Reduce the risk of misidentification of incoming traffic by verifying destination hostname when resolving incoming internet traffic; Use /proc/<pid>/root/etc/hostname
for IP to hostname resolution as an alternative to /proc/<pid>/environ
#531
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
concurrency: | |
group: "${{ github.repository }}${{ github.ref }}buildfork" | |
cancel-in-progress: true | |
on: | |
pull_request: | |
types: | |
- opened | |
- synchronize | |
push: | |
branches: | |
- main | |
- develop | |
permissions: | |
contents: read | |
packages: write | |
env: | |
REGISTRY: "dummy" | |
jobs: | |
build: | |
name: Build | |
if: github.repository != 'otterize/network-mapper' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != 'otterize/network-mapper') | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
outputs: | |
registry: ${{ steps.registry.outputs.registry }} # workaround since env is not available outside of steps, i.e. in calling external workflows like we later do in e2e-test | |
strategy: | |
matrix: | |
service: | |
- mapper | |
- sniffer | |
- kafka-watcher | |
steps: | |
- id: registry | |
run: echo "registry=${{ env.REGISTRY }}" >> "$GITHUB_OUTPUT" | |
- name: Checkout | |
uses: actions/checkout@v2 | |
with: | |
submodules: recursive | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@master | |
with: | |
driver-opts: network=host | |
- name: Test & Build production image | |
uses: docker/build-push-action@v2 | |
with: | |
context: src/ | |
file: build/${{ matrix.service }}.Dockerfile | |
tags: ${{ env.REGISTRY }}/${{ github.actor }}/${{ matrix.service }}:${{ github.sha }} | |
network: host | |
platforms: linux/amd64 | |
outputs: type=docker,dest=${{ matrix.service }}.tar | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
build-args: | | |
"VERSION=0.0.${{ github.run_id }}" | |
- uses: actions/upload-artifact@v3 | |
with: | |
path: ${{ matrix.service }}.tar | |
name: ${{ env.REGISTRY }}_${{ github.actor }}_${{ matrix.service }}_${{ github.sha }}.tar | |
e2e-test: | |
uses: ./.github/workflows/e2e-test.yaml | |
name: Trigger e2e tests | |
# Must pass the secrets as the called workflow does not have access to the same context | |
with: | |
registry: ${{ needs.build.outputs.registry }} | |
mapper-tag: ${{ github.sha }} | |
sniffer-tag: ${{ github.sha }} | |
mapper-image: ${{ github.actor }}/mapper | |
sniffer-image: ${{ github.actor }}/sniffer | |
needs: | |
- build |