Skip to content

Commit

Permalink
Add support for arm64 docker builds
Browse files Browse the repository at this point in the history
  • Loading branch information
Bogdan Peter committed Jul 7, 2024
1 parent e0746dc commit 91be5a2
Show file tree
Hide file tree
Showing 6 changed files with 199 additions and 37 deletions.
40 changes: 36 additions & 4 deletions .github/actions/build/docker/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,6 @@ inputs:
commit_sha:
required: true
description: Define the SHA1 git commit hash
docker_tag:
required: true
description: Define the Docker tag
docker_hub_org:
required: true
description: Pass DockerHub org to action
Expand Down Expand Up @@ -54,13 +51,29 @@ runs:
osctrl-${{ inputs.osctrl_component }}-${{ inputs.commit_sha }}-${{ inputs.go_os }}-${{ inputs.go_arch }}.bin \
osctrl-${{ inputs.osctrl_component }}-${{ inputs.go_os }}-${{ inputs.go_arch }}.bin
########################### Add meta data for containers ###########################
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ inputs.docker_hub_org }}/osctrl-${{ inputs.osctrl_component }}
labels: |
org.opencontainers.image.title=osctrl-${{ inputs.osctrl_component }}
tags: |
type=sha,prefix=,format=short
type=match,pattern=v(.*),group=1
########################### Log into Dockerhub ###########################
- name: Login to Docker Hub
uses: docker/[email protected]
with:
username: ${{ inputs.docker_hub_username }}
password: ${{ inputs.docker_hub_access_token }}

# ########################### Setup QEMU ###########################
- name: Set up QEMU
uses: docker/setup-qemu-action@v3

########################### Setup Docker ###########################
- name: Set up Docker Buildx
uses: docker/[email protected]
Expand All @@ -73,8 +86,27 @@ runs:
context: .
file: ./deploy/cicd/docker/Dockerfile-osctrl-${{ inputs.osctrl_component }}
push: true
tags: ${{ inputs.docker_hub_org }}/osctrl-${{ inputs.osctrl_component }}:${{ inputs.docker_tag }}
labels: ${{ steps.meta.outputs.labels }}
platforms: "${{ inputs.go_os }}/${{ inputs.go_arch }}"
outputs: type=image,name=${{ inputs.docker_hub_org }}/osctrl-${{ inputs.osctrl_component }},push-by-digest=true,name-canonical=true,push=true
build-args: |
COMPONENT=${{ inputs.osctrl_component }}
GOOS=${{ inputs.go_os }}
GOARCH=${{ inputs.go_arch }}
########################### Export image digest to tmp ###########################
- name: Export digest
shell: bash
run: |
mkdir -p /tmp/digests
digest="${{ steps.docker_build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
########################### Upload digest ###########################
- name: Upload digest
uses: actions/[email protected]
with:
name: digests-osctrl-${{ inputs.osctrl_component }}-${{ inputs.go_os }}-${{ inputs.go_arch }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
6 changes: 4 additions & 2 deletions .github/actions/build/dpkg/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ runs:
OSCTRL_VERSION: ${{ inputs.commit_sha }}

- name: Create DEB package contents for tagged version
id: create_deb_tagged_pkgs
uses: jiro4989/[email protected]
if: startsWith(github.ref, 'refs/tags/')
with:
Expand All @@ -59,6 +60,7 @@ runs:
desc: "DEB package for osctrl-${OSCTRL_COMPONENT}-${OSCTRL_VERSION} Commit SHA: ${COMMIT_SHA}"

- name: Create DEB package contents
id: create_deb_pkgs
uses: jiro4989/[email protected]
with:
package: osctrl-${{ inputs.osctrl_component }}
Expand All @@ -74,12 +76,12 @@ runs:
if: startsWith(github.ref, 'refs/tags/')
with:
name: osctrl-${{ inputs.osctrl_component }}_${{ inputs.release_version_tag }}-${{ inputs.commit_sha }}_${{ inputs.go_arch }}.deb
path: osctrl-${{ inputs.osctrl_component }}_${{ inputs.release_version_tag }}-${{ inputs.commit_sha }}_${{ inputs.go_arch }}.deb
path: ${{ steps.create_deb_tagged_pkgs.outputs.file_name }}
retention-days: 10

- name: Upload osctrl DEBs
uses: actions/[email protected]
with:
name: osctrl-${{ inputs.osctrl_component }}_${{ inputs.commit_sha }}_${{ inputs.go_arch }}.deb
path: osctrl-${{ inputs.osctrl_component }}_${{ inputs.commit_sha }}_${{ inputs.go_arch }}.deb
path: ${{ steps.create_deb_pkgs.outputs.file_name }}
retention-days: 10
24 changes: 18 additions & 6 deletions .github/actions/tagged_release/docker/codesign/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,10 @@ inputs:
osctrl_component:
required: true
description: Define the osctrl component to compile
docker_tag:
docker_tags:
required: true
description: Define the Docker tag
docker_image_digest:
docker_image_digests:
required: true
description: Dockerhub image digest
docker_hub_org:
Expand Down Expand Up @@ -58,16 +58,28 @@ runs:
env:
COSIGN_PASSWORD: "${{ inputs.codesign_password }}"
run: |
IMAGE_NAME="${{ inputs.docker_hub_org }}/osctrl-${{ inputs.osctrl_component }}:${{ inputs.docker_tag }}"
echo "${{ inputs.codesign_private_key }}" > cosign.key
cosign sign --key cosign.key docker.io/$IMAGE_NAME@${{ inputs.docker_image_digest }}
for tag in ${{ inputs.docker_tags }}
do
IMAGE_NAME="${{ inputs.docker_hub_org }}/osctrl-${{ inputs.osctrl_component }}:$tag"
for digest in ${{ inputs.docker_image_digest }}
do
cosign sign --key cosign.key docker.io/$IMAGE_NAME@sha256:$digest
done
done
rm -f cosign.key
########################### Verify signed image using cosign ###########################
- name: Verify the signed published Docker image
shell: bash
run: |
IMAGE_NAME="${{ inputs.docker_hub_org }}/osctrl-${{ inputs.osctrl_component }}:${{ inputs.docker_tag }}"
echo "${{ inputs.codesign_public_cert }}" > cosign.key
cosign verify --key cosign.key docker.io/$IMAGE_NAME@${{ inputs.docker_image_digest }}
for tag in ${{ inputs.docker_tags }}
do
IMAGE_NAME="${{ inputs.docker_hub_org }}/osctrl-${{ inputs.osctrl_component }}:$tag"
for digest in ${{ inputs.docker_image_digest }}
do
cosign verify --key cosign.key docker.io/$IMAGE_NAME@sha256:$digest
done
done
rm -f cosign.key
4 changes: 2 additions & 2 deletions .github/actions/tagged_release/github/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -39,15 +39,15 @@ runs:
shell: bash
run: |
cp \
osctrl-${{ inputs.osctrl_component }}-${{ inputs.go_os }}-${{ inputs.go_arch }}.bin \
osctrl-${{ inputs.osctrl_component }}-${{ inputs.commit_sha }}-${{ inputs.go_os }}-${{ inputs.go_arch }}.bin \
osctrl-${{ inputs.osctrl_component }}-${{ inputs.release_version_tag }}-${{ inputs.go_os }}-${{ inputs.go_arch }}.bin
- name: Copy windows binary
if: ${{ inputs.go_os }} == 'windows'
shell: bash
run: |
cp \
osctrl-${{ inputs.osctrl_component }}-${{ inputs.go_os }}-${{ inputs.go_arch }}.bin \
osctrl-${{ inputs.osctrl_component }}-${{ inputs.commit_sha }}-${{ inputs.go_os }}-${{ inputs.go_arch }}.bin \
osctrl-${{ inputs.osctrl_component }}-${{ inputs.release_version_tag }}-${{ inputs.go_os }}-${{ inputs.go_arch }}.exe
########################### Download osctrl DEB package ###########################
Expand Down
55 changes: 53 additions & 2 deletions .github/workflows/build_and_test_main_merge.yml
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ jobs:
matrix:
components: ['tls', 'admin', 'api', 'cli']
goos: ['linux']
goarch: ['amd64']
goarch: ['amd64', 'arm64']
steps:
########################### Checkout code ###########################
- name: Checkout code
Expand Down Expand Up @@ -131,8 +131,59 @@ jobs:
#### Build vars ####
osctrl_component: ${{ matrix.components }}
commit_sha: ${{ steps.vars.outputs.sha_short }}
docker_tag: ${{ steps.vars.outputs.sha_short }}
#### Dockerhub creds ####
docker_hub_org: ${{ secrets.DOCKER_HUB_ORG }}
docker_hub_username: ${{ secrets.DOCKER_HUB_USERNAME }}
docker_hub_access_token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}


push_docker_images:
needs: [create_docker_images]
runs-on: ubuntu-22.04
strategy:
matrix:
components: ['tls', 'admin', 'api', 'cli']
steps:
########################### Get digests from build ###########################
- name: Download digests
uses: actions/[email protected]
with:
pattern: digests-osctrl-${{ matrix.components }}-*
merge-multiple: true
path: /tmp/digests

########################### Setup Docker ###########################
- name: Set up Docker Buildx
uses: docker/[email protected]

########################### Add meta data for containers ###########################
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ secrets.DOCKER_HUB_ORG }}/osctrl-${{ matrix.components }}
labels: |
org.opencontainers.image.title=osctrl-${{ matrix.components }}
tags: |
type=sha,prefix=,format=short
type=match,pattern=v(.*),group=1
########################### Log into Dockerhub ###########################
- name: Login to Docker Hub
uses: docker/[email protected]
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}

########################### Create and push images ###########################
- name: Create manifest list and push
working-directory: /tmp/digests
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ secrets.DOCKER_HUB_ORG }}/osctrl-${{ matrix.components }}@sha256:%s ' *)
########################### Inspect new image ###########################
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ secrets.DOCKER_HUB_ORG }}/osctrl-${{ matrix.components }}:${{ steps.meta.outputs.version }}
107 changes: 86 additions & 21 deletions .github/workflows/create_tagged_releases.yml
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ jobs:
shell: bash
run: |
echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
echo "branch=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_OUTPUT
echo "branch=$(echo ${GITHUB_REF_NAME})" >> $GITHUB_OUTPUT
echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
########################### Build DEB packages ###########################
Expand All @@ -96,6 +96,7 @@ jobs:
osctrl_component: ${{ matrix.components }}
commit_sha: ${{ steps.vars.outputs.sha_short }}
osquery_version: ${{ env.OSQUERY_VERSION }}
release_version_tag: ${{ steps.vars.outputs.branch }}

create_docker_images:
needs: [build_and_test]
Expand All @@ -104,7 +105,7 @@ jobs:
matrix:
components: ['tls', 'admin', 'api', 'cli']
goos: ['linux']
goarch: ['amd64']
goarch: ['amd64', 'arm64']
steps:
########################### Checkout code ###########################
- name: Checkout code
Expand Down Expand Up @@ -133,31 +134,96 @@ jobs:
#### Build vars ####
osctrl_component: ${{ matrix.components }}
commit_sha: ${{ steps.vars.outputs.sha_short }}
docker_tag: ${{ steps.vars.outputs.RELEASE_VERSION }}
#### Dockerhub creds ####
docker_hub_org: ${{ secrets.DOCKER_HUB_ORG }}
docker_hub_username: ${{ secrets.DOCKER_HUB_USERNAME }}
docker_hub_access_token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}

########################### Sign Docker images ###########################
- name: Sign osctrl Docker containers
uses: ./.github/actions/tagged_release/docker/codesign
with:
#### Docker vars ####
osctrl_component: ${{ matrix.components }}
docker_tag: ${{ steps.vars.outputs.RELEASE_VERSION }}
docker_image_digest: ${{ steps.build_docker_containers.outputs.docker_image_digest }}
#### Dockerhub creds ####
docker_hub_org: ${{ secrets.DOCKER_HUB_ORG }}
docker_hub_username: ${{ secrets.DOCKER_HUB_USERNAME }}
docker_hub_access_token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
#### Codesign secrets ####
codesign_password: ${{ secrets.COSIGN_PASSWORD }}
codesign_private_key: ${{ secrets.COSIGN_PRIVATE }}
codesign_public_cert: ${{ secrets.COSIGN_PUBLIC }}

push_docker_images:
needs: [create_docker_images]
runs-on: ubuntu-22.04
strategy:
matrix:
components: ['tls', 'admin', 'api', 'cli']
steps:
########################### Checkout code ###########################
- name: Checkout code
uses: actions/[email protected]
with:
fetch-depth: 2

########################### Get digests from build ###########################
- name: Download digests
uses: actions/[email protected]
with:
pattern: digests-osctrl-${{ matrix.components }}-*
merge-multiple: true
path: /tmp/digests

########################### Setup Docker ###########################
- name: Set up Docker Buildx
uses: docker/[email protected]

########################### Add meta data for containers ###########################
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ secrets.DOCKER_HUB_ORG }}/osctrl-${{ matrix.components }}
labels: |
org.opencontainers.image.title=osctrl-${{ matrix.components }}
tags: |
type=sha,prefix=,format=short
type=match,pattern=v(.*),group=1
########################### Log into Dockerhub ###########################
- name: Login to Docker Hub
uses: docker/[email protected]
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}

########################### Create and push images ###########################
- name: Create manifest list and push
working-directory: /tmp/digests
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ secrets.DOCKER_HUB_ORG }}/osctrl-${{ matrix.components }}@sha256:%s ' *)
########################### Generate image tags and digests ###########################
- name: Export digests and tags for cosign
id: docker_vars
working-directory: /tmp/digests
run: |
echo "digests=$(printf '%s ' *)" >> $GITHUB_OUTPUT
echo "tags=$(jq -cr '.tags | map(\"-t \" + .) | join(\" \")' <<< \"$DOCKER_METADATA_OUTPUT_JSON\")" >> $GITHUB_OUTPUT
########################### Sign Docker images ###########################
- name: Sign osctrl Docker containers
uses: ./.github/actions/tagged_release/docker/codesign
with:
#### Docker vars ####
osctrl_component: ${{ matrix.components }}
docker_tags: ${{ steps.docker_vars.outputs.tags }}
docker_image_digests: ${{ steps.digests.outputs.digests }}
#### Dockerhub creds ####
docker_hub_org: ${{ secrets.DOCKER_HUB_ORG }}
docker_hub_username: ${{ secrets.DOCKER_HUB_USERNAME }}
docker_hub_access_token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
#### Codesign secrets ####
codesign_password: ${{ secrets.COSIGN_PASSWORD }}
codesign_private_key: ${{ secrets.COSIGN_PRIVATE }}
codesign_public_cert: ${{ secrets.COSIGN_PUBLIC }}

########################### Inspect new image ###########################
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ secrets.DOCKER_HUB_ORG }}/osctrl-${{ matrix.components }}:${{ steps.meta.outputs.version }}
create_release:
needs: [build_and_test,create_deb_packages,create_docker_images]
needs: [build_and_test,create_deb_packages,push_docker_images]
runs-on: ubuntu-22.04
strategy:
matrix:
Expand All @@ -184,7 +250,6 @@ jobs:
########################### Create release ###########################
- name: Create a new release with binaries and packages
uses: ./.github/actions/tagged_release/github
id: build_docker_containers
with:
go_os: "${{ matrix.goos }}"
go_arch: "${{ matrix.goarch }}"
Expand Down

0 comments on commit 91be5a2

Please sign in to comment.