fix the credentials for Dockerhub + fix variables for the Version info

Signed-off-by: Thomas Labarussias <issif+github@gadz.org>

.github/workflows/main.yml

@@ -6,7 +6,8 @@ on:
       - main
 
 permissions:
-  contents: read
+  contents: write # needed to write releases
+  id-token: write # needed for keyless signing
 
 jobs:
   lint:
@@ -42,33 +43,12 @@ jobs:
     - name: Login to Docker Hub
       uses: docker/login-action@v3
       with:
-        username: ${{ secrets.DOCKERHUB_USERNAME }}
-        password: ${{ secrets.DOCKERHUB_TOKEN }}
+        username: ${{ secrets.DOCKERHUB_USER }}
+        password: ${{ secrets.DOCKERHUB_SECRET }}
 
     # Push images to Dockerhub
     - name: Run Mage
       uses: magefile/mage-action@v3
       with:
         version: latest
         args: push:images
-
-    # Push images to AWS Public ECR (TODO: move into to the mage file)
-    - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
-      with:
-        role-to-assume: arn:aws:iam::292999226676:role/github_actions-falco-talon-ecr
-        aws-region: us-east-1
-
-    - name: Login to Amazon ECR
-      id: login-ecr-public
-      uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
-      with:
-        registry-type: public
-
-    - run: |
-        docker push public.ecr.aws/falcosecurity/falco-talon:latest-amd64
-        docker push public.ecr.aws/falcosecurity/falco-talon:latest-arm64
-        docker push public.ecr.aws/falcosecurity/falco-talon:latest-armv7
-        docker manifest create --amend public.ecr.aws/falcosecurity/falco-talon:latest public.ecr.aws/falcosecurity/falco-talon:latest-amd64 \
-          public.ecr.aws/falcosecurity/falco-talon:latest-arm64 public.ecr.aws/falcosecurity/falco-talon:latest-armv7
-        docker manifest push --purge public.ecr.aws/falcosecurity/falco-talon:latest

.github/workflows/release.yml

@@ -37,16 +37,17 @@ jobs:
       with:
         install-only: true
 
+    # Push images to Dockerhub
     - name: Login to Docker Hub
       uses: docker/login-action@v3
       with:
-        username: ${{ secrets.DOCKERHUB_USERNAME }}
-        password: ${{ secrets.DOCKERHUB_TOKEN }}
+        username: ${{ secrets.DOCKERHUB_USER }}
+        password: ${{ secrets.DOCKERHUB_SECRET }}
 
     - name: Run Mage
       uses: magefile/mage-action@v3
       with:
         version: latest
         args: release:tag
       env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

mageFile.go

@@ -20,7 +20,7 @@ type Build mg.Namespace
 type Push mg.Namespace
 type Release mg.Namespace
 
-// lint:run runs linting
+// lint:run runs linter
 func (Lint) Run() error {
 	if err := sh.RunV("golangci-lint", "--version"); err != nil {
 		return err
@@ -34,21 +34,25 @@ func (Lint) Run() error {
 	return nil
 }
 
-// lint:fix fixes linting
+// lint:fix fixes linting issues
 func (Lint) Fix() error {
 	if err := sh.RunV("golangci-lint", "run", "--fix"); err != nil {
 		return err
 	}
 	return nil
 }
 
-// test runs test
+// test runs tests
 func Test() error {
 	return sh.RunV("go", "test", "./...", "-race")
 }
 
 // run runs the app (with 'auto' as first argument, air is used to auto reload the app at each change)
 func Run(autoreload string) error {
+	if err := sh.RunV("air", "-v"); err != nil {
+		return err
+	}
+
 	if autoreload == "auto" {
 		return sh.RunV("air", "server", "-c", "config.yaml", "-r", "rules.yaml")
 	}
@@ -59,40 +63,36 @@ func Run(autoreload string) error {
 func (Build) Local() error {
 	ldFlags := generateLDFlags()
 
-	fmt.Println(ldFlags)
 	return sh.RunV("go", "build", "-trimpath", "-ldflags", ldFlags, "-o", "falco-talon", ".")
 }
 
-// build:images builds images and not push
+// build:images builds the images and push them the local docker daemon
 func (Build) Images() error {
 	exportLDFlags()
-	os.Setenv("KO_DOCKER_REPO", "falcosecurity/falco-talon")
-
-	return sh.RunV("ko", "build", "--bare", "--sbom=none", "--tags", getVersion(), "--tags", getCommit(), "--tags", "latest",
+	return sh.RunV("ko", "build", "--local", "--bare", "--sbom=none", "--tags", getVersion(), "--tags", getCommit(), "--tags", "latest",
 		repoURL)
 }
 
-// push:images pushes the images to dockerhub
+// push:images builds the images and push them to the Dockerhub
 func (Push) Images() error {
-	mg.Deps(Build.Images)
+	exportLDFlags()
 	os.Setenv("KO_DOCKER_REPO", "falcosecurity/falco-talon")
-
 	return sh.RunV("ko", "build", "--bare", "--sbom=none", "--tags", getVersion(), "--tags", getCommit(), "--tags", "latest",
 		repoURL)
 }
 
 // release:snapshot creates a release with current commit
 func (Release) Snapshot() error {
 	exportLDFlags()
-	return sh.RunV("goreleaser", "release", "--clean", "--snapshot", "--skip-sbom", "--skip-publish")
+	return sh.RunV("goreleaser", "release", "--clean", "--snapshot", "--skip=sbom", "--skip-publish")
 }
 
-// release:tag creates a release from latest tag
+// release:tag creates a release from current tag
 func (Release) Tag() error {
 	mg.Deps(Test)
 
 	exportLDFlags()
-	return sh.RunV("goreleaser", "release", "--clean", "--skip-sign", "--skip-sbom")
+	return sh.RunV("goreleaser", "release", "--clean", "--skip=sign", "--skip=sbom")
 }
 
 // clean cleans temp folders
@@ -153,5 +153,5 @@ func getBuildDateTime() string {
 
 func generateLDFlags() string {
 	pkg := repoURL + "/configuration"
-	return fmt.Sprintf("-X %[1]s.GitVersion=%[2]s -X %[1]s.gitCommit=%[3]s -X %[1]s.gitTreeState=%[4]s -X %[1]s.buildDate=%[5]s", pkg, getVersion(), getCommit(), getGitState(), getBuildDateTime())
+	return fmt.Sprintf("-X %[1]s.GitVersion=%[2]s -X %[1]s.GitCommit=%[3]s -X %[1]s.GitTreeState=%[4]s -X %[1]s.BuildDate=%[5]s", pkg, getVersion(), getCommit(), getGitState(), getBuildDateTime())
 }