Bump aquasecurity/setup-trivy in the trivy-actions group (#6829) #31850
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and push latest image if needed | |
on: | |
pull_request: | |
branches: | |
- main | |
- release-* | |
- feature/* | |
push: | |
branches: | |
- main | |
- release-* | |
- feature/* | |
jobs: | |
check-env: | |
name: Compute outputs for use by other jobs | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
show-progress: false | |
- name: Check whether tests need to be run based on diff | |
uses: antrea-io/has-changes@v2 | |
id: check_diff | |
with: | |
paths-ignore: docs/* ci/jenkins/* *.md hack/.notableofcontents | |
- name: Checking if image needs to be pushed | |
id: check_push | |
run: | | |
if [ "${{ github.repository }}" == "antrea-io/antrea" ] && [ "${{ github.event_name }}" == "push" ] && [ "${{ github.ref }}" == "refs/heads/main" ]; then | |
echo "push_needed=true" >> $GITHUB_OUTPUT | |
echo "docker_driver=docker-container" >> $GITHUB_OUTPUT | |
else | |
echo "push_needed=false" >> $GITHUB_OUTPUT | |
echo "docker_driver=docker" >> $GITHUB_OUTPUT | |
fi | |
outputs: | |
has_changes: ${{ steps.check_diff.outputs.has_changes }} | |
push_needed: ${{ steps.check_push.outputs.push_needed }} | |
docker_driver: ${{ steps.check_push.outputs.docker_driver }} | |
build: | |
needs: check-env | |
if: ${{ needs.check-env.outputs.has_changes == 'yes' || github.event_name == 'push' }} | |
strategy: | |
matrix: | |
include: | |
- platform: linux/amd64 | |
runner: ubuntu-latest | |
suffix: amd64 | |
- platform: linux/arm64 | |
runner: github-arm64-2c-8gb | |
suffix: arm64 | |
- platform: linux/arm/v7 | |
runner: github-arm64-2c-8gb | |
suffix: arm | |
runs-on: ${{ matrix.runner }} | |
env: | |
DOCKER_TAG: latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
driver: ${{ needs.check-env.outputs.docker_driver }} | |
- name: Build Antrea Docker image without pushing to registry | |
if: ${{ needs.check-env.outputs.push_needed == 'false' }} | |
run: | | |
./hack/build-antrea-linux-all.sh --platform ${{ matrix.platform }} --pull | |
- name: Build and push Antrea Docker image to registry | |
if: ${{ needs.check-env.outputs.push_needed == 'true' }} | |
env: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
run: | | |
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin | |
./hack/build-antrea-linux-all.sh --platform ${{ matrix.platform }} --pull --push-base-images | |
docker tag antrea/antrea-controller-ubuntu:"${DOCKER_TAG}" antrea/antrea-controller-ubuntu-${{ matrix.suffix }}:"${DOCKER_TAG}" | |
docker tag antrea/antrea-agent-ubuntu:"${DOCKER_TAG}" antrea/antrea-agent-ubuntu-${{ matrix.suffix }}:"${DOCKER_TAG}" | |
docker push antrea/antrea-controller-ubuntu-${{ matrix.suffix }}:"${DOCKER_TAG}" | |
docker push antrea/antrea-agent-ubuntu-${{ matrix.suffix }}:"${DOCKER_TAG}" | |
# Same repository workflow dispatch to run conformance tests | |
- name: Run conformance tests | |
if: ${{ needs.check-env.outputs.push_needed == 'true' }} | |
uses: benc-uk/workflow-dispatch@v1 | |
with: | |
workflow: .github/workflows/conformance.yml | |
inputs: ${{ format('{{ "antrea-version":"{0}", "antrea-image-distro":"ubuntu", "test-suite":"conformance", "runner":"{1}", "antrea-image-platform":"{2}" }}', github.sha, matrix.runner, matrix.platform) }} | |
push-manifest: | |
needs: [check-env, build] | |
if: ${{ needs.check-env.outputs.push_needed == 'true' }} | |
runs-on: ubuntu-latest | |
env: | |
DOCKER_TAG: latest | |
steps: | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
driver: ${{ needs.check-env.outputs.docker_driver }} | |
- name: Docker login | |
env: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
run: | | |
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin | |
- name: Create and push manifest for controller image | |
run: | | |
docker manifest create antrea/antrea-controller-ubuntu:"${DOCKER_TAG}" \ | |
antrea/antrea-controller-ubuntu-arm64:"${DOCKER_TAG}" \ | |
antrea/antrea-controller-ubuntu-arm:"${DOCKER_TAG}" \ | |
antrea/antrea-controller-ubuntu-amd64:"${DOCKER_TAG}" | |
docker manifest push --purge antrea/antrea-controller-ubuntu:"${DOCKER_TAG}" | |
- name: Create and push manifest for agent image | |
run: | | |
docker manifest create antrea/antrea-agent-ubuntu:"${DOCKER_TAG}" \ | |
antrea/antrea-agent-ubuntu-arm64:"${DOCKER_TAG}" \ | |
antrea/antrea-agent-ubuntu-arm:"${DOCKER_TAG}" \ | |
antrea/antrea-agent-ubuntu-amd64:"${DOCKER_TAG}" | |
docker manifest push --purge antrea/antrea-agent-ubuntu:"${DOCKER_TAG}" | |
build-ubi: | |
needs: check-env | |
if: ${{ needs.check-env.outputs.has_changes == 'yes' || github.event_name == 'push' }} | |
runs-on: ubuntu-latest | |
env: | |
DOCKER_TAG: latest | |
steps: | |
- name: Free disk space | |
# https://github.com/actions/virtual-environments/issues/709 | |
run: | | |
sudo apt-get clean | |
df -h | |
- uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
driver: ${{ needs.check-env.outputs.docker_driver }} | |
- uses: actions/setup-go@v5 | |
with: | |
go-version-file: 'go.mod' | |
- name: Build Antrea UBI9 Docker image without pushing to registry | |
if: ${{ needs.check-env.outputs.push_needed == 'false' }} | |
run: | | |
./hack/build-antrea-linux-all.sh --pull --distro ubi | |
- name: Build and push Antrea UBI9 Docker image to registry | |
if: ${{ needs.check-env.outputs.push_needed == 'true' }} | |
env: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
run: | | |
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin | |
./hack/build-antrea-linux-all.sh --pull --push-base-images --distro ubi | |
docker push antrea/antrea-agent-ubi:"${DOCKER_TAG}" | |
docker push antrea/antrea-controller-ubi:"${DOCKER_TAG}" | |
build-scale: | |
needs: check-env | |
if: ${{ needs.check-env.outputs.has_changes == 'yes' || github.event_name == 'push' }} | |
runs-on: [ubuntu-latest] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- name: Build Antrea Agent Simulator Docker image | |
run: make build-scale-simulator | |
- name: Push Antrea Agent Simulator Docker image to registry | |
if: ${{ needs.check-env.outputs.push_needed == 'true' }} | |
env: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
run: | | |
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin | |
docker push antrea/antrea-ubuntu-simulator:latest | |
build-windows: | |
needs: check-env | |
if: ${{ needs.check-env.outputs.has_changes == 'yes' || github.event_name == 'push' }} | |
runs-on: [ubuntu-latest] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- name: Build Antrea Windows Docker image | |
if: ${{ needs.check-env.outputs.push_needed == 'false' }} | |
run: ./hack/build-antrea-windows-all.sh --pull | |
- name: Push Antrea Windows Docker image to registry | |
if: ${{ needs.check-env.outputs.push_needed == 'true' }} | |
env: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
run: | | |
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin | |
./hack/build-antrea-windows-all.sh --pull --push --push-base-images | |
shell: bash | |
build-antrea-mc-controller: | |
needs: check-env | |
if: ${{ needs.check-env.outputs.has_changes == 'yes' || github.event_name == 'push' }} | |
runs-on: [ubuntu-latest] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- name: Build antrea-mc-controller Docker image | |
run: make build-antrea-mc-controller | |
- name: Push antrea-mc-controller Docker image to registry | |
if: ${{ needs.check-env.outputs.push_needed == 'true' }} | |
env: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
run: | | |
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin | |
docker push antrea/antrea-mc-controller:latest | |
build-flow-aggregator: | |
needs: check-env | |
if: ${{ needs.check-env.outputs.has_changes == 'yes' || github.event_name == 'push' }} | |
runs-on: [ubuntu-latest] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- name: Build flow-aggregator Docker image | |
run: make flow-aggregator-image | |
- name: Check flow-aggregator Docker image | |
run: docker run antrea/flow-aggregator --version | |
- name: Push flow-aggregator Docker image to registry | |
if: ${{ needs.check-env.outputs.push_needed == 'true' }} | |
env: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
run: | | |
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin | |
docker push antrea/flow-aggregator:latest | |
build-antrea-migrator: | |
needs: check-env | |
if: ${{ needs.check-env.outputs.has_changes == 'yes' || github.event_name == 'push' }} | |
runs-on: [ubuntu-latest] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- name: Build antrea-migrator Docker image | |
run: make build-migrator | |
- name: Push antrea-migrator Docker image to registry | |
if: ${{ needs.check-env.outputs.push_needed == 'true' }} | |
env: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
run: | | |
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin | |
docker push antrea/antrea-migrator:latest |