mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-11-21 23:58:06 +00:00
chore: publish ubi based image (#1412)
* chore: publish ubi based image - added publish step to publish ubi image - updated base image for alpine based dockerfile * chore: update pipeline image to ubuntu-latest
This commit is contained in:
parent
9e41099cec
commit
96c6b385ef
8
.github/workflows/build.yml
vendored
8
.github/workflows/build.yml
vendored
@ -21,7 +21,7 @@ env:
|
||||
jobs:
|
||||
lint:
|
||||
name: Lint
|
||||
runs-on: ubuntu-18.04
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Setup Go
|
||||
uses: actions/setup-go@v3
|
||||
@ -38,7 +38,7 @@ jobs:
|
||||
args: --verbose
|
||||
unit:
|
||||
name: Unit tests
|
||||
runs-on: ubuntu-18.04
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Setup Go
|
||||
uses: actions/setup-go@v3
|
||||
@ -54,7 +54,7 @@ jobs:
|
||||
file: ./coverage.txt
|
||||
e2e:
|
||||
name: E2e tests
|
||||
runs-on: ubuntu-18.04
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Setup Go
|
||||
uses: actions/setup-go@v3
|
||||
@ -83,7 +83,7 @@ jobs:
|
||||
expected_result: PASSED
|
||||
release:
|
||||
name: Release snapshot
|
||||
runs-on: ubuntu-18.04
|
||||
runs-on: ubuntu-latest
|
||||
needs: [e2e, unit]
|
||||
steps:
|
||||
- name: Setup Go
|
||||
|
2
.github/workflows/mkdocs-deploy.yaml
vendored
2
.github/workflows/mkdocs-deploy.yaml
vendored
@ -13,7 +13,7 @@ on:
|
||||
jobs:
|
||||
deploy:
|
||||
name: Deploy documentation
|
||||
runs-on: ubuntu-18.04
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout main
|
||||
uses: actions/checkout@v3
|
||||
|
21
.github/workflows/publish.yml
vendored
21
.github/workflows/publish.yml
vendored
@ -12,7 +12,7 @@ env:
|
||||
jobs:
|
||||
publish:
|
||||
name: Publish
|
||||
runs-on: ubuntu-18.04
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Check Out Repo
|
||||
uses: actions/checkout@v3
|
||||
@ -49,7 +49,7 @@ jobs:
|
||||
|
||||
- name: Build and push - Docker/ECR
|
||||
id: docker_build
|
||||
uses: docker/build-push-action@v3
|
||||
uses: docker/build-push-action@v4
|
||||
with:
|
||||
context: .
|
||||
platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x
|
||||
@ -64,5 +64,22 @@ jobs:
|
||||
public.ecr.aws/${{ env.ALIAS }}/${{ env.REP }}:latest
|
||||
cache-from: type=local,src=/tmp/.buildx-cache/release
|
||||
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache/release
|
||||
|
||||
- name: Build and push ubi image - Docker/ECR
|
||||
id: docker_build_ubi
|
||||
uses: docker/build-push-action@v4
|
||||
with:
|
||||
context: .
|
||||
platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x
|
||||
builder: ${{ steps.buildx.outputs.name }}
|
||||
push: true
|
||||
file: Dockerfile.ubi
|
||||
build-args: |
|
||||
KUBEBENCH_VERSION=${{ steps.get_version.outputs.version }}
|
||||
tags: |
|
||||
${{ env.DOCKERHUB_ALIAS }}/${{ env.REP }}:${{ steps.get_version.outputs.version }}-ubi
|
||||
public.ecr.aws/${{ env.ALIAS }}/${{ env.REP }}:${{ steps.get_version.outputs.version }}-ubi
|
||||
cache-from: type=local,src=/tmp/.buildx-cache/release
|
||||
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache/release
|
||||
- name: Image digest
|
||||
run: echo ${{ steps.docker_build.outputs.digest }}
|
||||
|
2
.github/workflows/release.yml
vendored
2
.github/workflows/release.yml
vendored
@ -12,7 +12,7 @@ env:
|
||||
jobs:
|
||||
release:
|
||||
name: Release
|
||||
runs-on: ubuntu-18.04
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Setup Go
|
||||
uses: actions/setup-go@v3
|
||||
|
@ -9,7 +9,7 @@ COPY internal/ internal/
|
||||
ARG KUBEBENCH_VERSION
|
||||
RUN make build && cp kube-bench /go/bin/kube-bench
|
||||
|
||||
FROM alpine:3.17.0 AS run
|
||||
FROM alpine:3.17 AS run
|
||||
WORKDIR /opt/kube-bench/
|
||||
# add GNU ps for -C, -o cmd, and --no-headers support
|
||||
# https://github.com/aquasecurity/kube-bench/issues/109
|
||||
|
@ -11,9 +11,9 @@ RUN make build && cp kube-bench /go/bin/kube-bench
|
||||
|
||||
|
||||
# ubi8-minimal base image for build with ubi standards
|
||||
FROM registry.access.redhat.com/ubi8/ubi-minimal:8.7 as run
|
||||
FROM registry.access.redhat.com/ubi8/ubi-minimal as run
|
||||
|
||||
RUN microdnf install yum findutils openssl\
|
||||
RUN microdnf install -y yum findutils openssl \
|
||||
&& yum -y update-minimal --security --sec-severity=Moderate --sec-severity=Important --sec-severity=Critical \
|
||||
&& yum update -y \
|
||||
&& yum install -y glibc \
|
7
makefile
7
makefile
@ -4,6 +4,7 @@ DOCKER_ORG ?= aquasec
|
||||
VERSION ?= $(shell git rev-parse --short=7 HEAD)
|
||||
KUBEBENCH_VERSION ?= $(shell git describe --tags --abbrev=0)
|
||||
IMAGE_NAME ?= $(DOCKER_ORG)/$(BINARY):$(VERSION)
|
||||
IMAGE_NAME_UBI ?= $(DOCKER_ORG)/$(BINARY):$(VERSION)-ubi
|
||||
GOOS ?= linux
|
||||
BUILD_OS := linux
|
||||
uname := $(shell uname -s)
|
||||
@ -45,6 +46,12 @@ build-docker:
|
||||
--build-arg KUBEBENCH_VERSION=$(KUBEBENCH_VERSION) \
|
||||
-t $(IMAGE_NAME) .
|
||||
|
||||
build-docker-ubi:
|
||||
docker build -f Dockerfile.ubi --build-arg BUILD_DATE=$(shell date -u +"%Y-%m-%dT%H:%M:%SZ") \
|
||||
--build-arg VCS_REF=$(VERSION) \
|
||||
--build-arg KUBEBENCH_VERSION=$(KUBEBENCH_VERSION) \
|
||||
-t $(IMAGE_NAME_UBI) .
|
||||
|
||||
# unit tests
|
||||
tests:
|
||||
GO111MODULE=on go test -vet all -short -race -timeout 30s -coverprofile=coverage.txt -covermode=atomic ./...
|
||||
|
Loading…
Reference in New Issue
Block a user