RUN make build && cp kube-bench /go/bin/kube-bench
|
|||||||
|
|
||||||
|
|
||||||
# ubi8-minimal base image for build with ubi standards
|
# ubi8-minimal base image for build with ubi standards
|
||||||
FROM registry.access.redhat.com/ubi8/ubi-minimal:8.7 as run
|
FROM registry.access.redhat.com/ubi8/ubi-minimal as run
|
||||||
|
|
||||||
RUN microdnf install yum findutils openssl\
|
RUN microdnf install -y yum findutils openssl \
|
||||||
&& yum -y update-minimal --security --sec-severity=Moderate --sec-severity=Important --sec-severity=Critical \
|
&& yum -y update-minimal --security --sec-severity=Moderate --sec-severity=Important --sec-severity=Critical \
|
||||||
&& yum update -y \
|
&& yum update -y \
|
||||||
&& yum install -y glibc \
|
&& yum install -y glibc \
|
||||||
7
makefile
7
makefile
@ -4,6 +4,7 @@ DOCKER_ORG ?= aquasec
|
|||||||
VERSION ?= $(shell git rev-parse --short=7 HEAD)
|
VERSION ?= $(shell git rev-parse --short=7 HEAD)
|
||||||
KUBEBENCH_VERSION ?= $(shell git describe --tags --abbrev=0)
|
KUBEBENCH_VERSION ?= $(shell git describe --tags --abbrev=0)
|
||||||
IMAGE_NAME ?= $(DOCKER_ORG)/$(BINARY):$(VERSION)
|
IMAGE_NAME ?= $(DOCKER_ORG)/$(BINARY):$(VERSION)
|
||||||
|
IMAGE_NAME_UBI ?= $(DOCKER_ORG)/$(BINARY):$(VERSION)-ubi
|
||||||
GOOS ?= linux
|
GOOS ?= linux
|
||||||
BUILD_OS := linux
|
BUILD_OS := linux
|
||||||
uname := $(shell uname -s)
|
uname := $(shell uname -s)
|
||||||
@ -45,6 +46,12 @@ build-docker:
|
|||||||
--build-arg KUBEBENCH_VERSION=$(KUBEBENCH_VERSION) \
|
--build-arg KUBEBENCH_VERSION=$(KUBEBENCH_VERSION) \
|
||||||
-t $(IMAGE_NAME) .
|
-t $(IMAGE_NAME) .
|
||||||
|
|
||||||
|
build-docker-ubi:
|
||||||
|
docker build -f Dockerfile.ubi --build-arg BUILD_DATE=$(shell date -u +"%Y-%m-%dT%H:%M:%SZ") \
|
||||||
|
--build-arg VCS_REF=$(VERSION) \
|
||||||
|
--build-arg KUBEBENCH_VERSION=$(KUBEBENCH_VERSION) \
|
||||||
|
-t $(IMAGE_NAME_UBI) .
|
||||||
|
|
||||||
# unit tests
|
# unit tests
|
||||||
tests:
|
tests:
|
||||||
GO111MODULE=on go test -vet all -short -race -timeout 30s -coverprofile=coverage.txt -covermode=atomic ./...
|
GO111MODULE=on go test -vet all -short -race -timeout 30s -coverprofile=coverage.txt -covermode=atomic ./...
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user