diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 550c5ac..459dbf2 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -6,7 +6,8 @@ on: - main permissions: - contents: read + contents: write # needed to write releases + id-token: write # needed for keyless signing jobs: lint: @@ -42,8 +43,8 @@ jobs: - name: Login to Docker Hub uses: docker/login-action@v3 with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_SECRET }} # Push images to Dockerhub - name: Run Mage @@ -51,24 +52,3 @@ jobs: with: version: latest args: push:images - - # Push images to AWS Public ECR (TODO: move into to the mage file) - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 - with: - role-to-assume: arn:aws:iam::292999226676:role/github_actions-falco-talon-ecr - aws-region: us-east-1 - - - name: Login to Amazon ECR - id: login-ecr-public - uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1 - with: - registry-type: public - - - run: | - docker push public.ecr.aws/falcosecurity/falco-talon:latest-amd64 - docker push public.ecr.aws/falcosecurity/falco-talon:latest-arm64 - docker push public.ecr.aws/falcosecurity/falco-talon:latest-armv7 - docker manifest create --amend public.ecr.aws/falcosecurity/falco-talon:latest public.ecr.aws/falcosecurity/falco-talon:latest-amd64 \ - public.ecr.aws/falcosecurity/falco-talon:latest-arm64 public.ecr.aws/falcosecurity/falco-talon:latest-armv7 - docker manifest push --purge public.ecr.aws/falcosecurity/falco-talon:latest \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index abadb79..b52d8e6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -37,11 +37,12 @@ jobs: with: install-only: true + # Push images to Dockerhub - name: Login to Docker Hub uses: docker/login-action@v3 with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_SECRET }} - name: Run Mage uses: magefile/mage-action@v3 @@ -49,4 +50,4 @@ jobs: version: latest args: release:tag env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/mageFile.go b/mageFile.go index e00a497..db9aa6e 100644 --- a/mageFile.go +++ b/mageFile.go @@ -20,7 +20,7 @@ type Build mg.Namespace type Push mg.Namespace type Release mg.Namespace -// lint:run runs linting +// lint:run runs linter func (Lint) Run() error { if err := sh.RunV("golangci-lint", "--version"); err != nil { return err @@ -34,7 +34,7 @@ func (Lint) Run() error { return nil } -// lint:fix fixes linting +// lint:fix fixes linting issues func (Lint) Fix() error { if err := sh.RunV("golangci-lint", "run", "--fix"); err != nil { return err @@ -42,13 +42,17 @@ func (Lint) Fix() error { return nil } -// test runs test +// test runs tests func Test() error { return sh.RunV("go", "test", "./...", "-race") } // run runs the app (with 'auto' as first argument, air is used to auto reload the app at each change) func Run(autoreload string) error { + if err := sh.RunV("air", "-v"); err != nil { + return err + } + if autoreload == "auto" { return sh.RunV("air", "server", "-c", "config.yaml", "-r", "rules.yaml") } @@ -59,24 +63,20 @@ func Run(autoreload string) error { func (Build) Local() error { ldFlags := generateLDFlags() - fmt.Println(ldFlags) return sh.RunV("go", "build", "-trimpath", "-ldflags", ldFlags, "-o", "falco-talon", ".") } -// build:images builds images and not push +// build:images builds the images and push them the local docker daemon func (Build) Images() error { exportLDFlags() - os.Setenv("KO_DOCKER_REPO", "falcosecurity/falco-talon") - - return sh.RunV("ko", "build", "--bare", "--sbom=none", "--tags", getVersion(), "--tags", getCommit(), "--tags", "latest", + return sh.RunV("ko", "build", "--local", "--bare", "--sbom=none", "--tags", getVersion(), "--tags", getCommit(), "--tags", "latest", repoURL) } -// push:images pushes the images to dockerhub +// push:images builds the images and push them to the Dockerhub func (Push) Images() error { - mg.Deps(Build.Images) + exportLDFlags() os.Setenv("KO_DOCKER_REPO", "falcosecurity/falco-talon") - return sh.RunV("ko", "build", "--bare", "--sbom=none", "--tags", getVersion(), "--tags", getCommit(), "--tags", "latest", repoURL) } @@ -84,15 +84,15 @@ func (Push) Images() error { // release:snapshot creates a release with current commit func (Release) Snapshot() error { exportLDFlags() - return sh.RunV("goreleaser", "release", "--clean", "--snapshot", "--skip-sbom", "--skip-publish") + return sh.RunV("goreleaser", "release", "--clean", "--snapshot", "--skip=sbom", "--skip-publish") } -// release:tag creates a release from latest tag +// release:tag creates a release from current tag func (Release) Tag() error { mg.Deps(Test) exportLDFlags() - return sh.RunV("goreleaser", "release", "--clean", "--skip-sign", "--skip-sbom") + return sh.RunV("goreleaser", "release", "--clean", "--skip=sign", "--skip=sbom") } // clean cleans temp folders @@ -153,5 +153,5 @@ func getBuildDateTime() string { func generateLDFlags() string { pkg := repoURL + "/configuration" - return fmt.Sprintf("-X %[1]s.GitVersion=%[2]s -X %[1]s.gitCommit=%[3]s -X %[1]s.gitTreeState=%[4]s -X %[1]s.buildDate=%[5]s", pkg, getVersion(), getCommit(), getGitState(), getBuildDateTime()) + return fmt.Sprintf("-X %[1]s.GitVersion=%[2]s -X %[1]s.GitCommit=%[3]s -X %[1]s.GitTreeState=%[4]s -X %[1]s.BuildDate=%[5]s", pkg, getVersion(), getCommit(), getGitState(), getBuildDateTime()) }