Release Snapshot #554
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# On cron schedule or on demand: Release snapshot (amd64 and arm64) | |
# | |
# This workflow ensures that the main branch is ready for release and that all | |
# build configuration files are valid. Also scans tracee container images for | |
# vulnerabilities, and publishes to DockerHub as aquasec/tracee:dev and | |
# aquasec/tracee:dev-full. | |
# | |
name: Release Snapshot | |
on: | |
workflow_dispatch: {} | |
schedule: | |
# Daily at 05:00 | |
- cron: "0 5 * * *" | |
jobs: | |
release-snapshot: | |
name: Release Snapshot X64 (Default) | |
runs-on: | |
[ | |
"github-self-hosted_ami-0f4881c8d69684001_${{ github.event.number }}-${{ github.run_id }}", | |
] | |
permissions: | |
contents: read | |
packages: write | |
id-token: write | |
steps: | |
- name: Install Cosign | |
uses: sigstore/cosign-installer@main | |
with: | |
cosign-release: 'v2.0.2' | |
- name: Checkout Code | |
uses: actions/checkout@v3 | |
with: | |
submodules: true | |
fetch-depth: 0 | |
- name: AWS Environment | |
run: | | |
dmidecode | |
- name: Login to docker.io registry | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKERHUB_USER }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Build | |
run: | | |
make -f builder/Makefile.release SNAPSHOT=1 | |
- name: Scan Docker Image for Vulnerabilities | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: "tracee:latest" | |
severity: "CRITICAL" | |
exit-code: "1" | |
- name: Publish to docker.io registry | |
run: | | |
docker image tag tracee:latest aquasec/tracee:dev | |
docker image tag tracee:latest aquasec/tracee:x86_64-dev | |
docker image push aquasec/tracee:dev | |
docker image push aquasec/tracee:x86_64-dev | |
release-snapshot-arm64: | |
name: Release Snapshot ARM64 | |
runs-on: | |
[ | |
"github-self-hosted_ami-03217ce7c37572c4d_${{ github.event.number }}-${{ github.run_id }}", | |
] | |
permissions: | |
contents: read | |
packages: write | |
id-token: write | |
steps: | |
- name: Install Cosign | |
uses: sigstore/cosign-installer@main | |
with: | |
cosign-release: 'v2.0.2' | |
- name: Checkout Code | |
uses: actions/checkout@v3 | |
with: | |
submodules: true | |
fetch-depth: 0 | |
- name: AWS Environment | |
run: | | |
dmidecode | |
- name: Login to docker.io registry | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKERHUB_USER }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Build | |
run: | | |
make -f builder/Makefile.release SNAPSHOT=1 | |
- name: Scan Docker Image for Vulnerabilities | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: "tracee:latest" | |
severity: "CRITICAL" | |
exit-code: "1" | |
- name: Publish to docker.io registry | |
run: | | |
docker image tag tracee:latest aquasec/tracee:aarch64-dev | |
docker image push aquasec/tracee:aarch64-dev |