feat(ci): upload fluentd-full image on pr's and push to main

Signed-off-by: Bence Csati <[email protected]>
kube-logging · Jan 21, 2025 · fae688c · fae688c
1 parent 87b2baf
commit fae688c
Show file tree

Hide file tree

Showing 6 changed files with 85 additions and 18 deletions.
diff --git a/.github/workflows/artifacts.yaml b/.github/workflows/artifacts.yaml
@@ -3,6 +3,11 @@ name: Artifacts
 on:
   workflow_call:
     inputs:
+      version:
+        description: Version to build
+        default: latest
+        required: true
+        type: string
       publish:
         description: Publish artifacts to the artifact store
         default: false
@@ -26,6 +31,18 @@ on:
       container-image-ref:
         description: Container image ref
         value: ${{ jobs.container-image.outputs.ref }}
+      fluentd-full-image-name:
+        description: Fluentd-full container image name
+        value: ${{ jobs.fluentd-full-image.outputs.name }}
+      fluentd-full-image-digest:
+        description: Fluentd-full container image digest
+        value: ${{ jobs.fluentd-full-image.outputs.digest }}
+      fluentd-full-image-tag:
+        description: Fluentd-full container image tag
+        value: ${{ jobs.fluentd-full-image.outputs.tag }}
+      fluentd-full-image-ref:
+        description: Fluentd-full container image ref
+        value: ${{ jobs.fluentd-full-image.outputs.ref }}
       helm-chart-name:
         description: Helm chart OCI name
         value: ${{ jobs.helm-chart.outputs.name }}
@@ -128,6 +145,7 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+          build-args: GO_BUILD_FLAGS=-ldflags=-X=github.com/kube-logging/logging-operator/pkg/sdk/logging/api/v1beta1.Version=${{ inputs.version }}
           outputs: ${{ steps.build-output.outputs.value }},name=target,annotation-index.org.opencontainers.image.description=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.description'] }}
           # push: ${{ inputs.publish }}
 

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -89,9 +89,22 @@ jobs:
     name: Artifacts
     uses: ./.github/workflows/artifacts.yaml
     with:
+      version: "latest"
       publish: ${{ github.event_name == 'push' }}
     permissions:
       contents: read
       packages: write
       id-token: write
       security-events: write
+
+  dependency-images:
+    name: Dependency images
+    uses: ./.github/workflows/dependency-images.yaml
+    with:
+      publish: ${{ github.event_name == 'push' }}
+      image-types: "full"
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+      security-events: write
diff --git a/.github/workflows/dependency-images.yaml b/.github/workflows/dependency-images.yaml
@@ -2,6 +2,17 @@ name: Dependency images
 
 on:
   workflow_call:
+    inputs:
+      publish:
+        description: Publish artifacts to the artifact store
+        default: false
+        required: false
+        type: boolean
+      image-types:
+        description: 'Types of images to build (comma-separated: base,filters,full)'
+        type: string
+        default: 'base,filters,full'
+        required: false
     outputs:
       fluentd-image-name:
         description: Container image name
@@ -20,8 +31,23 @@ permissions:
   contents: read
 
 jobs:
+  prepare-matrix:
+    name: Prepare matrix
+    runs-on: ubuntu-latest
+
+    outputs:
+      image-types: ${{ steps.set-matrix.outputs.image-types }}
+
+    steps:
+      - name: Set matrix
+        id: set-matrix
+        run: |
+          IMAGE_TYPES=$(echo '${{ inputs.image-types }}' | jq -R -c 'split(",")')
+          echo "image-types=${IMAGE_TYPES}" >> $GITHUB_OUTPUT
+
   fluentd-image:
     name: Fluentd image
+    needs: prepare-matrix
     runs-on: ${{ matrix.platform == 'linux/arm64' && 'linux-arm64' || 'ubuntu-latest' }}
 
     permissions:
@@ -40,10 +66,7 @@ jobs:
         platform:
           - linux/amd64
           - linux/arm64
-        image-type:
-          - base
-          - filters
-          - full
+        image-type: ${{ fromJson(needs.prepare-matrix.outputs.image-types) }}
 
     steps:
       - name: Prepare arm64 environment
@@ -95,7 +118,7 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ github.token }}
 
-      - name: Build and push fluentd-${{ matrix.platform }}-${{ matrix.image-type }}
+      - name: Build and push fluentd-${{ matrix.image-type }}-${{ matrix.platform }} image
         id: build
         uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
         with:
@@ -153,7 +176,7 @@ jobs:
   merge-fluentd-image:
     name: Merge Fluentd image
     runs-on: ubuntu-latest
-    needs: fluentd-image
+    needs: [prepare-matrix, fluentd-image]
 
     permissions:
       contents: read
@@ -163,10 +186,7 @@ jobs:
 
     strategy:
       matrix:
-        image-type:
-          - base
-          - filters
-          - full
+        image-type: ${{ fromJson(needs.prepare-matrix.outputs.image-types) }}
 
     steps:
       - name: Set up Docker Buildx
@@ -181,6 +201,7 @@ jobs:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ github.token }}
+        if: inputs.publish
 
       - name: Download digests
         uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
@@ -202,19 +223,24 @@ jobs:
             type=semver,pattern={{raw}},suffix=-${{ matrix.image-type }}
             type=raw,value=latest,enable={{is_default_branch}},suffix=-${{ matrix.image-type }}
 
-      - name: Create multi-arch manifest list and push
+      - name: Create multi-arch manifest list
         working-directory: /tmp/digests
         run: |
-          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            $(printf '${{ needs.fluentd-image.outputs.name }}@sha256:%s ' *)
+          if [[ "${{ inputs.publish }}" == "true" ]]; then
+            docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+              $(printf '${{ needs.fluentd-image.outputs.name }}@sha256:%s ' *)
+          else
+            docker buildx imagetools create --dry-run $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+              $(printf '${{ needs.fluentd-image.outputs.name }}@sha256:%s ' *)
+          fi
 
       - name: Export digest
         run: |
           DIGEST=$(docker buildx imagetools inspect ${{ needs.fluentd-image.outputs.name }}:${{ steps.meta.outputs.version }} --format '{{json .}}' | jq -r '.manifest.digest')
           echo "DIGEST=$DIGEST" >> $GITHUB_ENV
 
       - name: Sign image with GitHub OIDC Token
-        if: ${{ github.repository_owner == 'kube-logging' }} # Check if the workflow is called by the same GitHub organization
+        if: ${{ inputs.publish && github.repository_owner == 'kube-logging' }} # Check if the workflow is called by the same GitHub organization
         env:
           DIGEST: ${{ env.DIGEST }}
           TAGS: ${{ steps.meta.outputs.tags }}
@@ -227,7 +253,7 @@ jobs:
           cosign sign --yes --rekor-url "https://rekor.sigstore.dev/" ${images}
 
       - name: Verify signed image with cosign
-        if: ${{ github.repository_owner == 'kube-logging' }} # Check if the workflow is called by the same GitHub organization
+        if: ${{ inputs.publish && github.repository_owner == 'kube-logging' }} # Check if the workflow is called by the same GitHub organization
         env:
           DIGEST: ${{ env.DIGEST }}
           TAGS: ${{ steps.meta.outputs.tags }}

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -12,6 +12,7 @@ jobs:
     name: Artifacts
     uses: ./.github/workflows/artifacts.yaml
     with:
+      version: ${{ github.event.release.tag_name}}
       publish: true
       release: true
     permissions:
@@ -23,6 +24,9 @@ jobs:
   dependency-images:
     name: Dependency images
     uses: ./.github/workflows/dependency-images.yaml
+    with:
+      image-types: "base,filters,full"
+      publish: true
     permissions:
       contents: read
       packages: write

diff --git a/pkg/sdk/logging/api/v1beta1/fluentd_types.go b/pkg/sdk/logging/api/v1beta1/fluentd_types.go
@@ -151,7 +151,11 @@ func (f *FluentdSpec) SetDefaults() error {
 			f.Image.Repository = DefaultFluentdImageRepository
 		}
 		if f.Image.Tag == "" {
-			f.Image.Tag = DefaultFluentdImageTag
+			if Version == "" {
+				f.Image.Tag = DefaultFluentdImageTag
+			} else {
+				f.Image.Tag = Version
+			}
 		}
 		if f.Image.PullPolicy == "" {
 			f.Image.PullPolicy = "IfNotPresent"

diff --git a/pkg/sdk/logging/api/v1beta1/logging_types.go b/pkg/sdk/logging/api/v1beta1/logging_types.go
@@ -191,6 +191,8 @@ type DefaultFlowSpec struct {
 	IncludeLabelInRouter *bool    `json:"includeLabelInRouter,omitempty"`
 }
 
+var Version string
+
 const (
 	DefaultFluentbitImageRepository               = "docker.io/fluent/fluent-bit"
 	DefaultFluentbitImageTag                      = "3.1.8"
@@ -199,8 +201,8 @@ const (
 	DefaultFluentbitBufferStorageVolumeName       = "fluentbit-buffer"
 	DefaultFluentbitConfigReloaderImageRepository = "ghcr.io/kube-logging/config-reloader"
 	DefaultFluentbitConfigReloaderImageTag        = "v0.0.6"
-	DefaultFluentdImageRepository                 = "ghcr.io/kube-logging/fluentd"
-	DefaultFluentdImageTag                        = "v1.17-5.0-full"
+	DefaultFluentdImageRepository                 = "ghcr.io/kube-logging/logging-operator/fluentd"
+	DefaultFluentdImageTag                        = "latest"
 	DefaultFluentdBufferStorageVolumeName         = "fluentd-buffer"
 	DefaultFluentdDrainWatchImageRepository       = "ghcr.io/kube-logging/fluentd-drain-watch"
 	DefaultFluentdDrainWatchImageTag              = "v0.2.3"