new(ci): push docker images to ghcr.

.github/workflows/ansible-lint.yml

@@ -1,20 +1,18 @@
 name: ansible-lint
 on:
-  pull_request:
+ pull_request:
 
 
 jobs:
- build:
- name: Ansible Lint
- runs-on: ubuntu-latest
+ build:
+ name: Ansible Lint
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+ with:
+ fetch-depth: 0
 
- steps:
- - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- with:
- fetch-depth: 0
-
- - name: Run ansible-lint
- # replace `main` with any valid ref, or tags like `v6`
- uses: ansible/[email protected] # the latest version has a bug that does not run in online mode
- with:
- path: "ansible-playbooks/" 
+ - name: Run ansible-lint
+ uses: ansible/[email protected] # the latest version has a bug that does not run in online mode
+ with:
+ path: "ansible-playbooks/" 

.github/workflows/main.yml

@@ -0,0 +1,20 @@
+name: Main CI
+on:
+ push:
+ branches: 
+ - main
+ paths:
+ - 'images/**'
+
+concurrency:
+ group: main_push_images
+ cancel-in-progress: true
+
+jobs:
+ push-images:
+ uses: ./.github/workflows/reusable_build_images.yml
+ with:
+ push: true
+ is_latest: false
+ version: 'main'
+ secrets: inherit

.github/workflows/pr.yml

@@ -0,0 +1,20 @@
+name: PR CI
+on:
+ pull_request:
+ branches: 
+ - main
+ paths:
+ - 'images/**'
+
+concurrency:
+ group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+ cancel-in-progress: true
+
+jobs:
+ build-images:
+ uses: ./.github/workflows/reusable_build_images.yml
+ with:
+ push: false
+ is_latest: false
+ version: '${{ github.run_id }}'
+ secrets: inherit

.github/workflows/release.yml

@@ -0,0 +1,17 @@
+name: Release CI
+on:
+ release:
+ types: [published]
+
+concurrency:
+ group: release_push_images
+ cancel-in-progress: true
+
+jobs:
+ release-images:
+ uses: ./.github/workflows/reusable_build_images.yml
+ with:
+ push: true
+ is_latest: true
+ version: ${{ github.event.release.tag_name }}
+ secrets: inherit

.github/workflows/reusable_build_images.yml

@@ -0,0 +1,71 @@
+name: Build and Push docker images
+on:
+ workflow_call: 
+ inputs:
+ version:
+ description: 'docker images version to be built/tagged'
+ type: string
+ required: false
+ default: 'main'
+ push:
+ description: 'whether to push images or build only'
+ type: boolean
+ required: false
+ default: false
+ is_latest:
+ description: 'whether we need to also push latest images'
+ type: boolean
+ required: false
+ default: false
+
+jobs:
+ # Job responsible to test the build of the images and, only on main CI, to push them too.
+ build-images:
+ strategy:
+ fail-fast: false
+ matrix:
+ arch: [amd64, arm64]
+ runs-on: ${{ (matrix.arch == 'arm64' && 'actuated-arm64-8cpu-16gb') || 'ubuntu-22.04' }}
+ steps: 
+ - name: Checkout repo
+ uses: actions/checkout@v3
+
+ - name: Login to Github Packages
+ if: inputs.push
+ uses: docker/login-action@v1
+ with:
+ registry: ghcr.io
+ username: ${{ github.actor }}
+ password: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Set PUSH env var
+ if: inputs.push
+ run: |
+ echo "PUSH=true" >> $GITHUB_ENV
+
+ - name: Set LATEST env var
+ if: inputs.is_latest
+ run: |
+ echo "LATEST=true" >> $GITHUB_ENV
+
+ - name: Set TAG env var
+ run: |
+ echo "TAG=${{ inputs.version }}" >> $GITHUB_ENV
+
+ - name: Set CLEANUP env var (CI only, because of limited disk space)
+ run: |
+ echo "CLEANUP=true" >> $GITHUB_ENV
+
+ - name: Build images
+ working-directory: ./images
+ run: |
+ touch failed.txt
+ make build-all
+
+ - name: Check failures
+ working-directory: ./images
+ run: |
+ if [ -s failed.txt ]; then
+ cat failed.txt
+ exit 1;
+ fi

ansible-playbooks/group_vars/all/vars.yml

@@ -10,43 +10,50 @@ user: root
 # Machine Configuration #
 #########################
 
+# Images tag to be used.
+tag: main
+
+# Image repository to be used.
+repo: "ghcr.io/falcosecurity/kernel-testing"
+
 # Each machine entry requires the following fields
 # name: the name given to the vm;
 # kernel: reference to an OCI image containing a kernel;
 # rootfs: reference to an OCI image used as base rootfs for the vm.
 # arch: architecture of the kernel and base images. (x86_64/aarch64).
 machines:
- - {name: "amazonlinux2022-5.15", kernel: "therealbobo/amazonlinux2022-kernel:5.15-x86_64", rootfs: "therealbobo/amazonlinux2022-image:5.15-x86_64", arch: "x86_64"} # noqa: yaml[line-length]
- - {name: "amazonlinux2023-6.1", kernel: "therealbobo/amazonlinux2023-kernel:6.1-x86_64", rootfs: "therealbobo/amazonlinux2023-image:6.1-x86_64", arch: "x86_64"} # noqa: yaml[line-length]
- - {name: "amazonlinux2-4.19", kernel: "therealbobo/amazonlinux2-kernel:4.19-x86_64", rootfs: "therealbobo/amazonlinux2-image:4.19-x86_64", arch: "x86_64"}
- - {name: "amazonlinux2-5.10", kernel: "therealbobo/amazonlinux2-kernel:5.10-x86_64", rootfs: "therealbobo/amazonlinux2-image:5.10-x86_64", arch: "x86_64"}
- - {name: "amazonlinux2-5.15", kernel: "therealbobo/amazonlinux2-kernel:5.15-x86_64", rootfs: "therealbobo/amazonlinux2-image:5.15-x86_64", arch: "x86_64"}
- - {name: "amazonlinux2-5.4", kernel: "therealbobo/amazonlinux2-kernel:5.4-x86_64", rootfs: "therealbobo/amazonlinux2-image:5.4-x86_64", arch: "x86_64"}
- - {name: "archlinux-6.0", kernel: "therealbobo/archlinux-kernel:6.0-x86_64", rootfs: "therealbobo/archlinux-image:6.0-x86_64", arch: "x86_64"}
- - {name: "centos-3.10", kernel: "therealbobo/centos-kernel:3.10-x86_64", rootfs: "therealbobo/centos-image:3.10-x86_64", arch: "x86_64"}
- - {name: "centos-4.18", kernel: "therealbobo/centos-kernel:4.18-x86_64", rootfs: "therealbobo/centos-image:4.18-x86_64", arch: "x86_64"}
- - {name: "centos-5.14", kernel: "therealbobo/centos-kernel:5.14-x86_64", rootfs: "therealbobo/centos-image:5.14-x86_64", arch: "x86_64"}
- - {name: "fedora-5.17", kernel: "therealbobo/fedora-kernel:5.17-x86_64", rootfs: "therealbobo/fedora-image:5.17-x86_64", arch: "x86_64"}
- - {name: "fedora-5.8", kernel: "therealbobo/fedora-kernel:5.8-x86_64", rootfs: "therealbobo/fedora-image:5.8-x86_64", arch: "x86_64"}
- - {name: "fedora-6.2", kernel: "therealbobo/fedora-kernel:6.2-x86_64", rootfs: "therealbobo/fedora-image:6.2-x86_64", arch: "x86_64"}
- - {name: "oraclelinux-3.10", kernel: "therealbobo/oraclelinux-kernel:3.10-x86_64", rootfs: "therealbobo/oraclelinux-image:3.10-x86_64", arch: "x86_64"}
- - {name: "oraclelinux-4.14", kernel: "therealbobo/oraclelinux-kernel:4.14-x86_64", rootfs: "therealbobo/oraclelinux-image:4.14-x86_64", arch: "x86_64"}
- - {name: "oraclelinux-5.15", kernel: "therealbobo/oraclelinux-kernel:5.15-x86_64", rootfs: "therealbobo/oraclelinux-image:5.15-x86_64", arch: "x86_64"}
- - {name: "oraclelinux-5.4", kernel: "therealbobo/oraclelinux-kernel:5.4-x86_64", rootfs: "therealbobo/oraclelinux-image:5.4-x86_64", arch: "x86_64"}
- - {name: "ubuntu-4.15", kernel: "therealbobo/ubuntu-kernel:4.15-x86_64", rootfs: "therealbobo/ubuntu-image:4.15-x86_64", arch: "x86_64"}
- - {name: "ubuntu-6.3", kernel: "therealbobo/ubuntu-kernel:6.3-x86_64", rootfs: "therealbobo/ubuntu-image:6.3-x86_64", arch: "x86_64"}
- - {name: "amazonlinux2022-5.15", kernel: "therealbobo/amazonlinux2022-kernel:5.15-aarch64", rootfs: "therealbobo/amazonlinux2022-image:5.15-aarch64", arch: "aarch64"} # noqa: yaml[line-length]
- - {name: "amazonlinux2-5.4", kernel: "therealbobo/amazonlinux2-kernel:5.4-aarch64", rootfs: "therealbobo/amazonlinux2-image:5.4-aarch64", arch: "aarch64"}
- - {name: "fedora-6.2", kernel: "therealbobo/fedora-kernel:6.2-aarch64", rootfs: "therealbobo/fedora-image:6.2-aarch64", arch: "aarch64"}
- - {name: "oraclelinux-4.14", kernel: "therealbobo/oraclelinux-kernel:4.14-aarch64", rootfs: "therealbobo/oraclelinux-image:4.14-aarch64", arch: "aarch64"}
- - {name: "oraclelinux-5.15", kernel: "therealbobo/oraclelinux-kernel:5.15-aarch64", rootfs: "therealbobo/oraclelinux-image:5.15-aarch64", arch: "aarch64"}
- - {name: "ubuntu-6.3", kernel: "therealbobo/ubuntu-kernel:6.3-aarch64", rootfs: "therealbobo/ubuntu-image:6.3-aarch64", arch: "aarch64"}
+ - {name: "amazonlinux2022-5.15", kernel: "{{ repo }}/amazonlinux2022-kernel:5.15-x86_64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2022-image:5.15-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
+ - {name: "amazonlinux2023-6.1", kernel: "{{ repo }}/amazonlinux2023-kernel:6.1-x86_64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2023-image:6.1-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
+ - {name: "amazonlinux2-4.19", kernel: "{{ repo }}/amazonlinux2-kernel:4.19-x86_64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2-image:4.19-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
+ - {name: "amazonlinux2-5.10", kernel: "{{ repo }}/amazonlinux2-kernel:5.10-x86_64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2-image:5.10-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
+ - {name: "amazonlinux2-5.15", kernel: "{{ repo }}/amazonlinux2-kernel:5.15-x86_64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2-image:5.15-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
+ - {name: "amazonlinux2-5.4", kernel: "{{ repo }}/amazonlinux2-kernel:5.4-x86_64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2-image:5.4-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
+ - {name: "archlinux-6.0", kernel: "{{ repo }}/archlinux-kernel:6.0-x86_64-{{ tag }}", rootfs: "{{ repo }}/archlinux-image:6.0-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
+ - {name: "archlinux-6.7", kernel: "{{ repo }}/archlinux-kernel:6.7-x86_64-{{ tag }}", rootfs: "{{ repo }}/archlinux-image:6.7-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
+ - {name: "centos-3.10", kernel: "{{ repo }}/centos-kernel:3.10-x86_64-{{ tag }}", rootfs: "{{ repo }}/centos-image:3.10-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
+ - {name: "centos-4.18", kernel: "{{ repo }}/centos-kernel:4.18-x86_64-{{ tag }}", rootfs: "{{ repo }}/centos-image:4.18-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
+ - {name: "centos-5.14", kernel: "{{ repo }}/centos-kernel:5.14-x86_64-{{ tag }}", rootfs: "{{ repo }}/centos-image:5.14-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
+ - {name: "fedora-5.17", kernel: "{{ repo }}/fedora-kernel:5.17-x86_64-{{ tag }}", rootfs: "{{ repo }}/fedora-image:5.17-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
+ - {name: "fedora-5.8", kernel: "{{ repo }}/fedora-kernel:5.8-x86_64-{{ tag }}", rootfs: "{{ repo }}/fedora-image:5.8-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
+ - {name: "fedora-6.2", kernel: "{{ repo }}/fedora-kernel:6.2-x86_64-{{ tag }}", rootfs: "{{ repo }}/fedora-image:6.2-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
+ - {name: "oraclelinux-3.10", kernel: "{{ repo }}/oraclelinux-kernel:3.10-x86_64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:3.10-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
+ - {name: "oraclelinux-4.14", kernel: "{{ repo }}/oraclelinux-kernel:4.14-x86_64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:4.14-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
+ - {name: "oraclelinux-5.15", kernel: "{{ repo }}/oraclelinux-kernel:5.15-x86_64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:5.15-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
+ - {name: "oraclelinux-5.4", kernel: "{{ repo }}/oraclelinux-kernel:5.4-x86_64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:5.4-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
+ - {name: "ubuntu-4.15", kernel: "{{ repo }}/ubuntu-kernel:4.15-x86_64-{{ tag }}", rootfs: "{{ repo }}/ubuntu-image:4.15-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
+ - {name: "ubuntu-6.5", kernel: "{{ repo }}/ubuntu-kernel:6.5-x86_64-{{ tag }}", rootfs: "{{ repo }}/ubuntu-image:6.5-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
+ - {name: "amazonlinux2022-5.15", kernel: "{{ repo }}/amazonlinux2022-kernel:5.15-aarch64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2022-image:5.15-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length]
+ - {name: "amazonlinux2-5.4", kernel: "{{ repo }}/amazonlinux2-kernel:5.4-aarch64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2-image:5.4-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length]
+ - {name: "fedora-6.2", kernel: "{{ repo }}/fedora-kernel:6.2-aarch64-{{ tag }}", rootfs: "{{ repo }}/fedora-image:6.2-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length]
+ - {name: "oraclelinux-4.14", kernel: "{{ repo }}/oraclelinux-kernel:4.14-aarch64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:4.14-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length]
+ - {name: "oraclelinux-5.15", kernel: "{{ repo }}/oraclelinux-kernel:5.15-aarch64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:5.15-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length]
+ - {name: "ubuntu-6.5", kernel: "{{ repo }}/ubuntu-kernel:6.5-aarch64-{{ tag }}", rootfs: "{{ repo }}/ubuntu-image:6.5-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length]
 
 builders:
- - {name: "centos-builder", kernel: "therealbobo/centos-kernel:5.14-x86_64", rootfs: "therealbobo/builder:0.0.1-x86_64", arch: "x86_64"}
- - {name: "fedora-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "therealbobo/modernprobe-builder:0.0.1-x86_64", arch: "x86_64"}
- - {name: "centos-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "therealbobo/builder:0.0.1-aarch64", arch: "aarch64"}
- - {name: "fedora-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "therealbobo/modernprobe-builder:0.0.1-aarch64", arch: "aarch64"}
+ - {name: "centos-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "{{ repo }}/builder:x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
+ - {name: "fedora-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "{{ repo }}/modernprobe-builder:x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length]
+ - {name: "centos-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "{{ repo }}/builder:aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length]
+ - {name: "fedora-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "{{ repo }}/modernprobe-builder:aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length]
 
 output_dir: "~/ansible_output"
 # Number of cpus.