Building Fluentd image #83
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Building Fluentd image | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| docker_tag_version: | |
| description: 'Fluentd image release version' | |
| required: true | |
| default: '1.17.0' | |
| env: | |
| DOCKER_REPO: 'kubesphere' | |
| DOCKER_IMAGE: 'fluentd' | |
| GITHUB_IMAGE: '${{ github.repository }}/fluentd' | |
| permissions: | |
| contents: read | |
| packages: write | |
| jobs: | |
| build-amd64-prod-image-metadata: | |
| runs-on: ubuntu-latest | |
| name: Build prod image metadata for amd64 | |
| outputs: | |
| IMG_NAME: ${{ steps.set-outputs.outputs.IMAGE_NAME }} | |
| version: ${{ steps.image-metadata.outputs.version }} | |
| tags: ${{ steps.image-metadata.outputs.tags }} | |
| labels: ${{ steps.image-metadata.outputs.labels }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Extract version parts | |
| id: extract_version | |
| run: | | |
| VERSION=${{ github.event.inputs.docker_tag_version }} | |
| VERSION_SUFFIX="amd64" | |
| VERSION_WITHOUT_V=${VERSION#v} | |
| MAJOR_MINOR=$(echo $VERSION_WITHOUT_V | cut -d. -f1-2) | |
| echo "VERSION=$VERSION" >> $GITHUB_ENV | |
| echo "VERSION_SUFFIX=$VERSION_SUFFIX" >> $GITHUB_ENV | |
| echo "VERSION_WITHOUT_V=$VERSION_WITHOUT_V" >> $GITHUB_ENV | |
| echo "MAJOR_MINOR=$MAJOR_MINOR" >> $GITHUB_ENV | |
| - name: Determine image version tag | |
| id: determine-tags | |
| run: | | |
| if skopeo inspect docker://ghcr.io/${{ env.GITHUB_IMAGE }}:${{ env.VERSION }}-${{ env.VERSION_SUFFIX }}; then | |
| echo "${{ env.VERSION }}-${{ env.VERSION_SUFFIX }} tag already exists, assuming we're building a patch release!" | |
| LATEST_PATCH_VERSION=$(skopeo list-tags docker://ghcr.io/${{ env.GITHUB_IMAGE }} | grep -E "${{ env.VERSION }}-[0-9]+" | sort | uniq | tail -1 | tr -d \" | cut -d'-' -f2) | |
| NEW_PATCH_VERSION=$((LATEST_PATCH_VERSION + 1)) | |
| IMAGE_TAG="${{ env.VERSION }}-${NEW_PATCH_VERSION}" | |
| echo "Building patch release ${IMAGE_TAG}-${{ env.VERSION_SUFFIX }}!" | |
| else | |
| echo "${{ env.VERSION }}-${{ env.VERSION_SUFFIX }} tag does not exist, assuming we're building a new release!" | |
| IMAGE_TAG="${{ env.VERSION }}" | |
| fi | |
| echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV | |
| env: | |
| VERSION: ${{env.VERSION }} | |
| VERSION_SUFFIX: ${{ env.VERSION_SUFFIX }} | |
| - name: docker metadata for amd64 | |
| id: image-metadata | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: "ghcr.io/${{ env.GITHUB_IMAGE }}" | |
| flavor: | | |
| latest=false | |
| suffix=-${{ env.VERSION_SUFFIX }} | |
| tags: | | |
| raw,latest | |
| type=raw,value=${{ env.IMAGE_TAG }} | |
| type=raw,value=v${{ env.IMAGE_TAG }} | |
| type=raw,value=${{ env.MAJOR_MINOR }} | |
| type=raw,value=v${{ env.MAJOR_MINOR }} | |
| env: | |
| IMAGE_TAG: ${{ env.IMAGE_TAG }} | |
| MAJOR_MINOR: ${{ env.MAJOR_MINOR }} | |
| VERSION_SUFFIX: ${{ env.VERSION_SUFFIX }} | |
| - name: Set outputs | |
| id: set-outputs | |
| run: | | |
| echo "IMAGE_NAME=${{ env.GITHUB_IMAGE }}" >> $GITHUB_OUTPUT | |
| build-arm64-prod-image-metadata: | |
| runs-on: ubuntu-latest | |
| name: Build prod image metadata for arm64 | |
| outputs: | |
| IMG_NAME: ${{ steps.set-outputs.outputs.IMAGE_NAME }} | |
| version: ${{ steps.image-metadata.outputs.version }} | |
| tags: ${{ steps.image-metadata.outputs.tags }} | |
| labels: ${{ steps.image-metadata.outputs.labels }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Extract version parts | |
| id: extract_version | |
| run: | | |
| VERSION=${{ github.event.inputs.docker_tag_version }} | |
| VERSION_SUFFIX="arm64" | |
| VERSION_WITHOUT_V=${VERSION#v} | |
| MAJOR_MINOR=$(echo $VERSION_WITHOUT_V | cut -d. -f1-2) | |
| echo "VERSION=$VERSION" >> $GITHUB_ENV | |
| echo "VERSION_SUFFIX=$VERSION_SUFFIX" >> $GITHUB_ENV | |
| echo "VERSION_WITHOUT_V=$VERSION_WITHOUT_V" >> $GITHUB_ENV | |
| echo "MAJOR_MINOR=$MAJOR_MINOR" >> $GITHUB_ENV | |
| - name: Determine image version tag | |
| id: determine-tags | |
| run: | | |
| if skopeo inspect --override-arch arm64 docker://ghcr.io/${{ env.GITHUB_IMAGE }}:${{ env.VERSION }}-${{ env.VERSION_SUFFIX }}; then | |
| echo "${{ env.VERSION }}-${{ env.VERSION_SUFFIX }} tag already exists, assuming we're building a patch release!" | |
| LATEST_PATCH_VERSION=$(skopeo list-tags docker://ghcr.io/${{ env.GITHUB_IMAGE }} | grep -E "${{ env.VERSION }}-[0-9]+" | sort | uniq | tail -1 | tr -d \" | cut -d'-' -f2) | |
| NEW_PATCH_VERSION=$((LATEST_PATCH_VERSION + 1)) | |
| IMAGE_TAG="${{ env.VERSION }}-${NEW_PATCH_VERSION}" | |
| echo "Building patch release ${IMAGE_TAG}-${{ env.VERSION_SUFFIX }}!" | |
| else | |
| echo "${{ env.VERSION }}-${{ env.VERSION_SUFFIX }} tag does not exist, assuming we're building a new release!" | |
| IMAGE_TAG="${{ env.VERSION }}" | |
| fi | |
| echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV | |
| env: | |
| VERSION: ${{ env.VERSION }} | |
| VERSION_SUFFIX: ${{ env.VERSION_SUFFIX }} | |
| - name: docker metadata for arm64 | |
| id: image-metadata | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: "ghcr.io/${{ env.GITHUB_IMAGE }}" | |
| flavor: | | |
| latest=false | |
| suffix=-${{ env.VERSION_SUFFIX }} | |
| tags: | | |
| raw,latest | |
| type=raw,value=${{ env.IMAGE_TAG }} | |
| type=raw,value=v${{ env.IMAGE_TAG }} | |
| type=raw,value=${{ env.MAJOR_MINOR }} | |
| type=raw,value=v${{ env.MAJOR_MINOR }} | |
| env: | |
| IMAGE_TAG: ${{ env.IMAGE_TAG }} | |
| MAJOR_MINOR: ${{ env.MAJOR_MINOR }} | |
| VERSION_SUFFIX: ${{ env.VERSION_SUFFIX }} | |
| - name: Set outputs | |
| id: set-outputs | |
| run: | | |
| echo "IMAGE_NAME=${{ env.GITHUB_IMAGE }}" >> $GITHUB_OUTPUT | |
| build-arm64-base-image-metadata: | |
| runs-on: ubuntu-latest | |
| name: Build prod image metadata for arm64 base image | |
| outputs: | |
| IMG_NAME: ${{ steps.set-outputs.outputs.IMAGE_NAME }} | |
| DOCKER_IMG_NAME: ${{ steps.set-outputs.outputs.DOCKER_IMG_NAME }} | |
| version: ${{ steps.image-metadata.outputs.version }} | |
| tags: ${{ steps.image-metadata.outputs.tags }} | |
| labels: ${{ steps.image-metadata.outputs.labels }} | |
| release_tags: ${{ steps.image-tags.outputs.tags }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Extract version parts | |
| id: extract_version | |
| run: | | |
| VERSION=${{ github.event.inputs.docker_tag_version }} | |
| VERSION_SUFFIX="arm64-base" | |
| VERSION_WITHOUT_V=${VERSION#v} | |
| MAJOR_MINOR=$(echo $VERSION_WITHOUT_V | cut -d. -f1-2) | |
| echo "VERSION=$VERSION" >> $GITHUB_ENV | |
| echo "VERSION_SUFFIX=$VERSION_SUFFIX" >> $GITHUB_ENV | |
| echo "VERSION_WITHOUT_V=$VERSION_WITHOUT_V" >> $GITHUB_ENV | |
| echo "MAJOR_MINOR=$MAJOR_MINOR" >> $GITHUB_ENV | |
| - name: Determine image version tag | |
| id: determine-tags | |
| run: | | |
| if skopeo inspect --override-arch arm64 docker://ghcr.io/${{ env.GITHUB_IMAGE }}:${{ env.VERSION }}-${{ env.VERSION_SUFFIX }}; then | |
| echo "${{ env.VERSION }}-${{ env.VERSION_SUFFIX }} tag already exists, assuming we're building a patch release!" | |
| LATEST_PATCH_VERSION=$(skopeo list-tags docker://ghcr.io/${{ env.GITHUB_IMAGE }} | grep -E "${{ env.VERSION }}-[0-9]+" | sort | uniq | tail -1 | tr -d \" | cut -d'-' -f2) | |
| NEW_PATCH_VERSION=$((LATEST_PATCH_VERSION + 1)) | |
| IMAGE_TAG="${{ env.VERSION }}-${NEW_PATCH_VERSION}" | |
| echo "Building patch release ${IMAGE_TAG}-${{ env.VERSION_SUFFIX }}!" | |
| else | |
| echo "${{ env.VERSION }}-${{ env.VERSION_SUFFIX }} tag does not exist, assuming we're building a new release!" | |
| IMAGE_TAG="${{ env.VERSION }}" | |
| fi | |
| echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV | |
| env: | |
| VERSION: ${{ env.VERSION }} | |
| VERSION_SUFFIX: ${{ env.VERSION_SUFFIX }} | |
| - name: docker metadata for arm64 base image | |
| id: image-metadata | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: "ghcr.io/${{ env.GITHUB_IMAGE }}" | |
| flavor: | | |
| latest=false | |
| suffix=-${{ env.VERSION_SUFFIX }} | |
| tags: | | |
| type=raw,value=${{ env.IMAGE_TAG }} | |
| type=raw,value=v${{ env.IMAGE_TAG }} | |
| type=raw,value=${{ env.MAJOR_MINOR }} | |
| type=raw,value=v${{ env.MAJOR_MINOR }} | |
| env: | |
| IMAGE_TAG: ${{ env.IMAGE_TAG }} | |
| MAJOR_MINOR: ${{ env.MAJOR_MINOR }} | |
| VERSION_SUFFIX: ${{ env.VERSION_SUFFIX }} | |
| - name: Set outputs | |
| id: set-outputs | |
| run: | | |
| echo "IMAGE_NAME=${{ env.GITHUB_IMAGE }}" >> $GITHUB_OUTPUT | |
| echo "DOCKER_IMG_NAME=${{env.DOCKER_REPO}}/${{ env.DOCKER_IMAGE }}" >> $GITHUB_OUTPUT | |
| build-amd64: | |
| runs-on: ubuntu-latest | |
| needs: build-amd64-prod-image-metadata | |
| timeout-minutes: 30 | |
| name: Build amd64 Image for Fluentd | |
| steps: | |
| - name: Install Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: 1.21 | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and Push amd64 base Image for Fluentd | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: cmd/fluent-watcher/fluentd/Dockerfile.amd64 | |
| push: true | |
| platforms: linux/amd64 | |
| tags: ${{ needs.build-amd64-prod-image-metadata.outputs.tags }} | |
| labels: ${{ needs.build-amd64-prod-image-metadata.outputs.labels }} | |
| build-arm64-base: | |
| runs-on: ubuntu-latest | |
| needs: build-arm64-base-image-metadata | |
| timeout-minutes: 90 | |
| name: Build arm64 base Image for Fluentd | |
| steps: | |
| - name: Install Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: 1.21 | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and Push arm64 base Image for Fluentd | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: cmd/fluent-watcher/fluentd/Dockerfile.arm64.base | |
| push: true | |
| platforms: linux/arm64 | |
| tags: ${{ needs.build-arm64-base-image-metadata.outputs.tags }} | |
| labels: ${{ needs.build-arm64-base-image-metadata.outputs.labels }} | |
| release-arm64-base-image-to-docker-hub: | |
| if: ${{ github.event_name != 'pull_request' }} | |
| name: Release Image to Docker Hub | |
| uses: ./.github/workflows/clone-docker-image-action.yaml | |
| needs: | |
| - build-arm64-base-image-metadata | |
| - build-arm64-base | |
| with: | |
| source_image: "${{ needs.build-arm64-base-image-metadata.outputs.IMG_NAME }}" | |
| source_registry: ghcr.io | |
| target_image: "${{ needs.build-arm64-base-image-metadata.outputs.DOCKER_IMG_NAME }}" | |
| target_registry: docker.io | |
| platforms: "['linux/arm64']" | |
| tags: ${{ needs.build-arm64-base-image-metadata.outputs.release_tags }} | |
| secrets: | |
| source_registry_username: ${{ github.actor }} | |
| source_registry_token: ${{ secrets.GITHUB_TOKEN }} | |
| target_registry_username: ${{ secrets.REGISTRY_USER }} | |
| target_registry_token: ${{ secrets.REGISTRY_PASSWORD }} | |
| build-arm64: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-arm64-prod-image-metadata | |
| - build-arm64-base-image-metadata | |
| - build-arm64-base | |
| timeout-minutes: 90 | |
| name: Build arm64 Image for Fluentd | |
| steps: | |
| - name: Install Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: 1.21 | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and Push arm64 base Image for Fluentd | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: cmd/fluent-watcher/fluentd/Dockerfile.arm64.quick | |
| push: true | |
| platforms: linux/arm64 | |
| tags: ${{ needs.build-arm64-prod-image-metadata.outputs.tags }} | |
| labels: ${{ needs.build-arm64-prod-image-metadata.outputs.labels }} | |
| build-args: | | |
| BASE_IMAGE_TAG=${{ needs.build-arm64-base-image-metadata.outputs.version }} | |
| BASE_IMAGE=ghcr.io/${{needs.build-arm64-base-image-metadata.outputs.IMG_NAME}} | |
| prod-image-manifest: | |
| needs: | |
| - build-amd64-prod-image-metadata | |
| - build-arm64-prod-image-metadata | |
| - build-amd64 | |
| - build-arm64 | |
| runs-on: ubuntu-latest | |
| name: Create image manifest | |
| outputs: | |
| IMG_NAME: ${{ steps.set-outputs.outputs.IMAGE_NAME }} | |
| DOCKER_IMG_NAME: ${{ steps.set-outputs.outputs.DOCKER_IMG_NAME }} | |
| version: ${{ steps.image-metadata.outputs.version }} | |
| tags: ${{ steps.image-metadata.outputs.tags }} | |
| labels: ${{ steps.image-metadata.outputs.labels }} | |
| release_tags: ${{ steps.image-tags.outputs.tags }} | |
| steps: | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract version parts | |
| id: extract_version | |
| run: | | |
| VERSION=${{ github.event.inputs.docker_tag_version }} | |
| VERSION_WITHOUT_V=${VERSION#v} | |
| MAJOR_MINOR=$(echo $VERSION_WITHOUT_V | cut -d. -f1-2) | |
| echo "VERSION=$VERSION" >> $GITHUB_ENV | |
| echo "VERSION_WITHOUT_V=$VERSION_WITHOUT_V" >> $GITHUB_ENV | |
| echo "MAJOR_MINOR=$MAJOR_MINOR" >> $GITHUB_ENV | |
| - name: Determine image version tag | |
| id: determine-tags | |
| run: | | |
| if skopeo inspect docker://ghcr.io/${{ env.GITHUB_IMAGE }}:${{ env.VERSION }}; then | |
| echo "${{ env.VERSION }} tag already exists, assuming we're building a patch release!" | |
| LATEST_PATCH_VERSION=$(skopeo list-tags docker://ghcr.io/${{ env.GITHUB_IMAGE }} | grep -E "${{ env.VERSION }}-[0-9]+" | sort | uniq | tail -1 | tr -d \" | cut -d'-' -f2) | |
| NEW_PATCH_VERSION=$((LATEST_PATCH_VERSION + 1)) | |
| IMAGE_TAG="${{ env.VERSION }}-${NEW_PATCH_VERSION}" | |
| echo "Building patch release ${IMAGE_TAG}!" | |
| else | |
| echo "${{ env.VERSION }} tag does not exist, assuming we're building a new release!" | |
| IMAGE_TAG="${{ env.VERSION }}" | |
| fi | |
| echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV | |
| env: | |
| VERSION: ${{ env.VERSION }} | |
| - name: docker metadata for manifest | |
| id: image-metadata | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: "ghcr.io/${{ env.GITHUB_IMAGE }}" | |
| tags: | | |
| type=raw,value=${{ env.IMAGE_TAG }} | |
| type=raw,value=v${{ env.IMAGE_TAG }} | |
| type=raw,value=${{ env.MAJOR_MINOR }} | |
| type=raw,value=v${{ env.MAJOR_MINOR }} | |
| env: | |
| IMAGE_TAG: ${{ env.IMAGE_TAG }} | |
| MAJOR_MINOR: ${{ env.MAJOR_MINOR }} | |
| - name: docker tags for cloning | |
| id: image-tags | |
| uses: docker/metadata-action@v5 | |
| with: | |
| tags: | | |
| type=raw,value=${{ env.IMAGE_TAG }} | |
| type=raw,value=v${{ env.IMAGE_TAG }} | |
| type=raw,value=${{ env.MAJOR_MINOR }} | |
| type=raw,value=v${{ env.MAJOR_MINOR }} | |
| env: | |
| IMAGE_TAG: ${{ env.IMAGE_TAG }} | |
| MAJOR_MINOR: ${{ env.MAJOR_MINOR }} | |
| - name: Set outputs | |
| id: set-outputs | |
| run: | | |
| echo "IMAGE_NAME=${{ env.GITHUB_IMAGE }}" >> $GITHUB_OUTPUT | |
| echo "DOCKER_IMG_NAME=${{env.DOCKER_REPO}}/${{ env.DOCKER_IMAGE }}" >> $GITHUB_OUTPUT | |
| - name: Create image manifest | |
| uses: int128/docker-manifest-create-action@v2 | |
| with: | |
| push: true | |
| tags: ${{ steps.image-metadata.outputs.tags }} | |
| sources: | | |
| ghcr.io/${{ needs.build-amd64-prod-image-metadata.outputs.IMG_NAME }}:${{ needs.build-amd64-prod-image-metadata.outputs.version }} | |
| ghcr.io/${{ needs.build-arm64-prod-image-metadata.outputs.IMG_NAME }}:${{ needs.build-arm64-prod-image-metadata.outputs.version }} | |
| scan-image: | |
| needs: | |
| - prod-image-manifest | |
| name: Scan Fluentd Image | |
| uses: ./.github/workflows/scan-docker-image-action.yaml | |
| with: | |
| source_image: "${{ needs.prod-image-manifest.outputs.IMG_NAME }}:${{ needs.prod-image-manifest.outputs.version }}" | |
| source_registry: ghcr.io | |
| platforms: "['linux/arm64', 'linux/amd64']" | |
| secrets: | |
| registry_username: ${{ github.actor }} | |
| registry_password: ${{ secrets.GITHUB_TOKEN }} | |
| release-images-to-docker-hub: | |
| if: ${{ github.event_name != 'pull_request' }} | |
| name: Release Image to Docker Hub | |
| uses: ./.github/workflows/clone-docker-image-action.yaml | |
| needs: | |
| - prod-image-manifest | |
| - scan-image | |
| with: | |
| source_image: "${{ needs.prod-image-manifest.outputs.IMG_NAME }}" | |
| source_registry: ghcr.io | |
| target_image: "${{ needs.prod-image-manifest.outputs.DOCKER_IMG_NAME }}" | |
| target_registry: docker.io | |
| platforms: "['linux/arm64', 'linux/amd64']" | |
| tags: ${{ needs.prod-image-manifest.outputs.release_tags }} | |
| secrets: | |
| source_registry_username: ${{ github.actor }} | |
| source_registry_token: ${{ secrets.GITHUB_TOKEN }} | |
| target_registry_username: ${{ secrets.REGISTRY_USER }} | |
| target_registry_token: ${{ secrets.REGISTRY_PASSWORD }} |