Skip to content

Commit

Permalink
packaging: completely remove td-agent-bit builds
Browse files Browse the repository at this point in the history 
Signed-off-by: Patrick Stephens <[email protected]>
  • Loading branch information
@patrick-stephens @edsiper
patrick-stephens authored and edsiper committed Oct 10, 2022
1 parent d6dc1e9 commit 17004ca
Show file tree
Hide file tree
Showing 32 changed files with 228 additions and 960 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/build-branch-containers.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: Build containers for a specific branch
name: Build containers for a specific branch of 1.9+
on:
workflow_dispatch:
inputs:
Expand All @@ -8,7 +8,7 @@ on:
default: master
jobs:
build-branch-containers:
uses: fluent/fluent-bit/.github/workflows/call-build-images.yaml@master
uses: ./.github/workflows/call-build-images.yaml
with:
version: ${{ github.event.inputs.version }}
ref: ${{ github.event.inputs.version }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/build-master-packages.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
- id: set-matrix
run: |
matrix=$((
echo '{ "distro" : [ "debian/bullseye", "ubuntu/16.04", "ubuntu/18.04", "ubuntu/20.04" ]}'
echo '{ "distro" : [ "debian/bullseye", "ubuntu/20.04", "ubuntu/22.04", "centos/7" ]}'
) | jq -c .)
if [ -n "${{ github.event.inputs.target || '' }}" ]; then
echo "Overriding matrix to build: ${{ github.event.inputs.target }}"
Expand All @@ -42,7 +42,7 @@ jobs:

master-build-packages:
needs: master-build-generate-matrix
uses: fluent/fluent-bit/.github/workflows/call-build-linux-packages.yaml@master
uses: ./.github/workflows/call-build-linux-packages.yaml
with:
version: master
ref: master
Expand Down
178 changes: 11 additions & 167 deletions .github/workflows/call-build-images.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ on:
description: Optionally add metadata to build to indicate an unstable build, set to the contents you want to add.
type: string
required: false
default: ''
default: ""
secrets:
token:
description: The Github token or similar to authenticate with for the registry.
Expand All @@ -47,7 +47,6 @@ jobs:
call-build-images-meta:
name: Extract any supporting metadata
outputs:
build-type: ${{ steps.determine-build-type.outputs.BUILD_TYPE }}
major-version: ${{ steps.determine-major-version.outputs.replaced }}
runs-on: ubuntu-latest
environment: ${{ inputs.environment }}
Expand All @@ -59,171 +58,20 @@ jobs:
with:
ref: ${{ inputs.ref }}

# Determine if this is a 1.8 type of build which is different
- name: Determine build type
id: determine-build-type
run: |
BUILD_TYPE="1.8"
if [[ -f "dockerfiles/Dockerfile" ]]; then
BUILD_TYPE="modern"
fi
echo "Detected type: $BUILD_TYPE"
echo ::set-output name=BUILD_TYPE::$BUILD_TYPE
shell: bash

# For main branch/releases we want to also tag with the major version.
# For main branch/releases we want to tag with the major version.
# E.g. if we build version 1.9.2 we want to tag with 1.9.2 and 1.9.
- name: Determine major version tag
id: determine-major-version
uses: frabert/[email protected]
with:
pattern: '^(\d+\.\d+).*$'
string: ${{ inputs.version }}
replace-with: '$1'
flags: 'g'

# For 1.8 builds it is a little more complex so we have this build matrix to handle it.
# This creates separate images for each architecture.
# The later step then creates a multi-arch manifest for all of these.
call-build-legacy-images-matrix:
if: needs.call-build-images-meta.outputs.build-type == '1.8'
name: Build single arch legacy images
runs-on: ubuntu-latest
environment: ${{ inputs.environment }}
needs:
- call-build-images-meta
strategy:
fail-fast: false
matrix:
arch: [ amd64, arm64, arm/v7 ]
include:
- arch: amd64
suffix: x86_64
- arch: arm/v7
suffix: arm32v7
- arch: arm64
suffix: arm64v8
permissions:
contents: read
packages: write
steps:
- name: Checkout the docker build repo for legacy builds
uses: actions/checkout@v3
with:
repository: fluent/fluent-bit-docker-image
ref: '1.8' # Fixed to this branch

- name: Set up QEMU
uses: docker/setup-qemu-action@v2

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2

- name: Log in to the Container registry
uses: docker/login-action@v2
with:
registry: ${{ inputs.registry }}
username: ${{ inputs.username }}
password: ${{ secrets.token }}

- id: debug-meta
uses: docker/metadata-action@v4
with:
images: ${{ inputs.registry }}/${{ inputs.image }}
tags: |
raw,${{ inputs.version }}-debug
raw,${{ needs.call-build-images-meta.outputs.major-version }}-debug
- name: Build the legacy x86_64 debug image
if: matrix.arch == 'amd64'
uses: docker/build-push-action@v3
with:
file: ./Dockerfile.x86_64.debug
context: .
tags: ${{ steps.debug-meta.outputs.tags }}
labels: ${{ steps.debug-meta.outputs.labels }}
platforms: linux/amd64
push: true
load: false
build-args: |
FLB_TARBALL=https://github.com/fluent/fluent-bit/tarball/${{ inputs.ref }}
- name: Extract metadata from Github
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ inputs.registry }}/${{ inputs.image }}
tags: |
raw,${{ matrix.suffix }}-${{ inputs.version }}
- name: Build the legacy ${{ matrix.arch }} image
uses: docker/build-push-action@v3
with:
file: ./Dockerfile.${{ matrix.suffix }}
context: .
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/${{ matrix.arch }}
push: true
load: false
build-args: |
FLB_TARBALL=https://github.com/fluent/fluent-bit/tarball/${{ inputs.ref }}
# Create a multi-arch manifest for the separate 1.8 images.
call-build-legacy-image-manifests:
if: needs.call-build-images-meta.outputs.build-type == '1.8'
name: Deploy multi-arch container image manifests
permissions:
contents: read
packages: write
runs-on: ubuntu-latest
environment: ${{ inputs.environment }}
needs:
- call-build-images-meta
- call-build-legacy-images-matrix
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2

- name: Log in to the Container registry
uses: docker/login-action@v2
with:
registry: ${{ inputs.registry }}
username: ${{ inputs.username }}
password: ${{ secrets.token }}

- name: Pull all the images
# Use platform to trigger warnings on invalid image metadata
run: |
docker pull --platform=linux/amd64 ${{ inputs.registry }}/${{ inputs.image }}:x86_64-${{ inputs.version }}
docker pull --platform=linux/arm64 ${{ inputs.registry }}/${{ inputs.image }}:arm64v8-${{ inputs.version }}
docker pull --platform=linux/arm/v7 ${{ inputs.registry }}/${{ inputs.image }}:arm32v7-${{ inputs.version }}
- name: Create manifests for images
# Latest is 1.9, not 1.8 now
run: |
docker manifest create ${{ inputs.registry }}/${{ inputs.image }}:${{ inputs.version }} \
--amend ${{ inputs.registry }}/${{ inputs.image }}:x86_64-${{ inputs.version }} \
--amend ${{ inputs.registry }}/${{ inputs.image }}:arm64v8-${{ inputs.version }} \
--amend ${{ inputs.registry }}/${{ inputs.image }}:arm32v7-${{ inputs.version }}
docker manifest push --purge ${{ inputs.registry }}/${{ inputs.image }}:${{ inputs.version }}
env:
DOCKER_CLI_EXPERIMENTAL: enabled
shell: bash

- name: Create major version manifest
if: needs.call-build-images-meta.outputs.major-version != inputs.version
run: |
docker manifest push --purge ${{ inputs.registry }}/${{ inputs.image }}:${{ needs.call-build-images-meta.outputs.major-version }}
env:
DOCKER_CLI_EXPERIMENTAL: enabled
shell: bash
replace-with: "$1"
flags: "g"

# This is the intended approach to multi-arch image and all the other checks scanning,
# signing, etc only trigger from this.
# 1.8 images are legacy and were not scanned or signed previously so this keeps it simple.
call-build-images:
if: needs.call-build-images-meta.outputs.build-type != '1.8'
needs:
- call-build-images-meta
name: Multiarch container images to GHCR
Expand Down Expand Up @@ -304,7 +152,6 @@ jobs:
needs:
- call-build-images-meta
- call-build-images
if: needs.call-build-images-meta.outputs.build-type != '1.8'
runs-on: ubuntu-latest
environment: ${{ inputs.environment }}
permissions:
Expand Down Expand Up @@ -332,7 +179,6 @@ jobs:
if-no-files-found: error

call-build-images-scan:
if: needs.call-build-images-meta.outputs.build-type != '1.8'
needs:
- call-build-images-meta
- call-build-images
Expand All @@ -353,22 +199,21 @@ jobs:
- name: Trivy - multi-arch
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ inputs.registry }}/${{ inputs.image }}:${{ inputs.version }}'
format: 'table'
exit-code: '1'
image-ref: "${{ inputs.registry }}/${{ inputs.image }}:${{ inputs.version }}"
format: "table"
exit-code: "1"
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
vuln-type: "os,library"
severity: "CRITICAL,HIGH"

- name: Dockle - multi-arch
uses: hands-lab/dockle-action@v1
with:
image: '${{ inputs.registry }}/${{ inputs.image }}:${{ inputs.version }}'
exit-code: '1'
image: "${{ inputs.registry }}/${{ inputs.image }}:${{ inputs.version }}"
exit-code: "1"
exit-level: WARN

call-build-images-sign:
if: needs.call-build-images-meta.outputs.build-type != '1.8'
needs:
- call-build-images-meta
- call-build-images
Expand Down Expand Up @@ -428,7 +273,6 @@ jobs:

# This takes a long time...
call-build-windows-container:
if: needs.call-build-images-meta.outputs.build-type != '1.8'
name: Windows container image
runs-on: windows-2019
environment: ${{ inputs.environment }}
Expand Down
Loading

0 comments on commit 17004ca

Please sign in to comment.